Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/Z8yIXOGt-R81_p1X8gc7IFzMN60.roa
File: Z8yIXOGt-R81_p1X8gc7IFzMN60.roa (raw, json)
Hash identifier: UrzH24x3uoywiwr/7yoHropCgM2fcMRRu+pc9DAupB4=
Subject key identifier: 67:CC:88:5C:E1:AD:F9:1F:35:FE:9D:57:F2:07:3B:20:5C:CC:37:AD
Certificate issuer: /CN=c1b050211219d18e996e086cb7f6309178804860
Certificate serial: 018CC6B8B3B21B79F038B81936D6C94395B3
Authority key identifier: C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/Z8yIXOGt-R81_p1X8gc7IFzMN60.roa
Signing time: Mon 01 Jan 2024 20:30:42 +0000
ROA not before: Mon 01 Jan 2024 20:30:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6453
IP address blocks: 89.108.128.0/24 maxlen: 24
89.108.129.0/24 maxlen: 24
89.108.154.0/24 maxlen: 24
89.108.176.0/22 maxlen: 22
89.108.176.0/24 maxlen: 24
212.101.249.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl
rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.mft
rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 07:02:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:b3:b2:1b:79:f0:38:b8:19:36:d6:c9:43:95:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c1b050211219d18e996e086cb7f6309178804860
Validity
Not Before: Jan 1 20:30:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67cc885ce1adf91f35fe9d57f2073b205ccc37ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:5a:f6:4b:8a:42:ae:8b:42:43:f8:7f:4f:ec:
a0:e6:73:3e:2f:fc:e6:cc:72:d9:73:f1:80:48:86:
f9:cb:9a:d5:5c:47:0a:f2:02:e3:6f:68:c6:0d:24:
f7:b1:73:5e:66:fd:db:a6:5e:ea:16:55:7d:cf:31:
82:5b:56:2a:f4:a7:1f:f4:bb:00:91:29:92:c4:1b:
c9:7e:46:b9:0b:da:0b:1b:94:47:a6:2c:af:f0:5a:
dc:bb:b6:76:cf:77:7b:5f:8d:5c:02:db:8e:16:b0:
f1:62:02:d5:91:e3:86:a9:52:44:ce:4d:63:bc:d9:
d0:b6:97:d5:ae:04:f1:3a:7c:91:43:26:1c:17:66:
d4:56:4a:a4:a0:b5:c8:6c:22:f2:bd:93:70:63:58:
2d:b8:a8:c3:bd:e1:9e:53:c4:3d:ea:0c:3c:73:21:
a4:1e:39:c6:e0:73:56:1b:6b:76:00:b1:84:6f:39:
55:5f:f0:49:fe:3e:09:e4:2f:d6:b8:4a:da:d8:1f:
ab:01:72:bc:aa:f6:86:87:53:b7:04:d1:cf:13:a8:
75:4f:89:e3:2e:df:8a:67:f5:7f:92:70:68:a0:4f:
b9:c1:a5:d3:c0:e8:b9:38:75:9e:79:82:cd:5a:73:
e9:82:71:db:82:25:b4:17:d6:81:13:d2:39:14:cc:
5d:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:CC:88:5C:E1:AD:F9:1F:35:FE:9D:57:F2:07:3B:20:5C:CC:37:AD
X509v3 Authority Key Identifier:
keyid:C1:B0:50:21:12:19:D1:8E:99:6E:08:6C:B7:F6:30:91:78:80:48:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wbBQIRIZ0Y6Zbghst_YwkXiASGA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/Z8yIXOGt-R81_p1X8gc7IFzMN60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/28a8f3-889e-4549-a44e-ce225187fc38/1/wbBQIRIZ0Y6Zbghst_YwkXiASGA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.108.128.0/23
89.108.154.0/24
89.108.176.0/22
212.101.249.0/24
Signature Algorithm: sha256WithRSAEncryption
24:33:c3:3b:9b:d1:9e:df:31:90:b2:06:b2:f8:cf:e7:26:00:
eb:73:ac:64:7e:07:3e:36:e0:73:0f:00:cf:77:2e:f3:45:d2:
d5:dd:92:da:3e:d4:41:94:f1:08:38:5b:d2:76:56:da:42:f5:
c4:45:47:1f:9f:63:d2:a6:92:66:9f:5d:f4:01:4a:6c:67:c7:
de:4a:88:36:00:9e:ef:76:d4:b8:85:d2:25:ac:af:7d:a9:3e:
b5:44:03:cd:41:d2:b3:9e:b4:94:ab:0a:e5:55:84:ec:c6:97:
b6:e2:de:67:47:a2:4c:ea:3a:5c:5a:77:a3:f9:32:c5:fb:f3:
c9:71:8c:d9:5c:27:a8:61:12:1b:08:e8:83:cc:1a:dd:0f:8c:
83:ac:c3:21:f0:2e:b8:05:ca:3b:48:ca:30:0d:27:d2:ce:f9:
d6:02:53:77:80:18:a4:b9:f1:7e:c5:a7:87:28:c1:c1:c1:0f:
62:30:ac:3e:6a:a4:35:02:01:60:71:c4:ea:e8:08:36:df:f5:
66:61:f3:aa:48:ba:fe:cc:3f:81:ee:53:da:c0:78:db:f4:e2:
09:93:44:80:f5:7d:1b:2e:9c:11:4d:f8:6f:1d:4c:77:ba:06:
bd:07:8a:33:7a:26:4e:91:6a:94:ca:a0:f5:2f:ff:e6:c9:16:
0c:b7:27:72
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGuLOyG3nwOLgZNtbJQ5WzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYjA1MDIxMTIxOWQxOGU5OTZlMDg2Y2I3ZjYzMDkxNzg4
MDQ4NjAwHhcNMjQwMTAxMjAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NjODg1Y2UxYWRmOTFmMzVmZTlkNTdmMjA3M2IyMDVjY2MzN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1r2S4pCrotCQ/h/T+yg5nM+L/zm
zHLZc/GASIb5y5rVXEcK8gLjb2jGDST3sXNeZv3bpl7qFlV9zzGCW1Yq9Kcf9LsA
kSmSxBvJfka5C9oLG5RHpiyv8Frcu7Z2z3d7X41cAtuOFrDxYgLVkeOGqVJEzk1j
vNnQtpfVrgTxOnyRQyYcF2bUVkqkoLXIbCLyvZNwY1gtuKjDveGeU8Q96gw8cyGk
HjnG4HNWG2t2ALGEbzlVX/BJ/j4J5C/WuEra2B+rAXK8qvaGh1O3BNHPE6h1T4nj
Lt+KZ/V/knBooE+5waXTwOi5OHWeeYLNWnPpgnHbgiW0F9aBE9I5FMxdUwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGfMiFzhrfkfNf6dV/IHOyBczDetMB8GA1UdIwQY
MBaAFMGwUCESGdGOmW4IbLf2MJF4gEhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUt
Y2UyMjUxODdmYzM4LzEvWjh5SVhPR3QtUjgxX3AxWDhnYzdJRnpNTjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yOGE4ZjMtODg5ZS00NTQ5LWE0NGUtY2UyMjUxODdmYzM4
LzEvd2JCUUlSSVowWTZaYmdoc3RfWXdrWGlBU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBWWyAAwQA
WWyaAwQCWWywAwQA1GX5MA0GCSqGSIb3DQEBCwUAA4IBAQAkM8M7m9Ge3zGQsgay
+M/nJgDrc6xkfgc+NuBzDwDPdy7zRdLV3ZLaPtRBlPEIOFvSdlbaQvXERUcfn2PS
ppJmn130AUpsZ8feSog2AJ7vdtS4hdIlrK99qT61RAPNQdKznrSUqwrlVYTsxpe2
4t5nR6JM6jpcWnej+TLF+/PJcYzZXCeoYRIbCOiDzBrdD4yDrMMh8C64Bco7SMow
DSfSzvnWAlN3gBikufF+xaeHKMHBwQ9iMKw+aqQ1AgFgccTq6Ag23/VmYfOqSLr+
zD+B7lPawHjb9OIJk0SA9X0bLpwRTfhvHUx3uga9B4ozeiZOkWqUyqD1L//myRYM
tydy
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:58:43 2024 by rpki-client on console-ams.rpki-client.org