Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/tQbSXBtyAuflkQ3CkfQ3gV4hzLk.roa
File: tQbSXBtyAuflkQ3CkfQ3gV4hzLk.roa (raw, json)
Hash identifier: Yy6lyMjMb6JMtzhCRYSIgo8UuLDmcBkgwOOL8Mgy32c=
Subject key identifier: B5:06:D2:5C:1B:72:02:E7:E5:91:0D:C2:91:F4:37:81:5E:21:CC:B9
Certificate issuer: /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial: 0191E686A287508E7232E710EA8E5897616B
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/tQbSXBtyAuflkQ3CkfQ3gV4hzLk.roa
Signing time: Thu 12 Sep 2024 13:57:48 +0000
ROA not before: Thu 12 Sep 2024 13:57:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6810
IP address blocks: 31.168.36.0/23 maxlen: 24
79.177.128.0/18 maxlen: 24
79.181.128.0/18 maxlen: 24
85.130.128.0/18 maxlen: 24
85.130.192.0/18 maxlen: 24
85.130.192.0/19 maxlen: 24
109.67.128.0/18 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e6:86:a2:87:50:8e:72:32:e7:10:ea:8e:58:97:61:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Validity
Not Before: Sep 12 13:57:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b506d25c1b7202e7e5910dc291f437815e21ccb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c0:93:2a:76:01:b4:0c:ed:3d:f2:0e:f0:34:
56:02:75:19:f7:27:c8:75:68:5e:43:e8:06:53:b1:
0b:20:cc:6f:a1:36:6d:5a:f5:28:c0:dc:a7:4d:e8:
03:ee:3e:1e:5b:ca:fe:d2:c0:e8:53:a5:48:ba:fe:
46:1e:b7:22:1b:30:cc:29:04:71:2a:8e:94:5a:5c:
68:55:87:b3:64:06:ac:08:c4:c0:61:ee:2a:43:27:
3e:51:cd:a5:ae:a8:f1:43:da:c9:7e:15:df:29:7f:
54:1d:02:63:6e:e5:d9:ab:dc:7f:e5:fb:6f:82:c5:
7e:5e:74:3c:0f:f9:3c:65:d5:17:a5:4b:16:94:ed:
a4:69:48:4f:c0:59:3a:62:cf:e1:c2:e0:ae:83:4f:
c6:a9:3e:74:ef:ef:6d:2a:0f:29:7e:36:8e:40:34:
ca:20:0d:31:eb:d0:e3:74:34:7b:3e:41:be:83:9b:
a1:e2:cc:f8:4a:f3:e3:3d:28:c4:9f:67:43:15:1f:
91:5a:f0:ca:0f:a6:2f:eb:ac:64:3e:8e:5c:fe:7b:
b2:74:d4:d7:33:9f:86:92:37:df:89:82:80:c7:47:
28:7c:c5:ce:0e:f3:14:ea:bb:4c:e4:10:fc:d1:f6:
26:17:c5:4a:3e:df:cf:fd:9e:a6:0d:ca:ef:61:82:
5a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:06:D2:5C:1B:72:02:E7:E5:91:0D:C2:91:F4:37:81:5E:21:CC:B9
X509v3 Authority Key Identifier:
keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/tQbSXBtyAuflkQ3CkfQ3gV4hzLk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.168.36.0/23
79.177.128.0/18
79.181.128.0/18
85.130.128.0/17
109.67.128.0/18
Signature Algorithm: sha256WithRSAEncryption
55:cf:93:78:15:02:19:4d:34:bb:cf:e2:40:9c:8b:34:3f:79:
0a:bf:13:8d:78:4e:0c:35:64:11:fc:3e:45:a9:e7:e0:90:8f:
d9:7b:17:47:58:ba:a5:fd:8d:25:9f:0b:10:29:06:de:9e:7c:
8f:f3:a5:49:98:e0:82:0e:ff:ad:32:ef:0d:3a:31:4f:bd:d1:
be:83:2a:cc:6f:b1:db:99:cc:42:c4:25:fe:2e:1b:d3:9c:f6:
7e:d0:8e:0d:b8:b5:1f:0b:6c:cd:ec:31:ea:cb:29:1e:92:7b:
92:4f:45:be:25:9c:e1:17:44:c0:6c:8a:9a:35:63:03:4c:cd:
b7:67:fd:fa:48:bb:06:8c:f0:cb:fc:92:04:09:b0:5c:55:ff:
3d:5e:b2:5d:0c:cf:78:0a:f3:78:d9:3a:fc:22:00:2e:2a:74:
19:2d:ea:a0:8d:32:30:af:06:f6:f8:8e:1b:2f:55:6f:d3:84:
c1:fd:f3:21:fa:0f:c5:09:99:b5:6c:c3:42:bd:c5:d7:bf:8f:
eb:bf:35:fa:f8:e2:e5:79:b0:ac:1d:38:b9:76:f0:e2:a1:22:
63:98:8a:58:b9:41:86:fa:d2:87:0f:37:6c:ff:6f:31:88:63:
43:49:98:fc:c8:69:a5:24:31:26:84:e2:f1:0b:ed:99:e5:9f:
0d:d2:67:0a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZHmhqKHUI5yMucQ6o5Yl2FrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwOTEyMTM1NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTA2ZDI1YzFiNzIwMmU3ZTU5MTBkYzI5MWY0Mzc4MTVlMjFjY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMCTKnYBtAztPfIO8DRWAnUZ9yfI
dWheQ+gGU7ELIMxvoTZtWvUowNynTegD7j4eW8r+0sDoU6VIuv5GHrciGzDMKQRx
Ko6UWlxoVYezZAasCMTAYe4qQyc+Uc2lrqjxQ9rJfhXfKX9UHQJjbuXZq9x/5ftv
gsV+XnQ8D/k8ZdUXpUsWlO2kaUhPwFk6Ys/hwuCug0/GqT507+9tKg8pfjaOQDTK
IA0x69DjdDR7PkG+g5uh4sz4SvPjPSjEn2dDFR+RWvDKD6Yv66xkPo5c/nuydNTX
M5+GkjffiYKAx0cofMXODvMU6rtM5BD80fYmF8VKPt/P/Z6mDcrvYYJayQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLUG0lwbcgLn5ZENwpH0N4FeIcy5MB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvdFFiU1hCdHlBdWZsa1EzQ2tmUTNnVjRoekxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBH6gkAwQG
T7GAAwQGT7WAAwQHVYKAAwQGbUOAMA0GCSqGSIb3DQEBCwUAA4IBAQBVz5N4FQIZ
TTS7z+JAnIs0P3kKvxONeE4MNWQR/D5FqefgkI/ZexdHWLql/Y0lnwsQKQbennyP
86VJmOCCDv+tMu8NOjFPvdG+gyrMb7HbmcxCxCX+LhvTnPZ+0I4NuLUfC2zN7DHq
yykeknuST0W+JZzhF0TAbIqaNWMDTM23Z/36SLsGjPDL/JIECbBcVf89XrJdDM94
CvN42Tr8IgAuKnQZLeqgjTIwrwb2+I4bL1Vv04TB/fMh+g/FCZm1bMNCvcXXv4/r
vzX6+OLlebCsHTi5dvDioSJjmIpYuUGG+tKHDzds/28xiGNDSZj8yGmlJDEmhOLx
C+2Z5Z8N0mcK
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:14:42 2024 by rpki-client on console-ams.rpki-client.org