Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/zpHBXy6xl0YQdWyNWtrMvoJxoKE.roa
File: zpHBXy6xl0YQdWyNWtrMvoJxoKE.roa (raw, json)
Hash identifier: jXnvrp/Fl43QltJLNJZAo7NZC16d4wbMx8lcAKplpI4=
Subject key identifier: CE:91:C1:5F:2E:B1:97:46:10:75:6C:8D:5A:DA:CC:BE:82:71:A0:A1
Certificate issuer: /CN=4b2b6d2a5d4130560f617963d9fbc93442dc1ccd
Certificate serial: 018CC4246FBA96B97A10AC7946592BF7941B
Authority key identifier: 4B:2B:6D:2A:5D:41:30:56:0F:61:79:63:D9:FB:C9:34:42:DC:1C:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/zpHBXy6xl0YQdWyNWtrMvoJxoKE.roa
Signing time: Mon 01 Jan 2024 08:29:31 +0000
ROA not before: Mon 01 Jan 2024 08:29:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 559
IP address blocks: 192.101.176.0/24 maxlen: 24
130.92.0.0/16 maxlen: 16
192.41.152.0/21 maxlen: 21
192.41.149.0/24 maxlen: 24
192.41.150.0/23 maxlen: 23
193.247.240.0/22 maxlen: 22
192.41.160.0/24 maxlen: 24
193.135.168.0/22 maxlen: 22
194.153.96.0/24 maxlen: 24
193.5.168.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.crl
rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.mft
rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 07:02:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:6f:ba:96:b9:7a:10:ac:79:46:59:2b:f7:94:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b2b6d2a5d4130560f617963d9fbc93442dc1ccd
Validity
Not Before: Jan 1 08:29:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ce91c15f2eb1974610756c8d5adaccbe8271a0a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:fa:34:8f:91:6b:73:c8:52:bf:a0:a1:ac:52:
42:84:4b:a5:bf:62:b7:1c:e1:c2:57:96:5a:ac:29:
1c:db:e8:ec:58:b9:88:b0:ac:9d:20:e6:55:ba:e6:
24:81:e4:6e:f1:58:f0:9e:f9:5f:97:58:5f:f4:08:
c7:b9:63:fa:68:d2:cc:c5:7f:45:f8:a3:5a:02:bd:
3b:e4:1f:48:b3:f3:fd:f4:dd:0e:c4:13:84:50:3c:
40:32:7a:65:25:c8:9d:68:8f:45:2a:09:10:63:90:
cf:a0:5a:bb:b4:8b:b6:4d:6c:4b:db:f0:3b:11:a0:
59:07:61:d9:85:02:cc:0a:02:18:60:75:fd:cb:5b:
ba:fd:75:0c:55:7a:93:49:a8:c8:34:16:23:68:2e:
13:20:0e:a7:05:15:53:a5:b0:4f:6d:7d:09:0d:7a:
9d:98:3c:0c:ae:98:c8:81:3e:06:c9:8a:9e:b4:9a:
76:f7:1d:1b:ec:17:02:29:f9:b3:91:74:60:99:a5:
9a:e5:37:fe:8e:79:d4:3a:e2:a5:ef:45:3c:83:0a:
42:2d:d3:ef:2a:aa:75:e2:f8:81:e9:49:30:21:2b:
2e:9e:07:0e:c2:db:3d:f1:5e:9e:d5:be:c2:62:49:
af:23:c2:4e:9f:fb:9e:78:29:a9:e0:2b:0a:4d:22:
05:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:91:C1:5F:2E:B1:97:46:10:75:6C:8D:5A:DA:CC:BE:82:71:A0:A1
X509v3 Authority Key Identifier:
keyid:4B:2B:6D:2A:5D:41:30:56:0F:61:79:63:D9:FB:C9:34:42:DC:1C:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/zpHBXy6xl0YQdWyNWtrMvoJxoKE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.92.0.0/16
192.41.149.0-192.41.160.255
192.101.176.0/24
193.5.168.0/22
193.135.168.0/22
193.247.240.0/22
194.153.96.0/24
Signature Algorithm: sha256WithRSAEncryption
be:90:87:e1:32:a7:b7:38:6c:36:25:af:a3:86:2d:ca:1d:d8:
04:40:f2:5a:cb:32:f4:60:4b:34:91:52:26:5a:ad:c0:7d:e2:
e7:00:bb:eb:de:7e:d3:40:8a:7c:c8:e1:dd:cc:d0:a6:08:49:
dc:e8:67:76:9a:89:17:6e:26:ae:6a:4d:c7:e1:cd:f1:84:a7:
3a:ae:e2:67:32:fc:d6:c6:dd:f9:f3:e0:64:ab:8c:2c:d8:cf:
28:f7:c0:15:13:1e:1e:ee:d6:8d:95:8c:9a:d8:e6:a5:b7:d8:
d2:70:ab:32:0e:60:95:88:14:ff:0d:52:06:35:fb:41:f0:4f:
46:0c:df:9a:db:17:61:a9:74:3d:48:37:ee:5e:2f:bf:51:67:
69:65:4f:99:e0:fd:19:bb:fd:54:b5:82:a7:e0:63:c8:2b:96:
b5:af:b0:c9:f3:2b:bf:a9:c5:41:5f:e0:78:71:aa:c6:4f:d1:
24:88:a3:7b:cc:74:14:0d:7a:2c:c3:5f:0c:0d:43:3d:ec:f2:
a3:7a:0d:8e:94:05:bf:ef:dd:a7:dc:f9:56:62:1d:08:66:57:
bf:82:74:36:d6:68:8c:29:68:5c:6c:20:63:76:92:6f:08:ba:
1c:9b:ca:97:18:ce:af:49:48:62:4e:3f:3d:da:e2:ed:c1:20:
f5:eb:30:09
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzEJG+6lrl6EKx5Rlkr95QbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMmI2ZDJhNWQ0MTMwNTYwZjYxNzk2M2Q5ZmJjOTM0NDJk
YzFjY2QwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTkxYzE1ZjJlYjE5NzQ2MTA3NTZjOGQ1YWRhY2NiZTgyNzFhMGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/o0j5Frc8hSv6ChrFJChEulv2K3
HOHCV5ZarCkc2+jsWLmIsKydIOZVuuYkgeRu8Vjwnvlfl1hf9AjHuWP6aNLMxX9F
+KNaAr075B9Is/P99N0OxBOEUDxAMnplJcidaI9FKgkQY5DPoFq7tIu2TWxL2/A7
EaBZB2HZhQLMCgIYYHX9y1u6/XUMVXqTSajINBYjaC4TIA6nBRVTpbBPbX0JDXqd
mDwMrpjIgT4GyYqetJp29x0b7BcCKfmzkXRgmaWa5Tf+jnnUOuKl70U8gwpCLdPv
Kqp14viB6UkwISsungcOwts98V6e1b7CYkmvI8JOn/ueeCmp4CsKTSIFuQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFM6RwV8usZdGEHVsjVrazL6CcaChMB8GA1UdIwQY
MBaAFEsrbSpdQTBWD2F5Y9n7yTRC3BzNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3l0dEtsMUJNRllQWVhsajJmdkpORUxjSE0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MGVmNDEtMzFmNC00MjBkLWJhZGMt
YzU3NDE1ODUwMmM4LzEvenBIQlh5NnhsMFlRZFd5Tld0ck12b0p4b0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MGVmNDEtMzFmNC00MjBkLWJhZGMtYzU3NDE1ODUwMmM4
LzEvU3l0dEtsMUJNRllQWVhsajJmdkpORUxjSE0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAATAxAwMAglwwDAME
AMAplQMEAMApoAMEAMBlsAMEAsEFqAMEAsGHqAMEAsH38AMEAMKZYDANBgkqhkiG
9w0BAQsFAAOCAQEAvpCH4TKntzhsNiWvo4Ytyh3YBEDyWssy9GBLNJFSJlqtwH3i
5wC7695+00CKfMjh3czQpghJ3OhndpqJF24mrmpNx+HN8YSnOq7iZzL81sbd+fPg
ZKuMLNjPKPfAFRMeHu7WjZWMmtjmpbfY0nCrMg5glYgU/w1SBjX7QfBPRgzfmtsX
Yal0PUg37l4vv1FnaWVPmeD9Gbv9VLWCp+BjyCuWta+wyfMrv6nFQV/geHGqxk/R
JIije8x0FA16LMNfDA1DPezyo3oNjpQFv+/dp9z5VmIdCGZXv4J0NtZojCloXGwg
Y3aSbwi6HJvKlxjOr0lIYk4/Pdri7cEg9eswCQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:03:23 2024 by rpki-client on console-ams.rpki-client.org