Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/bcdecd-6689-4cd8-a109-20de6972609b/1/ia-zfmhZEg-xMDw_lrLKENQc-qQ.roa
File: ia-zfmhZEg-xMDw_lrLKENQc-qQ.roa (raw, json)
Hash identifier: MIufwqkDphz7VtQ1Fb/Z97WttZNQIvtROO3ik+c8vyM=
Subject key identifier: 89:AF:B3:7E:68:59:12:0F:B1:30:3C:3F:96:B2:CA:10:D4:1C:FA:A4
Certificate issuer: /CN=19001d557a0698dad77c4b3eddf2a7d36b72ab00
Certificate serial: 018E377D87075C8570104578E5713BD0C2F8
Authority key identifier: 19:00:1D:55:7A:06:98:DA:D7:7C:4B:3E:DD:F2:A7:D3:6B:72:AB:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GQAdVXoGmNrXfEs-3fKn02tyqwA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/bcdecd-6689-4cd8-a109-20de6972609b/1/ia-zfmhZEg-xMDw_lrLKENQc-qQ.roa
Signing time: Wed 13 Mar 2024 11:05:57 +0000
ROA not before: Wed 13 Mar 2024 11:05:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47110
IP address blocks: 77.223.216.0/21 maxlen: 21
92.62.124.0/22 maxlen: 22
185.10.84.0/22 maxlen: 22
212.6.38.0/24 maxlen: 24
2a03:5e40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/bcdecd-6689-4cd8-a109-20de6972609b/1/GQAdVXoGmNrXfEs-3fKn02tyqwA.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/bcdecd-6689-4cd8-a109-20de6972609b/1/GQAdVXoGmNrXfEs-3fKn02tyqwA.mft
rsync://rpki.ripe.net/repository/DEFAULT/GQAdVXoGmNrXfEs-3fKn02tyqwA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 17:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:37:7d:87:07:5c:85:70:10:45:78:e5:71:3b:d0:c2:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19001d557a0698dad77c4b3eddf2a7d36b72ab00
Validity
Not Before: Mar 13 11:05:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=89afb37e6859120fb1303c3f96b2ca10d41cfaa4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:b9:0c:e3:69:cf:04:2c:53:2b:c7:eb:25:c4:
38:ad:28:f5:2b:10:38:7c:26:ac:7d:81:33:01:96:
33:84:82:fe:6c:7b:27:b2:ba:55:d4:b9:6c:2a:23:
5f:cf:1b:2d:7b:73:b1:63:b1:90:9b:ff:f9:9e:1b:
eb:5b:6c:cd:db:15:9b:8d:c0:9b:f9:1b:76:1b:51:
2e:3a:e8:f6:01:a1:f4:b7:67:db:f7:e8:72:8b:ea:
a8:cc:b7:e4:68:d3:b9:18:29:e1:73:76:12:d6:e2:
5b:00:b3:c8:a5:0e:c2:b2:bf:7f:bd:7a:c6:b7:69:
0d:88:d2:f2:bf:36:ec:63:16:b0:09:bc:4f:ae:f0:
93:42:e5:20:a7:43:be:fa:b0:b9:74:42:dd:28:89:
72:b1:2c:ed:37:d2:b1:0c:8c:2d:8c:a3:d5:7f:da:
6a:6f:4d:e0:18:15:5f:fe:bb:79:92:3e:d7:ed:e8:
9a:49:0f:c0:85:72:da:95:dd:ce:4f:44:87:45:2e:
76:fc:03:48:c9:57:fe:a1:00:f8:2c:6e:6c:d0:51:
32:58:3c:ea:a5:40:9e:b5:f9:a5:20:f3:67:67:be:
89:d4:c0:30:8a:2a:28:7a:ad:31:f7:e7:ef:1f:fe:
0b:48:10:77:0e:4f:ce:7d:fe:db:26:f7:ac:69:97:
27:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:AF:B3:7E:68:59:12:0F:B1:30:3C:3F:96:B2:CA:10:D4:1C:FA:A4
X509v3 Authority Key Identifier:
keyid:19:00:1D:55:7A:06:98:DA:D7:7C:4B:3E:DD:F2:A7:D3:6B:72:AB:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GQAdVXoGmNrXfEs-3fKn02tyqwA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/bcdecd-6689-4cd8-a109-20de6972609b/1/ia-zfmhZEg-xMDw_lrLKENQc-qQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/bcdecd-6689-4cd8-a109-20de6972609b/1/GQAdVXoGmNrXfEs-3fKn02tyqwA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.223.216.0/21
92.62.124.0/22
185.10.84.0/22
212.6.38.0/24
IPv6:
2a03:5e40::/32
Signature Algorithm: sha256WithRSAEncryption
48:e2:e3:6f:b1:ea:54:8c:08:69:e0:e9:f6:fb:e0:6e:7a:99:
b8:ae:9a:75:28:e9:4f:eb:40:3c:5b:46:16:40:ee:2e:f1:6e:
2c:dc:1b:16:bc:fc:96:c3:94:25:83:27:29:3c:72:29:d8:89:
79:4b:58:4a:c8:1f:0c:aa:7f:74:ec:32:69:9f:d5:a6:40:b5:
6b:a8:95:5f:0a:47:78:52:a7:df:ec:ce:92:d5:8b:4f:45:5e:
08:fe:3d:f5:5d:0e:25:02:2b:cb:26:74:6a:12:74:9b:cf:6e:
aa:8f:68:a2:35:dc:18:44:ef:5e:21:c7:36:39:b9:98:eb:35:
03:cf:d8:15:6f:38:ce:f2:51:ce:ce:17:56:1a:44:76:e9:11:
2f:db:69:b9:95:9e:f7:d4:5a:48:40:f6:55:1e:27:62:57:65:
ad:7f:1b:04:07:24:a6:39:40:01:6a:e2:86:6d:33:99:8a:df:
a7:ce:57:33:eb:ae:d0:9c:93:1a:e3:fb:3e:3d:3f:17:4d:d0:
3b:9c:c3:20:ba:36:ac:2b:8c:2d:3e:b2:58:d2:bf:37:36:b3:
0b:b8:5e:25:c2:89:f2:27:18:9c:bd:d6:e6:8f:6e:17:6c:a7:
a0:20:f7:48:ad:12:7e:77:4c:74:be:a9:ff:3e:b9:77:37:e5:
c8:fb:06:e6
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY43fYcHXIVwEEV45XE70ML4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MDAxZDU1N2EwNjk4ZGFkNzdjNGIzZWRkZjJhN2QzNmI3
MmFiMDAwHhcNMjQwMzEzMTEwNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFmYjM3ZTY4NTkxMjBmYjEzMDNjM2Y5NmIyY2ExMGQ0MWNmYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLkM42nPBCxTK8frJcQ4rSj1KxA4
fCasfYEzAZYzhIL+bHsnsrpV1LlsKiNfzxste3OxY7GQm//5nhvrW2zN2xWbjcCb
+Rt2G1EuOuj2AaH0t2fb9+hyi+qozLfkaNO5GCnhc3YS1uJbALPIpQ7Csr9/vXrG
t2kNiNLyvzbsYxawCbxPrvCTQuUgp0O++rC5dELdKIlysSztN9KxDIwtjKPVf9pq
b03gGBVf/rt5kj7X7eiaSQ/AhXLald3OT0SHRS52/ANIyVf+oQD4LG5s0FEyWDzq
pUCetfmlIPNnZ76J1MAwiiooeq0x9+fvH/4LSBB3Dk/Off7bJvesaZcnTQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFImvs35oWRIPsTA8P5ayyhDUHPqkMB8GA1UdIwQY
MBaAFBkAHVV6Bpja13xLPt3yp9NrcqsAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1FBZFZYb0dtTnJYZkVzLTNmS24wMnR5cXdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iY2RlY2QtNjY4OS00Y2Q4LWExMDkt
MjBkZTY5NzI2MDliLzEvaWEtemZtaFpFZy14TUR3X2xyTEtFTlFjLXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iY2RlY2QtNjY4OS00Y2Q4LWExMDktMjBkZTY5NzI2MDli
LzEvR1FBZFZYb0dtTnJYZkVzLTNmS24wMnR5cXdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDTd/YAwQC
XD58AwQCuQpUAwQA1AYmMA0EAgACMAcDBQAqA15AMA0GCSqGSIb3DQEBCwUAA4IB
AQBI4uNvsepUjAhp4On2++Buepm4rpp1KOlP60A8W0YWQO4u8W4s3BsWvPyWw5Ql
gycpPHIp2Il5S1hKyB8Mqn907DJpn9WmQLVrqJVfCkd4Uqff7M6S1YtPRV4I/j31
XQ4lAivLJnRqEnSbz26qj2iiNdwYRO9eIcc2ObmY6zUDz9gVbzjO8lHOzhdWGkR2
6REv22m5lZ731FpIQPZVHidiV2WtfxsEBySmOUABauKGbTOZit+nzlcz667QnJMa
4/s+PT8XTdA7nMMgujasK4wtPrJY0r83NrMLuF4lwonyJxicvdbmj24XbKegIPdI
rRJ+d0x0vqn/Prl3N+XI+wbm
-----END CERTIFICATE-----
Generated at Sat Jun 1 21:31:28 2024 by rpki-client on console-ams.rpki-client.org