Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/UhiNNSz_I6Hu8W0dT7dbkv79U1o.roa
File: UhiNNSz_I6Hu8W0dT7dbkv79U1o.roa (raw, json)
Hash identifier: ZbxH1u4Qn81WUy9aUHHxcBqcIuQOv+93VzAv4JgE/cI=
Subject key identifier: 52:18:8D:35:2C:FF:23:A1:EE:F1:6D:1D:4F:B7:5B:92:FE:FD:53:5A
Certificate issuer: /CN=f543ea52871489d86aa9ca5ca0c297c88ab82ab6
Certificate serial: 018CC6B780624A8EB4A449E38CA28711B17C
Authority key identifier: F5:43:EA:52:87:14:89:D8:6A:A9:CA:5C:A0:C2:97:C8:8A:B8:2A:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/UhiNNSz_I6Hu8W0dT7dbkv79U1o.roa
Signing time: Mon 01 Jan 2024 20:29:23 +0000
ROA not before: Mon 01 Jan 2024 20:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31724
IP address blocks: 92.246.152.0/22 maxlen: 22
176.221.0.0/21 maxlen: 21
185.8.200.0/22 maxlen: 22
185.64.208.0/22 maxlen: 22
178.22.192.0/21 maxlen: 21
89.207.64.0/21 maxlen: 21
31.170.168.0/21 maxlen: 21
94.198.232.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.mft
rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Dec 2024 18:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:80:62:4a:8e:b4:a4:49:e3:8c:a2:87:11:b1:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f543ea52871489d86aa9ca5ca0c297c88ab82ab6
Validity
Not Before: Jan 1 20:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=52188d352cff23a1eef16d1d4fb75b92fefd535a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:61:46:70:d3:64:67:56:46:7d:cf:0e:23:a8:
85:9b:57:1f:f1:e1:36:18:db:36:ce:6c:f3:47:1f:
a2:dc:1d:36:48:8d:20:b3:c0:73:1b:41:fa:ca:77:
18:29:2d:27:4d:0c:86:34:f0:22:c4:b7:1f:6e:11:
c9:8d:c5:de:8b:f5:26:e1:09:37:02:99:3e:9c:38:
18:fb:a5:b6:23:82:83:27:bc:e6:d6:c8:06:4c:84:
a7:d4:fb:83:32:e3:fd:93:1b:2f:1d:2c:17:6c:b0:
55:c9:9a:ff:76:e7:14:c3:52:e3:d5:c7:ab:7a:0d:
12:ab:49:da:21:72:ac:cf:4d:3a:93:38:eb:8b:6c:
9f:2f:4d:9b:fd:d0:b9:20:9c:9a:2c:18:86:76:df:
c6:aa:a1:8f:df:07:66:d6:89:97:c3:9e:a0:35:2c:
4b:e5:82:1b:ac:a6:a9:4e:b1:8f:fc:6c:08:a2:2a:
ee:2f:96:40:a0:3d:37:65:1d:59:0a:66:a0:9e:0b:
a8:73:cf:c1:f0:66:9f:cb:b2:0d:42:a9:13:48:e7:
64:fe:36:c1:0a:ec:69:27:7a:2f:80:3e:ae:48:57:
ea:e2:b1:1f:74:28:1c:5c:b2:fd:ac:e9:16:32:1d:
69:3f:04:e6:31:f3:52:b7:ab:df:ef:b3:2e:2d:ac:
04:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:18:8D:35:2C:FF:23:A1:EE:F1:6D:1D:4F:B7:5B:92:FE:FD:53:5A
X509v3 Authority Key Identifier:
keyid:F5:43:EA:52:87:14:89:D8:6A:A9:CA:5C:A0:C2:97:C8:8A:B8:2A:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/UhiNNSz_I6Hu8W0dT7dbkv79U1o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.168.0/21
89.207.64.0/21
92.246.152.0/22
94.198.232.0/21
176.221.0.0/21
178.22.192.0/21
185.8.200.0/22
185.64.208.0/22
Signature Algorithm: sha256WithRSAEncryption
8a:12:3a:40:88:17:7d:a4:5f:a5:bd:25:e2:c7:6b:37:fc:24:
94:19:13:bc:7f:3d:64:e7:48:6d:92:f9:16:99:09:2f:e6:ee:
3c:5f:26:6a:bf:97:06:e0:17:84:0a:d9:33:c9:64:b4:09:e1:
dc:2c:11:81:c4:78:d5:e6:f3:cd:5e:b5:39:c6:d2:3b:35:b4:
4e:76:ca:4c:30:18:25:89:24:3f:f0:ea:4e:5c:8b:0e:e6:37:
cb:5a:bb:f8:cc:54:1e:f6:7b:22:3f:91:6b:ff:e0:1c:2e:4f:
6a:3a:2e:29:3c:4d:3f:8a:c3:df:82:a8:29:18:0d:ae:d1:1a:
34:f4:ee:7a:77:32:c8:6a:b9:05:4c:3e:51:bd:90:05:56:72:
6d:8e:61:1e:fa:84:35:1a:e2:96:b7:bb:94:9d:c8:14:6f:5a:
a7:fd:46:f0:0c:e2:63:bd:b8:7c:0a:43:d3:2c:60:d4:41:88:
10:9c:b8:3f:c5:94:0a:1d:18:a0:49:7e:f9:26:f2:00:ab:92:
2a:7f:2f:95:1f:b1:1f:9b:93:e2:a7:d7:a3:0b:bc:f1:94:b8:
98:bf:33:50:96:43:98:51:d7:c7:b5:29:7a:12:17:f7:cd:c7:
89:73:73:00:d4:43:74:f7:fc:85:c1:33:44:5b:6c:6f:76:02:
0a:c6:8d:9a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzGt4BiSo60pEnjjKKHEbF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NDNlYTUyODcxNDg5ZDg2YWE5Y2E1Y2EwYzI5N2M4OGFi
ODJhYjYwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjE4OGQzNTJjZmYyM2ExZWVmMTZkMWQ0ZmI3NWI5MmZlZmQ1MzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWFGcNNkZ1ZGfc8OI6iFm1cf8eE2
GNs2zmzzRx+i3B02SI0gs8BzG0H6yncYKS0nTQyGNPAixLcfbhHJjcXei/Um4Qk3
Apk+nDgY+6W2I4KDJ7zm1sgGTISn1PuDMuP9kxsvHSwXbLBVyZr/ducUw1Lj1cer
eg0Sq0naIXKsz006kzjri2yfL02b/dC5IJyaLBiGdt/GqqGP3wdm1omXw56gNSxL
5YIbrKapTrGP/GwIoiruL5ZAoD03ZR1ZCmagnguoc8/B8Gafy7INQqkTSOdk/jbB
CuxpJ3ovgD6uSFfq4rEfdCgcXLL9rOkWMh1pPwTmMfNSt6vf77MuLawEfQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFIYjTUs/yOh7vFtHU+3W5L+/VNaMB8GA1UdIwQY
MBaAFPVD6lKHFInYaqnKXKDCl8iKuCq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVVQcVVvY1VpZGhxcWNwY29NS1h5SXE0S3JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8xNmM0YjUtNmRkYS00YTM4LTg0OGYt
ZGZiYmVkYTIxNTk0LzEvVWhpTk5Tel9JNkh1OFcwZFQ3ZGJrdjc5VTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8xNmM0YjUtNmRkYS00YTM4LTg0OGYtZGZiYmVkYTIxNTk0
LzEvOVVQcVVvY1VpZGhxcWNwY29NS1h5SXE0S3JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDH6qoAwQD
Wc9AAwQCXPaYAwQDXsboAwQDsN0AAwQDshbAAwQCuQjIAwQCuUDQMA0GCSqGSIb3
DQEBCwUAA4IBAQCKEjpAiBd9pF+lvSXix2s3/CSUGRO8fz1k50htkvkWmQkv5u48
XyZqv5cG4BeECtkzyWS0CeHcLBGBxHjV5vPNXrU5xtI7NbROdspMMBgliSQ/8OpO
XIsO5jfLWrv4zFQe9nsiP5Fr/+AcLk9qOi4pPE0/isPfgqgpGA2u0Ro09O56dzLI
arkFTD5RvZAFVnJtjmEe+oQ1GuKWt7uUncgUb1qn/UbwDOJjvbh8CkPTLGDUQYgQ
nLg/xZQKHRigSX75JvIAq5Iqfy+VH7Efm5Pip9ejC7zxlLiYvzNQlkOYUdfHtSl6
Ehf3zceJc3MA1EN09/yFwTNEW2xvdgIKxo2a
-----END CERTIFICATE-----
Generated at Fri Dec 27 23:54:37 2024 by rpki-client on console-fra.rpki-client.org