Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c6d6be-bf4a-43e5-a908-5ca016a10054/1/I36mzYn9vH1UhUaU9fSsKT3KMG0.roa
File: I36mzYn9vH1UhUaU9fSsKT3KMG0.roa (raw, json)
Hash identifier: a1lzhU1Sp2i4f4ZjHrtFbC7rPYyhgcZWiie9d7BmqAc=
Subject key identifier: 23:7E:A6:CD:89:FD:BC:7D:54:85:46:94:F5:F4:AC:29:3D:CA:30:6D
Certificate issuer: /CN=aca1f4713024804c445403af63fa644b2a935d24
Certificate serial: 018CC4255906A747D06E4A7E153ABEDAA016
Authority key identifier: AC:A1:F4:71:30:24:80:4C:44:54:03:AF:63:FA:64:4B:2A:93:5D:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKH0cTAkgExEVAOvY_pkSyqTXSQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/c6d6be-bf4a-43e5-a908-5ca016a10054/1/I36mzYn9vH1UhUaU9fSsKT3KMG0.roa
Signing time: Mon 01 Jan 2024 08:30:30 +0000
ROA not before: Mon 01 Jan 2024 08:30:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51088
IP address blocks: 185.44.244.0/22 maxlen: 22
185.240.112.0/22 maxlen: 22
185.225.220.0/22 maxlen: 22
2a01:77e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/c6d6be-bf4a-43e5-a908-5ca016a10054/1/rKH0cTAkgExEVAOvY_pkSyqTXSQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/c6d6be-bf4a-43e5-a908-5ca016a10054/1/rKH0cTAkgExEVAOvY_pkSyqTXSQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKH0cTAkgExEVAOvY_pkSyqTXSQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 07:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:59:06:a7:47:d0:6e:4a:7e:15:3a:be:da:a0:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca1f4713024804c445403af63fa644b2a935d24
Validity
Not Before: Jan 1 08:30:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=237ea6cd89fdbc7d54854694f5f4ac293dca306d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3b:2d:1f:fe:d3:9a:75:31:ca:c1:48:b7:32:
bf:39:9e:4c:16:94:a2:41:9a:cb:24:54:03:35:fb:
36:bc:60:ad:8a:ba:6f:87:9d:1d:84:fd:b4:7e:f0:
d2:dc:3a:33:c8:4f:70:47:41:8f:27:47:22:8e:f2:
18:48:ba:c5:9b:09:8d:1b:b2:f3:a8:d9:bc:fc:4b:
69:05:6b:5f:48:a8:13:1a:90:e1:47:0d:14:aa:35:
d2:77:ab:1d:02:0a:b2:55:1f:e4:3e:61:cc:c8:20:
e3:e2:05:51:d0:40:22:ce:d0:3d:d4:1e:00:98:d6:
4d:f7:ce:9e:0f:1f:dc:e1:60:71:66:4f:67:68:f1:
ce:ca:08:81:90:0f:b7:df:56:f8:a2:69:35:18:a9:
48:44:05:27:6a:73:59:ad:94:0f:fd:ad:40:a3:be:
ee:66:f5:32:a5:6c:3f:5a:7e:39:a0:41:82:87:f6:
46:e2:27:92:8d:bd:b7:60:fa:d6:8c:bb:46:fc:cb:
39:86:60:56:4a:03:95:a4:7c:a2:e9:3e:a3:10:34:
cf:0d:d1:2f:f0:ec:dc:5b:1e:18:56:d5:88:a8:ea:
54:84:3f:a1:6d:3e:88:e8:48:e9:a6:36:3c:29:eb:
61:79:83:64:a8:b6:be:36:ea:27:3f:69:81:47:13:
38:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:7E:A6:CD:89:FD:BC:7D:54:85:46:94:F5:F4:AC:29:3D:CA:30:6D
X509v3 Authority Key Identifier:
keyid:AC:A1:F4:71:30:24:80:4C:44:54:03:AF:63:FA:64:4B:2A:93:5D:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKH0cTAkgExEVAOvY_pkSyqTXSQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c6d6be-bf4a-43e5-a908-5ca016a10054/1/I36mzYn9vH1UhUaU9fSsKT3KMG0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c6d6be-bf4a-43e5-a908-5ca016a10054/1/rKH0cTAkgExEVAOvY_pkSyqTXSQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.44.244.0/22
185.225.220.0/22
185.240.112.0/22
IPv6:
2a01:77e0::/32
Signature Algorithm: sha256WithRSAEncryption
8a:5c:dd:42:ff:a1:82:d9:ab:72:19:91:1b:7d:59:0f:cc:10:
e5:f0:02:54:aa:92:e4:e7:75:6a:2f:85:44:a1:e4:a3:27:f0:
b8:99:fb:a2:3c:2e:0b:19:e4:58:83:5a:ea:87:d6:8c:fb:4a:
53:a0:e7:c3:68:9a:00:d1:eb:84:0a:81:e4:8c:c3:3e:bc:f5:
f4:85:2d:22:36:28:98:f2:c5:2f:1f:b9:7a:7c:e7:36:09:78:
ae:e8:fc:b4:63:56:19:6e:8d:e7:42:af:73:eb:2b:4f:f5:be:
1b:ea:80:f3:73:38:c6:1a:37:a0:8e:e6:58:33:85:44:d1:d0:
a2:08:8e:d6:8c:ee:56:8b:b9:1e:4b:45:f5:c5:c9:58:d1:98:
f2:08:ea:6b:3c:28:38:0b:d8:d1:19:af:ac:81:5e:fd:a3:52:
ad:64:54:e2:1c:72:47:65:b6:26:2b:1e:c4:30:5b:56:21:2a:
11:3c:c4:3a:06:d0:62:62:ca:5b:25:ed:86:8b:27:53:87:7a:
50:a5:db:4f:13:2c:eb:dd:3e:6f:66:0f:a0:36:a3:f7:89:e6:
37:7a:fd:f4:22:d7:64:ad:55:ac:fa:59:91:cf:de:58:ea:fa:
be:86:e8:8c:1e:a6:02:5d:b6:b4:91:f0:ac:82:59:0d:5f:0a:
1a:57:ab:f5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzEJVkGp0fQbkp+FTq+2qAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTFmNDcxMzAyNDgwNGM0NDU0MDNhZjYzZmE2NDRiMmE5
MzVkMjQwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzdlYTZjZDg5ZmRiYzdkNTQ4NTQ2OTRmNWY0YWMyOTNkY2EzMDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTstH/7TmnUxysFItzK/OZ5MFpSi
QZrLJFQDNfs2vGCtirpvh50dhP20fvDS3DozyE9wR0GPJ0cijvIYSLrFmwmNG7Lz
qNm8/EtpBWtfSKgTGpDhRw0UqjXSd6sdAgqyVR/kPmHMyCDj4gVR0EAiztA91B4A
mNZN986eDx/c4WBxZk9naPHOygiBkA+331b4omk1GKlIRAUnanNZrZQP/a1Ao77u
ZvUypWw/Wn45oEGCh/ZG4ieSjb23YPrWjLtG/Ms5hmBWSgOVpHyi6T6jEDTPDdEv
8OzcWx4YVtWIqOpUhD+hbT6I6EjppjY8KetheYNkqLa+NuonP2mBRxM4PQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCN+ps2J/bx9VIVGlPX0rCk9yjBtMB8GA1UdIwQY
MBaAFKyh9HEwJIBMRFQDr2P6ZEsqk10kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktIMGNUQWtnRXhFVkFPdllfcGtTeXFUWFNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jNmQ2YmUtYmY0YS00M2U1LWE5MDgt
NWNhMDE2YTEwMDU0LzEvSTM2bXpZbjl2SDFVaFVhVTlmU3NLVDNLTUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jNmQ2YmUtYmY0YS00M2U1LWE5MDgtNWNhMDE2YTEwMDU0
LzEvcktIMGNUQWtnRXhFVkFPdllfcGtTeXFUWFNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuSz0AwQC
ueHcAwQCufBwMA0EAgACMAcDBQAqAXfgMA0GCSqGSIb3DQEBCwUAA4IBAQCKXN1C
/6GC2atyGZEbfVkPzBDl8AJUqpLk53VqL4VEoeSjJ/C4mfuiPC4LGeRYg1rqh9aM
+0pToOfDaJoA0euECoHkjMM+vPX0hS0iNiiY8sUvH7l6fOc2CXiu6Py0Y1YZbo3n
Qq9z6ytP9b4b6oDzczjGGjegjuZYM4VE0dCiCI7WjO5Wi7keS0X1xclY0ZjyCOpr
PCg4C9jRGa+sgV79o1KtZFTiHHJHZbYmKx7EMFtWISoRPMQ6BtBiYspbJe2GiydT
h3pQpdtPEyzr3T5vZg+gNqP3ieY3ev30ItdkrVWs+lmRz95Y6vq+huiMHqYCXba0
kfCsglkNXwoaV6v1
-----END CERTIFICATE-----
Generated at Sat Jun 1 12:00:27 2024 by rpki-client on console-fra.rpki-client.org