Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/KFmbJp3uTvWuxW7j-sfdGY82dI0.roa
File: KFmbJp3uTvWuxW7j-sfdGY82dI0.roa (raw, json)
Hash identifier: 4Taido7YnSnE8ptGNlulqQhU3707Naq9U8lJFc4mPpg=
Subject key identifier: 28:59:9B:26:9D:EE:4E:F5:AE:C5:6E:E3:FA:C7:DD:19:8F:36:74:8D
Certificate issuer: /CN=69c67969c3c9d8fadbc9a73e3ff56361d0203b71
Certificate serial: 018CC5DC75F2F4004D1BB20D79816DA6AC18
Authority key identifier: 69:C6:79:69:C3:C9:D8:FA:DB:C9:A7:3E:3F:F5:63:61:D0:20:3B:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/KFmbJp3uTvWuxW7j-sfdGY82dI0.roa
Signing time: Mon 01 Jan 2024 16:30:08 +0000
ROA not before: Mon 01 Jan 2024 16:30:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199976
IP address blocks: 185.136.29.0/24 maxlen: 24
185.136.28.0/24 maxlen: 24
185.136.31.0/24 maxlen: 24
185.136.30.0/24 maxlen: 24
5.102.130.0/24 maxlen: 24
5.102.129.0/24 maxlen: 24
5.102.132.0/24 maxlen: 24
5.102.128.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.crl
rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.mft
rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 04:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:75:f2:f4:00:4d:1b:b2:0d:79:81:6d:a6:ac:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=69c67969c3c9d8fadbc9a73e3ff56361d0203b71
Validity
Not Before: Jan 1 16:30:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=28599b269dee4ef5aec56ee3fac7dd198f36748d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:0a:09:00:95:a3:e7:f0:88:ea:46:c7:69:12:
75:30:8f:af:fc:ee:6f:15:b7:a2:cf:bc:a0:78:2d:
f3:bf:1f:76:af:08:e7:cd:fb:3f:f2:97:d8:24:0c:
00:24:e8:ce:d1:e8:75:04:1e:2b:cd:27:06:a9:12:
1c:03:28:87:aa:c8:2d:88:37:84:e7:6f:17:18:22:
af:39:36:c5:28:96:ff:da:e9:6b:83:df:d9:f0:6f:
37:b5:5a:0c:fa:43:95:a8:ac:ea:44:67:40:07:26:
8d:22:3e:0e:6d:d5:ac:ff:e3:bf:48:92:32:6f:b5:
c7:6a:14:62:5a:15:cc:d6:cd:a8:e1:06:e9:35:08:
39:d9:de:e5:8e:1d:e7:9a:b8:be:f8:fa:79:94:1d:
05:c7:b8:d3:0e:bb:6a:4e:84:05:9c:b4:6e:4d:14:
47:8a:7c:be:76:8a:b2:8d:80:3a:5d:c6:af:ad:b7:
de:ca:e5:07:47:c4:f4:b8:36:68:22:32:a0:32:60:
d3:e6:01:87:cf:33:8b:9e:90:ed:90:eb:a2:bf:e7:
b8:40:65:88:2a:57:7e:b6:2d:b3:58:8c:d6:26:e1:
9c:d7:5c:4b:08:05:7c:4e:b8:1c:c7:63:0f:8d:5b:
0f:24:c6:49:3a:69:a5:4e:6d:f7:ea:f9:f5:4b:f3:
97:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:59:9B:26:9D:EE:4E:F5:AE:C5:6E:E3:FA:C7:DD:19:8F:36:74:8D
X509v3 Authority Key Identifier:
keyid:69:C6:79:69:C3:C9:D8:FA:DB:C9:A7:3E:3F:F5:63:61:D0:20:3B:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/KFmbJp3uTvWuxW7j-sfdGY82dI0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.128.0-5.102.130.255
5.102.132.0/24
185.136.28.0/22
Signature Algorithm: sha256WithRSAEncryption
0b:bb:f1:aa:2c:7c:6c:1e:89:1c:3e:69:84:2d:98:ad:ce:47:
8e:b0:ca:41:71:4b:15:3c:de:ae:03:df:87:b4:96:36:ed:88:
a4:5d:6b:01:68:01:54:60:8d:d1:7c:4f:62:36:9d:ad:b4:06:
74:fb:8c:2a:6e:11:d3:4c:4b:56:88:0f:68:a6:cc:f9:c2:a0:
d8:8a:9e:b2:70:e4:bd:50:58:88:b8:83:bd:e8:fe:24:e6:b1:
e2:64:e4:5e:ec:7c:84:ee:50:e5:1d:a0:24:6c:00:4b:bd:47:
72:4b:c9:e7:3b:cc:ef:bc:2b:b5:78:09:55:af:71:a4:a7:f6:
30:95:6d:76:ae:cc:08:ed:3f:77:c6:dc:a5:e3:5e:8f:f6:a8:
b4:74:2c:9e:05:1b:b2:6f:b5:cc:41:3b:f6:0c:17:48:49:af:
50:8c:22:39:dd:c2:7f:13:55:d2:89:7a:bf:f0:94:7a:f7:76:
0b:38:1f:db:40:11:a9:84:fb:4a:f2:0c:37:33:d7:e4:02:58:
ea:df:e7:4a:c4:95:3c:56:1e:35:0c:5b:89:83:37:7f:5a:49:
26:4c:5e:9b:41:9b:ec:4c:b2:e9:43:7a:70:2b:c7:f4:1e:14:
3d:5f:88:80:fb:7d:d8:37:b6:df:e0:87:11:e5:a3:96:47:93:
46:17:19:73
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzF3HXy9ABNG7INeYFtpqwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YzY3OTY5YzNjOWQ4ZmFkYmM5YTczZTNmZjU2MzYxZDAy
MDNiNzEwHhcNMjQwMTAxMTYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU5OWIyNjlkZWU0ZWY1YWVjNTZlZTNmYWM3ZGQxOThmMzY3NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQoJAJWj5/CI6kbHaRJ1MI+v/O5v
Fbeiz7ygeC3zvx92rwjnzfs/8pfYJAwAJOjO0eh1BB4rzScGqRIcAyiHqsgtiDeE
528XGCKvOTbFKJb/2ulrg9/Z8G83tVoM+kOVqKzqRGdAByaNIj4ObdWs/+O/SJIy
b7XHahRiWhXM1s2o4QbpNQg52d7ljh3nmri++Pp5lB0Fx7jTDrtqToQFnLRuTRRH
iny+doqyjYA6XcavrbfeyuUHR8T0uDZoIjKgMmDT5gGHzzOLnpDtkOuiv+e4QGWI
Kld+ti2zWIzWJuGc11xLCAV8Trgcx2MPjVsPJMZJOmmlTm336vn1S/OXFwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFChZmyad7k71rsVu4/rH3RmPNnSNMB8GA1UdIwQY
MBaAFGnGeWnDydj628mnPj/1Y2HQIDtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNaNWFjUEoyUHJieWFjLVBfVmpZZEFnTzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jZGJmOGYtNmU2Ny00YWIxLWJmMTgt
NDhlZjhlMTExNGU0LzEvS0ZtYkpwM3VUdld1eFc3ai1zZmRHWTgyZEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jZGJmOGYtNmU2Ny00YWIxLWJmMTgtNDhlZjhlMTExNGU0
LzEvYWNaNWFjUEoyUHJieWFjLVBfVmpZZEFnTzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAcFZoAD
BAAFZoIDBAAFZoQDBAK5iBwwDQYJKoZIhvcNAQELBQADggEBAAu78aosfGweiRw+
aYQtmK3OR46wykFxSxU83q4D34e0ljbtiKRdawFoAVRgjdF8T2I2na20BnT7jCpu
EdNMS1aID2imzPnCoNiKnrJw5L1QWIi4g73o/iTmseJk5F7sfITuUOUdoCRsAEu9
R3JLyec7zO+8K7V4CVWvcaSn9jCVbXauzAjtP3fG3KXjXo/2qLR0LJ4FG7JvtcxB
O/YMF0hJr1CMIjndwn8TVdKJer/wlHr3dgs4H9tAEamE+0ryDDcz1+QCWOrf50rE
lTxWHjUMW4mDN39aSSZMXptBm+xMsulDenArx/QeFD1fiID7fdg3tt/ghxHlo5ZH
k0YXGXM=
-----END CERTIFICATE-----
Generated at Fri Jun 7 13:20:18 2024 by rpki-client on console-ams.rpki-client.org