Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/jqnOJPgKOpczUi6zLmGKMNIaG2o.roa
File: jqnOJPgKOpczUi6zLmGKMNIaG2o.roa (raw, json)
Hash identifier: PfSylvrE/G+8esTZv3bYsZtNPFvLexSQEfbJphKCU5s=
Subject key identifier: 8E:A9:CE:24:F8:0A:3A:97:33:52:2E:B3:2E:61:8A:30:D2:1A:1B:6A
Certificate issuer: /CN=1ea0a9eb47d824b51f154442481a257168394551
Certificate serial: 018CCA2B948047EE03550A7033A20F84F3FB
Authority key identifier: 1E:A0:A9:EB:47:D8:24:B5:1F:15:44:42:48:1A:25:71:68:39:45:51
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/jqnOJPgKOpczUi6zLmGKMNIaG2o.roa
Signing time: Tue 02 Jan 2024 12:35:02 +0000
ROA not before: Tue 02 Jan 2024 12:35:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41044
IP address blocks: 217.113.192.0/20 maxlen: 20
194.24.228.0/23 maxlen: 23
194.24.228.0/24 maxlen: 24
194.24.229.0/24 maxlen: 24
217.113.204.0/24 maxlen: 24
217.113.205.0/24 maxlen: 24
217.113.206.0/24 maxlen: 24
217.113.207.0/24 maxlen: 24
2a11:fac0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.crl
rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.mft
rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 23:00:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2b:94:80:47:ee:03:55:0a:70:33:a2:0f:84:f3:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ea0a9eb47d824b51f154442481a257168394551
Validity
Not Before: Jan 2 12:35:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8ea9ce24f80a3a9733522eb32e618a30d21a1b6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:da:40:61:db:d2:dd:b1:cc:c6:e0:27:d2:9c:
77:5c:32:07:e3:21:80:50:3b:7b:cd:ce:0a:2b:36:
93:d2:cd:42:ed:f0:7a:27:7a:bb:d0:9e:4d:f5:3d:
cf:bd:ed:97:c2:7a:90:58:5a:21:ec:5d:83:e7:ee:
e3:98:6a:f9:dc:3b:98:35:f3:99:72:ae:62:93:5b:
7b:b9:0a:c4:5f:7f:e9:b1:76:a4:af:fa:14:35:2e:
7c:e2:8b:92:2e:29:ab:b5:ef:cb:eb:e8:8a:dd:f3:
22:07:6e:71:74:31:33:3b:0e:f9:32:61:2a:19:bd:
3f:09:7a:5b:87:53:65:1b:93:e7:0b:14:ab:44:73:
68:ba:04:7e:d7:e9:b2:97:18:57:e0:66:d9:50:72:
7e:58:cf:69:ba:b7:9b:90:98:92:d0:a1:25:75:53:
9b:59:91:39:a9:16:3c:ba:83:dc:8f:f4:d5:2d:fa:
33:c0:e9:0f:cb:ca:c2:c2:8c:97:92:75:eb:89:fc:
5d:44:7c:a4:55:34:6c:3e:1e:68:b5:91:ae:57:1b:
76:5c:77:a7:66:0d:89:90:c4:8a:93:bb:dd:60:0d:
b8:b7:ea:97:43:08:19:71:36:62:81:78:5c:80:6c:
97:93:07:4b:18:88:e6:a0:b0:4c:9d:e4:bf:a4:68:
3d:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:A9:CE:24:F8:0A:3A:97:33:52:2E:B3:2E:61:8A:30:D2:1A:1B:6A
X509v3 Authority Key Identifier:
keyid:1E:A0:A9:EB:47:D8:24:B5:1F:15:44:42:48:1A:25:71:68:39:45:51
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/jqnOJPgKOpczUi6zLmGKMNIaG2o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.24.228.0/23
217.113.192.0/20
IPv6:
2a11:fac0::/29
Signature Algorithm: sha256WithRSAEncryption
4c:bb:06:4b:b8:64:53:03:01:6f:f8:1d:4e:b0:f5:17:4c:f7:
3b:a1:4a:6e:13:bf:68:19:cb:40:20:b8:26:fb:fa:c2:09:dd:
a3:f4:17:8f:0a:f0:c3:25:57:22:71:c9:90:a5:88:7e:f3:30:
36:b4:46:e5:56:6f:cc:02:12:e2:da:27:6f:f9:67:0e:a2:5e:
99:4b:c3:3e:e7:38:63:b7:66:f7:76:a1:d0:22:a1:b5:3e:75:
96:1b:68:e5:b2:72:c2:0a:fd:0d:d9:60:e9:b0:ca:4d:1b:83:
d7:3b:a3:8e:0b:ed:51:2a:8b:58:d2:76:fe:44:a3:ca:8b:a4:
44:9d:8b:94:87:de:88:bd:07:c4:57:34:73:0a:8c:a3:6e:ad:
b7:77:d0:7d:e2:f0:62:74:a5:b0:cd:eb:31:20:e4:ce:7d:6d:
91:fa:78:2d:00:3d:90:0b:fb:0a:fc:46:8c:be:83:5b:59:22:
a1:e6:8c:dd:ab:00:aa:f2:c5:1e:19:cc:86:29:d8:11:f4:76:
54:71:26:12:e3:69:d0:e7:0f:80:8b:6f:21:28:1a:03:85:0d:
81:87:fa:ce:d1:2e:bf:8b:19:ef:a9:67:b7:44:e1:31:f7:42:
9b:8f:6e:05:82:cd:e0:e7:b7:20:52:3c:09:4e:96:3a:d1:a1:
cf:e8:7d:ad
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKK5SAR+4DVQpwM6IPhPP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYTBhOWViNDdkODI0YjUxZjE1NDQ0MjQ4MWEyNTcxNjgz
OTQ1NTEwHhcNMjQwMTAyMTIzNTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWE5Y2UyNGY4MGEzYTk3MzM1MjJlYjMyZTYxOGEzMGQyMWExYjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9pAYdvS3bHMxuAn0px3XDIH4yGA
UDt7zc4KKzaT0s1C7fB6J3q70J5N9T3Pve2XwnqQWFoh7F2D5+7jmGr53DuYNfOZ
cq5ik1t7uQrEX3/psXakr/oUNS584ouSLimrte/L6+iK3fMiB25xdDEzOw75MmEq
Gb0/CXpbh1NlG5PnCxSrRHNougR+1+mylxhX4GbZUHJ+WM9purebkJiS0KEldVOb
WZE5qRY8uoPcj/TVLfozwOkPy8rCwoyXknXrifxdRHykVTRsPh5otZGuVxt2XHen
Zg2JkMSKk7vdYA24t+qXQwgZcTZigXhcgGyXkwdLGIjmoLBMneS/pGg9jQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI6pziT4CjqXM1Iusy5hijDSGhtqMB8GA1UdIwQY
MBaAFB6gqetH2CS1HxVEQkgaJXFoOUVRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHFDcDYwZllKTFVmRlVSQ1NCb2xjV2c1UlZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8zMDMzYzYtY2NlOC00NTBkLWEwYzkt
ODQxOGE5NmY2Nzk1LzEvanFuT0pQZ0tPcGN6VWk2ekxtR0tNTklhRzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8zMDMzYzYtY2NlOC00NTBkLWEwYzktODQxOGE5NmY2Nzk1
LzEvSHFDcDYwZllKTFVmRlVSQ1NCb2xjV2c1UlZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwhjkAwQE
2XHAMA0EAgACMAcDBQMqEfrAMA0GCSqGSIb3DQEBCwUAA4IBAQBMuwZLuGRTAwFv
+B1OsPUXTPc7oUpuE79oGctAILgm+/rCCd2j9BePCvDDJVciccmQpYh+8zA2tEbl
Vm/MAhLi2idv+WcOol6ZS8M+5zhjt2b3dqHQIqG1PnWWG2jlsnLCCv0N2WDpsMpN
G4PXO6OOC+1RKotY0nb+RKPKi6REnYuUh96IvQfEVzRzCoyjbq23d9B94vBidKWw
zesxIOTOfW2R+ngtAD2QC/sK/EaMvoNbWSKh5ozdqwCq8sUeGcyGKdgR9HZUcSYS
42nQ5w+Ai28hKBoDhQ2Bh/rO0S6/ixnvqWe3ROEx90Kbj24Fgs3g57cgUjwJTpY6
0aHP6H2t
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:15:58 2024 by rpki-client on console-fra.rpki-client.org