Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/IKgvUcJUZp16rR_j84QruNO8gog.roa
File: IKgvUcJUZp16rR_j84QruNO8gog.roa (raw, json)
Hash identifier: NvVVEKSAsUl4hmRuNYRiHzLGDsMB45r6YkgIUT2Nne4=
Subject key identifier: 20:A8:2F:51:C2:54:66:9D:7A:AD:1F:E3:F3:84:2B:B8:D3:BC:82:88
Certificate issuer: /CN=f5e8e36be1dba073590382bb1ffff317653900d1
Certificate serial: 018CC94AC8218F505A89278ED5750FAB0CFB
Authority key identifier: F5:E8:E3:6B:E1:DB:A0:73:59:03:82:BB:1F:FF:F3:17:65:39:00:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/IKgvUcJUZp16rR_j84QruNO8gog.roa
Signing time: Tue 02 Jan 2024 08:29:30 +0000
ROA not before: Tue 02 Jan 2024 08:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200003
IP address blocks: 185.39.104.0/22 maxlen: 22
185.39.104.0/24 maxlen: 24
185.39.105.0/24 maxlen: 24
185.39.107.0/24 maxlen: 24
185.39.106.0/24 maxlen: 24
2a04:7b40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.crl
rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.mft
rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 05:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4a:c8:21:8f:50:5a:89:27:8e:d5:75:0f:ab:0c:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5e8e36be1dba073590382bb1ffff317653900d1
Validity
Not Before: Jan 2 08:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=20a82f51c254669d7aad1fe3f3842bb8d3bc8288
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:20:81:2b:a5:7c:ae:b8:2a:5d:9d:da:b5:55:
d0:1a:6b:19:ef:b6:c6:e1:a8:df:83:7b:c9:44:45:
84:a1:bf:15:b3:06:d0:57:55:7c:75:6e:99:1e:89:
c6:2a:17:cf:4f:0d:07:6f:9a:f9:e4:17:0c:90:92:
74:e7:95:09:b1:9d:73:cf:bf:9e:b2:de:14:bf:c0:
92:13:8c:11:88:d9:c9:53:82:d5:0f:13:ad:f0:0a:
d7:46:d1:61:36:89:18:6d:67:e5:2b:8a:d9:05:3a:
45:88:0c:f1:40:75:54:92:d9:6d:e5:bb:7c:6c:c0:
13:49:80:44:b3:e4:2f:c6:cc:03:12:d2:68:a4:1f:
15:ea:25:8e:74:1d:3b:b4:6c:46:38:57:8d:38:dc:
80:ab:b9:6c:34:3c:c2:b6:e4:db:fc:e6:ab:53:69:
38:9b:ea:9b:fb:7c:92:67:84:98:d3:d3:d5:12:14:
92:52:ba:6e:d1:ff:52:09:c0:3d:60:65:e8:98:18:
08:ab:3f:11:5e:90:cf:f6:94:bd:75:90:04:77:0d:
7e:56:5f:b3:b1:2f:9b:e4:22:86:5d:e8:70:1c:01:
05:2d:1b:69:29:a3:7f:85:e2:ba:d8:a8:36:9a:7e:
b4:13:19:29:7e:2d:c0:a3:d4:71:0e:b3:05:ab:4d:
ed:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:A8:2F:51:C2:54:66:9D:7A:AD:1F:E3:F3:84:2B:B8:D3:BC:82:88
X509v3 Authority Key Identifier:
keyid:F5:E8:E3:6B:E1:DB:A0:73:59:03:82:BB:1F:FF:F3:17:65:39:00:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/IKgvUcJUZp16rR_j84QruNO8gog.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.39.104.0/22
IPv6:
2a04:7b40::/29
Signature Algorithm: sha256WithRSAEncryption
31:84:ea:48:a9:79:6a:09:6a:01:48:04:39:6c:06:34:78:64:
19:3f:b0:a7:59:d8:9d:2c:32:a9:84:07:46:b9:cb:93:97:3e:
d8:7f:57:44:32:61:83:9e:cb:d5:48:ac:80:2a:cf:95:5e:be:
f1:95:bb:f4:7c:92:81:bc:02:5d:9b:50:58:38:d2:ab:25:ca:
ab:4d:6d:04:54:2f:53:4e:0a:14:4c:c6:3c:11:ef:51:2b:96:
f0:53:9c:2b:75:1d:31:1f:86:3b:b5:39:68:d7:db:60:dc:cd:
fc:76:b8:a5:0a:b0:18:f2:25:11:dd:d8:0a:74:ec:f0:d3:03:
c1:a0:c8:17:b6:99:c4:31:0d:36:d3:bf:bf:3a:f5:6b:f9:84:
7e:41:88:21:04:e9:28:27:d2:39:15:ec:eb:8d:20:c9:1d:a7:
61:b2:58:30:61:b4:6c:0f:09:da:8d:2e:0c:af:19:34:9c:48:
92:f1:bb:c0:de:c7:63:6f:92:65:88:10:2b:b0:17:86:c4:a1:
a9:97:05:98:d8:e2:8a:36:d8:b5:79:38:96:14:1c:7e:ac:32:
59:53:66:f1:38:4e:65:ef:63:37:38:e1:f7:a0:ea:2b:44:fa:
e9:27:93:9b:69:bb:cc:fb:f6:7c:e7:9e:8f:3c:3f:bd:ae:bb:
80:33:bb:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJSsghj1BaiSeO1XUPqwz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZThlMzZiZTFkYmEwNzM1OTAzODJiYjFmZmZmMzE3NjUz
OTAwZDEwHhcNMjQwMTAyMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE4MmY1MWMyNTQ2NjlkN2FhZDFmZTNmMzg0MmJiOGQzYmM4Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCCBK6V8rrgqXZ3atVXQGmsZ77bG
4ajfg3vJREWEob8VswbQV1V8dW6ZHonGKhfPTw0Hb5r55BcMkJJ055UJsZ1zz7+e
st4Uv8CSE4wRiNnJU4LVDxOt8ArXRtFhNokYbWflK4rZBTpFiAzxQHVUktlt5bt8
bMATSYBEs+QvxswDEtJopB8V6iWOdB07tGxGOFeNONyAq7lsNDzCtuTb/OarU2k4
m+qb+3ySZ4SY09PVEhSSUrpu0f9SCcA9YGXomBgIqz8RXpDP9pS9dZAEdw1+Vl+z
sS+b5CKGXehwHAEFLRtpKaN/heK62Kg2mn60Exkpfi3Ao9RxDrMFq03tAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCCoL1HCVGadeq0f4/OEK7jTvIKIMB8GA1UdIwQY
MBaAFPXo42vh26BzWQOCux//8xdlOQDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWVqamEtSGJvSE5aQTRLN0hfX3pGMlU1QU5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xZWMxZDctYWNlZC00ZWFhLTk3OGMt
MmE5OTBmMjg1MGZiLzEvSUtndlVjSlVacDE2clJfajg0UXJ1Tk84Z29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xZWMxZDctYWNlZC00ZWFhLTk3OGMtMmE5OTBmMjg1MGZi
LzEvOWVqamEtSGJvSE5aQTRLN0hfX3pGMlU1QU5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSdoMA0E
AgACMAcDBQMqBHtAMA0GCSqGSIb3DQEBCwUAA4IBAQAxhOpIqXlqCWoBSAQ5bAY0
eGQZP7CnWdidLDKphAdGucuTlz7Yf1dEMmGDnsvVSKyAKs+VXr7xlbv0fJKBvAJd
m1BYONKrJcqrTW0EVC9TTgoUTMY8Ee9RK5bwU5wrdR0xH4Y7tTlo19tg3M38dril
CrAY8iUR3dgKdOzw0wPBoMgXtpnEMQ0207+/OvVr+YR+QYghBOkoJ9I5FezrjSDJ
HadhslgwYbRsDwnajS4Mrxk0nEiS8bvA3sdjb5JliBArsBeGxKGplwWY2OKKNti1
eTiWFBx+rDJZU2bxOE5l72M3OOH3oOorRPrpJ5ObabvM+/Z8556PPD+9rruAM7um
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:22 2024 by rpki-client on console-ams.rpki-client.org