Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/PmxA-hRmVnPg-n1blpcraycVnOE.roa
File: PmxA-hRmVnPg-n1blpcraycVnOE.roa (raw, json)
Hash identifier: bYAKl1ZVm7V9IFPA/5gWuq8P0kAitknVPX6TJUI+No8=
Subject key identifier: 3E:6C:40:FA:14:66:56:73:E0:FA:7D:5B:96:97:2B:6B:27:15:9C:E1
Certificate issuer: /CN=22a19ed85a2c0cfc4f50bead16fc9f6f1465ad11
Certificate serial: 018E66C008FB7F7F00A7B0FFF2BD6F38A52E
Authority key identifier: 22:A1:9E:D8:5A:2C:0C:FC:4F:50:BE:AD:16:FC:9F:6F:14:65:AD:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/PmxA-hRmVnPg-n1blpcraycVnOE.roa
Signing time: Fri 22 Mar 2024 15:20:44 +0000
ROA not before: Fri 22 Mar 2024 15:20:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208867
IP address blocks: 217.29.192.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 May 2024 16:46:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:66:c0:08:fb:7f:7f:00:a7:b0:ff:f2:bd:6f:38:a5:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a19ed85a2c0cfc4f50bead16fc9f6f1465ad11
Validity
Not Before: Mar 22 15:20:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3e6c40fa14665673e0fa7d5b96972b6b27159ce1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:3b:44:53:1e:83:3d:f9:d0:09:c1:ed:10:4a:
4f:7a:42:18:53:b9:62:84:23:1d:fa:d6:07:2e:ab:
26:f5:3a:cd:ec:05:05:14:bc:5a:c9:d6:f9:53:e9:
ca:78:db:cf:31:14:39:d3:4a:84:a3:df:f6:31:2c:
09:31:d4:9a:93:9b:b7:a7:61:a7:ee:09:df:bc:fb:
15:8c:a5:e1:64:4f:2c:5b:f5:15:55:c5:d6:65:69:
bd:f6:90:46:ab:23:4c:84:29:f1:df:27:e9:28:f6:
fc:e9:27:02:80:ec:57:9e:fa:71:26:53:26:9b:fa:
a7:28:a1:5a:f9:97:1c:fb:18:12:20:ba:10:4e:d1:
dc:fc:ba:f8:c0:e9:21:ba:53:4b:b3:51:01:0b:c3:
ec:b6:9f:57:99:5f:96:5a:4a:88:b5:7f:78:19:ba:
80:14:fd:f8:aa:a0:4f:a2:34:42:48:3e:c1:22:79:
6d:67:9c:74:01:94:b1:28:57:01:50:58:80:25:c3:
4c:28:a1:a6:75:c3:94:19:7e:1f:c3:b9:ff:1e:8d:
a7:3b:fc:09:6e:5d:20:0a:35:bf:64:5c:ae:bf:b9:
b0:d5:f9:d8:e9:fe:aa:50:9b:dc:95:ea:f5:ca:54:
67:1b:79:95:77:19:22:4f:04:d3:02:50:f2:e6:6a:
ef:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:6C:40:FA:14:66:56:73:E0:FA:7D:5B:96:97:2B:6B:27:15:9C:E1
X509v3 Authority Key Identifier:
keyid:22:A1:9E:D8:5A:2C:0C:FC:4F:50:BE:AD:16:FC:9F:6F:14:65:AD:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/PmxA-hRmVnPg-n1blpcraycVnOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.29.192.0/22
Signature Algorithm: sha256WithRSAEncryption
61:aa:34:0b:fc:96:5f:e6:af:f4:29:16:71:40:4e:80:aa:62:
4a:91:3e:bc:7e:da:29:0f:91:0c:d9:13:92:43:02:e2:63:20:
93:b6:8e:6e:09:10:70:de:c8:7c:da:9b:b4:c2:db:fd:df:4a:
7d:a9:d7:03:54:0a:55:47:49:43:da:2f:06:76:f0:cc:a5:1c:
84:d8:5e:87:dc:61:c6:2a:30:42:b7:1e:11:1d:01:50:d9:11:
03:44:89:4c:ad:9c:03:b8:29:d0:07:61:0f:ba:c3:5d:1b:e3:
ca:77:e8:d4:32:a5:1d:b1:fb:b7:be:c0:89:75:8a:fe:e1:e0:
b6:0d:a9:e3:12:98:c5:a5:8b:c1:fd:60:86:f8:97:32:2a:92:
7f:5e:60:97:19:b4:cd:0e:57:da:9d:85:06:12:67:bb:15:28:
72:47:a4:da:5d:ab:fd:9d:65:5f:86:d2:af:e0:32:2c:19:17:
d1:90:bd:dd:3c:03:85:b6:30:d9:64:a8:b1:f5:62:0b:3c:7f:
f8:b7:c2:f2:cf:67:c0:bb:cb:29:53:79:ba:eb:c1:be:43:ff:
b0:f9:b3:09:9a:c7:9f:92:33:14:bc:25:43:26:7e:b2:28:e8:
34:f1:22:63:d5:52:f2:07:9f:49:e3:d1:6b:82:55:33:27:06:
02:3d:1c:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mwAj7f38Ap7D/8r1vOKUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTE5ZWQ4NWEyYzBjZmM0ZjUwYmVhZDE2ZmM5ZjZmMTQ2
NWFkMTEwHhcNMjQwMzIyMTUyMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTZjNDBmYTE0NjY1NjczZTBmYTdkNWI5Njk3MmI2YjI3MTU5Y2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkztEUx6DPfnQCcHtEEpPekIYU7li
hCMd+tYHLqsm9TrN7AUFFLxaydb5U+nKeNvPMRQ500qEo9/2MSwJMdSak5u3p2Gn
7gnfvPsVjKXhZE8sW/UVVcXWZWm99pBGqyNMhCnx3yfpKPb86ScCgOxXnvpxJlMm
m/qnKKFa+Zcc+xgSILoQTtHc/Lr4wOkhulNLs1EBC8Pstp9XmV+WWkqItX94GbqA
FP34qqBPojRCSD7BInltZ5x0AZSxKFcBUFiAJcNMKKGmdcOUGX4fw7n/Ho2nO/wJ
bl0gCjW/ZFyuv7mw1fnY6f6qUJvcler1ylRnG3mVdxkiTwTTAlDy5mrvnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5sQPoUZlZz4Pp9W5aXK2snFZzhMB8GA1UdIwQY
MBaAFCKhnthaLAz8T1C+rRb8n28UZa0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFHZTJGb3NEUHhQVUw2dEZ2eWZieFJsclJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9lN2VkZmYtODZkYS00NDlmLWI4OWMt
ZDdiMmFkMDFhMWQ3LzEvUG14QS1oUm1WblBnLW4xYmxwY3JheWNWbk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9lN2VkZmYtODZkYS00NDlmLWI4OWMtZDdiMmFkMDFhMWQ3
LzEvSXFHZTJGb3NEUHhQVUw2dEZ2eWZieFJsclJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2R3AMA0G
CSqGSIb3DQEBCwUAA4IBAQBhqjQL/JZf5q/0KRZxQE6AqmJKkT68ftopD5EM2ROS
QwLiYyCTto5uCRBw3sh82pu0wtv930p9qdcDVApVR0lD2i8GdvDMpRyE2F6H3GHG
KjBCtx4RHQFQ2REDRIlMrZwDuCnQB2EPusNdG+PKd+jUMqUdsfu3vsCJdYr+4eC2
DanjEpjFpYvB/WCG+JcyKpJ/XmCXGbTNDlfanYUGEme7FShyR6TaXav9nWVfhtKv
4DIsGRfRkL3dPAOFtjDZZKix9WILPH/4t8Lyz2fAu8spU3m668G+Q/+w+bMJmsef
kjMUvCVDJn6yKOg08SJj1VLyB59J49FrglUzJwYCPRwM
-----END CERTIFICATE-----
Generated at Fri May 17 21:12:18 2024 by rpki-client on console-ams.rpki-client.org