Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/cbc18f-e6db-4bd6-8427-64d1bc735bac/1/Xbd_XMqvNacnCPj2PS52S3iR5NE.roa
File: Xbd_XMqvNacnCPj2PS52S3iR5NE.roa (raw, json)
Hash identifier: mw/kVgGLOCh5t3UKl9AjBcnBXDf2W3mLW7LiIponHYU=
Subject key identifier: 5D:B7:7F:5C:CA:AF:35:A7:27:08:F8:F6:3D:2E:76:4B:78:91:E4:D1
Certificate issuer: /CN=dd5072b13880c1f1ba86fcc4c40297f5d9f43774
Certificate serial: 018CC9BBD8A60DFBA154BF371075D4F5458B
Authority key identifier: DD:50:72:B1:38:80:C1:F1:BA:86:FC:C4:C4:02:97:F5:D9:F4:37:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3VBysTiAwfG6hvzExAKX9dn0N3Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/cbc18f-e6db-4bd6-8427-64d1bc735bac/1/Xbd_XMqvNacnCPj2PS52S3iR5NE.roa
Signing time: Tue 02 Jan 2024 10:33:00 +0000
ROA not before: Tue 02 Jan 2024 10:33:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200697
IP address blocks: 185.135.197.0/24 maxlen: 24
185.135.198.0/24 maxlen: 24
185.135.199.0/24 maxlen: 24
185.135.196.0/24 maxlen: 24
2a09:5f40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/17/cbc18f-e6db-4bd6-8427-64d1bc735bac/1/3VBysTiAwfG6hvzExAKX9dn0N3Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/17/cbc18f-e6db-4bd6-8427-64d1bc735bac/1/3VBysTiAwfG6hvzExAKX9dn0N3Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/3VBysTiAwfG6hvzExAKX9dn0N3Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:d8:a6:0d:fb:a1:54:bf:37:10:75:d4:f5:45:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd5072b13880c1f1ba86fcc4c40297f5d9f43774
Validity
Not Before: Jan 2 10:33:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5db77f5ccaaf35a72708f8f63d2e764b7891e4d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:34:2a:e1:ff:c0:d9:c4:9e:36:38:56:5d:e1:
b5:5f:9d:8b:f9:9b:ca:c8:b6:67:8d:8b:5f:32:06:
92:79:f9:31:0f:56:92:d2:b1:7a:cc:f2:48:ae:36:
76:7b:4c:63:94:e5:07:7c:ad:df:5b:94:f8:53:d8:
2b:b3:e8:33:bd:a4:ce:42:9b:2d:b7:dc:1c:1f:ed:
77:6f:f4:3a:25:92:b0:4a:d7:59:38:64:9c:94:1b:
d4:d0:00:12:f7:06:f5:85:4e:f9:d4:41:b1:b9:e8:
0f:ac:fe:0b:18:53:68:06:37:64:94:e4:9a:4e:3c:
22:e9:6e:4e:66:a5:a6:46:02:e5:be:67:5b:18:80:
8b:19:d6:02:d0:a5:4a:f3:19:04:08:ef:be:a5:25:
34:f6:08:b0:f5:00:21:e7:67:72:8f:0c:d2:bd:a5:
d4:82:6a:7a:64:3c:95:6d:f5:5c:1b:93:76:c9:5d:
d7:a2:95:a1:61:7c:2d:01:29:32:a0:43:99:20:db:
a3:60:a0:c4:e2:64:81:25:d7:7c:fa:bf:cc:78:af:
dc:03:1e:ae:23:a3:34:4e:da:8b:cf:24:df:16:03:
12:9e:32:0b:fc:d9:4a:6d:e5:76:33:70:77:0a:e4:
b8:1d:13:0f:c8:1f:23:f0:5b:9c:e1:0f:fc:1b:9b:
aa:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:B7:7F:5C:CA:AF:35:A7:27:08:F8:F6:3D:2E:76:4B:78:91:E4:D1
X509v3 Authority Key Identifier:
keyid:DD:50:72:B1:38:80:C1:F1:BA:86:FC:C4:C4:02:97:F5:D9:F4:37:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3VBysTiAwfG6hvzExAKX9dn0N3Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cbc18f-e6db-4bd6-8427-64d1bc735bac/1/Xbd_XMqvNacnCPj2PS52S3iR5NE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cbc18f-e6db-4bd6-8427-64d1bc735bac/1/3VBysTiAwfG6hvzExAKX9dn0N3Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.196.0/22
IPv6:
2a09:5f40::/29
Signature Algorithm: sha256WithRSAEncryption
59:65:2e:0d:15:9a:11:5c:99:8b:02:89:bd:59:6c:62:9a:56:
8c:1a:3f:e8:8e:43:a6:b1:25:3d:e0:be:03:8d:9c:5f:42:4c:
a1:6a:6f:a6:32:fd:c3:8b:af:f0:fd:1e:f0:ed:9a:1b:7b:f7:
87:da:34:20:9b:26:ec:da:ef:d8:68:08:58:0f:1e:5e:d6:8e:
43:e6:a3:14:42:6c:12:ef:14:c9:0c:e1:f2:67:f4:c4:6e:d9:
78:d4:ff:ee:e4:fb:31:bc:eb:26:4c:d5:19:d9:a7:93:6e:1d:
16:ef:be:69:e3:ba:ee:e6:a9:0b:1c:09:6d:9c:db:c0:7a:7e:
fa:48:76:35:e8:62:d1:8b:9c:24:92:5e:8c:27:4f:09:01:b2:
c4:49:0a:4d:72:62:91:65:01:0e:68:53:1a:13:ae:46:4f:40:
09:69:0b:fe:80:10:c6:2c:9f:c3:a6:dc:d1:6d:77:b6:64:23:
92:d3:41:47:9b:2c:56:50:39:4c:90:54:9d:3b:d4:c7:6d:a9:
38:27:93:07:68:31:8c:c0:ef:a7:69:35:ee:93:69:f5:ef:12:
42:3b:86:53:f4:b6:b8:14:3e:dc:a1:bc:e5:6b:5f:b6:02:bd:
e8:85:aa:58:a9:49:8a:79:05:7b:4c:ae:fd:ea:04:89:31:e0:
32:c4:02:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu9imDfuhVL83EHXU9UWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNTA3MmIxMzg4MGMxZjFiYTg2ZmNjNGM0MDI5N2Y1ZDlm
NDM3NzQwHhcNMjQwMTAyMTAzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI3N2Y1Y2NhYWYzNWE3MjcwOGY4ZjYzZDJlNzY0Yjc4OTFlNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTQq4f/A2cSeNjhWXeG1X52L+ZvK
yLZnjYtfMgaSefkxD1aS0rF6zPJIrjZ2e0xjlOUHfK3fW5T4U9grs+gzvaTOQpst
t9wcH+13b/Q6JZKwStdZOGSclBvU0AAS9wb1hU751EGxuegPrP4LGFNoBjdklOSa
Tjwi6W5OZqWmRgLlvmdbGICLGdYC0KVK8xkECO++pSU09giw9QAh52dyjwzSvaXU
gmp6ZDyVbfVcG5N2yV3XopWhYXwtASkyoEOZINujYKDE4mSBJdd8+r/MeK/cAx6u
I6M0TtqLzyTfFgMSnjIL/NlKbeV2M3B3CuS4HRMPyB8j8Fuc4Q/8G5uqWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF23f1zKrzWnJwj49j0udkt4keTRMB8GA1UdIwQY
MBaAFN1QcrE4gMHxuob8xMQCl/XZ9Dd0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1ZCeXNUaUF3Zkc2aHZ6RXhBS1g5ZG4wTjNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jYmMxOGYtZTZkYi00YmQ2LTg0Mjct
NjRkMWJjNzM1YmFjLzEvWGJkX1hNcXZOYWNuQ1BqMlBTNTJTM2lSNU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jYmMxOGYtZTZkYi00YmQ2LTg0MjctNjRkMWJjNzM1YmFj
LzEvM1ZCeXNUaUF3Zkc2aHZ6RXhBS1g5ZG4wTjNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYfEMA0E
AgACMAcDBQMqCV9AMA0GCSqGSIb3DQEBCwUAA4IBAQBZZS4NFZoRXJmLAom9WWxi
mlaMGj/ojkOmsSU94L4DjZxfQkyham+mMv3Di6/w/R7w7Zobe/eH2jQgmybs2u/Y
aAhYDx5e1o5D5qMUQmwS7xTJDOHyZ/TEbtl41P/u5PsxvOsmTNUZ2aeTbh0W775p
47ru5qkLHAltnNvAen76SHY16GLRi5wkkl6MJ08JAbLESQpNcmKRZQEOaFMaE65G
T0AJaQv+gBDGLJ/DptzRbXe2ZCOS00FHmyxWUDlMkFSdO9THbak4J5MHaDGMwO+n
aTXuk2n17xJCO4ZT9La4FD7cobzla1+2Ar3ohapYqUmKeQV7TK796gSJMeAyxAK0
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:35:28 2024 by rpki-client on console-ams.rpki-client.org