Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/Ex7B9hiW8BnbSFZH5APXsSakMD4.roa
File: Ex7B9hiW8BnbSFZH5APXsSakMD4.roa (raw, json)
Hash identifier: HBgcb97DFbAViLdaI38mtf5rWpuRME1BSw2VT9ev9g0=
Subject key identifier: 13:1E:C1:F6:18:96:F0:19:DB:48:56:47:E4:03:D7:B1:26:A4:30:3E
Certificate issuer: /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial: 019343717923DFD54D98B4A9E2B958009BBB
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/Ex7B9hiW8BnbSFZH5APXsSakMD4.roa
Signing time: Tue 19 Nov 2024 08:02:10 +0000
ROA not before: Tue 19 Nov 2024 08:02:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205020
IP address blocks: 5.11.28.0/22 maxlen: 22
5.11.28.0/23 maxlen: 23
5.11.28.0/24 maxlen: 24
5.11.29.0/24 maxlen: 24
5.11.30.0/23 maxlen: 23
5.11.30.0/24 maxlen: 24
80.251.0.0/20 maxlen: 20
85.31.64.0/19 maxlen: 19
85.31.75.0/24 maxlen: 24
85.31.94.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.mft
rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 07:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:43:71:79:23:df:d5:4d:98:b4:a9:e2:b9:58:00:9b:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
Validity
Not Before: Nov 19 08:02:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=131ec1f61896f019db485647e403d7b126a4303e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:51:c2:65:e2:6e:cb:aa:40:16:9b:25:4d:58:
1e:5b:84:fc:5a:95:d6:d2:c1:5b:cc:27:62:95:fb:
10:49:60:94:ee:71:8e:f2:bb:bf:19:8d:16:17:ac:
95:ee:5a:32:39:1a:ef:62:e1:fa:f8:6b:a1:92:cc:
33:20:75:6d:f0:07:49:f9:61:8e:6d:75:35:39:34:
f9:63:d7:e0:a5:0d:90:e0:6f:d9:4e:07:34:4b:72:
04:3e:73:89:c6:d6:85:f2:a7:85:53:39:ef:17:8c:
0d:d8:65:df:3b:2c:bf:4b:3c:cb:a6:26:07:31:a2:
ba:9c:5a:8c:e4:04:f1:be:d0:4e:d9:5b:2e:80:e1:
b2:98:8a:09:61:0b:9a:89:aa:8b:d2:83:b7:3c:98:
32:1e:9e:31:96:a7:13:a8:91:fa:27:bd:10:91:83:
56:61:68:53:de:96:d5:2e:94:70:4a:c7:f6:a0:90:
ac:da:b5:d6:46:f5:d1:d0:2d:ae:81:59:04:9c:ef:
c6:23:ff:88:94:45:0c:69:2c:5c:e3:52:70:61:43:
7f:7f:0c:40:33:97:48:7b:f2:f2:bd:15:02:11:51:
d5:68:e8:de:aa:0a:89:d4:92:6a:bb:53:8f:d5:5c:
74:2b:3c:4f:d2:a8:2a:0e:8b:cc:f3:72:1e:e8:77:
ee:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:1E:C1:F6:18:96:F0:19:DB:48:56:47:E4:03:D7:B1:26:A4:30:3E
X509v3 Authority Key Identifier:
keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/Ex7B9hiW8BnbSFZH5APXsSakMD4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.11.28.0/22
80.251.0.0/20
85.31.64.0/19
Signature Algorithm: sha256WithRSAEncryption
04:31:4d:67:c6:9b:76:59:4a:dc:47:d8:fe:1f:cc:2c:b0:89:
24:e4:7a:34:66:53:3a:90:a6:3f:7f:65:93:f0:a4:12:11:db:
85:ad:2e:56:53:5e:b6:3b:25:86:49:18:af:00:17:72:db:b7:
a4:91:d6:0e:e5:76:12:00:28:4c:5e:a2:c3:23:d4:3f:6e:07:
eb:40:09:8b:7c:3b:18:20:fa:b2:ce:fc:69:7f:cb:d6:37:10:
6b:4c:d6:ed:7c:44:6e:fb:27:0f:d6:70:60:bd:08:e1:45:d6:
d8:77:fe:9b:06:cd:c0:22:1d:c0:61:70:50:6f:3a:fa:b7:93:
ed:6d:bc:c6:9a:8e:4d:75:39:a4:30:a8:27:7a:c5:92:ce:04:
cd:df:2d:da:19:d4:45:f2:fe:41:3b:9b:8b:f9:ba:15:be:1d:
99:a8:10:2a:70:3a:66:4b:98:53:df:9d:e1:21:9a:aa:e7:bc:
34:74:c7:6e:b2:a8:fa:3c:15:70:a3:19:ff:65:ec:b3:65:61:
6e:ec:ef:39:f1:d5:1b:33:34:9f:d1:64:af:6c:f7:52:f7:97:
c9:c8:d9:f6:de:54:0d:77:0e:49:4c:f9:5b:55:f4:cd:c6:20:
23:fc:a7:d6:44:2d:d3:93:fe:eb:40:a8:f7:97:e1:d3:9a:0f:
61:6a:dc:e6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZNDcXkj39VNmLSp4rlYAJu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjQxMTE5MDgwMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzFlYzFmNjE4OTZmMDE5ZGI0ODU2NDdlNDAzZDdiMTI2YTQzMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFHCZeJuy6pAFpslTVgeW4T8WpXW
0sFbzCdilfsQSWCU7nGO8ru/GY0WF6yV7loyORrvYuH6+GuhkswzIHVt8AdJ+WGO
bXU1OTT5Y9fgpQ2Q4G/ZTgc0S3IEPnOJxtaF8qeFUznvF4wN2GXfOyy/SzzLpiYH
MaK6nFqM5ATxvtBO2VsugOGymIoJYQuaiaqL0oO3PJgyHp4xlqcTqJH6J70QkYNW
YWhT3pbVLpRwSsf2oJCs2rXWRvXR0C2ugVkEnO/GI/+IlEUMaSxc41JwYUN/fwxA
M5dIe/LyvRUCEVHVaOjeqgqJ1JJqu1OP1Vx0KzxP0qgqDovM83Ie6HfuPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBMewfYYlvAZ20hWR+QD17EmpDA+MB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvRXg3QjloaVc4Qm5iU0ZaSDVBUFhzU2FrTUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBQscAwQE
UPsAAwQFVR9AMA0GCSqGSIb3DQEBCwUAA4IBAQAEMU1nxpt2WUrcR9j+H8wssIkk
5Ho0ZlM6kKY/f2WT8KQSEduFrS5WU162OyWGSRivABdy27ekkdYO5XYSAChMXqLD
I9Q/bgfrQAmLfDsYIPqyzvxpf8vWNxBrTNbtfERu+ycP1nBgvQjhRdbYd/6bBs3A
Ih3AYXBQbzr6t5PtbbzGmo5NdTmkMKgnesWSzgTN3y3aGdRF8v5BO5uL+boVvh2Z
qBAqcDpmS5hT353hIZqq57w0dMdusqj6PBVwoxn/ZeyzZWFu7O858dUbMzSf0WSv
bPdS95fJyNn23lQNdw5JTPlbVfTNxiAj/KfWRC3Tk/7rQKj3l+HTmg9hatzm
-----END CERTIFICATE-----
Generated at Tue Nov 26 15:53:06 2024 by rpki-client on console-fra.rpki-client.org