Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d26971-b7a8-4ede-8bb4-49bc43660c97/1/qSs97PpbfHX9UZXJBEMZizTdPVo.roa
File: qSs97PpbfHX9UZXJBEMZizTdPVo.roa (raw, json)
Hash identifier: dDoMQJfHQqQIN9qAraOLHETBqp0vWD6lY8oKlEHl9aw=
Subject key identifier: A9:2B:3D:EC:FA:5B:7C:75:FD:51:95:C9:04:43:19:8B:34:DD:3D:5A
Certificate issuer: /CN=be48cc35488bd9e6f312b20fc76a10272f0cdeda
Certificate serial: 0191E5102F2058CC4110A01F6230A24A8F57
Authority key identifier: BE:48:CC:35:48:8B:D9:E6:F3:12:B2:0F:C7:6A:10:27:2F:0C:DE:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vkjMNUiL2ebzErIPx2oQJy8M3to.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/d26971-b7a8-4ede-8bb4-49bc43660c97/1/qSs97PpbfHX9UZXJBEMZizTdPVo.roa
Signing time: Thu 12 Sep 2024 07:08:48 +0000
ROA not before: Thu 12 Sep 2024 07:08:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60522
IP address blocks: 86.111.152.0/21 maxlen: 32
134.255.192.0/22 maxlen: 32
185.29.216.0/22 maxlen: 32
185.205.124.0/22 maxlen: 32
195.192.216.0/21 maxlen: 32
217.61.192.0/20 maxlen: 32
2a00:ab60::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/d26971-b7a8-4ede-8bb4-49bc43660c97/1/vkjMNUiL2ebzErIPx2oQJy8M3to.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/d26971-b7a8-4ede-8bb4-49bc43660c97/1/vkjMNUiL2ebzErIPx2oQJy8M3to.mft
rsync://rpki.ripe.net/repository/DEFAULT/vkjMNUiL2ebzErIPx2oQJy8M3to.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e5:10:2f:20:58:cc:41:10:a0:1f:62:30:a2:4a:8f:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be48cc35488bd9e6f312b20fc76a10272f0cdeda
Validity
Not Before: Sep 12 07:08:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a92b3decfa5b7c75fd5195c90443198b34dd3d5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:14:4d:12:e1:db:12:84:6a:78:e5:7c:2f:35:
f7:75:38:a9:d9:65:34:0e:60:f9:0d:d3:32:04:e6:
8d:2c:13:f0:a1:9e:d3:fc:06:cf:97:09:5f:a7:37:
45:22:d3:43:74:a6:f5:10:af:89:2c:17:a3:4c:05:
64:74:6c:52:aa:8b:94:ca:ee:53:b0:a8:1f:a1:9e:
6f:32:ed:75:2f:76:bd:4b:9a:0f:ad:5c:e1:94:ff:
86:d5:6c:28:c9:b2:0f:da:82:8f:80:9c:d4:03:1c:
14:c2:5e:f3:c6:6b:ff:29:ed:0a:4a:17:91:ae:28:
eb:02:2d:35:49:dc:47:61:a7:70:ef:bc:32:5b:52:
59:f6:b8:c0:01:5c:8a:8f:80:2f:c0:6c:e2:be:a5:
18:23:37:65:6c:34:ee:2a:27:27:a6:54:6b:d9:25:
0a:af:9f:91:81:2b:b7:e6:88:a6:f4:54:f2:7d:c7:
d5:de:f7:da:20:09:ce:66:45:0e:81:ab:a1:5b:b4:
d1:ff:2f:bb:82:a0:9a:a9:d2:8b:c9:13:b0:5d:1d:
41:d8:de:08:6c:9c:ea:06:d3:d8:5e:0c:f0:e9:36:
82:89:0e:21:61:d3:a2:54:40:d2:40:ba:b0:4e:84:
13:d3:52:7e:e7:b3:97:b5:8f:8c:3d:58:aa:b0:2c:
b2:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:2B:3D:EC:FA:5B:7C:75:FD:51:95:C9:04:43:19:8B:34:DD:3D:5A
X509v3 Authority Key Identifier:
keyid:BE:48:CC:35:48:8B:D9:E6:F3:12:B2:0F:C7:6A:10:27:2F:0C:DE:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkjMNUiL2ebzErIPx2oQJy8M3to.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d26971-b7a8-4ede-8bb4-49bc43660c97/1/qSs97PpbfHX9UZXJBEMZizTdPVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d26971-b7a8-4ede-8bb4-49bc43660c97/1/vkjMNUiL2ebzErIPx2oQJy8M3to.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.111.152.0/21
134.255.192.0/22
185.29.216.0/22
185.205.124.0/22
195.192.216.0/21
217.61.192.0/20
IPv6:
2a00:ab60::/29
Signature Algorithm: sha256WithRSAEncryption
1d:f2:00:15:b7:9f:7a:bd:b1:36:6a:2b:d7:bc:f2:4b:66:17:
0c:09:8c:af:84:29:7d:d2:18:40:5d:c9:0b:f5:4a:d9:46:99:
db:74:d9:84:12:ab:5c:96:7d:50:70:09:39:68:02:d8:b9:cb:
d0:80:a0:ac:d1:e7:0b:fa:4f:01:cd:7a:de:6c:11:6a:6c:22:
36:30:a0:ad:96:c7:cd:f1:df:db:ae:f4:42:9a:d5:78:c8:3f:
6f:37:7f:91:4a:5a:f5:21:be:04:18:48:13:1f:a1:05:fc:fa:
f6:d6:3d:41:7d:8f:d4:06:45:90:a4:d9:a6:04:ef:e8:35:b5:
58:b8:54:69:15:b8:94:5e:a8:f5:ea:a4:1e:84:07:e5:c3:26:
1c:08:e7:01:a8:b6:8a:a3:2f:c0:28:99:19:c4:57:e0:fb:4b:
8f:36:0d:be:a6:ef:95:34:ce:77:68:0d:45:15:fa:fd:fc:a4:
f4:33:9d:fb:90:f7:5a:0c:ce:6d:a3:73:e5:18:b3:b7:c3:d7:
8a:e4:6d:ec:34:74:36:95:6d:bf:43:60:3c:d3:75:25:a6:16:
23:ac:4b:93:63:9d:06:6f:a1:01:f0:29:e0:8d:4d:e8:fa:80:
f1:5d:83:d8:3e:c2:33:61:c9:3e:8e:3f:16:e2:8e:4e:a0:61:
17:4a:6a:bb
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZHlEC8gWMxBEKAfYjCiSo9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDhjYzM1NDg4YmQ5ZTZmMzEyYjIwZmM3NmExMDI3MmYw
Y2RlZGEwHhcNMjQwOTEyMDcwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTJiM2RlY2ZhNWI3Yzc1ZmQ1MTk1YzkwNDQzMTk4YjM0ZGQzZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohRNEuHbEoRqeOV8LzX3dTip2WU0
DmD5DdMyBOaNLBPwoZ7T/AbPlwlfpzdFItNDdKb1EK+JLBejTAVkdGxSqouUyu5T
sKgfoZ5vMu11L3a9S5oPrVzhlP+G1WwoybIP2oKPgJzUAxwUwl7zxmv/Ke0KSheR
rijrAi01SdxHYadw77wyW1JZ9rjAAVyKj4AvwGzivqUYIzdlbDTuKicnplRr2SUK
r5+RgSu35oim9FTyfcfV3vfaIAnOZkUOgauhW7TR/y+7gqCaqdKLyROwXR1B2N4I
bJzqBtPYXgzw6TaCiQ4hYdOiVEDSQLqwToQT01J+57OXtY+MPViqsCyy9QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKkrPez6W3x1/VGVyQRDGYs03T1aMB8GA1UdIwQY
MBaAFL5IzDVIi9nm8xKyD8dqECcvDN7aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtqTU5VaUwyZWJ6RXJJUHgyb1FKeThNM3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kMjY5NzEtYjdhOC00ZWRlLThiYjQt
NDliYzQzNjYwYzk3LzEvcVNzOTdQcGJmSFg5VVpYSkJFTVppelRkUFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kMjY5NzEtYjdhOC00ZWRlLThiYjQtNDliYzQzNjYwYzk3
LzEvdmtqTU5VaUwyZWJ6RXJJUHgyb1FKeThNM3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDVm+YAwQC
hv/AAwQCuR3YAwQCuc18AwQDw8DYAwQE2T3AMA0EAgACMAcDBQMqAKtgMA0GCSqG
SIb3DQEBCwUAA4IBAQAd8gAVt596vbE2aivXvPJLZhcMCYyvhCl90hhAXckL9UrZ
RpnbdNmEEqtcln1QcAk5aALYucvQgKCs0ecL+k8BzXrebBFqbCI2MKCtlsfN8d/b
rvRCmtV4yD9vN3+RSlr1Ib4EGEgTH6EF/Pr21j1BfY/UBkWQpNmmBO/oNbVYuFRp
FbiUXqj16qQehAflwyYcCOcBqLaKoy/AKJkZxFfg+0uPNg2+pu+VNM53aA1FFfr9
/KT0M537kPdaDM5to3PlGLO3w9eK5G3sNHQ2lW2/Q2A803UlphYjrEuTY50Gb6EB
8CngjU3o+oDxXYPYPsIzYck+jj8W4o5OoGEXSmq7
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:08:20 2024 by rpki-client on console-ams.rpki-client.org