Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/897061-9217-403c-a0e5-13d28c653efe/1/QnDm_KNcEvPdBBovUXDCDuZSOwc.roa
File: QnDm_KNcEvPdBBovUXDCDuZSOwc.roa (raw, json)
Hash identifier: Ocvs9OpRuhbFQOX35DBaCmrQ6qVc955+N+hpfqnf5N0=
Subject key identifier: 42:70:E6:FC:A3:5C:12:F3:DD:04:1A:2F:51:70:C2:0E:E6:52:3B:07
Certificate issuer: /CN=64f906653fb6732a556ad35528d1d5938d1b0e98
Certificate serial: 018CC26CF156A6B9794BB3CB001A484033AE
Authority key identifier: 64:F9:06:65:3F:B6:73:2A:55:6A:D3:55:28:D1:D5:93:8D:1B:0E:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZPkGZT-2cypVatNVKNHVk40bDpg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/897061-9217-403c-a0e5-13d28c653efe/1/QnDm_KNcEvPdBBovUXDCDuZSOwc.roa
Signing time: Mon 01 Jan 2024 00:29:28 +0000
ROA not before: Mon 01 Jan 2024 00:29:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60022
IP address blocks: 185.62.68.0/22 maxlen: 24
45.133.160.0/22 maxlen: 24
2a03:60::/32 maxlen: 48
2a0e:7640::/29 maxlen: 48
2a03:66::/32 maxlen: 48
2a03:65::/32 maxlen: 48
2a03:62::/32 maxlen: 48
2a03:63::/32 maxlen: 48
2a03:61::/32 maxlen: 48
2a03:64::/32 maxlen: 48
2a03:67::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/52/897061-9217-403c-a0e5-13d28c653efe/1/ZPkGZT-2cypVatNVKNHVk40bDpg.crl
rsync://rpki.ripe.net/repository/DEFAULT/52/897061-9217-403c-a0e5-13d28c653efe/1/ZPkGZT-2cypVatNVKNHVk40bDpg.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZPkGZT-2cypVatNVKNHVk40bDpg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 25 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6c:f1:56:a6:b9:79:4b:b3:cb:00:1a:48:40:33:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64f906653fb6732a556ad35528d1d5938d1b0e98
Validity
Not Before: Jan 1 00:29:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4270e6fca35c12f3dd041a2f5170c20ee6523b07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:a7:6a:a1:7c:90:0d:f5:c0:b1:73:47:8c:3f:
7c:e2:05:a9:95:04:fe:70:93:9d:c9:a7:6b:fc:07:
4c:12:4c:ce:72:5c:a3:c7:65:a4:dd:b6:49:b3:51:
89:72:55:ba:40:3d:8e:8e:a6:38:83:05:a6:5a:09:
73:02:18:11:a7:39:00:ed:77:81:c0:27:0e:08:5b:
42:cc:be:dc:e1:27:25:17:1e:3c:c3:aa:8a:9d:24:
20:6e:d0:61:fc:11:8e:60:9b:34:8c:e8:73:f7:35:
ce:6f:47:95:67:98:01:b5:5b:17:ac:4c:66:5b:b6:
ad:f3:63:41:7b:d3:1c:e3:54:fe:17:d8:6c:8b:70:
28:e2:05:66:df:78:08:b8:81:81:e6:81:20:6e:b8:
d8:e3:70:71:fd:90:0c:9d:d8:ac:31:b2:50:ee:27:
1e:38:50:d6:14:3d:62:de:e4:52:34:8c:77:e2:09:
ab:e2:ec:ce:5d:03:59:ae:78:5b:cf:99:df:5d:89:
42:28:fc:8a:9e:f3:04:5f:70:64:03:14:64:a3:7b:
c7:7d:4f:44:58:a6:5c:7f:fa:98:9a:84:be:46:6d:
e7:4d:68:aa:ef:47:6f:af:93:9c:10:78:3c:79:8d:
cf:e6:a9:9d:11:e3:88:fd:0d:5f:db:f7:dd:f2:53:
a5:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:70:E6:FC:A3:5C:12:F3:DD:04:1A:2F:51:70:C2:0E:E6:52:3B:07
X509v3 Authority Key Identifier:
keyid:64:F9:06:65:3F:B6:73:2A:55:6A:D3:55:28:D1:D5:93:8D:1B:0E:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPkGZT-2cypVatNVKNHVk40bDpg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/897061-9217-403c-a0e5-13d28c653efe/1/QnDm_KNcEvPdBBovUXDCDuZSOwc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/897061-9217-403c-a0e5-13d28c653efe/1/ZPkGZT-2cypVatNVKNHVk40bDpg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.133.160.0/22
185.62.68.0/22
IPv6:
2a03:60::/29
2a0e:7640::/29
Signature Algorithm: sha256WithRSAEncryption
88:d0:f8:3f:cd:92:f4:57:a0:1f:74:08:e0:36:3e:b5:88:7a:
02:b9:42:bd:82:b3:ad:77:c8:a2:86:7d:fe:54:1f:63:7f:f3:
ec:30:74:7d:30:c0:21:d1:93:27:49:62:e1:fe:72:c3:5b:5b:
96:5f:6f:39:ce:cd:19:b5:59:64:30:22:4b:2c:f2:70:90:62:
2d:55:57:00:84:f5:b0:43:b9:79:4d:9c:9a:32:72:b2:03:e3:
dc:93:5e:65:41:4d:19:06:3c:8f:79:58:f4:4d:84:a8:c2:71:
2b:d8:00:f4:11:0e:dd:1c:96:3e:9f:85:a8:49:3e:21:d9:76:
93:5f:37:20:72:78:b5:be:e7:93:66:d1:74:48:d9:3c:2f:f6:
bf:b7:41:7d:57:28:4c:8a:b6:0d:1f:9e:a8:d6:55:00:d5:eb:
17:57:1f:39:ef:0e:c8:ec:fc:f7:00:98:66:86:a2:db:6a:2c:
35:2f:4f:42:63:a3:86:b5:fc:7d:67:e8:4e:0e:6e:40:98:3d:
fe:98:e8:85:23:2a:40:64:42:38:ec:0f:be:c4:52:c3:95:41:
ee:45:10:d0:df:9c:40:85:24:27:0a:e4:2c:0b:8a:5e:d1:fc:
ec:d7:84:69:83:c8:6c:6c:6a:0d:b0:5b:03:16:e0:70:89:1a:
8a:f1:96:db
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzCbPFWprl5S7PLABpIQDOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZjkwNjY1M2ZiNjczMmE1NTZhZDM1NTI4ZDFkNTkzOGQx
YjBlOTgwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjcwZTZmY2EzNWMxMmYzZGQwNDFhMmY1MTcwYzIwZWU2NTIzYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKdqoXyQDfXAsXNHjD984gWplQT+
cJOdyadr/AdMEkzOclyjx2Wk3bZJs1GJclW6QD2OjqY4gwWmWglzAhgRpzkA7XeB
wCcOCFtCzL7c4SclFx48w6qKnSQgbtBh/BGOYJs0jOhz9zXOb0eVZ5gBtVsXrExm
W7at82NBe9Mc41T+F9hsi3Ao4gVm33gIuIGB5oEgbrjY43Bx/ZAMndisMbJQ7ice
OFDWFD1i3uRSNIx34gmr4uzOXQNZrnhbz5nfXYlCKPyKnvMEX3BkAxRko3vHfU9E
WKZcf/qYmoS+Rm3nTWiq70dvr5OcEHg8eY3P5qmdEeOI/Q1f2/fd8lOlGQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEJw5vyjXBLz3QQaL1Fwwg7mUjsHMB8GA1UdIwQY
MBaAFGT5BmU/tnMqVWrTVSjR1ZONGw6YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBrR1pULTJjeXBWYXROVktOSFZrNDBiRHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi84OTcwNjEtOTIxNy00MDNjLWEwZTUt
MTNkMjhjNjUzZWZlLzEvUW5EbV9LTmNFdlBkQkJvdlVYRENEdVpTT3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi84OTcwNjEtOTIxNy00MDNjLWEwZTUtMTNkMjhjNjUzZWZl
LzEvWlBrR1pULTJjeXBWYXROVktOSFZrNDBiRHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCLYWgAwQC
uT5EMBQEAgACMA4DBQMqAwBgAwUDKg52QDANBgkqhkiG9w0BAQsFAAOCAQEAiND4
P82S9FegH3QI4DY+tYh6ArlCvYKzrXfIooZ9/lQfY3/z7DB0fTDAIdGTJ0li4f5y
w1tbll9vOc7NGbVZZDAiSyzycJBiLVVXAIT1sEO5eU2cmjJysgPj3JNeZUFNGQY8
j3lY9E2EqMJxK9gA9BEO3RyWPp+FqEk+Idl2k183IHJ4tb7nk2bRdEjZPC/2v7dB
fVcoTIq2DR+eqNZVANXrF1cfOe8OyOz89wCYZoai22osNS9PQmOjhrX8fWfoTg5u
QJg9/pjohSMqQGRCOOwPvsRSw5VB7kUQ0N+cQIUkJwrkLAuKXtH87NeEaYPIbGxq
DbBbAxbgcIkaivGW2w==
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:20:17 2024 by rpki-client on console-ams.rpki-client.org