Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa
File: 3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier: vTGVU5MCQDtJL+8JOnR46/CD3p/92xJmTiJ0xil1m0o=
Subject key identifier: 99:F0:9B:0E:1C:D9:C6:AF:FA:FE:E0:E9:71:B5:79:32:EA:61:30:58
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 1BFF847AB99EF14F071C4227A80349A5A1876918
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa
Signing time: Mon 04 Mar 2024 09:26:56 +0000
ROA not before: Mon 04 Mar 2024 09:21:56 +0000
ROA not after: Mon 03 Mar 2025 09:26:56 +0000
asID: 209854
IP address blocks: 185.209.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 25 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:ff:84:7a:b9:9e:f1:4f:07:1c:42:27:a8:03:49:a5:a1:87:69:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Mar 4 09:21:56 2024 GMT
Not After : Mar 3 09:26:56 2025 GMT
Subject: CN=99F09B0E1CD9C6AFFAFEE0E971B57932EA613058
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:bb:d0:d7:d9:48:fb:73:73:8a:67:c0:8e:69:
41:95:46:0e:ae:74:53:82:d3:86:8e:8b:eb:0a:34:
0e:b2:9d:cc:82:47:08:52:39:ab:e7:21:f0:1d:b2:
5a:cb:f8:1a:fe:ae:fa:8f:6a:8a:6f:27:6f:5f:d4:
74:de:aa:58:e6:b8:b6:b1:ae:a5:b2:d6:40:f3:68:
1d:da:c4:de:67:be:6a:13:d6:30:d2:5c:f0:b7:fa:
b2:ee:c3:3f:75:4c:1a:62:73:23:7a:da:8b:0c:6f:
0e:c3:fb:a1:88:d4:9f:c5:13:dc:14:7c:9f:a4:9e:
2f:db:19:5a:47:fc:ce:70:54:94:54:45:dd:49:a2:
10:2e:ab:32:d7:f1:09:72:60:30:2d:29:0c:8c:fd:
83:e5:c4:df:e5:1d:2c:bf:02:43:5e:e1:d5:16:bc:
79:e4:77:a1:25:be:af:81:2d:ba:5e:39:2d:6a:3b:
64:15:72:11:7d:ba:98:10:5e:58:5b:8e:fe:63:9f:
59:bb:51:a4:bf:7a:da:64:5a:c9:f6:cd:90:1a:96:
95:b0:25:ba:1f:64:5f:64:01:cd:ea:f9:cb:2f:72:
1f:71:51:c0:be:27:e6:e9:42:b6:ab:34:5e:d9:db:
43:7b:6d:35:e4:63:54:34:f2:b9:96:b8:ed:3d:78:
98:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:F0:9B:0E:1C:D9:C6:AF:FA:FE:E0:E9:71:B5:79:32:EA:61:30:58
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.209.221.0/24
Signature Algorithm: sha256WithRSAEncryption
93:99:23:84:68:db:60:7f:86:1f:c3:8f:ad:09:ac:f4:58:3a:
d4:05:ad:53:f0:0d:55:84:a3:b3:a6:24:ae:d0:f5:78:0b:28:
4e:67:9b:57:08:b2:0f:78:5b:f2:a9:52:df:98:d3:38:41:c9:
5a:64:1a:88:b5:dd:42:68:22:45:ff:bc:07:4f:ef:ea:e7:40:
0d:1c:6c:bd:1c:57:92:d6:f3:f0:ca:b9:cf:a5:96:be:b9:03:
cd:fd:64:c9:bd:9d:83:6c:db:1c:32:93:74:3f:f2:ec:fe:33:
3b:cc:93:aa:88:68:bd:03:3f:22:bf:3c:9f:f4:82:8b:7d:2d:
81:04:d6:b2:4e:cb:bd:8b:ff:15:9c:d5:75:bf:51:ea:8b:2c:
5c:5e:b5:0a:2a:04:de:6a:20:bd:05:0c:36:21:d6:f5:2a:cb:
3b:a0:63:0c:52:a2:22:ac:e7:e0:77:f1:97:50:7e:1f:e8:ae:
7a:39:19:d4:03:0c:e3:e8:a3:d9:45:64:4b:49:44:01:08:a4:
a1:74:e1:ab:92:c2:72:2b:90:5f:6c:f3:b5:3b:21:01:31:cf:
f6:4e:d4:1e:bd:81:cf:55:ef:75:74:2d:c1:57:29:7d:c9:91:
d5:bd:22:db:1f:e7:ac:0c:d7:57:be:a5:25:a1:0e:a3:dd:44:
dd:13:16:b0
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUG/+Eerme8U8HHEInqANJpaGHaRgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMDQwOTIxNTZaFw0yNTAzMDMwOTI2NTZaMDMxMTAvBgNV
BAMTKDk5RjA5QjBFMUNEOUM2QUZGQUZFRTBFOTcxQjU3OTMyRUE2MTMwNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5u9DX2Uj7c3OKZ8COaUGVRg6u
dFOC04aOi+sKNA6yncyCRwhSOavnIfAdslrL+Br+rvqPaopvJ29f1HTeqljmuLax
rqWy1kDzaB3axN5nvmoT1jDSXPC3+rLuwz91TBpicyN62osMbw7D+6GI1J/FE9wU
fJ+kni/bGVpH/M5wVJRURd1JohAuqzLX8QlyYDAtKQyM/YPlxN/lHSy/AkNe4dUW
vHnkd6Elvq+BLbpeOS1qO2QVchF9upgQXlhbjv5jn1m7UaS/etpkWsn2zZAalpWw
JbofZF9kAc3q+csvch9xUcC+J+bpQrarNF7Z20N7bTXkY1Q08rmWuO09eJhrAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUmfCbDhzZxq/6/uDpcbV5MuphMFgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzkyZTMy
MzIzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnR3TANBgkqhkiG9w0BAQsFAAOCAQEAk5kjhGjbYH+GH8OPrQms9Fg61AWt
U/ANVYSjs6YkrtD1eAsoTmebVwiyD3hb8qlS35jTOEHJWmQaiLXdQmgiRf+8B0/v
6udADRxsvRxXktbz8Mq5z6WWvrkDzf1kyb2dg2zbHDKTdD/y7P4zO8yTqohovQM/
Ir88n/SCi30tgQTWsk7LvYv/FZzVdb9R6ossXF61CioE3mogvQUMNiHW9SrLO6Bj
DFKiIqzn4Hfxl1B+H+iuejkZ1AMM4+ij2UVkS0lEAQikoXThq5LCciuQX2zztTsh
ATHP9k7UHr2Bz1XvdXQtwVcpfcmR1b0i2x/nrAzXV76lJaEOo91E3RMWsA==
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:29:13 2024 by rpki-client on console-ams.rpki-client.org