Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/KX22dX--srUcFf-zvsvHNxT9QJo.roa
File: KX22dX--srUcFf-zvsvHNxT9QJo.roa (raw, json)
Hash identifier: H8KpR4Ub6UMgHJZLqg64M4XFdg+Hdd7PJkEDF6pU6Qg=
Subject key identifier: 29:7D:B6:75:7F:BE:B2:B5:1C:15:FF:B3:BE:CB:C7:37:14:FD:40:9A
Certificate issuer: /CN=36cb16e44cfbf07e97f6f5e44ae718aa50d05291
Certificate serial: 018CC5DC11B3701214A6C08EAA010E71C18A
Authority key identifier: 36:CB:16:E4:4C:FB:F0:7E:97:F6:F5:E4:4A:E7:18:AA:50:D0:52:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NssW5Ez78H6X9vXkSucYqlDQUpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/KX22dX--srUcFf-zvsvHNxT9QJo.roa
Signing time: Mon 01 Jan 2024 16:29:43 +0000
ROA not before: Mon 01 Jan 2024 16:29:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56334
IP address blocks: 185.136.22.0/24 maxlen: 24
185.136.21.0/24 maxlen: 24
185.136.20.0/24 maxlen: 24
2a06:f800::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/NssW5Ez78H6X9vXkSucYqlDQUpE.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/NssW5Ez78H6X9vXkSucYqlDQUpE.mft
rsync://rpki.ripe.net/repository/DEFAULT/NssW5Ez78H6X9vXkSucYqlDQUpE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:11:b3:70:12:14:a6:c0:8e:aa:01:0e:71:c1:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36cb16e44cfbf07e97f6f5e44ae718aa50d05291
Validity
Not Before: Jan 1 16:29:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=297db6757fbeb2b51c15ffb3becbc73714fd409a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:03:e8:8b:77:ea:4d:b9:01:ba:d0:05:f5:a1:
cf:7b:b4:ff:55:40:e1:d7:32:4a:1c:64:45:03:25:
a4:a6:c9:cd:05:42:0e:47:ad:90:58:91:3b:97:94:
aa:54:92:bd:cf:16:a6:d4:18:c5:06:85:49:e3:cc:
7b:62:70:45:58:6c:ea:a1:6f:54:46:af:f2:8f:b7:
93:56:7c:cd:1c:75:d5:91:38:de:22:6a:e0:45:35:
1d:60:c7:f1:2c:51:27:ce:c3:78:53:83:6e:d1:9c:
3f:6a:98:98:8a:a8:de:48:2a:28:71:45:0a:3f:95:
46:66:4e:8d:9d:af:31:df:08:4e:24:85:a1:48:3b:
76:c2:c2:99:28:55:fe:8b:b2:82:71:36:a9:26:9f:
bb:71:7f:08:7f:35:ea:87:bf:02:b1:4a:c3:2d:a1:
b4:a7:63:e6:00:a2:45:bd:34:21:52:ab:87:1b:ca:
ad:b2:75:93:ec:3e:8c:cf:62:41:91:8c:c0:d1:03:
de:89:b8:91:34:7d:d6:00:6a:e9:b8:bf:77:91:ff:
0f:df:2a:ca:4a:d7:c4:6b:9e:a8:3c:ad:bc:c4:ac:
f2:fb:3c:1b:de:e7:d7:28:be:ba:48:b2:4a:0b:1e:
8c:02:61:df:4c:0c:a6:31:02:50:c3:74:b7:67:01:
b4:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:7D:B6:75:7F:BE:B2:B5:1C:15:FF:B3:BE:CB:C7:37:14:FD:40:9A
X509v3 Authority Key Identifier:
keyid:36:CB:16:E4:4C:FB:F0:7E:97:F6:F5:E4:4A:E7:18:AA:50:D0:52:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NssW5Ez78H6X9vXkSucYqlDQUpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/KX22dX--srUcFf-zvsvHNxT9QJo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/NssW5Ez78H6X9vXkSucYqlDQUpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.20.0-185.136.22.255
IPv6:
2a06:f800::/29
Signature Algorithm: sha256WithRSAEncryption
8a:f7:51:72:db:bb:21:43:19:ec:bc:3e:45:66:b2:bc:d9:00:
0d:8c:a2:f8:e5:ec:15:28:f7:cf:18:48:b5:7c:e6:39:83:cc:
08:fb:ce:d7:82:65:de:79:3e:ec:44:f5:ee:cc:af:ca:39:01:
05:20:73:4f:9e:32:1e:09:24:85:2f:50:09:d2:ab:47:1e:52:
41:ce:72:10:0c:36:cf:dd:77:4f:54:59:07:e0:85:d8:58:16:
8f:31:db:45:f9:e5:e4:f8:ca:ff:35:ab:93:80:c3:b3:12:c5:
15:1d:af:67:bf:f4:2b:19:a9:59:05:d0:d7:fd:39:3e:6a:3f:
4f:15:67:57:0b:d7:35:b9:3b:f4:1c:20:2c:45:47:3e:a5:b4:
84:3d:3b:86:d9:5b:d8:a9:95:16:99:ef:15:55:a7:1f:8f:d6:
6c:75:be:17:9b:d7:b8:b1:ee:d9:4b:ad:fd:88:c1:55:5f:a6:
f5:4c:a4:57:d0:18:73:00:a8:cd:7e:eb:68:20:af:a1:20:ec:
36:11:5b:cb:97:23:0c:d4:38:5b:b0:5b:4a:48:8d:fc:a3:38:
b6:06:80:68:cf:a8:e0:32:3a:95:db:31:48:9d:67:83:fd:e4:
0e:55:2a:1d:23:6e:de:d4:38:1f:9b:08:00:27:07:f3:95:63:
e8:35:85:2e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3BGzcBIUpsCOqgEOccGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Y2IxNmU0NGNmYmYwN2U5N2Y2ZjVlNDRhZTcxOGFhNTBk
MDUyOTEwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdkYjY3NTdmYmViMmI1MWMxNWZmYjNiZWNiYzczNzE0ZmQ0MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQPoi3fqTbkButAF9aHPe7T/VUDh
1zJKHGRFAyWkpsnNBUIOR62QWJE7l5SqVJK9zxam1BjFBoVJ48x7YnBFWGzqoW9U
Rq/yj7eTVnzNHHXVkTjeImrgRTUdYMfxLFEnzsN4U4Nu0Zw/apiYiqjeSCoocUUK
P5VGZk6Nna8x3whOJIWhSDt2wsKZKFX+i7KCcTapJp+7cX8IfzXqh78CsUrDLaG0
p2PmAKJFvTQhUquHG8qtsnWT7D6Mz2JBkYzA0QPeibiRNH3WAGrpuL93kf8P3yrK
StfEa56oPK28xKzy+zwb3ufXKL66SLJKCx6MAmHfTAymMQJQw3S3ZwG0rwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCl9tnV/vrK1HBX/s77LxzcU/UCaMB8GA1UdIwQY
MBaAFDbLFuRM+/B+l/b15ErnGKpQ0FKRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNzVzVFejc4SDZYOXZYa1N1Y1lxbERRVXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jODA0M2UtZWE5NS00ODUxLWEyZmIt
MTBjYmM1OTdhNzFhLzEvS1gyMmRYLS1zclVjRmYtenZzdkhOeFQ5UUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jODA0M2UtZWE5NS00ODUxLWEyZmItMTBjYmM1OTdhNzFh
LzEvTnNzVzVFejc4SDZYOXZYa1N1Y1lxbERRVXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5iBQD
BAC5iBYwDQQCAAIwBwMFAyoG+AAwDQYJKoZIhvcNAQELBQADggEBAIr3UXLbuyFD
Gey8PkVmsrzZAA2Movjl7BUo988YSLV85jmDzAj7zteCZd55PuxE9e7Mr8o5AQUg
c0+eMh4JJIUvUAnSq0ceUkHOchAMNs/dd09UWQfghdhYFo8x20X55eT4yv81q5OA
w7MSxRUdr2e/9CsZqVkF0Nf9OT5qP08VZ1cL1zW5O/QcICxFRz6ltIQ9O4bZW9ip
lRaZ7xVVpx+P1mx1vheb17ix7tlLrf2IwVVfpvVMpFfQGHMAqM1+62ggr6Eg7DYR
W8uXIwzUOFuwW0pIjfyjOLYGgGjPqOAyOpXbMUidZ4P95A5VKh0jbt7UOB+bCAAn
B/OVY+g1hS4=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:04 2024 by rpki-client on console-fra.rpki-client.org