Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/8qnM6oDScuKa0yJY76jSR9KGkvE.roa
File: 8qnM6oDScuKa0yJY76jSR9KGkvE.roa (raw, json)
Hash identifier: UTebyup8PDSG0pqHpKEj6wfRKf7jOH1g1s2tuIMdRWA=
Subject key identifier: F2:A9:CC:EA:80:D2:72:E2:9A:D3:22:58:EF:A8:D2:47:D2:86:92:F1
Certificate issuer: /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial: 018CC9BCAC807A87CEEA9F2D6EF29E31BCD5
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/8qnM6oDScuKa0yJY76jSR9KGkvE.roa
Signing time: Tue 02 Jan 2024 10:33:54 +0000
ROA not before: Tue 02 Jan 2024 10:33:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5537
IP address blocks: 89.111.128.0/18 maxlen: 18
89.111.144.0/20 maxlen: 20
89.111.148.0/24 maxlen: 24
89.111.160.0/20 maxlen: 20
89.111.177.0/24 maxlen: 24
89.111.176.0/20 maxlen: 24
2a01:d8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 23:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:ac:80:7a:87:ce:ea:9f:2d:6e:f2:9e:31:bc:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Validity
Not Before: Jan 2 10:33:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f2a9ccea80d272e29ad32258efa8d247d28692f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:45:87:dc:2d:1c:61:72:d9:7f:ca:10:fe:ba:
79:9c:d9:f9:ef:0a:74:16:14:ee:97:a9:8e:db:28:
d1:9f:5c:13:f0:1b:05:a2:af:e6:eb:f2:8a:32:89:
00:6a:ab:31:5e:66:78:11:54:9a:83:6e:ae:27:97:
6a:d0:d9:59:9c:12:0d:61:e3:37:7c:8e:3a:ed:70:
16:e0:ba:d4:1c:4a:df:d9:c6:ad:53:c9:c9:08:67:
40:76:10:5d:92:49:e5:b2:b5:29:24:d1:d8:f9:60:
ae:58:54:4d:14:4a:0f:66:43:80:c3:85:66:41:48:
b2:ba:5f:e0:a7:94:22:52:1b:72:6c:e9:40:62:3a:
b0:f6:ad:84:8e:8f:f2:a8:48:10:b8:c8:7e:37:3f:
bc:b5:a0:f1:ef:36:04:6e:ad:51:0b:c7:3e:62:5e:
09:95:16:a9:7f:67:ab:cf:7e:c2:17:72:18:fd:40:
6b:7f:76:7c:58:46:ce:59:60:2d:1e:3a:7a:c5:6d:
29:75:04:95:be:c5:e2:c0:c4:bd:1c:4b:4c:14:be:
d5:aa:c2:bd:ef:a7:c3:20:34:33:80:29:9d:d9:56:
56:19:27:09:64:e1:48:83:8e:cc:4a:c9:6d:40:87:
44:5e:cc:93:e5:b1:1b:70:e9:3d:fb:38:d4:e5:30:
35:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:A9:CC:EA:80:D2:72:E2:9A:D3:22:58:EF:A8:D2:47:D2:86:92:F1
X509v3 Authority Key Identifier:
keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/8qnM6oDScuKa0yJY76jSR9KGkvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.111.128.0/18
IPv6:
2a01:d8::/32
Signature Algorithm: sha256WithRSAEncryption
0a:58:b3:0f:1c:a9:d7:bf:98:b3:39:40:e2:b2:de:3d:cc:f6:
65:c8:ae:f2:63:1b:d5:2c:cb:f9:1b:15:01:2f:f9:be:7b:a2:
64:11:ce:b5:4a:92:64:9a:5a:8c:b5:16:a6:c7:47:1b:a2:5e:
b2:7d:05:10:24:93:31:6d:34:8c:08:fa:3d:b7:fa:d5:71:e2:
8d:b2:31:d0:3f:39:a1:0c:87:f3:dd:f6:df:14:5b:e2:6f:36:
b3:20:2c:5b:f9:f5:a3:16:bf:a4:f1:b8:aa:67:c9:3c:04:e0:
27:2d:e3:3e:fd:dd:1e:11:5e:80:8c:8b:36:14:f0:1a:73:1f:
18:16:af:da:33:95:66:b8:9e:a3:af:80:d2:ad:3e:71:85:98:
42:a3:03:51:61:c3:38:ce:dd:5b:ef:4b:01:78:ab:83:8b:22:
db:6c:79:a5:c3:dd:3f:b9:7d:cf:67:af:d9:6c:26:67:6c:e4:
b8:20:b1:f4:3c:67:10:15:07:ef:a9:29:1e:85:36:f7:f2:fa:
7f:e4:5d:65:6f:d5:ec:30:e7:06:05:48:e8:79:94:d8:49:a3:
f8:82:d0:a9:c2:56:75:43:04:dd:ff:c6:4e:1e:df:40:66:be:
d7:47:c7:7e:7b:61:b1:10:d7:de:7c:5e:7e:a7:11:61:91:8c:
d8:4d:a9:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvKyAeofO6p8tbvKeMbzVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjQwMTAyMTAzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE5Y2NlYTgwZDI3MmUyOWFkMzIyNThlZmE4ZDI0N2QyODY5MmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0WH3C0cYXLZf8oQ/rp5nNn57wp0
FhTul6mO2yjRn1wT8BsFoq/m6/KKMokAaqsxXmZ4EVSag26uJ5dq0NlZnBINYeM3
fI467XAW4LrUHErf2catU8nJCGdAdhBdkknlsrUpJNHY+WCuWFRNFEoPZkOAw4Vm
QUiyul/gp5QiUhtybOlAYjqw9q2Ejo/yqEgQuMh+Nz+8taDx7zYEbq1RC8c+Yl4J
lRapf2erz37CF3IY/UBrf3Z8WEbOWWAtHjp6xW0pdQSVvsXiwMS9HEtMFL7VqsK9
76fDIDQzgCmd2VZWGScJZOFIg47MSsltQIdEXsyT5bEbcOk9+zjU5TA1GQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPKpzOqA0nLimtMiWO+o0kfShpLxMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvOHFuTTZvRFNjdUthMHlKWTc2alNSOUtHa3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGWW+AMA0E
AgACMAcDBQAqAQDYMA0GCSqGSIb3DQEBCwUAA4IBAQAKWLMPHKnXv5izOUDist49
zPZlyK7yYxvVLMv5GxUBL/m+e6JkEc61SpJkmlqMtRamx0cbol6yfQUQJJMxbTSM
CPo9t/rVceKNsjHQPzmhDIfz3fbfFFvibzazICxb+fWjFr+k8biqZ8k8BOAnLeM+
/d0eEV6AjIs2FPAacx8YFq/aM5VmuJ6jr4DSrT5xhZhCowNRYcM4zt1b70sBeKuD
iyLbbHmlw90/uX3PZ6/ZbCZnbOS4ILH0PGcQFQfvqSkehTb38vp/5F1lb9XsMOcG
BUjoeZTYSaP4gtCpwlZ1QwTd/8ZOHt9AZr7XR8d+e2GxENfefF5+pxFhkYzYTakH
-----END CERTIFICATE-----
Generated at Sat Jun 8 07:25:35 2024 by rpki-client on console-ams.rpki-client.org