Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/tRiqCeK-RCIxImDOlIWwN4gpe8g.roa
File: tRiqCeK-RCIxImDOlIWwN4gpe8g.roa (raw, json)
Hash identifier: NNB+iCtMzfiVoHrc1iIyUvyK1eZPjOSEc2JH614Z7mw=
Subject key identifier: B5:18:AA:09:E2:BE:44:22:31:22:60:CE:94:85:B0:37:88:29:7B:C8
Certificate issuer: /CN=ef9f1e38265410b3c2a922d3169c4f2995141a2d
Certificate serial: 018CC3B6746C2C41B0875BDF8A8A839B6D6B
Authority key identifier: EF:9F:1E:38:26:54:10:B3:C2:A9:22:D3:16:9C:4F:29:95:14:1A:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/758eOCZUELPCqSLTFpxPKZUUGi0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/tRiqCeK-RCIxImDOlIWwN4gpe8g.roa
Signing time: Mon 01 Jan 2024 06:29:23 +0000
ROA not before: Mon 01 Jan 2024 06:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42929
IP address blocks: 185.142.136.0/22 maxlen: 22
195.8.62.0/24 maxlen: 24
45.156.244.0/22 maxlen: 22
2.56.80.0/22 maxlen: 22
193.36.182.0/24 maxlen: 24
193.104.36.0/24 maxlen: 24
193.33.222.0/23 maxlen: 23
2a07:2d80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/758eOCZUELPCqSLTFpxPKZUUGi0.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/758eOCZUELPCqSLTFpxPKZUUGi0.mft
rsync://rpki.ripe.net/repository/DEFAULT/758eOCZUELPCqSLTFpxPKZUUGi0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 28 Nov 2024 00:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:74:6c:2c:41:b0:87:5b:df:8a:8a:83:9b:6d:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef9f1e38265410b3c2a922d3169c4f2995141a2d
Validity
Not Before: Jan 1 06:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b518aa09e2be4422312260ce9485b03788297bc8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:1e:1e:c1:82:b4:e5:c8:1a:cb:32:eb:41:1b:
05:40:0e:0a:cf:46:42:b8:69:7d:84:a8:f1:cf:99:
9f:42:96:a0:67:c8:57:13:79:e4:12:bc:67:58:c9:
a7:8f:d9:1a:b5:3a:eb:59:11:61:5b:88:0a:fa:f2:
81:1a:ba:fb:c9:98:ee:17:02:a9:3c:e7:77:bb:9e:
0c:0d:e3:c6:01:df:90:2a:e0:17:9d:f5:5f:4a:84:
d6:37:af:ea:66:87:86:ee:c6:da:cb:36:49:eb:c5:
0d:11:2a:74:08:82:ec:6a:cf:9a:c2:72:0d:ff:e4:
f7:36:07:35:01:fb:d0:8a:e4:77:cb:b5:28:1c:ad:
73:43:b9:b8:20:9f:c2:2e:ae:b4:b7:0b:a0:0f:9b:
43:ff:f9:11:f0:d3:42:2d:11:53:e0:87:bc:0e:a0:
0d:ec:06:9e:5e:8e:fa:25:7f:ef:d3:54:4b:39:f5:
10:76:82:5c:6d:40:cf:85:15:c0:a1:f5:fa:74:60:
19:24:c9:05:81:4e:d9:ce:00:8f:fd:c1:47:c0:70:
b0:43:31:47:d7:3c:71:08:06:d4:be:87:2b:33:60:
4b:d8:4c:2e:ae:2c:65:fc:0a:7b:6d:1e:ca:f0:b8:
5a:c3:4a:41:ee:8b:88:ae:78:82:7d:d0:59:0a:78:
2c:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:18:AA:09:E2:BE:44:22:31:22:60:CE:94:85:B0:37:88:29:7B:C8
X509v3 Authority Key Identifier:
keyid:EF:9F:1E:38:26:54:10:B3:C2:A9:22:D3:16:9C:4F:29:95:14:1A:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/758eOCZUELPCqSLTFpxPKZUUGi0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/tRiqCeK-RCIxImDOlIWwN4gpe8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/758eOCZUELPCqSLTFpxPKZUUGi0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.80.0/22
45.156.244.0/22
185.142.136.0/22
193.33.222.0/23
193.36.182.0/24
193.104.36.0/24
195.8.62.0/24
IPv6:
2a07:2d80::/29
Signature Algorithm: sha256WithRSAEncryption
35:ad:c3:36:7b:74:11:08:57:42:33:b2:75:02:e3:eb:d4:0b:
39:27:e3:a1:c2:de:e3:6f:4f:4b:1d:be:fb:e6:92:2c:13:97:
00:0b:69:a5:3f:bf:6e:44:63:0b:a2:43:73:99:07:d7:e0:8a:
f5:e9:de:ee:c5:ad:9c:dd:0d:27:30:0e:9a:ad:98:97:9b:61:
23:fd:74:12:a7:e9:d0:c8:82:79:24:61:af:47:b3:5a:11:23:
25:89:97:61:38:90:11:9c:80:6e:3a:9e:f3:d4:ea:ab:e8:81:
8e:38:95:0c:f9:3a:fa:60:78:fc:27:5a:2c:9a:6d:3e:b1:f4:
5f:3c:d1:95:85:4e:82:89:67:09:a0:f3:9f:63:7d:34:5a:b6:
ed:5a:ff:25:68:45:10:39:ab:5e:3a:b2:59:42:d1:ad:a9:ee:
ec:65:78:3e:1f:9b:45:78:60:7c:f0:85:9c:71:2d:75:7c:20:
58:77:b5:80:d9:cc:17:86:12:8b:26:27:58:08:5c:5b:b2:b8:
de:9c:84:f5:0a:d1:6e:88:77:1e:68:6d:4d:37:b7:de:57:4f:
0e:16:4f:3f:13:f8:a0:ad:4e:c1:d3:9d:bb:04:d8:1a:00:cc:
5a:da:23:aa:de:dd:cb:a9:48:e6:9f:57:be:5f:9a:1a:d1:b2:
74:53:27:07
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzDtnRsLEGwh1vfioqDm21rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOWYxZTM4MjY1NDEwYjNjMmE5MjJkMzE2OWM0ZjI5OTUx
NDFhMmQwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE4YWEwOWUyYmU0NDIyMzEyMjYwY2U5NDg1YjAzNzg4Mjk3YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnx4ewYK05cgayzLrQRsFQA4Kz0ZC
uGl9hKjxz5mfQpagZ8hXE3nkErxnWMmnj9katTrrWRFhW4gK+vKBGrr7yZjuFwKp
POd3u54MDePGAd+QKuAXnfVfSoTWN6/qZoeG7sbayzZJ68UNESp0CILsas+awnIN
/+T3Ngc1AfvQiuR3y7UoHK1zQ7m4IJ/CLq60twugD5tD//kR8NNCLRFT4Ie8DqAN
7AaeXo76JX/v01RLOfUQdoJcbUDPhRXAofX6dGAZJMkFgU7ZzgCP/cFHwHCwQzFH
1zxxCAbUvocrM2BL2Ewurixl/Ap7bR7K8Lhaw0pB7ouIrniCfdBZCngsUQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFLUYqgnivkQiMSJgzpSFsDeIKXvIMB8GA1UdIwQY
MBaAFO+fHjgmVBCzwqki0xacTymVFBotMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzU4ZU9DWlVFTFBDcVNMVEZweFBLWlVVR2kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kNmZiMWMtOTVjMy00YmZmLTg1NTYt
ODA1N2RhNzU0NDUyLzEvdFJpcUNlSy1SQ0l4SW1ET2xJV3dONGdwZThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kNmZiMWMtOTVjMy00YmZmLTg1NTYtODA1N2RhNzU0NDUy
LzEvNzU4ZU9DWlVFTFBDcVNMVEZweFBLWlVVR2kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCAjhQAwQC
LZz0AwQCuY6IAwQBwSHeAwQAwSS2AwQAwWgkAwQAwwg+MA0EAgACMAcDBQMqBy2A
MA0GCSqGSIb3DQEBCwUAA4IBAQA1rcM2e3QRCFdCM7J1AuPr1As5J+Ohwt7jb09L
Hb775pIsE5cAC2mlP79uRGMLokNzmQfX4Ir16d7uxa2c3Q0nMA6arZiXm2Ej/XQS
p+nQyIJ5JGGvR7NaESMliZdhOJARnIBuOp7z1Oqr6IGOOJUM+Tr6YHj8J1osmm0+
sfRfPNGVhU6CiWcJoPOfY300WrbtWv8laEUQOateOrJZQtGtqe7sZXg+H5tFeGB8
8IWccS11fCBYd7WA2cwXhhKLJidYCFxbsrjenIT1CtFuiHceaG1NN7feV08OFk8/
E/igrU7B0527BNgaAMxa2iOq3t3LqUjmn1e+X5oa0bJ0UycH
-----END CERTIFICATE-----
Generated at Wed Nov 27 09:37:05 2024 by rpki-client on console-ams.rpki-client.org