Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/_I2M00pQgaclvdRn62PgVoNqvMM.roa
File: _I2M00pQgaclvdRn62PgVoNqvMM.roa (raw, json)
Hash identifier: et0+KsHtAgs4mSa9hhmd7KlgMT5M85DabbbTi7QuaOk=
Subject key identifier: FC:8D:8C:D3:4A:50:81:A7:25:BD:D4:67:EB:63:E0:56:83:6A:BC:C3
Certificate issuer: /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial: 018CC3492949FA07608A5034CA12C06B81E3
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/_I2M00pQgaclvdRn62PgVoNqvMM.roa
Signing time: Mon 01 Jan 2024 04:30:00 +0000
ROA not before: Mon 01 Jan 2024 04:30:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59642
IP address blocks: 195.189.96.0/22 maxlen: 32
2a02:ae01::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 17:02:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:29:49:fa:07:60:8a:50:34:ca:12:c0:6b:81:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Validity
Not Before: Jan 1 04:30:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fc8d8cd34a5081a725bdd467eb63e056836abcc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:9d:25:4d:ef:f0:ab:8e:a6:e4:c6:7e:8c:85:
11:b4:82:69:b8:54:20:e5:37:2f:9b:14:a9:a3:97:
08:ea:da:f0:44:40:36:b6:dd:6f:0c:70:f1:45:47:
55:15:be:72:93:3b:d4:5e:9f:3e:2d:0a:92:3a:e5:
5f:b3:98:22:8a:4d:66:55:54:fd:77:59:cf:a7:a2:
9c:a7:d5:b6:c6:e3:b3:e1:29:cd:ce:5e:ce:9e:0e:
d9:1b:88:b4:1e:d1:7f:7d:84:2c:67:59:a4:5a:4f:
19:d4:f3:7f:3a:85:b7:31:e7:52:ee:c2:cc:82:f7:
a3:58:8a:90:91:75:80:4b:65:b4:a8:6c:1c:07:de:
4d:f7:83:b6:a4:3a:9d:6f:06:39:1b:84:e1:15:e5:
80:04:a5:99:45:eb:72:2c:40:1b:f8:87:0b:eb:c9:
d1:af:a0:cb:11:b2:d7:b7:00:1b:ed:c6:fd:9f:33:
b7:c0:08:9c:8d:b4:ff:3b:0e:30:64:0b:75:8f:6d:
03:9e:c4:87:7b:37:c3:76:3a:5b:f6:72:d3:22:12:
fc:63:fe:d5:50:0a:e4:10:de:98:ca:4c:3f:f0:c4:
03:d9:7a:98:fd:5e:67:d7:5f:5a:15:bd:c1:69:08:
12:94:d9:3d:4e:1d:61:0f:8e:27:52:0e:80:44:06:
a2:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:8D:8C:D3:4A:50:81:A7:25:BD:D4:67:EB:63:E0:56:83:6A:BC:C3
X509v3 Authority Key Identifier:
keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/_I2M00pQgaclvdRn62PgVoNqvMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.189.96.0/22
IPv6:
2a02:ae01::/36
Signature Algorithm: sha256WithRSAEncryption
60:b0:4b:32:6c:61:66:31:d4:f5:b0:0e:fd:2d:99:af:28:b0:
ea:78:6f:cc:55:76:93:e6:8d:e2:b8:e2:64:7b:d1:95:b6:2b:
14:e2:b2:a3:f6:fd:3c:eb:99:44:b8:aa:e5:5c:64:35:c3:41:
e9:4a:f2:df:f6:76:1c:d1:86:05:98:93:17:8e:e7:d0:20:3e:
17:6e:68:d2:6b:57:6f:cd:cf:1d:74:69:9f:60:5f:ff:43:25:
5d:e9:d8:ee:0e:64:5c:f5:8e:6b:a1:ef:7f:1a:e3:06:6f:95:
7a:ce:d6:5c:2f:49:65:a2:e0:05:9b:6a:ce:60:37:51:f3:14:
2c:d2:cf:74:9b:96:61:a0:30:ba:0b:c7:13:a5:ac:b8:7c:45:
26:6d:6d:1e:97:6f:9e:76:d5:6d:92:ce:40:13:be:06:97:7e:
43:4c:3a:68:03:85:88:ea:05:b7:ce:2f:f7:04:a1:0b:b9:36:
93:c3:74:38:6c:b7:06:8c:f0:55:2e:bb:06:ea:d3:3c:23:c8:
55:bc:4e:82:ff:d3:75:4d:75:49:3f:6c:55:aa:48:7c:f4:49:
7b:aa:d2:91:f4:9a:3d:87:2b:60:54:09:79:10:6b:83:57:78:
2c:cf:35:c1:03:6c:7d:82:75:ea:72:2c:ff:c1:2d:3c:60:30:
a2:eb:5d:4a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzDSSlJ+gdgilA0yhLAa4HjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhkOGNkMzRhNTA4MWE3MjViZGQ0NjdlYjYzZTA1NjgzNmFiY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgp0lTe/wq46m5MZ+jIURtIJpuFQg
5TcvmxSpo5cI6trwREA2tt1vDHDxRUdVFb5ykzvUXp8+LQqSOuVfs5giik1mVVT9
d1nPp6Kcp9W2xuOz4SnNzl7Ong7ZG4i0HtF/fYQsZ1mkWk8Z1PN/OoW3MedS7sLM
gvejWIqQkXWAS2W0qGwcB95N94O2pDqdbwY5G4ThFeWABKWZRetyLEAb+IcL68nR
r6DLEbLXtwAb7cb9nzO3wAicjbT/Ow4wZAt1j20DnsSHezfDdjpb9nLTIhL8Y/7V
UArkEN6Yykw/8MQD2XqY/V5n119aFb3BaQgSlNk9Th1hD44nUg6ARAai/QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPyNjNNKUIGnJb3UZ+tj4FaDarzDMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvX0kyTTAwcFFnYWNsdmRSbjYyUGdWb05xdk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCw71gMA4E
AgACMAgDBgQqAq4BADANBgkqhkiG9w0BAQsFAAOCAQEAYLBLMmxhZjHU9bAO/S2Z
ryiw6nhvzFV2k+aN4rjiZHvRlbYrFOKyo/b9POuZRLiq5VxkNcNB6Ury3/Z2HNGG
BZiTF47n0CA+F25o0mtXb83PHXRpn2Bf/0MlXenY7g5kXPWOa6HvfxrjBm+Ves7W
XC9JZaLgBZtqzmA3UfMULNLPdJuWYaAwugvHE6WsuHxFJm1tHpdvnnbVbZLOQBO+
Bpd+Q0w6aAOFiOoFt84v9wShC7k2k8N0OGy3BozwVS67BurTPCPIVbxOgv/TdU11
ST9sVapIfPRJe6rSkfSaPYcrYFQJeRBrg1d4LM81wQNsfYJ16nIs/8EtPGAwoutd
Sg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:30:40 2024 by rpki-client on console-ams.rpki-client.org