Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/aM2C0Kqk3xmcTW55fypLtVCBw44.roa
File: aM2C0Kqk3xmcTW55fypLtVCBw44.roa (raw, json)
Hash identifier: VDe5nx8egYUvxQ88SUWfuoEj75f98dL5OJcKK70r9/c=
Subject key identifier: 68:CD:82:D0:AA:A4:DF:19:9C:4D:6E:79:7F:2A:4B:B5:50:81:C3:8E
Certificate issuer: /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial: 018CC492428C3FBF9EAD1F3FBD6202C8668C
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/aM2C0Kqk3xmcTW55fypLtVCBw44.roa
Signing time: Mon 01 Jan 2024 10:29:28 +0000
ROA not before: Mon 01 Jan 2024 10:29:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 397242
IP address blocks: 37.209.192.0/24 maxlen: 24
37.209.196.0/24 maxlen: 24
37.209.194.0/24 maxlen: 24
37.209.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 07:01:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:92:42:8c:3f:bf:9e:ad:1f:3f:bd:62:02:c8:66:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Validity
Not Before: Jan 1 10:29:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=68cd82d0aaa4df199c4d6e797f2a4bb55081c38e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:12:2e:41:4b:26:c4:80:fa:c8:c4:12:40:92:
5e:f0:3c:57:70:30:8e:b9:28:82:25:84:fa:37:74:
f3:a7:20:7f:92:54:9c:34:f0:97:ea:e5:ad:4f:cb:
2c:1c:7d:f9:44:63:34:25:0e:c1:6e:41:a0:07:ba:
cc:34:4c:39:fc:62:57:fd:3c:77:b5:31:69:5e:cb:
ee:20:d9:32:e5:49:56:51:09:53:0c:9c:7f:34:9a:
4e:1c:f0:cd:f6:e7:d3:10:83:b4:24:6f:6b:be:73:
83:b8:9c:6d:a9:c8:f2:7e:e4:b7:26:80:fb:68:28:
7d:f8:20:24:04:bd:1e:75:1f:bd:2c:2b:4c:c0:e9:
2d:03:44:d4:c7:3b:be:c4:24:33:11:51:f7:f6:b3:
e9:24:6e:5b:30:35:57:89:b6:10:0c:f2:c4:00:ec:
3d:7f:8f:7c:5f:eb:18:6b:7a:b3:a9:99:11:a0:62:
65:11:fc:ae:6c:2f:74:a5:6c:d8:40:c1:8f:1f:33:
a1:98:6c:77:ae:77:aa:94:d4:06:c5:e0:71:94:37:
a8:05:fe:fb:4e:c2:d9:1c:73:07:e1:65:0c:04:12:
7a:dc:97:24:1a:e6:04:5f:dc:47:7c:c2:d4:34:82:
e8:98:c3:c3:cf:1c:26:a1:82:52:6d:90:54:cb:a1:
27:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:CD:82:D0:AA:A4:DF:19:9C:4D:6E:79:7F:2A:4B:B5:50:81:C3:8E
X509v3 Authority Key Identifier:
keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/aM2C0Kqk3xmcTW55fypLtVCBw44.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.192.0/24
37.209.194.0/24
37.209.196.0/24
37.209.198.0/24
Signature Algorithm: sha256WithRSAEncryption
05:76:da:9c:77:ab:c4:e7:b1:d9:37:b8:4f:9c:01:ec:32:66:
14:b7:1c:b8:78:ee:0d:3f:62:9d:ec:2a:96:9f:32:48:6c:9e:
c8:1a:13:36:7b:99:4e:be:94:9e:1e:03:21:ad:50:cf:5d:b5:
f9:0e:d7:a9:bf:e6:0f:f8:c9:06:2b:81:ba:70:ab:bd:fd:6c:
3d:4a:ff:26:6d:3f:ae:3c:49:f2:1d:05:68:59:f9:07:ac:8e:
cf:b2:ba:1c:1d:87:22:0b:a3:45:7c:0a:db:15:4d:db:d0:0e:
97:b1:9f:88:d6:03:0a:2b:78:7a:fe:c5:4d:0f:2c:57:84:2e:
d4:64:5c:92:f4:2a:69:e2:30:ba:54:8f:5d:df:d0:af:3d:34:
7a:cf:68:20:12:68:8c:1f:4c:ec:44:52:e6:6e:9f:38:5e:31:
0b:d6:35:dd:cf:6d:c1:a7:ce:4c:23:a8:bd:f7:6c:26:03:1a:
88:8a:17:23:88:1a:6a:22:85:fa:33:3f:6b:d9:b4:33:b9:74:
0c:d3:6e:dd:b2:ad:fe:d9:e2:17:f0:ed:ef:08:a4:b7:0d:a2:
14:89:6d:e6:0e:0b:9e:f0:04:9a:ab:b2:43:9b:b1:1c:17:b4:
b7:8e:d4:b6:35:95:3f:c6:28:df:2a:70:08:ba:8d:00:54:ab:
c0:7e:15:8b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkkKMP7+erR8/vWICyGaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGNkODJkMGFhYTRkZjE5OWM0ZDZlNzk3ZjJhNGJiNTUwODFjMzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBIuQUsmxID6yMQSQJJe8DxXcDCO
uSiCJYT6N3TzpyB/klScNPCX6uWtT8ssHH35RGM0JQ7BbkGgB7rMNEw5/GJX/Tx3
tTFpXsvuINky5UlWUQlTDJx/NJpOHPDN9ufTEIO0JG9rvnODuJxtqcjyfuS3JoD7
aCh9+CAkBL0edR+9LCtMwOktA0TUxzu+xCQzEVH39rPpJG5bMDVXibYQDPLEAOw9
f498X+sYa3qzqZkRoGJlEfyubC90pWzYQMGPHzOhmGx3rneqlNQGxeBxlDeoBf77
TsLZHHMH4WUMBBJ63JckGuYEX9xHfMLUNILomMPDzxwmoYJSbZBUy6EnqwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGjNgtCqpN8ZnE1ueX8qS7VQgcOOMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvYU0yQzBLcWszeG1jVFc1NWZ5cEx0VkNCdzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQAFdtqcd6vE57HZN7hP
nAHsMmYUtxy4eO4NP2Kd7CqWnzJIbJ7IGhM2e5lOvpSeHgMhrVDPXbX5Dtepv+YP
+MkGK4G6cKu9/Ww9Sv8mbT+uPEnyHQVoWfkHrI7PsrocHYciC6NFfArbFU3b0A6X
sZ+I1gMKK3h6/sVNDyxXhC7UZFyS9Cpp4jC6VI9d39CvPTR6z2ggEmiMH0zsRFLm
bp84XjEL1jXdz23Bp85MI6i992wmAxqIihcjiBpqIoX6Mz9r2bQzuXQM027dsq3+
2eIX8O3vCKS3DaIUiW3mDgue8ASaq7JDm7EcF7S3jtS2NZU/xijfKnAIuo0AVKvA
fhWL
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:40:17 2024 by rpki-client on console-ams.rpki-client.org