Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/5db0a8-b8e7-4f44-b03a-ea5731684917/1/oPuvljJbdX3uL6W0bzRxxdr0i-U.roa
File: oPuvljJbdX3uL6W0bzRxxdr0i-U.roa (raw, json)
Hash identifier: 8PJeky2+R3SSxnxR4Qas5EuRxHRVYoH7Qx9ZG75Q6Sg=
Subject key identifier: A0:FB:AF:96:32:5B:75:7D:EE:2F:A5:B4:6F:34:71:C5:DA:F4:8B:E5
Certificate issuer: /CN=1f3e3bf560da0b12618b027aaca61fac78d5ff5c
Certificate serial: 018CC6B7E93ACCA17A38B7316BBF5AC17670
Authority key identifier: 1F:3E:3B:F5:60:DA:0B:12:61:8B:02:7A:AC:A6:1F:AC:78:D5:FF:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hz479WDaCxJhiwJ6rKYfrHjV_1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/5db0a8-b8e7-4f44-b03a-ea5731684917/1/oPuvljJbdX3uL6W0bzRxxdr0i-U.roa
Signing time: Mon 01 Jan 2024 20:29:50 +0000
ROA not before: Mon 01 Jan 2024 20:29:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51685
IP address blocks: 91.237.179.0/24 maxlen: 32
45.86.38.0/24 maxlen: 32
91.219.164.0/22 maxlen: 32
2a07:6940::/29 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/5db0a8-b8e7-4f44-b03a-ea5731684917/1/Hz479WDaCxJhiwJ6rKYfrHjV_1w.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/5db0a8-b8e7-4f44-b03a-ea5731684917/1/Hz479WDaCxJhiwJ6rKYfrHjV_1w.mft
rsync://rpki.ripe.net/repository/DEFAULT/Hz479WDaCxJhiwJ6rKYfrHjV_1w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 16:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:e9:3a:cc:a1:7a:38:b7:31:6b:bf:5a:c1:76:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f3e3bf560da0b12618b027aaca61fac78d5ff5c
Validity
Not Before: Jan 1 20:29:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a0fbaf96325b757dee2fa5b46f3471c5daf48be5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:20:29:77:6f:ad:d2:9b:de:c3:69:4a:7d:92:
1c:07:0d:cc:b7:4b:fb:4f:2d:bc:41:65:d8:c3:6c:
dc:f3:a4:b5:07:2e:1f:ef:b2:e7:17:f7:f6:40:19:
1c:cd:2d:50:18:4a:f3:78:2e:4e:cf:00:24:72:d6:
17:94:ba:d8:a2:f1:bb:54:2f:0e:41:7a:9b:10:8e:
aa:6d:f9:4d:8b:3a:f7:9d:28:f6:e7:a0:61:1e:0b:
84:9f:c8:12:a1:e5:9d:13:7f:d0:43:4f:8e:28:cc:
ce:ba:2c:8b:3f:9e:9f:d3:1e:e5:55:4c:66:fa:73:
8e:86:63:e4:a9:b3:0b:fa:e7:69:90:81:61:b1:af:
e5:19:1f:e3:1c:06:4f:5e:a5:84:c6:9d:11:15:1b:
c7:7e:cc:a4:be:c2:e5:b8:b8:59:e9:70:dd:6d:d1:
79:ac:1a:b0:50:ed:06:ee:fc:c2:24:92:71:fb:5b:
14:b4:bf:87:39:73:03:66:87:4c:77:e8:83:9b:e5:
d4:86:9f:5a:d7:bb:66:df:6a:ce:94:c9:76:f0:20:
7b:bc:f2:0f:90:ee:e6:b0:e5:e8:0c:f4:83:23:d8:
f3:6b:5e:e2:9a:11:00:99:7a:c0:c4:20:d4:ab:29:
c2:56:f1:47:cb:b7:4c:55:4a:cc:20:df:76:a8:96:
58:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:FB:AF:96:32:5B:75:7D:EE:2F:A5:B4:6F:34:71:C5:DA:F4:8B:E5
X509v3 Authority Key Identifier:
keyid:1F:3E:3B:F5:60:DA:0B:12:61:8B:02:7A:AC:A6:1F:AC:78:D5:FF:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hz479WDaCxJhiwJ6rKYfrHjV_1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/5db0a8-b8e7-4f44-b03a-ea5731684917/1/oPuvljJbdX3uL6W0bzRxxdr0i-U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/5db0a8-b8e7-4f44-b03a-ea5731684917/1/Hz479WDaCxJhiwJ6rKYfrHjV_1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.38.0/24
91.219.164.0/22
91.237.179.0/24
IPv6:
2a07:6940::/29
Signature Algorithm: sha256WithRSAEncryption
a2:80:d2:ff:f2:09:5b:f3:0e:27:74:1b:10:ff:2a:f9:ee:74:
e0:51:1f:16:f4:bd:a7:7d:3d:89:bc:86:25:a7:d7:c3:65:ea:
31:67:07:5b:18:25:16:b1:9b:5d:36:85:c8:34:b7:0e:20:f5:
e7:36:f3:04:f1:05:10:04:44:cd:ae:a7:ed:9c:17:78:da:16:
11:5e:f4:8a:d0:c2:cb:2c:b9:45:72:90:fa:c4:5e:4e:39:c6:
67:da:1c:b3:83:8b:dd:76:3e:db:4e:5a:85:bd:29:e3:c9:c2:
c4:94:f2:3c:ce:a8:91:8e:1b:ee:6d:e7:92:d7:0d:76:b3:b2:
e7:67:7c:40:83:bd:ef:34:fd:fc:50:d0:8e:ff:9b:c6:7c:0f:
6e:aa:72:10:51:bd:e6:7d:13:c0:e4:3b:98:e4:38:4c:d7:15:
5b:6d:56:9d:6f:ba:62:f3:ca:fa:a9:9c:a8:e7:f1:34:bc:3f:
be:35:c5:c9:a7:36:22:b3:1d:c3:a1:8c:f4:9b:cd:4d:5e:ad:
6e:76:05:6f:e4:7a:66:75:9e:d2:ec:8c:30:ea:a2:cd:e7:dd:
95:21:a0:22:20:04:77:a3:13:55:f4:7a:c9:26:e9:ac:b5:f6:
3e:77:20:5f:d7:44:fe:b7:ae:bc:e4:a9:51:dd:80:26:0b:81:
28:50:50:72
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGt+k6zKF6OLcxa79awXZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmM2UzYmY1NjBkYTBiMTI2MThiMDI3YWFjYTYxZmFjNzhk
NWZmNWMwHhcNMjQwMTAxMjAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGZiYWY5NjMyNWI3NTdkZWUyZmE1YjQ2ZjM0NzFjNWRhZjQ4YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiApd2+t0pvew2lKfZIcBw3Mt0v7
Ty28QWXYw2zc86S1By4f77LnF/f2QBkczS1QGErzeC5OzwAkctYXlLrYovG7VC8O
QXqbEI6qbflNizr3nSj256BhHguEn8gSoeWdE3/QQ0+OKMzOuiyLP56f0x7lVUxm
+nOOhmPkqbML+udpkIFhsa/lGR/jHAZPXqWExp0RFRvHfsykvsLluLhZ6XDdbdF5
rBqwUO0G7vzCJJJx+1sUtL+HOXMDZodMd+iDm+XUhp9a17tm32rOlMl28CB7vPIP
kO7msOXoDPSDI9jza17imhEAmXrAxCDUqynCVvFHy7dMVUrMIN92qJZYcwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKD7r5YyW3V97i+ltG80ccXa9IvlMB8GA1UdIwQY
MBaAFB8+O/Vg2gsSYYsCeqymH6x41f9cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHo0NzlXRGFDeEpoaXdKNnJLWWZySGpWXzF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81ZGIwYTgtYjhlNy00ZjQ0LWIwM2Et
ZWE1NzMxNjg0OTE3LzEvb1B1dmxqSmJkWDN1TDZXMGJ6Unh4ZHIwaS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81ZGIwYTgtYjhlNy00ZjQ0LWIwM2EtZWE1NzMxNjg0OTE3
LzEvSHo0NzlXRGFDeEpoaXdKNnJLWWZySGpWXzF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQALVYmAwQC
W9ukAwQAW+2zMA0EAgACMAcDBQMqB2lAMA0GCSqGSIb3DQEBCwUAA4IBAQCigNL/
8glb8w4ndBsQ/yr57nTgUR8W9L2nfT2JvIYlp9fDZeoxZwdbGCUWsZtdNoXINLcO
IPXnNvME8QUQBETNrqftnBd42hYRXvSK0MLLLLlFcpD6xF5OOcZn2hyzg4vddj7b
TlqFvSnjycLElPI8zqiRjhvubeeS1w12s7LnZ3xAg73vNP38UNCO/5vGfA9uqnIQ
Ub3mfRPA5DuY5DhM1xVbbVadb7pi88r6qZyo5/E0vD++NcXJpzYisx3DoYz0m81N
Xq1udgVv5HpmdZ7S7Iww6qLN592VIaAiIAR3oxNV9HrJJumstfY+dyBf10T+t668
5KlR3YAmC4EoUFBy
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:22:22 2024 by rpki-client on console-ams.rpki-client.org