Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/KXs2Mrpsnb_0ZEID4cPCYukFVZc.roa
File: KXs2Mrpsnb_0ZEID4cPCYukFVZc.roa (raw, json)
Hash identifier: FpcWKlEeBs4a+zY4Lb4wGMTFV1S0cMnsmxBboxnq+ag=
Subject key identifier: 29:7B:36:32:BA:6C:9D:BF:F4:64:42:03:E1:C3:C2:62:E9:05:55:97
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 01918E6332786055C44BCD7F3C2027FCD82C
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/KXs2Mrpsnb_0ZEID4cPCYukFVZc.roa
Signing time: Mon 26 Aug 2024 11:12:31 +0000
ROA not before: Mon 26 Aug 2024 11:12:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 24699
IP address blocks: 80.66.144.0/20 maxlen: 20
81.20.96.0/20 maxlen: 20
88.85.160.0/20 maxlen: 20
109.108.32.0/19 maxlen: 19
109.108.56.0/21 maxlen: 21
212.124.16.0/20 maxlen: 20
212.124.27.0/24 maxlen: 24
212.124.29.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:8e:63:32:78:60:55:c4:4b:cd:7f:3c:20:27:fc:d8:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Aug 26 11:12:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=297b3632ba6c9dbff4644203e1c3c262e9055597
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:3a:bc:5c:1f:76:87:e3:09:52:d7:5a:59:de:
16:1e:5d:2a:d4:45:c1:5d:af:ac:95:6b:15:9e:74:
8e:0e:33:9e:b5:06:73:97:52:8b:bd:6e:91:69:5a:
6e:c0:78:cf:b1:3f:0c:a6:10:93:8d:03:85:4f:24:
48:2e:5e:19:c6:04:55:3a:d9:fd:3a:ee:ad:0c:8c:
95:8d:2d:dc:fd:65:99:4a:f4:ff:94:a1:81:de:d9:
35:c8:f0:28:3f:06:eb:7c:72:1f:eb:d6:2a:e3:e7:
59:d9:58:7a:fd:16:a6:f7:d3:68:07:f0:65:80:bd:
81:63:59:de:d2:05:e0:c3:3b:23:f3:23:aa:59:15:
3c:0c:d4:24:85:a5:83:1a:bb:5c:0f:81:95:9d:d5:
08:d7:19:18:20:b2:7d:c4:61:55:f1:a4:c2:e0:39:
cc:fd:b7:4c:1a:3f:60:95:99:1e:26:5b:94:39:fa:
5e:6e:0d:e2:88:31:c2:ae:69:14:5e:6f:e6:ce:76:
b9:0a:35:1e:ca:28:55:71:ec:4e:1c:e8:a3:6c:77:
7f:f0:0f:a4:c2:fa:c8:b2:a9:bd:30:da:37:e7:88:
9e:86:ad:c3:d5:ba:78:b4:1e:d0:87:ff:48:ca:67:
e7:2e:31:fa:7e:d1:e1:dc:32:31:02:d4:2c:73:d1:
89:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:7B:36:32:BA:6C:9D:BF:F4:64:42:03:E1:C3:C2:62:E9:05:55:97
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/KXs2Mrpsnb_0ZEID4cPCYukFVZc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.66.144.0/20
81.20.96.0/20
88.85.160.0/20
109.108.32.0/19
212.124.16.0/20
Signature Algorithm: sha256WithRSAEncryption
0b:90:41:c2:40:6d:29:3c:2c:2c:7f:d9:56:59:e9:dd:b6:7b:
14:ba:d6:8b:30:b1:89:6c:d0:1b:84:2c:e5:59:aa:90:d7:a1:
af:54:ab:b0:87:2f:2c:ac:2f:04:2a:6b:2f:70:74:bb:f4:7b:
2c:a7:20:f9:cb:4e:d7:d6:ae:42:50:b2:b1:26:ee:58:0c:29:
06:7c:f6:10:e0:12:e7:34:21:b9:be:87:0d:eb:6c:30:2c:08:
15:18:b3:70:17:e3:b1:e3:66:41:12:7b:9c:2f:af:4c:a5:01:
15:2b:b2:91:24:86:c9:68:3e:74:1d:cd:c4:68:c8:00:ab:44:
61:09:0c:cc:8b:41:db:80:89:a9:6d:45:60:d7:43:d6:c4:ac:
ce:16:61:6c:39:b8:ee:d3:6c:3c:e4:f8:7c:7d:50:3a:11:6c:
00:7e:cd:86:55:f3:02:94:4c:58:68:22:3f:f0:c9:82:e4:58:
31:76:b8:c0:d7:90:56:42:6d:89:36:db:62:70:ef:78:78:97:
54:f7:fa:c7:c3:64:b9:3f:bc:58:cb:ac:c1:f8:c6:b2:ba:03:
f3:4c:82:97:d1:48:aa:6f:b7:1c:e1:87:c8:ff:39:94:32:80:
37:de:69:c6:4b:d2:d0:b4:b8:ec:1b:b8:02:08:d5:49:41:9c:
8a:2b:91:f8
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZGOYzJ4YFXES81/PCAn/NgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwODI2MTExMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdiMzYzMmJhNmM5ZGJmZjQ2NDQyMDNlMWMzYzI2MmU5MDU1NTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzq8XB92h+MJUtdaWd4WHl0q1EXB
Xa+slWsVnnSODjOetQZzl1KLvW6RaVpuwHjPsT8MphCTjQOFTyRILl4ZxgRVOtn9
Ou6tDIyVjS3c/WWZSvT/lKGB3tk1yPAoPwbrfHIf69Yq4+dZ2Vh6/Ram99NoB/Bl
gL2BY1ne0gXgwzsj8yOqWRU8DNQkhaWDGrtcD4GVndUI1xkYILJ9xGFV8aTC4DnM
/bdMGj9glZkeJluUOfpebg3iiDHCrmkUXm/mzna5CjUeyihVcexOHOijbHd/8A+k
wvrIsqm9MNo354iehq3D1bp4tB7Qh/9IymfnLjH6ftHh3DIxAtQsc9GJqwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCl7NjK6bJ2/9GRCA+HDwmLpBVWXMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvS1hzMk1ycHNuYl8wWkVJRDRjUENZdWtGVlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQEUEKQAwQE
URRgAwQEWFWgAwQFbWwgAwQE1HwQMA0GCSqGSIb3DQEBCwUAA4IBAQALkEHCQG0p
PCwsf9lWWendtnsUutaLMLGJbNAbhCzlWaqQ16GvVKuwhy8srC8EKmsvcHS79Hss
pyD5y07X1q5CULKxJu5YDCkGfPYQ4BLnNCG5vocN62wwLAgVGLNwF+Ox42ZBEnuc
L69MpQEVK7KRJIbJaD50Hc3EaMgAq0RhCQzMi0HbgImpbUVg10PWxKzOFmFsObju
02w85Ph8fVA6EWwAfs2GVfMClExYaCI/8MmC5FgxdrjA15BWQm2JNtticO94eJdU
9/rHw2S5P7xYy6zB+MayugPzTIKX0Uiqb7cc4YfI/zmUMoA33mnGS9LQtLjsG7gC
CNVJQZyKK5H4
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:56 2024 by rpki-client on console-ams.rpki-client.org