Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/I2NPlwydWTmxtRVP34z3UdZgYmA.roa
File: I2NPlwydWTmxtRVP34z3UdZgYmA.roa (raw, json)
Hash identifier: Z2mCxU62fX1QKZbzZSzPn6/OxyMUCkie38R31rhPB0Y=
Subject key identifier: 23:63:4F:97:0C:9D:59:39:B1:B5:15:4F:DF:8C:F7:51:D6:60:62:60
Certificate issuer: /CN=f1b15e77af4edde11192c6fecd50b21cd379d421
Certificate serial: 018CC8DF74CF72C5887F33DD59DDC34C6214
Authority key identifier: F1:B1:5E:77:AF:4E:DD:E1:11:92:C6:FE:CD:50:B2:1C:D3:79:D4:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/I2NPlwydWTmxtRVP34z3UdZgYmA.roa
Signing time: Tue 02 Jan 2024 06:32:16 +0000
ROA not before: Tue 02 Jan 2024 06:32:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198335
IP address blocks: 185.194.187.0/24 maxlen: 24
176.241.248.0/21 maxlen: 24
185.194.184.0/22 maxlen: 22
185.194.186.0/24 maxlen: 24
2a00:5a40::/29 maxlen: 29
2a00:5a40::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.mft
rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:74:cf:72:c5:88:7f:33:dd:59:dd:c3:4c:62:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1b15e77af4edde11192c6fecd50b21cd379d421
Validity
Not Before: Jan 2 06:32:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=23634f970c9d5939b1b5154fdf8cf751d6606260
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:69:3b:77:b2:b3:6a:69:86:f6:d8:f7:db:ad:
2d:dd:da:03:ec:0f:c9:5f:5a:f9:b9:e3:b5:e6:f8:
29:9a:99:9e:98:ee:1d:df:40:19:f4:05:60:8c:77:
99:47:5f:f6:18:b4:1c:20:9e:8a:54:a0:a9:d0:51:
a7:b8:51:19:7c:f9:48:3c:ba:e2:84:7a:72:b2:50:
c3:4c:0d:58:fa:7f:dd:07:bd:07:94:40:e5:e2:6a:
b6:b7:39:14:4b:fc:19:69:7c:3b:0c:9c:74:0f:ba:
6b:d7:2a:ee:99:e0:b4:96:bf:d2:aa:3c:c0:2e:24:
13:cb:3e:d5:c1:92:11:cc:bf:86:e7:84:7f:a7:54:
4c:50:37:dd:6c:f3:fb:5e:8f:7c:9c:66:ee:bd:40:
1c:7d:99:c9:67:fd:11:80:13:2d:18:29:0a:d1:27:
14:35:cb:99:fe:b1:7a:78:b8:34:fe:8f:20:22:74:
86:84:82:17:28:8f:5c:4f:bb:81:f6:82:a6:c7:a0:
0f:c7:1b:b7:72:08:1b:04:9c:78:ab:17:e7:dd:f3:
f1:2b:d8:55:c6:af:0a:87:3b:b7:0d:55:81:3c:92:
02:97:53:08:ec:d5:29:00:d8:98:17:a7:6f:47:ac:
2f:e2:f4:f1:8d:8d:a4:1a:e9:0f:8f:4b:41:db:47:
53:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:63:4F:97:0C:9D:59:39:B1:B5:15:4F:DF:8C:F7:51:D6:60:62:60
X509v3 Authority Key Identifier:
keyid:F1:B1:5E:77:AF:4E:DD:E1:11:92:C6:FE:CD:50:B2:1C:D3:79:D4:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/I2NPlwydWTmxtRVP34z3UdZgYmA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.241.248.0/21
185.194.184.0/22
IPv6:
2a00:5a40::/29
Signature Algorithm: sha256WithRSAEncryption
78:9f:2f:3d:c1:ef:c6:50:ba:f1:a5:bb:93:ca:55:76:18:f9:
0b:4a:fb:47:9b:7f:be:41:00:91:b0:25:fd:91:df:3a:fd:5d:
59:93:0c:a6:df:72:a0:3c:bf:8c:8a:f3:49:ec:55:42:ac:e0:
82:7c:e0:fb:35:40:cb:3c:24:86:db:3f:09:b9:31:1c:fc:05:
f0:52:ae:aa:d8:2f:7d:19:14:9e:06:6b:10:c8:88:5b:35:c8:
5e:ac:3c:c9:a0:f3:1c:96:44:64:ef:29:cc:c3:21:77:89:bc:
91:ed:f8:28:2f:7c:8c:d7:b7:8d:11:6b:29:a2:81:3c:d4:5b:
b6:42:9f:e2:f9:a9:3b:02:3f:bd:7d:38:86:4a:c4:cb:63:00:
3c:a9:d2:97:e9:da:a7:ff:c7:99:f9:72:ef:9b:f5:73:ba:17:
ed:f6:23:52:43:89:00:16:3d:a4:0b:b3:4a:37:af:67:33:ed:
8f:0e:b0:ea:d2:40:ce:ca:1c:5f:e7:f4:c7:d9:16:4e:5d:6b:
cc:4c:4e:b0:2a:c4:2c:85:41:20:80:0f:10:15:15:d4:74:80:
23:93:20:27:c4:83:7c:ea:82:bf:49:2f:57:16:dc:1f:e4:d6:
0b:bd:24:a8:83:b1:62:6f:24:21:db:8d:1f:e4:80:e5:9b:2a:
87:ee:c9:fb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI33TPcsWIfzPdWd3DTGIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjE1ZTc3YWY0ZWRkZTExMTkyYzZmZWNkNTBiMjFjZDM3
OWQ0MjEwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzYzNGY5NzBjOWQ1OTM5YjFiNTE1NGZkZjhjZjc1MWQ2NjA2MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Gk7d7KzammG9tj3260t3doD7A/J
X1r5ueO15vgpmpmemO4d30AZ9AVgjHeZR1/2GLQcIJ6KVKCp0FGnuFEZfPlIPLri
hHpyslDDTA1Y+n/dB70HlEDl4mq2tzkUS/wZaXw7DJx0D7pr1yrumeC0lr/SqjzA
LiQTyz7VwZIRzL+G54R/p1RMUDfdbPP7Xo98nGbuvUAcfZnJZ/0RgBMtGCkK0ScU
NcuZ/rF6eLg0/o8gInSGhIIXKI9cT7uB9oKmx6APxxu3cggbBJx4qxfn3fPxK9hV
xq8Khzu3DVWBPJICl1MI7NUpANiYF6dvR6wv4vTxjY2kGukPj0tB20dTJQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCNjT5cMnVk5sbUVT9+M91HWYGJgMB8GA1UdIwQY
MBaAFPGxXnevTt3hEZLG/s1QshzTedQhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJGZWQ2OU8zZUVSa3NiLXpWQ3lITk41MUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy81MDBmYTktNmZiOC00NzY4LTgwZGUt
MTM0MGNjNWIzZDU3LzEvSTJOUGx3eWRXVG14dFJWUDM0ejNVZFpnWW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy81MDBmYTktNmZiOC00NzY4LTgwZGUtMTM0MGNjNWIzZDU3
LzEvOGJGZWQ2OU8zZUVSa3NiLXpWQ3lITk41MUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsPH4AwQC
ucK4MA0EAgACMAcDBQMqAFpAMA0GCSqGSIb3DQEBCwUAA4IBAQB4ny89we/GULrx
pbuTylV2GPkLSvtHm3++QQCRsCX9kd86/V1Zkwym33KgPL+MivNJ7FVCrOCCfOD7
NUDLPCSG2z8JuTEc/AXwUq6q2C99GRSeBmsQyIhbNcherDzJoPMclkRk7ynMwyF3
ibyR7fgoL3yM17eNEWspooE81Fu2Qp/i+ak7Aj+9fTiGSsTLYwA8qdKX6dqn/8eZ
+XLvm/Vzuhft9iNSQ4kAFj2kC7NKN69nM+2PDrDq0kDOyhxf5/TH2RZOXWvMTE6w
KsQshUEggA8QFRXUdIAjkyAnxIN86oK/SS9XFtwf5NYLvSSog7FibyQh240f5IDl
myqH7sn7
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:30:48 2024 by rpki-client on console-ams.rpki-client.org