Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/PnRsENOA45xwHTCa_zV7_xB873Q.roa
File: PnRsENOA45xwHTCa_zV7_xB873Q.roa (raw, json)
Hash identifier: H1FMWwHYcmRjZLSsimItPH7jpvnRY+HgvEClm43/u70=
Subject key identifier: 3E:74:6C:10:D3:80:E3:9C:70:1D:30:9A:FF:35:7B:FF:10:7C:EF:74
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 0192E246772028808735E4A14D289F606339
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/PnRsENOA45xwHTCa_zV7_xB873Q.roa
Signing time: Thu 31 Oct 2024 11:12:01 +0000
ROA not before: Thu 31 Oct 2024 11:12:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25211
IP address blocks: 85.239.144.0/24 maxlen: 24
85.239.146.0/24 maxlen: 24
85.239.147.0/24 maxlen: 24
85.239.148.0/24 maxlen: 24
85.239.149.0/24 maxlen: 24
85.239.150.0/24 maxlen: 24
85.239.151.0/24 maxlen: 24
185.95.156.0/24 maxlen: 24
185.95.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 14:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:e2:46:77:20:28:80:87:35:e4:a1:4d:28:9f:60:63:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Oct 31 11:12:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3e746c10d380e39c701d309aff357bff107cef74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:82:52:29:b7:71:a3:d3:f8:97:dd:12:df:5e:
4b:fb:81:51:a9:5f:c9:e7:ef:54:0d:46:e8:8d:d8:
44:d9:35:a6:07:db:a8:0a:49:46:f7:d7:08:2e:f1:
ff:73:5e:a8:02:80:82:2b:4b:c3:2a:55:8c:8c:65:
d8:56:f0:ac:77:3b:7a:67:0c:19:a6:48:be:c0:c0:
8d:e7:b2:a7:09:f0:6a:36:85:2c:ff:a5:2e:e3:39:
72:9d:3f:13:41:9b:62:47:b7:76:93:3a:01:dd:07:
22:3c:1e:60:47:61:27:1d:a0:73:a8:62:91:71:dd:
9f:1a:4b:76:d5:de:80:8f:6c:ab:cd:6b:a1:df:f4:
6b:18:77:50:4f:05:bc:94:30:00:e6:21:6d:42:f8:
a0:5e:8f:d8:04:ad:5b:8b:45:03:71:be:bb:85:3d:
19:fb:11:74:08:1a:7e:1a:eb:c1:ef:10:f7:ea:89:
1d:f1:a6:f3:d8:98:1d:08:0f:88:da:9e:77:1b:04:
b4:21:91:86:6f:35:58:f2:31:f6:9f:99:4a:f4:b2:
c7:5e:a8:75:0a:05:88:37:ec:f8:55:69:bb:ed:ca:
e3:fb:80:a5:3e:bc:f6:1c:0f:da:10:74:f4:0e:db:
2c:4a:ea:66:f2:c7:58:4f:45:af:7d:cf:29:b1:4e:
c9:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:74:6C:10:D3:80:E3:9C:70:1D:30:9A:FF:35:7B:FF:10:7C:EF:74
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/PnRsENOA45xwHTCa_zV7_xB873Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.144.0/24
85.239.146.0-85.239.151.255
185.95.156.0/24
185.95.159.0/24
Signature Algorithm: sha256WithRSAEncryption
48:b9:28:da:df:75:50:11:3d:c9:1a:dd:58:db:10:eb:b4:f0:
94:ed:52:e8:d7:b7:c9:a9:ca:46:b1:95:af:c8:ad:44:ee:c9:
7c:d9:9c:29:98:47:ff:4f:db:6c:45:47:2e:10:ba:16:88:25:
94:04:db:44:05:f2:7c:a4:29:ee:be:b9:7e:8d:1d:2c:dc:ab:
de:54:c8:98:03:db:4c:2a:f6:4f:d5:b7:4c:f4:de:05:9c:0e:
74:b8:f0:c1:cb:2a:27:e6:a2:e9:b6:a9:ee:2d:57:d4:1b:93:
38:36:eb:d6:51:47:a8:37:31:e4:64:3b:7d:94:72:07:51:11:
ba:f1:0c:d3:79:6f:28:de:81:28:99:67:93:05:50:cb:b6:de:
d4:3c:0b:49:7e:ab:d3:4c:aa:32:83:50:a3:79:29:fb:27:49:
07:ce:c1:64:6b:bd:51:cf:2a:ec:b1:f0:b9:57:64:ec:f4:c4:
2b:52:fc:d8:39:a8:d1:f3:37:8e:a7:ac:20:20:ae:e9:75:ac:
a6:0c:be:c4:7e:09:64:90:a1:da:1d:c8:a1:15:2d:ea:a9:33:
9e:e8:95:e3:5b:70:09:16:9e:88:5f:a8:44:da:2d:7c:2a:ab:
bf:7b:80:b4:e2:73:f0:42:98:88:f4:13:54:cf:e0:16:d0:06:
8f:c0:3e:09
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZLiRncgKICHNeShTSifYGM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjQxMDMxMTExMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc0NmMxMGQzODBlMzljNzAxZDMwOWFmZjM1N2JmZjEwN2NlZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIJSKbdxo9P4l90S315L+4FRqV/J
5+9UDUbojdhE2TWmB9uoCklG99cILvH/c16oAoCCK0vDKlWMjGXYVvCsdzt6ZwwZ
pki+wMCN57KnCfBqNoUs/6Uu4zlynT8TQZtiR7d2kzoB3QciPB5gR2EnHaBzqGKR
cd2fGkt21d6Aj2yrzWuh3/RrGHdQTwW8lDAA5iFtQvigXo/YBK1bi0UDcb67hT0Z
+xF0CBp+GuvB7xD36okd8abz2JgdCA+I2p53GwS0IZGGbzVY8jH2n5lK9LLHXqh1
CgWIN+z4VWm77crj+4ClPrz2HA/aEHT0DtssSupm8sdYT0Wvfc8psU7JVwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFD50bBDTgOOccB0wmv81e/8QfO90MB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvUG5Sc0VOT0E0NXh3SFRDYV96VjdfeEI4NzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAVe+QMAwD
BAFV75IDBANV75ADBAC5X5wDBAC5X58wDQYJKoZIhvcNAQELBQADggEBAEi5KNrf
dVARPcka3VjbEOu08JTtUujXt8mpykaxla/IrUTuyXzZnCmYR/9P22xFRy4QuhaI
JZQE20QF8nykKe6+uX6NHSzcq95UyJgD20wq9k/Vt0z03gWcDnS48MHLKifmoum2
qe4tV9Qbkzg269ZRR6g3MeRkO32UcgdREbrxDNN5byjegSiZZ5MFUMu23tQ8C0l+
q9NMqjKDUKN5KfsnSQfOwWRrvVHPKuyx8LlXZOz0xCtS/Ng5qNHzN46nrCAgrul1
rKYMvsR+CWSQododyKEVLeqpM57oleNbcAkWnohfqETaLXwqq797gLTic/BCmIj0
E1TP4BbQBo/APgk=
-----END CERTIFICATE-----
Generated at Mon Nov 25 20:22:48 2024 by rpki-client on console-fra.rpki-client.org