Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/3n7EDquBT5MmMCFT4nX9UWotPOk.roa
File: 3n7EDquBT5MmMCFT4nX9UWotPOk.roa (raw, json)
Hash identifier: wddnaW/NHAjv746QX/uBnHECCBX6QpCrB6TFweomjws=
Subject key identifier: DE:7E:C4:0E:AB:81:4F:93:26:30:21:53:E2:75:FD:51:6A:2D:3C:E9
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 018CC6B815FE922D7045FC7D5F2D4DC5E2F8
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/3n7EDquBT5MmMCFT4nX9UWotPOk.roa
Signing time: Mon 01 Jan 2024 20:30:02 +0000
ROA not before: Mon 01 Jan 2024 20:30:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41209
IP address blocks: 195.34.18.0/24 maxlen: 24
195.34.18.0/23 maxlen: 23
195.34.19.0/24 maxlen: 24
85.140.63.0/24 maxlen: 24
85.140.61.0/24 maxlen: 24
85.140.60.0/22 maxlen: 22
85.140.62.0/24 maxlen: 24
85.140.60.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 13:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:15:fe:92:2d:70:45:fc:7d:5f:2d:4d:c5:e2:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Jan 1 20:30:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=de7ec40eab814f9326302153e275fd516a2d3ce9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c6:d5:f5:ff:59:82:38:dd:65:77:98:ec:d6:
86:f0:66:13:65:83:bb:41:37:c4:73:6a:60:47:c4:
fd:c2:9e:41:e1:98:75:f3:39:4d:8c:47:3d:fa:09:
70:b9:f7:63:ae:8a:1c:ca:e6:95:28:1d:61:06:58:
2e:5e:85:46:ce:94:63:c0:7b:30:19:42:07:6b:9c:
f7:2d:b1:f2:7b:bb:26:b6:2b:25:15:52:28:2e:54:
bc:93:65:8c:1e:fc:ba:70:93:b1:38:6e:06:00:57:
a2:8a:f6:25:e6:4e:31:e1:f7:72:c3:bc:28:be:d0:
9c:00:53:23:54:fe:ee:47:cc:79:1b:bc:e5:e6:8a:
b6:ac:0e:14:11:04:b3:c7:26:0f:16:d0:9c:2c:bc:
53:f2:79:a2:06:5d:af:37:32:26:54:14:df:be:61:
c2:5d:6c:2b:8b:5f:cf:77:7e:99:61:43:6d:85:8c:
92:ce:20:30:4f:e6:ae:52:10:f9:4f:5e:df:67:ab:
66:3b:bb:c7:7a:a2:ef:0f:bd:ac:24:4d:ad:d7:bf:
ca:8c:c5:7c:cf:3e:71:69:6a:87:28:7c:e8:56:34:
6f:8c:e8:40:b4:03:0d:0f:d4:b0:5f:df:16:cb:51:
ec:2f:26:f0:05:21:14:0f:54:85:39:61:67:ac:f9:
f5:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:7E:C4:0E:AB:81:4F:93:26:30:21:53:E2:75:FD:51:6A:2D:3C:E9
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/3n7EDquBT5MmMCFT4nX9UWotPOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.140.60.0/22
195.34.18.0/23
Signature Algorithm: sha256WithRSAEncryption
5b:2e:f0:93:6a:f5:c6:22:34:b5:99:8a:19:79:48:e4:ba:75:
52:2e:3f:a3:3d:0a:a4:6f:7a:74:da:af:05:ff:ca:b5:78:cf:
00:74:a9:c5:6c:42:3f:c3:a0:75:b4:d8:65:ef:2c:37:f4:62:
1b:2d:07:fb:8c:a6:23:4d:5f:57:cd:67:2a:d8:40:86:15:99:
18:10:fa:8f:ba:09:d1:e0:27:8e:2e:57:9b:0b:10:31:db:f2:
cb:5f:57:49:42:75:dc:26:50:c2:36:17:bc:9c:5c:36:57:60:
e5:b6:04:ab:17:6c:a6:9b:17:76:07:7c:b5:eb:ce:96:b2:fe:
c0:c1:7e:3f:cd:86:8d:f4:d6:40:40:08:da:e1:09:a5:27:21:
d7:48:73:6c:0c:43:04:82:1e:b6:27:e3:35:53:63:41:af:7f:
2a:af:4e:bb:99:68:33:d7:3e:f6:d7:e0:be:a2:9f:18:7a:b1:
d3:2c:9c:63:39:cc:a9:17:f7:31:84:16:ed:e5:72:b5:9d:d3:
37:29:03:b5:86:d7:84:23:9e:94:46:4b:53:dc:62:e7:45:1b:
f5:b7:b9:1c:9a:a0:10:52:d2:89:1f:b6:46:dc:92:fd:ad:c7:
c1:e5:99:8d:2e:9f:61:1b:22:bf:c8:3a:6e:fd:aa:d7:b9:8f:
5a:76:25:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuBX+ki1wRfx9Xy1NxeL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdlYzQwZWFiODE0ZjkzMjYzMDIxNTNlMjc1ZmQ1MTZhMmQzY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8bV9f9ZgjjdZXeY7NaG8GYTZYO7
QTfEc2pgR8T9wp5B4Zh18zlNjEc9+glwufdjroocyuaVKB1hBlguXoVGzpRjwHsw
GUIHa5z3LbHye7smtislFVIoLlS8k2WMHvy6cJOxOG4GAFeiivYl5k4x4fdyw7wo
vtCcAFMjVP7uR8x5G7zl5oq2rA4UEQSzxyYPFtCcLLxT8nmiBl2vNzImVBTfvmHC
XWwri1/Pd36ZYUNthYySziAwT+auUhD5T17fZ6tmO7vHeqLvD72sJE2t17/KjMV8
zz5xaWqHKHzoVjRvjOhAtAMND9SwX98Wy1HsLybwBSEUD1SFOWFnrPn1GwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN5+xA6rgU+TJjAhU+J1/VFqLTzpMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvM243RURxdUJUNU1tTUNGVDRuWDlVV290UE9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVYw8AwQB
wyISMA0GCSqGSIb3DQEBCwUAA4IBAQBbLvCTavXGIjS1mYoZeUjkunVSLj+jPQqk
b3p02q8F/8q1eM8AdKnFbEI/w6B1tNhl7yw39GIbLQf7jKYjTV9XzWcq2ECGFZkY
EPqPugnR4CeOLlebCxAx2/LLX1dJQnXcJlDCNhe8nFw2V2DltgSrF2ymmxd2B3y1
686Wsv7AwX4/zYaN9NZAQAja4QmlJyHXSHNsDEMEgh62J+M1U2NBr38qr067mWgz
1z721+C+op8YerHTLJxjOcypF/cxhBbt5XK1ndM3KQO1hteEI56URktT3GLnRRv1
t7kcmqAQUtKJH7ZG3JL9rcfB5ZmNLp9hGyK/yDpu/arXuY9adiWE
-----END CERTIFICATE-----
Generated at Sat Jun 1 20:18:53 2024 by rpki-client on console-fra.rpki-client.org