Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/fxZptTwIxhCZNGnFpkwbRjVxYjs.roa
File: fxZptTwIxhCZNGnFpkwbRjVxYjs.roa (raw, json)
Hash identifier: Eh/ykMYQRw5ZTlQ8l3nlrPGEMWROReOdcaH3Cdk/0GA=
Subject key identifier: 7F:16:69:B5:3C:08:C6:10:99:34:69:C5:A6:4C:1B:46:35:71:62:3B
Certificate issuer: /CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Certificate serial: 018DAC5EA81C1237042511D1D583CC07D493
Authority key identifier: 25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/fxZptTwIxhCZNGnFpkwbRjVxYjs.roa
Signing time: Thu 15 Feb 2024 10:45:01 +0000
ROA not before: Thu 15 Feb 2024 10:45:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208118
IP address blocks: 152.89.65.0/24 maxlen: 24
152.89.66.0/24 maxlen: 24
152.89.67.0/24 maxlen: 24
2a09:2e40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/JVf6lW8PU5gNecMs4ebpPv1Ij9c.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/JVf6lW8PU5gNecMs4ebpPv1Ij9c.mft
rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 01:02:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ac:5e:a8:1c:12:37:04:25:11:d1:d5:83:cc:07:d4:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Validity
Not Before: Feb 15 10:45:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7f1669b53c08c610993469c5a64c1b463571623b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:cf:81:55:89:55:97:d3:f0:3e:4e:58:9a:ee:
8e:7c:8b:8a:98:6f:24:63:82:0b:f4:62:b5:bd:54:
0c:4d:48:e2:e2:40:75:6c:19:38:2f:8f:f9:59:13:
10:04:28:89:34:63:98:32:21:b2:fc:f2:e1:76:3b:
81:a2:ae:85:05:55:e3:e9:f3:c0:e2:d0:1a:c3:7e:
79:4f:2b:7d:1f:0e:89:fc:97:1f:fa:5c:97:6e:69:
69:83:9c:ea:07:fa:e8:ec:78:78:77:d5:da:2d:60:
0a:b2:42:8b:a5:6d:b7:a2:e7:4e:18:7c:7c:8e:ee:
03:5f:32:52:dd:fc:bf:f0:bb:4d:40:51:bb:78:f4:
12:25:08:a5:53:63:4a:74:a3:2e:bc:45:7a:03:d9:
09:1f:54:c2:51:62:a6:78:eb:da:4b:c3:74:8b:db:
ac:56:46:f6:de:bb:18:71:f8:91:27:99:15:b4:c8:
97:41:d4:85:ac:97:41:ed:09:93:7c:9f:72:d0:66:
63:e7:fa:d9:a9:d1:ca:dd:ff:04:09:3a:18:64:88:
b4:e7:a6:6d:7d:df:db:11:65:12:87:58:c5:a1:54:
22:a3:7d:11:54:b2:13:df:23:eb:b2:df:94:a0:0f:
ed:87:f6:7a:ab:64:f6:79:f0:7e:27:c2:ae:8a:58:
16:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:16:69:B5:3C:08:C6:10:99:34:69:C5:A6:4C:1B:46:35:71:62:3B
X509v3 Authority Key Identifier:
keyid:25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/fxZptTwIxhCZNGnFpkwbRjVxYjs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/JVf6lW8PU5gNecMs4ebpPv1Ij9c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.65.0-152.89.67.255
IPv6:
2a09:2e40::/29
Signature Algorithm: sha256WithRSAEncryption
64:c6:03:6f:76:20:1a:db:6f:65:d7:8c:1f:43:bf:c4:d1:9c:
90:fc:1c:26:af:43:09:35:cb:14:e0:2c:09:b3:48:a4:22:97:
68:cd:02:c9:a8:8f:5d:5a:04:25:86:8e:de:48:4a:31:fe:b2:
9d:6b:a8:82:88:74:ed:62:61:fd:a7:01:54:e4:9d:9d:0a:bd:
df:23:67:3f:fc:72:26:6d:77:ef:b7:3f:4a:59:5a:e3:cd:48:
d0:98:d5:88:87:ba:2b:b5:e3:1c:58:6a:33:8b:90:2f:9f:33:
28:c8:2d:66:b8:db:67:d0:22:4d:53:e8:3f:ed:e0:45:84:ba:
9a:53:29:ef:67:37:1c:70:ac:96:d8:db:5b:b3:cf:83:1f:64:
7d:26:6d:cf:20:6f:82:17:42:37:42:fd:2b:8c:b7:4b:7d:15:
c8:b7:ae:d4:c1:ea:fd:ca:f1:55:6f:9b:1f:e5:0e:7c:f5:bb:
c6:ce:c3:05:bf:35:20:ef:46:e5:e9:8a:0f:ea:fe:1c:97:ef:
4d:8b:74:55:b7:03:4e:e4:01:88:e8:03:84:40:9c:f0:88:aa:
bb:f2:de:8a:c1:1f:a5:2d:bb:ce:9f:e9:fd:27:8c:12:59:62:
14:cf:73:23:37:9a:cd:73:3e:e0:b4:e6:ba:07:d2:cd:34:b9:
9c:5d:d6:bc
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY2sXqgcEjcEJRHR1YPMB9STMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTdmYTk1NmYwZjUzOTgwZDc5YzMyY2UxZTZlOTNlZmQ0
ODhmZDcwHhcNMjQwMjE1MTA0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjE2NjliNTNjMDhjNjEwOTkzNDY5YzVhNjRjMWI0NjM1NzE2MjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM+BVYlVl9PwPk5Ymu6OfIuKmG8k
Y4IL9GK1vVQMTUji4kB1bBk4L4/5WRMQBCiJNGOYMiGy/PLhdjuBoq6FBVXj6fPA
4tAaw355Tyt9Hw6J/Jcf+lyXbmlpg5zqB/ro7Hh4d9XaLWAKskKLpW23oudOGHx8
ju4DXzJS3fy/8LtNQFG7ePQSJQilU2NKdKMuvEV6A9kJH1TCUWKmeOvaS8N0i9us
Vkb23rsYcfiRJ5kVtMiXQdSFrJdB7QmTfJ9y0GZj5/rZqdHK3f8ECToYZIi056Zt
fd/bEWUSh1jFoVQio30RVLIT3yPrst+UoA/th/Z6q2T2efB+J8KuilgWRwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFH8WabU8CMYQmTRpxaZMG0Y1cWI7MB8GA1UdIwQY
MBaAFCVX+pVvD1OYDXnDLOHm6T79SI/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAt
NmQ3MTYzNDQyMjQ0LzEvZnhacHRUd0l4aENaTkduRnBrd2JSalZ4WWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAtNmQ3MTYzNDQyMjQ0
LzEvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBACYWUED
BAKYWUAwDQQCAAIwBwMFAyoJLkAwDQYJKoZIhvcNAQELBQADggEBAGTGA292IBrb
b2XXjB9Dv8TRnJD8HCavQwk1yxTgLAmzSKQil2jNAsmoj11aBCWGjt5ISjH+sp1r
qIKIdO1iYf2nAVTknZ0Kvd8jZz/8ciZtd++3P0pZWuPNSNCY1YiHuiu14xxYajOL
kC+fMyjILWa422fQIk1T6D/t4EWEuppTKe9nNxxwrJbY21uzz4MfZH0mbc8gb4IX
QjdC/SuMt0t9Fci3rtTB6v3K8VVvmx/lDnz1u8bOwwW/NSDvRuXpig/q/hyX702L
dFW3A07kAYjoA4RAnPCIqrvy3orBH6Utu86f6f0njBJZYhTPcyM3ms1zPuC05roH
0s00uZxd1rw=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:57:54 2024 by rpki-client on console-ams.rpki-client.org