Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d88aae-68c3-4909-9f8a-07e83cd5b60d/1/2caCX9PqpEMBnB1XZFJgo_p6dU0.roa
File: 2caCX9PqpEMBnB1XZFJgo_p6dU0.roa (raw, json)
Hash identifier: Q+TyYE8mBkHy1SKNEBeaNq2/cwOJN3NzCh22FK/aebs=
Subject key identifier: D9:C6:82:5F:D3:EA:A4:43:01:9C:1D:57:64:52:60:A3:FA:7A:75:4D
Certificate issuer: /CN=3a3149da0a12bdbf1bef598b0463090780206ce0
Certificate serial: 019058D8748621D99CEAFCB17BDED9FBE70A
Authority key identifier: 3A:31:49:DA:0A:12:BD:BF:1B:EF:59:8B:04:63:09:07:80:20:6C:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OjFJ2goSvb8b71mLBGMJB4AgbOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/d88aae-68c3-4909-9f8a-07e83cd5b60d/1/2caCX9PqpEMBnB1XZFJgo_p6dU0.roa
Signing time: Thu 27 Jun 2024 08:38:18 +0000
ROA not before: Thu 27 Jun 2024 08:38:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5404
IP address blocks: 185.69.160.0/22 maxlen: 22
185.69.160.0/24 maxlen: 24
185.69.161.0/24 maxlen: 24
185.69.162.0/24 maxlen: 24
185.69.163.0/24 maxlen: 24
185.174.204.0/22 maxlen: 22
185.174.204.0/24 maxlen: 24
185.174.205.0/24 maxlen: 24
185.174.206.0/24 maxlen: 24
185.174.207.0/24 maxlen: 24
195.192.208.0/21 maxlen: 21
195.192.208.0/24 maxlen: 24
195.192.209.0/24 maxlen: 24
195.192.210.0/24 maxlen: 24
195.192.211.0/24 maxlen: 24
195.192.212.0/24 maxlen: 24
195.192.213.0/24 maxlen: 24
195.192.214.0/24 maxlen: 24
195.192.215.0/24 maxlen: 24
217.196.144.0/20 maxlen: 20
217.196.144.0/24 maxlen: 24
217.196.145.0/24 maxlen: 24
217.196.146.0/24 maxlen: 24
217.196.147.0/24 maxlen: 24
217.196.148.0/24 maxlen: 24
217.196.149.0/24 maxlen: 24
217.196.150.0/24 maxlen: 24
217.196.151.0/24 maxlen: 24
217.196.152.0/24 maxlen: 24
217.196.153.0/24 maxlen: 24
217.196.154.0/24 maxlen: 24
217.196.155.0/24 maxlen: 24
217.196.156.0/24 maxlen: 24
217.196.157.0/24 maxlen: 24
217.196.158.0/24 maxlen: 24
217.196.159.0/24 maxlen: 24
2a02:16a8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fc/d88aae-68c3-4909-9f8a-07e83cd5b60d/1/OjFJ2goSvb8b71mLBGMJB4AgbOA.crl
rsync://rpki.ripe.net/repository/DEFAULT/fc/d88aae-68c3-4909-9f8a-07e83cd5b60d/1/OjFJ2goSvb8b71mLBGMJB4AgbOA.mft
rsync://rpki.ripe.net/repository/DEFAULT/OjFJ2goSvb8b71mLBGMJB4AgbOA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:58:d8:74:86:21:d9:9c:ea:fc:b1:7b:de:d9:fb:e7:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a3149da0a12bdbf1bef598b0463090780206ce0
Validity
Not Before: Jun 27 08:38:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d9c6825fd3eaa443019c1d57645260a3fa7a754d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:1c:a9:89:29:f0:65:8a:7f:f2:a1:cb:3a:09:
55:2d:31:a6:78:5f:f5:71:34:ee:74:ee:ff:68:dd:
03:84:b1:32:dd:0e:64:47:2b:a9:48:e5:04:c7:74:
70:76:5d:35:71:f9:ff:3d:78:cd:96:54:3c:df:b5:
02:59:a0:bc:be:7a:5d:c4:5c:6b:07:eb:12:b7:58:
5c:68:3c:41:c6:39:56:46:68:a8:9c:8e:c0:d0:f5:
2e:a4:57:56:5d:b7:60:d5:41:10:8a:f4:6d:65:1e:
24:18:b0:cc:8d:4b:99:48:2f:4e:d7:54:b9:aa:0d:
72:ec:80:10:f7:7a:cb:fd:0f:5b:2f:0b:59:77:db:
84:5c:da:e6:70:0d:77:28:dc:e7:52:e9:6e:29:bc:
3c:85:9e:01:6f:65:21:39:03:e2:04:e9:66:87:88:
99:7a:ae:25:95:f7:58:75:d2:d9:8a:88:1b:02:00:
d8:78:f3:f3:5b:b6:05:3e:44:e2:e3:0b:4a:00:93:
c8:5c:7f:80:9c:93:5e:95:d5:d9:ff:49:e9:f2:94:
39:e6:e3:a9:ab:b8:e5:2c:07:ef:af:71:a6:55:a1:
04:38:e4:4d:3a:a3:3b:36:77:3d:46:90:b6:22:29:
c9:4a:f1:e0:8f:cd:2d:80:0c:c8:d3:0b:3b:b9:f2:
eb:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:C6:82:5F:D3:EA:A4:43:01:9C:1D:57:64:52:60:A3:FA:7A:75:4D
X509v3 Authority Key Identifier:
keyid:3A:31:49:DA:0A:12:BD:BF:1B:EF:59:8B:04:63:09:07:80:20:6C:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OjFJ2goSvb8b71mLBGMJB4AgbOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d88aae-68c3-4909-9f8a-07e83cd5b60d/1/2caCX9PqpEMBnB1XZFJgo_p6dU0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d88aae-68c3-4909-9f8a-07e83cd5b60d/1/OjFJ2goSvb8b71mLBGMJB4AgbOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.69.160.0/22
185.174.204.0/22
195.192.208.0/21
217.196.144.0/20
IPv6:
2a02:16a8::/32
Signature Algorithm: sha256WithRSAEncryption
60:fe:ee:2b:ab:ec:07:30:43:f0:59:2f:00:a9:d6:62:82:f2:
48:9a:67:99:75:d0:a8:33:dc:a4:af:94:97:53:5f:72:c6:e8:
23:33:b6:6a:c0:05:da:ca:85:f3:6c:55:27:79:6c:78:35:82:
bb:4d:50:a9:5d:6a:87:32:76:94:f0:ee:57:f2:fa:ec:4d:41:
6d:fa:8a:c6:b2:37:67:44:c8:f3:65:af:fc:1c:35:bc:c8:26:
61:c8:21:20:eb:a4:e5:7f:8d:26:59:c9:56:18:79:29:a6:b9:
2d:b2:ed:76:54:c7:1c:ca:c7:2a:1e:d6:6c:c5:0d:d8:46:7a:
fd:e8:ad:84:ce:b8:d6:a2:48:42:2c:93:30:b5:ff:8c:cd:c5:
23:f0:6b:4b:28:d8:cf:15:df:e5:a4:ca:df:89:8c:c1:38:4e:
68:a1:c8:ea:13:08:e9:5e:4e:f1:cd:13:2b:7b:42:7b:0c:34:
67:17:01:a4:4a:5c:28:cc:94:b1:40:1e:47:c9:97:f2:92:76:
92:18:70:66:90:5b:b6:91:8c:98:89:3e:cb:ea:47:c7:27:56:
9a:e3:7b:79:45:e2:dd:84:c9:2f:bf:7d:df:60:5c:e1:0a:83:
24:ac:23:fa:db:b6:7e:69:5e:7f:08:10:ad:a7:28:03:11:7e:
c2:9b:54:89
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZBY2HSGIdmc6vyxe97Z++cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMzE0OWRhMGExMmJkYmYxYmVmNTk4YjA0NjMwOTA3ODAy
MDZjZTAwHhcNMjQwNjI3MDgzODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWM2ODI1ZmQzZWFhNDQzMDE5YzFkNTc2NDUyNjBhM2ZhN2E3NTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRypiSnwZYp/8qHLOglVLTGmeF/1
cTTudO7/aN0DhLEy3Q5kRyupSOUEx3Rwdl01cfn/PXjNllQ837UCWaC8vnpdxFxr
B+sSt1hcaDxBxjlWRmionI7A0PUupFdWXbdg1UEQivRtZR4kGLDMjUuZSC9O11S5
qg1y7IAQ93rL/Q9bLwtZd9uEXNrmcA13KNznUuluKbw8hZ4Bb2UhOQPiBOlmh4iZ
eq4llfdYddLZiogbAgDYePPzW7YFPkTi4wtKAJPIXH+AnJNeldXZ/0np8pQ55uOp
q7jlLAfvr3GmVaEEOORNOqM7Nnc9RpC2IinJSvHgj80tgAzI0ws7ufLruQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNnGgl/T6qRDAZwdV2RSYKP6enVNMB8GA1UdIwQY
MBaAFDoxSdoKEr2/G+9ZiwRjCQeAIGzgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2pGSjJnb1N2YjhiNzFtTEJHTUpCNEFnYk9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kODhhYWUtNjhjMy00OTA5LTlmOGEt
MDdlODNjZDViNjBkLzEvMmNhQ1g5UHFwRU1CbkIxWFpGSmdvX3A2ZFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kODhhYWUtNjhjMy00OTA5LTlmOGEtMDdlODNjZDViNjBk
LzEvT2pGSjJnb1N2YjhiNzFtTEJHTUpCNEFnYk9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuUWgAwQC
ua7MAwQDw8DQAwQE2cSQMA0EAgACMAcDBQAqAhaoMA0GCSqGSIb3DQEBCwUAA4IB
AQBg/u4rq+wHMEPwWS8AqdZigvJImmeZddCoM9ykr5SXU19yxugjM7ZqwAXayoXz
bFUneWx4NYK7TVCpXWqHMnaU8O5X8vrsTUFt+orGsjdnRMjzZa/8HDW8yCZhyCEg
66Tlf40mWclWGHkpprktsu12VMccyscqHtZsxQ3YRnr96K2EzrjWokhCLJMwtf+M
zcUj8GtLKNjPFd/lpMrfiYzBOE5oocjqEwjpXk7xzRMre0J7DDRnFwGkSlwozJSx
QB5HyZfyknaSGHBmkFu2kYyYiT7L6kfHJ1aa43t5ReLdhMkvv33fYFzhCoMkrCP6
27Z+aV5/CBCtpygDEX7Cm1SJ
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:40:05 2024 by rpki-client on console-ams.rpki-client.org