Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/cd4798-b7b7-4b66-948a-bf71449d97dd/1/OtcPcCqDmenYm_uyanmxLxG6Z0k.roa
File: OtcPcCqDmenYm_uyanmxLxG6Z0k.roa (raw, json)
Hash identifier: mBY9l05MLND4EY3oVCvN89NcllMD9cJbNP6fd2piHUU=
Subject key identifier: 3A:D7:0F:70:2A:83:99:E9:D8:9B:FB:B2:6A:79:B1:2F:11:BA:67:49
Certificate issuer: /CN=5dcc2f7d790a8300a7dd3519e0fb887fa4de0260
Certificate serial: 018CC72767973E8ABD3A461BE3FBA9275679
Authority key identifier: 5D:CC:2F:7D:79:0A:83:00:A7:DD:35:19:E0:FB:88:7F:A4:DE:02:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XcwvfXkKgwCn3TUZ4PuIf6TeAmA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/cd4798-b7b7-4b66-948a-bf71449d97dd/1/OtcPcCqDmenYm_uyanmxLxG6Z0k.roa
Signing time: Mon 01 Jan 2024 22:31:37 +0000
ROA not before: Mon 01 Jan 2024 22:31:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 52052
IP address blocks: 194.247.33.0/24 maxlen: 24
185.166.72.0/22 maxlen: 22
2a09:f880::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/cd4798-b7b7-4b66-948a-bf71449d97dd/1/XcwvfXkKgwCn3TUZ4PuIf6TeAmA.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/cd4798-b7b7-4b66-948a-bf71449d97dd/1/XcwvfXkKgwCn3TUZ4PuIf6TeAmA.mft
rsync://rpki.ripe.net/repository/DEFAULT/XcwvfXkKgwCn3TUZ4PuIf6TeAmA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:67:97:3e:8a:bd:3a:46:1b:e3:fb:a9:27:56:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5dcc2f7d790a8300a7dd3519e0fb887fa4de0260
Validity
Not Before: Jan 1 22:31:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3ad70f702a8399e9d89bfbb26a79b12f11ba6749
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:61:7c:da:fd:7b:86:36:7a:43:7d:09:be:4c:
54:3e:9c:37:43:c8:ec:56:86:7e:9b:3e:9e:a4:c4:
15:84:01:fa:a2:b2:fe:9e:3e:f7:8d:5c:c8:a5:85:
5a:e8:83:0d:19:a6:33:a0:2c:66:23:ac:63:04:64:
31:c8:d7:e9:1f:e9:38:0e:76:6c:20:ad:9b:0a:f2:
1a:8a:72:84:79:93:2b:8e:f0:6c:1d:5c:1c:54:e7:
11:2c:14:18:af:fd:a6:30:2a:b5:5f:d9:4a:68:6b:
aa:34:1c:b5:8d:8c:22:e9:e4:24:cb:dd:45:a9:2a:
82:11:07:c7:9d:0c:39:b5:16:00:b3:92:b1:b8:55:
3f:2b:8a:74:a8:93:ac:47:44:41:b3:5c:be:9b:fa:
57:9d:36:3b:b0:e4:78:76:8d:31:3b:4f:81:6d:89:
db:d6:1c:1b:81:9a:b4:e2:ac:4a:42:e5:4c:c2:80:
d4:04:50:e9:da:3b:7b:35:2e:d3:26:51:f2:51:93:
c1:5d:1c:6c:88:4e:c7:e2:0d:1f:1b:9d:09:a9:7f:
17:8c:ed:87:a6:75:b4:f0:33:64:f8:ee:82:f3:54:
c2:98:92:84:df:60:6d:fd:a7:f4:9f:c7:8a:00:6b:
9c:51:8d:0d:60:c3:10:63:73:f8:a7:f7:29:92:55:
11:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:D7:0F:70:2A:83:99:E9:D8:9B:FB:B2:6A:79:B1:2F:11:BA:67:49
X509v3 Authority Key Identifier:
keyid:5D:CC:2F:7D:79:0A:83:00:A7:DD:35:19:E0:FB:88:7F:A4:DE:02:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XcwvfXkKgwCn3TUZ4PuIf6TeAmA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/cd4798-b7b7-4b66-948a-bf71449d97dd/1/OtcPcCqDmenYm_uyanmxLxG6Z0k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/cd4798-b7b7-4b66-948a-bf71449d97dd/1/XcwvfXkKgwCn3TUZ4PuIf6TeAmA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.72.0/22
194.247.33.0/24
IPv6:
2a09:f880::/32
Signature Algorithm: sha256WithRSAEncryption
bb:b6:b1:3d:80:1b:ca:83:e4:a8:c7:c6:3c:12:20:37:3d:5d:
05:2e:e9:03:e0:61:80:dc:cc:d6:e6:19:74:7c:66:51:1e:bf:
b9:b7:0f:45:f0:dd:8e:30:7a:2a:fa:93:c0:57:ff:a4:32:af:
54:0f:1f:bf:89:67:a4:7c:70:4c:cb:64:51:f7:b9:2e:38:94:
ab:49:d6:a5:17:2e:a1:21:76:0f:b8:48:3d:57:73:29:63:d5:
d6:2d:ad:b4:9b:64:84:a2:e7:2c:e2:70:d5:bd:bd:33:f3:b4:
09:1c:dd:e4:9c:bf:64:d6:3c:d7:c1:aa:4e:f7:cd:00:a3:11:
3d:52:cd:70:76:11:55:43:ba:3f:e2:71:8b:95:14:bd:88:c0:
bc:a8:23:fa:67:7a:7f:c4:d6:51:0a:47:e9:3a:8b:42:08:ec:
52:4d:84:bd:ee:99:74:8a:b6:c1:8a:ea:a9:ac:25:85:f5:bb:
8e:d3:d2:54:ed:ff:76:13:dc:42:e9:a1:6f:9c:21:44:4b:8f:
34:d0:3f:89:e7:ba:3b:70:ed:43:7b:12:84:5b:cd:b5:b7:b2:
87:cd:ab:a2:20:a1:b2:6d:bb:22:10:4b:64:47:d7:3d:0f:82:
67:bf:43:49:84:b4:b9:e7:cb:69:b7:e7:3a:2a:af:12:ee:0e:
e7:c9:ee:f4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJ2eXPoq9OkYb4/upJ1Z5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkY2MyZjdkNzkwYTgzMDBhN2RkMzUxOWUwZmI4ODdmYTRk
ZTAyNjAwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQ3MGY3MDJhODM5OWU5ZDg5YmZiYjI2YTc5YjEyZjExYmE2NzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8WF82v17hjZ6Q30JvkxUPpw3Q8js
VoZ+mz6epMQVhAH6orL+nj73jVzIpYVa6IMNGaYzoCxmI6xjBGQxyNfpH+k4DnZs
IK2bCvIainKEeZMrjvBsHVwcVOcRLBQYr/2mMCq1X9lKaGuqNBy1jYwi6eQky91F
qSqCEQfHnQw5tRYAs5KxuFU/K4p0qJOsR0RBs1y+m/pXnTY7sOR4do0xO0+BbYnb
1hwbgZq04qxKQuVMwoDUBFDp2jt7NS7TJlHyUZPBXRxsiE7H4g0fG50JqX8XjO2H
pnW08DNk+O6C81TCmJKE32Bt/af0n8eKAGucUY0NYMMQY3P4p/cpklUR9QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDrXD3Aqg5np2Jv7smp5sS8RumdJMB8GA1UdIwQY
MBaAFF3ML315CoMAp901GeD7iH+k3gJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGN3dmZYa0tnd0NuM1RVWjRQdUlmNlRlQW1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9jZDQ3OTgtYjdiNy00YjY2LTk0OGEt
YmY3MTQ0OWQ5N2RkLzEvT3RjUGNDcURtZW5ZbV91eWFubXhMeEc2WjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9jZDQ3OTgtYjdiNy00YjY2LTk0OGEtYmY3MTQ0OWQ5N2Rk
LzEvWGN3dmZYa0tnd0NuM1RVWjRQdUlmNlRlQW1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuaZIAwQA
wvchMA0EAgACMAcDBQAqCfiAMA0GCSqGSIb3DQEBCwUAA4IBAQC7trE9gBvKg+So
x8Y8EiA3PV0FLukD4GGA3MzW5hl0fGZRHr+5tw9F8N2OMHoq+pPAV/+kMq9UDx+/
iWekfHBMy2RR97kuOJSrSdalFy6hIXYPuEg9V3MpY9XWLa20m2SEoucs4nDVvb0z
87QJHN3knL9k1jzXwapO980AoxE9Us1wdhFVQ7o/4nGLlRS9iMC8qCP6Z3p/xNZR
CkfpOotCCOxSTYS97pl0irbBiuqprCWF9buO09JU7f92E9xC6aFvnCFES4800D+J
57o7cO1DexKEW821t7KHzauiIKGybbsiEEtkR9c9D4Jnv0NJhLS558tpt+c6Kq8S
7g7nye70
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:38:09 2024 by rpki-client on console-ams.rpki-client.org