Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/KarZ0W_LZKvUQJPTghMR47QlctU.roa
File: KarZ0W_LZKvUQJPTghMR47QlctU.roa (raw, json)
Hash identifier: jD06vTDNgdTIEIurv6NDaQIbrj+c+ELh+s8okZggwrM=
Subject key identifier: 29:AA:D9:D1:6F:CB:64:AB:D4:40:93:D3:82:13:11:E3:B4:25:72:D5
Certificate issuer: /CN=bbd351b274fc23a42728303638a0d62b606401b4
Certificate serial: 018CC49380EEDC9F70E4495ADAF475EF75E2
Authority key identifier: BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/KarZ0W_LZKvUQJPTghMR47QlctU.roa
Signing time: Mon 01 Jan 2024 10:30:50 +0000
ROA not before: Mon 01 Jan 2024 10:30:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29317
IP address blocks: 91.194.118.0/23 maxlen: 23
91.194.124.0/23 maxlen: 23
2001:1578::/32 maxlen: 40
2001:1578:100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:80:ee:dc:9f:70:e4:49:5a:da:f4:75:ef:75:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bbd351b274fc23a42728303638a0d62b606401b4
Validity
Not Before: Jan 1 10:30:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=29aad9d16fcb64abd44093d3821311e3b42572d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:f9:c0:52:b5:57:19:82:09:4d:65:3f:a6:ca:
71:6e:a6:b7:4c:74:91:97:22:f9:54:7d:a2:e1:73:
cf:e0:00:eb:93:9b:bc:a1:f6:e9:cb:39:1c:bc:b4:
c2:e4:69:f2:6c:d9:f8:f4:63:7a:ca:0d:f2:ee:44:
90:d9:90:67:49:8a:e3:6c:d4:83:8d:c8:a8:ae:bd:
af:56:c9:3b:77:1b:bc:69:92:62:72:d1:01:07:85:
36:62:0d:fb:5e:b7:fb:a7:a7:88:0f:d4:b9:64:28:
3b:11:11:27:e2:db:1d:6c:c4:1d:a4:ae:61:f7:a2:
96:97:98:51:ea:2b:cc:03:8d:5a:ae:2e:3d:bc:c8:
ff:20:32:7c:ae:ef:39:ad:17:7b:8a:b6:53:5d:a3:
80:72:5c:ce:33:4b:2e:bd:8f:f5:5d:66:75:d1:f8:
72:8e:48:33:e3:00:e5:1f:1e:b4:d2:00:af:f0:f7:
08:ce:79:1c:4a:a0:15:c3:60:d2:4d:5f:a3:1b:e5:
9e:1f:c9:05:93:97:bf:7d:68:52:83:bb:13:ad:3d:
52:52:bc:58:23:d9:c0:6d:90:3e:76:e6:af:6d:9c:
f5:4e:60:af:7f:56:6d:fa:32:81:2e:f1:58:68:20:
44:42:c7:fa:60:81:9f:b4:9d:11:a6:5f:8a:27:ce:
ad:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:AA:D9:D1:6F:CB:64:AB:D4:40:93:D3:82:13:11:E3:B4:25:72:D5
X509v3 Authority Key Identifier:
keyid:BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/KarZ0W_LZKvUQJPTghMR47QlctU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.118.0/23
91.194.124.0/23
IPv6:
2001:1578::/32
Signature Algorithm: sha256WithRSAEncryption
31:8d:42:f6:3d:19:b2:34:ce:e2:a8:c9:b1:aa:fc:fe:78:16:
ef:95:e1:c4:89:e7:82:4d:51:4c:11:67:3e:9f:83:80:f3:eb:
c3:4d:33:b0:af:c9:41:c9:76:74:6d:7b:2b:6f:d9:5f:2b:f1:
a4:8b:53:c2:6b:18:a9:64:fc:9f:fc:be:a6:18:c7:9a:ee:49:
33:53:f1:f2:68:91:a0:a1:eb:35:f1:f0:7c:81:97:1b:d3:6c:
6f:97:44:fd:3e:f8:4f:71:ed:6b:5f:aa:6e:f0:70:13:4e:48:
7f:e4:1d:75:7a:81:37:1c:ef:e3:33:80:99:73:e0:be:a0:93:
dc:52:24:ab:fe:96:d2:14:e6:d1:8a:c4:7a:5d:ab:33:e8:79:
f5:3b:7d:b8:a9:39:a7:9f:fd:cb:56:a5:bc:18:1c:6d:99:35:
43:06:bd:2f:96:62:77:af:ef:59:4a:95:41:e9:dd:30:78:a4:
d6:1b:fe:b3:83:32:39:42:88:7e:fc:b0:09:32:d6:cc:e3:93:
3d:54:66:50:95:ad:5f:50:f3:77:3d:0a:48:ba:c2:6f:ae:ae:
8c:08:c5:e8:68:2d:1f:d3:19:1b:3f:ea:cf:9c:44:e5:66:c7:
68:57:86:32:5b:ba:1b:8f:8b:66:1d:dc:84:b0:d2:12:fb:fa:
83:bd:26:ea
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk4Du3J9w5Ela2vR173XiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDM1MWIyNzRmYzIzYTQyNzI4MzAzNjM4YTBkNjJiNjA2
NDAxYjQwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFhZDlkMTZmY2I2NGFiZDQ0MDkzZDM4MjEzMTFlM2I0MjU3MmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/nAUrVXGYIJTWU/pspxbqa3THSR
lyL5VH2i4XPP4ADrk5u8ofbpyzkcvLTC5GnybNn49GN6yg3y7kSQ2ZBnSYrjbNSD
jciorr2vVsk7dxu8aZJictEBB4U2Yg37Xrf7p6eID9S5ZCg7EREn4tsdbMQdpK5h
96KWl5hR6ivMA41ari49vMj/IDJ8ru85rRd7irZTXaOAclzOM0suvY/1XWZ10fhy
jkgz4wDlHx600gCv8PcIznkcSqAVw2DSTV+jG+WeH8kFk5e/fWhSg7sTrT1SUrxY
I9nAbZA+duavbZz1TmCvf1Zt+jKBLvFYaCBEQsf6YIGftJ0Rpl+KJ86tWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCmq2dFvy2Sr1ECT04ITEeO0JXLVMB8GA1UdIwQY
MBaAFLvTUbJ0/COkJygwNjig1itgZAG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYt
NDZiMzAyOGEwM2IwLzEvS2FyWjBXX0xaS3ZVUUpQVGdoTVI0N1FsY3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYtNDZiMzAyOGEwM2Iw
LzEvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW8J2AwQB
W8J8MA0EAgACMAcDBQAgARV4MA0GCSqGSIb3DQEBCwUAA4IBAQAxjUL2PRmyNM7i
qMmxqvz+eBbvleHEieeCTVFMEWc+n4OA8+vDTTOwr8lByXZ0bXsrb9lfK/Gki1PC
axipZPyf/L6mGMea7kkzU/HyaJGgoes18fB8gZcb02xvl0T9PvhPce1rX6pu8HAT
Tkh/5B11eoE3HO/jM4CZc+C+oJPcUiSr/pbSFObRisR6Xasz6Hn1O324qTmnn/3L
VqW8GBxtmTVDBr0vlmJ3r+9ZSpVB6d0weKTWG/6zgzI5Qoh+/LAJMtbM45M9VGZQ
la1fUPN3PQpIusJvrq6MCMXoaC0f0xkbP+rPnETlZsdoV4YyW7obj4tmHdyEsNIS
+/qDvSbq
-----END CERTIFICATE-----
Generated at Sat Jun 1 14:04:08 2024 by rpki-client on console-ams.rpki-client.org