Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/ZG5lxp1QHjTTn-udF7-ztRG6fts.roa
File: ZG5lxp1QHjTTn-udF7-ztRG6fts.roa (raw, json)
Hash identifier: pGnpZgzZdK8Lt0NDN8vLZuSf4WJVAF+wXslROecKaQg=
Subject key identifier: 64:6E:65:C6:9D:50:1E:34:D3:9F:EB:9D:17:BF:B3:B5:11:BA:7E:DB
Certificate issuer: /CN=eecf3f75ef8306b6c593a423cda1986bde3de948
Certificate serial: 018CC64A5B2ABE3EED1D04A1FE7DBFD333F7
Authority key identifier: EE:CF:3F:75:EF:83:06:B6:C5:93:A4:23:CD:A1:98:6B:DE:3D:E9:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7s8_de-DBrbFk6QjzaGYa9496Ug.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/ZG5lxp1QHjTTn-udF7-ztRG6fts.roa
Signing time: Mon 01 Jan 2024 18:30:10 +0000
ROA not before: Mon 01 Jan 2024 18:30:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43845
IP address blocks: 79.170.202.0/24 maxlen: 24
79.170.206.0/24 maxlen: 24
79.170.205.0/24 maxlen: 24
79.170.204.0/24 maxlen: 24
79.170.201.0/24 maxlen: 24
79.170.203.0/24 maxlen: 24
79.170.200.0/24 maxlen: 24
79.170.207.0/24 maxlen: 24
2a09:6c80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/7s8_de-DBrbFk6QjzaGYa9496Ug.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/7s8_de-DBrbFk6QjzaGYa9496Ug.mft
rsync://rpki.ripe.net/repository/DEFAULT/7s8_de-DBrbFk6QjzaGYa9496Ug.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:5b:2a:be:3e:ed:1d:04:a1:fe:7d:bf:d3:33:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eecf3f75ef8306b6c593a423cda1986bde3de948
Validity
Not Before: Jan 1 18:30:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=646e65c69d501e34d39feb9d17bfb3b511ba7edb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:55:12:92:20:88:a3:de:17:45:2e:80:6e:71:
fa:ea:23:95:14:32:a1:f6:28:5b:20:2d:bc:65:72:
63:20:50:33:3a:9e:3f:87:65:8f:2b:f9:24:3b:d5:
46:c9:63:ba:68:94:8f:62:12:89:de:b9:0e:4d:24:
56:0c:33:e9:e1:77:e3:35:2c:e9:8b:18:08:12:36:
b5:16:f9:d9:c1:f3:13:52:f8:1f:de:d5:bf:e4:61:
48:c6:78:bd:56:08:4a:98:db:5b:ed:f4:48:7c:3c:
8d:19:67:78:0f:4b:45:01:e3:25:e7:67:23:e2:0a:
c1:76:2f:52:eb:19:f9:ea:af:08:d0:8e:a9:4a:e4:
3b:e4:8c:eb:52:f3:74:4e:99:79:b2:aa:6d:ef:e2:
87:16:12:60:a9:c9:16:4d:8c:92:72:2a:b6:b4:a3:
3e:4d:44:b8:a0:0c:db:b3:8c:94:1d:78:cb:17:69:
69:95:8e:a4:57:9a:93:52:0f:c6:c1:a8:f1:0a:67:
f7:d5:16:af:57:f1:2f:57:d4:40:83:82:c7:6f:3e:
a9:45:20:2b:8c:61:c1:fd:20:7e:6a:61:fe:0b:c8:
f8:93:01:04:2c:85:86:c2:45:4b:27:f7:70:65:6e:
4c:ea:5f:67:2c:6d:b8:95:7f:76:77:d4:c3:aa:9f:
59:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:6E:65:C6:9D:50:1E:34:D3:9F:EB:9D:17:BF:B3:B5:11:BA:7E:DB
X509v3 Authority Key Identifier:
keyid:EE:CF:3F:75:EF:83:06:B6:C5:93:A4:23:CD:A1:98:6B:DE:3D:E9:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7s8_de-DBrbFk6QjzaGYa9496Ug.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/ZG5lxp1QHjTTn-udF7-ztRG6fts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/7s8_de-DBrbFk6QjzaGYa9496Ug.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.170.200.0/21
IPv6:
2a09:6c80::/32
Signature Algorithm: sha256WithRSAEncryption
9b:53:da:ac:81:a9:b6:fb:59:ce:ae:85:ec:52:45:04:d6:f0:
95:b1:92:67:cb:3d:90:9c:66:c6:17:ea:22:cf:90:0f:cc:52:
ff:17:b8:53:ed:d5:20:52:90:0d:ef:78:67:8f:e6:6d:30:7d:
10:31:68:63:87:0e:5c:62:9a:fc:32:46:97:df:1b:09:2f:00:
6c:35:74:7b:bb:4d:9d:8c:24:8a:08:a4:0e:85:34:48:90:56:
28:88:bb:76:e5:98:f9:50:5c:22:d3:10:5d:f0:b2:63:15:e4:
9d:0c:f7:ce:5e:6a:b7:4e:25:20:56:53:1d:2e:e9:28:c1:86:
76:b0:26:87:7d:95:b7:1f:b5:9f:9b:39:2c:09:47:6e:9e:a2:
18:9f:93:a7:3b:01:77:46:9a:a0:b3:80:73:48:4b:66:06:6e:
46:1b:89:43:26:20:d9:1a:15:88:ce:80:70:83:3a:b1:c6:47:
e5:ae:d8:36:56:3d:b3:b6:be:1e:c6:6c:ca:a8:11:3f:06:08:
23:bc:8f:7e:55:c2:14:50:6a:e4:ff:a9:b8:c5:e9:7f:c2:0d:
43:98:c4:a1:88:bc:50:ff:4b:fc:e7:a1:b8:0c:75:9c:30:70:
92:38:4b:b9:b7:87:87:2b:9a:bd:4e:43:7a:bc:66:96:5a:df:
ad:67:1a:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSlsqvj7tHQSh/n2/0zP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlY2YzZjc1ZWY4MzA2YjZjNTkzYTQyM2NkYTE5ODZiZGUz
ZGU5NDgwHhcNMjQwMTAxMTgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZlNjVjNjlkNTAxZTM0ZDM5ZmViOWQxN2JmYjNiNTExYmE3ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVUSkiCIo94XRS6AbnH66iOVFDKh
9ihbIC28ZXJjIFAzOp4/h2WPK/kkO9VGyWO6aJSPYhKJ3rkOTSRWDDPp4XfjNSzp
ixgIEja1FvnZwfMTUvgf3tW/5GFIxni9VghKmNtb7fRIfDyNGWd4D0tFAeMl52cj
4grBdi9S6xn56q8I0I6pSuQ75IzrUvN0Tpl5sqpt7+KHFhJgqckWTYySciq2tKM+
TUS4oAzbs4yUHXjLF2lplY6kV5qTUg/GwajxCmf31RavV/EvV9RAg4LHbz6pRSAr
jGHB/SB+amH+C8j4kwEELIWGwkVLJ/dwZW5M6l9nLG24lX92d9TDqp9Z7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGRuZcadUB4005/rnRe/s7URun7bMB8GA1UdIwQY
MBaAFO7PP3Xvgwa2xZOkI82hmGvePelIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3M4X2RlLURCcmJGazZRanphR1lhOTQ5NlVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS81ZGYxNmItYmM2Ni00MGRkLWE3MzEt
MzViNTZjY2NhODQ5LzEvWkc1bHhwMVFIalRUbi11ZEY3LXp0Ukc2ZnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS81ZGYxNmItYmM2Ni00MGRkLWE3MzEtMzViNTZjY2NhODQ5
LzEvN3M4X2RlLURCcmJGazZRanphR1lhOTQ5NlVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDT6rIMA0E
AgACMAcDBQAqCWyAMA0GCSqGSIb3DQEBCwUAA4IBAQCbU9qsgam2+1nOroXsUkUE
1vCVsZJnyz2QnGbGF+oiz5APzFL/F7hT7dUgUpAN73hnj+ZtMH0QMWhjhw5cYpr8
MkaX3xsJLwBsNXR7u02djCSKCKQOhTRIkFYoiLt25Zj5UFwi0xBd8LJjFeSdDPfO
Xmq3TiUgVlMdLukowYZ2sCaHfZW3H7WfmzksCUdunqIYn5OnOwF3Rpqgs4BzSEtm
Bm5GG4lDJiDZGhWIzoBwgzqxxkflrtg2Vj2ztr4exmzKqBE/BggjvI9+VcIUUGrk
/6m4xel/wg1DmMShiLxQ/0v856G4DHWcMHCSOEu5t4eHK5q9TkN6vGaWWt+tZxoO
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:33:08 2024 by rpki-client on console-ams.rpki-client.org