Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa
File: hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa (raw, json)
Hash identifier: 1s89PEZ2ZWgY7BKz+wec7YALVNYGNXm42Mr+/qgbU/Q=
Subject key identifier: 86:B3:46:9F:4A:14:3D:5F:33:AE:9F:0E:44:10:FE:49:9E:21:56:79
Certificate issuer: /CN=2ae2d17fd5bb9d7611113c586a410802c785edf2
Certificate serial: 018CC64A9FFC0BF43E9FD620CDD91BCF1C5D
Authority key identifier: 2A:E2:D1:7F:D5:BB:9D:76:11:11:3C:58:6A:41:08:02:C7:85:ED:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa
Signing time: Mon 01 Jan 2024 18:30:28 +0000
ROA not before: Mon 01 Jan 2024 18:30:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200509
IP address blocks: 185.66.56.0/22 maxlen: 22
185.66.58.0/24 maxlen: 24
185.66.57.0/24 maxlen: 24
185.66.59.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.mft
rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:9f:fc:0b:f4:3e:9f:d6:20:cd:d9:1b:cf:1c:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ae2d17fd5bb9d7611113c586a410802c785edf2
Validity
Not Before: Jan 1 18:30:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=86b3469f4a143d5f33ae9f0e4410fe499e215679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:76:e1:d6:9f:92:73:cc:ed:42:5f:97:79:93:
9d:0f:9e:34:6b:1c:a7:1d:47:cc:02:0a:86:dc:a2:
0d:c8:f7:e6:2d:86:53:17:47:60:72:06:71:a7:63:
97:c4:e6:f7:a3:2d:23:cb:df:75:31:82:f9:98:9a:
a0:6f:a5:5c:d0:22:ec:15:70:b2:a7:90:22:e5:ad:
6b:32:c6:94:42:16:7b:43:a8:b3:f4:eb:5b:8b:1a:
38:0e:63:57:84:85:32:4c:78:4d:66:2f:46:da:2b:
02:a7:3b:88:74:96:10:c9:db:49:74:43:3d:84:7e:
9c:31:7a:94:6e:c3:94:73:7a:0c:19:40:e9:df:5b:
b3:03:56:0a:9b:72:da:12:90:0e:a2:71:56:c7:52:
b4:ec:ec:b9:86:eb:5e:c8:28:4f:75:65:26:11:dd:
17:82:0f:7f:2b:96:fa:4c:52:c8:ca:a8:97:3c:7c:
0b:9e:21:35:51:74:e8:1d:f2:73:36:1f:ed:59:45:
2c:b5:7f:21:3b:aa:35:e4:7d:cd:67:0a:87:ae:b2:
4f:66:2d:fd:a4:a4:24:f6:6e:03:18:d6:e2:2a:95:
45:ba:95:20:f9:42:e5:70:c7:34:ff:ee:40:0e:0b:
f7:1a:ce:ab:d3:07:eb:17:44:df:9c:a0:34:02:fc:
d6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:B3:46:9F:4A:14:3D:5F:33:AE:9F:0E:44:10:FE:49:9E:21:56:79
X509v3 Authority Key Identifier:
keyid:2A:E2:D1:7F:D5:BB:9D:76:11:11:3C:58:6A:41:08:02:C7:85:ED:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.66.56.0/22
Signature Algorithm: sha256WithRSAEncryption
58:39:45:36:76:03:69:f9:90:ad:0b:a9:55:3e:6f:d6:4b:38:
2e:4b:aa:0b:c1:1f:ee:7c:c7:1f:cb:a6:da:be:13:99:d8:0d:
b4:62:35:0e:0a:64:a6:2a:94:ae:03:8a:ed:04:e0:d6:94:34:
6b:1b:a1:54:b2:b7:0e:e0:6c:11:a1:fc:52:c6:f3:f1:9b:6e:
d8:11:48:57:fa:fb:88:1a:b2:5b:26:82:2d:07:0c:1f:60:f0:
8c:93:51:f6:c0:29:b1:1c:76:80:e9:9d:c3:52:bb:33:bb:e4:
5b:97:ca:a2:a5:f2:43:2c:b3:49:53:5f:7f:ab:ab:ac:3e:92:
0f:35:d9:ab:ec:1a:f3:7a:f0:26:79:3c:79:7e:ce:5d:cc:30:
60:a7:9f:7d:e7:29:da:6f:13:5b:6e:2c:60:71:15:a7:f7:47:
f2:b7:4e:98:09:e2:bc:49:6c:31:4e:3a:82:3e:18:1e:92:2f:
b9:d4:e7:00:d3:51:47:a3:d2:57:38:7d:51:72:88:58:31:57:
a4:8d:e4:74:cf:e7:dd:3c:cf:ec:32:5a:0f:c8:95:73:90:63:
34:4d:e9:54:dd:a5:f5:35:b0:b0:8e:40:87:73:8d:5f:8e:d1:
a2:73:e2:e7:70:6a:57:43:6d:eb:80:6a:32:7b:ea:bc:d6:3c:
51:72:a7:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSp/8C/Q+n9YgzdkbzxxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZTJkMTdmZDViYjlkNzYxMTExM2M1ODZhNDEwODAyYzc4
NWVkZjIwHhcNMjQwMTAxMTgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIzNDY5ZjRhMTQzZDVmMzNhZTlmMGU0NDEwZmU0OTllMjE1Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXbh1p+Sc8ztQl+XeZOdD540axyn
HUfMAgqG3KINyPfmLYZTF0dgcgZxp2OXxOb3oy0jy991MYL5mJqgb6Vc0CLsFXCy
p5Ai5a1rMsaUQhZ7Q6iz9Otbixo4DmNXhIUyTHhNZi9G2isCpzuIdJYQydtJdEM9
hH6cMXqUbsOUc3oMGUDp31uzA1YKm3LaEpAOonFWx1K07Oy5huteyChPdWUmEd0X
gg9/K5b6TFLIyqiXPHwLniE1UXToHfJzNh/tWUUstX8hO6o15H3NZwqHrrJPZi39
pKQk9m4DGNbiKpVFupUg+ULlcMc0/+5ADgv3Gs6r0wfrF0TfnKA0AvzWsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIazRp9KFD1fM66fDkQQ/kmeIVZ5MB8GA1UdIwQY
MBaAFCri0X/Vu512ERE8WGpBCALHhe3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3VMUmY5VzduWFlSRVR4WWFrRUlBc2VGN2ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iYTdmZDYtYjNhOC00OTMxLWFjMDUt
YWI0ODg3YzYzZWE1LzEvaHJOR24wb1VQVjh6cnA4T1JCRC1TWjRoVm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iYTdmZDYtYjNhOC00OTMxLWFjMDUtYWI0ODg3YzYzZWE1
LzEvS3VMUmY5VzduWFlSRVR4WWFrRUlBc2VGN2ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBYOUU2dgNp+ZCtC6lVPm/WSzguS6oLwR/ufMcfy6ba
vhOZ2A20YjUOCmSmKpSuA4rtBODWlDRrG6FUsrcO4GwRofxSxvPxm27YEUhX+vuI
GrJbJoItBwwfYPCMk1H2wCmxHHaA6Z3DUrszu+Rbl8qipfJDLLNJU19/q6usPpIP
Ndmr7BrzevAmeTx5fs5dzDBgp5995ynabxNbbixgcRWn90fyt06YCeK8SWwxTjqC
Phgeki+51OcA01FHo9JXOH1RcohYMVekjeR0z+fdPM/sMloPyJVzkGM0TelU3aX1
NbCwjkCHc41fjtGic+LncGpXQ23rgGoye+q81jxRcqeX
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:23:15 2024 by rpki-client on console-fra.rpki-client.org