Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/cujOGkKpvca3Nml_aLaKj7Wq03Y.roa
File: cujOGkKpvca3Nml_aLaKj7Wq03Y.roa (raw, json)
Hash identifier: dOBFeoZU6dKBbyy4RasV9rECx2f97AO5uStLtLhAang=
Subject key identifier: 72:E8:CE:1A:42:A9:BD:C6:B7:36:69:7F:68:B6:8A:8F:B5:AA:D3:76
Certificate issuer: /CN=9783a5487b35c1d1e1f157c191312b3df4bc17ab
Certificate serial: 019325B3F22CBA773ED2B1CD55A4A01BCABC
Authority key identifier: 97:83:A5:48:7B:35:C1:D1:E1:F1:57:C1:91:31:2B:3D:F4:BC:17:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/cujOGkKpvca3Nml_aLaKj7Wq03Y.roa
Signing time: Wed 13 Nov 2024 13:26:10 +0000
ROA not before: Wed 13 Nov 2024 13:26:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210312
IP address blocks: 147.189.216.0/21 maxlen: 21
147.189.216.0/24 maxlen: 24
193.5.16.0/22 maxlen: 22
193.5.19.0/24 maxlen: 24
2a0d:3dc0::/29 maxlen: 29
2a0d:3dc2::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.mft
rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 13:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:25:b3:f2:2c:ba:77:3e:d2:b1:cd:55:a4:a0:1b:ca:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9783a5487b35c1d1e1f157c191312b3df4bc17ab
Validity
Not Before: Nov 13 13:26:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=72e8ce1a42a9bdc6b736697f68b68a8fb5aad376
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:1b:1a:90:a8:8e:66:6a:7a:28:0b:ad:58:fe:
4a:69:25:e2:d4:1e:1b:0e:4d:3c:7b:9b:fc:b9:9f:
74:f1:26:2a:70:54:cb:bc:a7:79:31:44:1f:b3:11:
c8:34:99:9d:3f:d1:3b:87:26:02:af:b6:a5:77:08:
aa:bf:8b:f9:32:d8:79:23:58:5d:db:2d:42:28:da:
e0:ec:67:34:89:ed:4e:e4:85:9a:c2:3b:61:b1:52:
b9:0a:2c:e5:10:77:ca:47:c8:df:9e:9f:c6:8e:0f:
c3:0c:11:f3:d0:b4:9a:e5:f5:82:ed:a1:f5:13:c2:
a7:ae:c2:3b:69:26:ca:cc:c5:fd:f3:1c:17:f0:50:
82:a2:54:90:a0:0a:c1:6c:b2:bf:ba:67:22:e2:9f:
4e:c6:a6:96:cb:5d:0d:fe:06:ec:61:87:96:d3:c1:
5f:a1:45:68:0b:25:b1:24:dd:3a:69:77:d7:e9:4b:
b8:d0:d9:ab:a8:26:d7:5d:48:54:d0:b3:26:97:9f:
99:f6:6f:db:89:a0:38:6f:b7:05:4f:67:00:eb:64:
00:bd:4b:05:4b:2f:3d:fc:0f:e4:7c:79:1b:03:5f:
3d:e0:09:30:65:81:46:2a:9c:ed:50:96:49:39:41:
1c:2d:db:08:82:a9:6e:c8:e5:47:ba:16:c9:52:03:
e0:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:E8:CE:1A:42:A9:BD:C6:B7:36:69:7F:68:B6:8A:8F:B5:AA:D3:76
X509v3 Authority Key Identifier:
keyid:97:83:A5:48:7B:35:C1:D1:E1:F1:57:C1:91:31:2B:3D:F4:BC:17:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/cujOGkKpvca3Nml_aLaKj7Wq03Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.189.216.0/21
193.5.16.0/22
IPv6:
2a0d:3dc0::/29
Signature Algorithm: sha256WithRSAEncryption
4f:ff:c7:ce:4d:2f:1d:d9:ba:11:5d:45:7b:95:a8:3c:75:9d:
91:5a:e5:54:e6:71:dd:6a:de:5e:16:0c:0a:9a:50:a9:3c:f6:
5f:c0:24:b6:13:4c:06:5c:ad:b7:bb:fd:ea:80:1f:62:e6:7d:
5a:40:17:9b:c1:c2:70:3b:ab:b2:b5:53:62:a0:93:4e:3b:79:
39:d9:d0:b3:4e:fe:a4:8d:15:92:7c:10:4c:2f:1a:10:32:7f:
66:b3:4a:8a:28:a9:1c:56:55:60:61:b9:36:b7:91:e5:a7:58:
22:23:42:22:4a:ee:05:ed:90:18:0b:08:cc:25:13:71:10:b4:
60:80:43:e2:55:b5:17:24:b4:12:e3:32:06:30:a9:d3:a3:18:
a2:4a:29:83:ed:d6:dd:c5:38:88:dc:af:05:bf:36:ed:31:56:
72:ff:ed:33:08:d7:4b:21:b8:ae:2b:9a:3b:9d:2b:d2:37:73:
b3:f8:23:a2:3b:ab:32:19:e9:db:d5:c5:b7:dc:e1:83:95:cf:
b1:2a:3a:db:1f:ff:93:7f:fc:b4:d2:c5:06:d5:b4:b7:ac:19:
52:8d:29:02:23:68:89:f8:45:85:ba:7c:24:b9:fb:c5:6a:47:
21:0b:64:8e:3f:b7:b2:77:d0:36:7b:e4:ca:e2:d2:98:92:33:
fb:af:27:51
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZMls/Isunc+0rHNVaSgG8q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ODNhNTQ4N2IzNWMxZDFlMWYxNTdjMTkxMzEyYjNkZjRi
YzE3YWIwHhcNMjQxMTEzMTMyNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU4Y2UxYTQyYTliZGM2YjczNjY5N2Y2OGI2OGE4ZmI1YWFkMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xsakKiOZmp6KAutWP5KaSXi1B4b
Dk08e5v8uZ908SYqcFTLvKd5MUQfsxHINJmdP9E7hyYCr7aldwiqv4v5Mth5I1hd
2y1CKNrg7Gc0ie1O5IWawjthsVK5CizlEHfKR8jfnp/Gjg/DDBHz0LSa5fWC7aH1
E8KnrsI7aSbKzMX98xwX8FCColSQoArBbLK/umci4p9OxqaWy10N/gbsYYeW08Ff
oUVoCyWxJN06aXfX6Uu40NmrqCbXXUhU0LMml5+Z9m/biaA4b7cFT2cA62QAvUsF
Sy89/A/kfHkbA1894AkwZYFGKpztUJZJOUEcLdsIgqluyOVHuhbJUgPguwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHLozhpCqb3GtzZpf2i2io+1qtN2MB8GA1UdIwQY
MBaAFJeDpUh7NcHR4fFXwZExKz30vBerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDRPbFNIczF3ZEhoOFZmQmtURXJQZlM4RjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mMjIxMzEtYTBmZi00ZjI3LThkZmEt
NjkxNTJlOWEwOGMzLzEvY3VqT0drS3B2Y2EzTm1sX2FMYUtqN1dxMDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mMjIxMzEtYTBmZi00ZjI3LThkZmEtNjkxNTJlOWEwOGMz
LzEvbDRPbFNIczF3ZEhoOFZmQmtURXJQZlM4RjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDk73YAwQC
wQUQMA0EAgACMAcDBQMqDT3AMA0GCSqGSIb3DQEBCwUAA4IBAQBP/8fOTS8d2boR
XUV7lag8dZ2RWuVU5nHdat5eFgwKmlCpPPZfwCS2E0wGXK23u/3qgB9i5n1aQBeb
wcJwO6uytVNioJNOO3k52dCzTv6kjRWSfBBMLxoQMn9ms0qKKKkcVlVgYbk2t5Hl
p1giI0IiSu4F7ZAYCwjMJRNxELRggEPiVbUXJLQS4zIGMKnToxiiSimD7dbdxTiI
3K8FvzbtMVZy/+0zCNdLIbiuK5o7nSvSN3Oz+COiO6syGenb1cW33OGDlc+xKjrb
H/+Tf/y00sUG1bS3rBlSjSkCI2iJ+EWFunwkufvFakchC2SOP7eyd9A2e+TK4tKY
kjP7rydR
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:07:09 2024 by rpki-client on console-ams.rpki-client.org