Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dcp0Kr2tr_wrXuv9wintxk__KAw.roa
File: dcp0Kr2tr_wrXuv9wintxk__KAw.roa (raw, json)
Hash identifier: mKDogk9ysNZA/bvNleXU2hJDGMvHwFbZ2mJddlbiAiw=
Subject key identifier: 75:CA:74:2A:BD:AD:AF:FC:2B:5E:EB:FD:C2:29:ED:C6:4F:FF:28:0C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019122C8683035B5A75472D751ACF576A174
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dcp0Kr2tr_wrXuv9wintxk__KAw.roa
Signing time: Mon 05 Aug 2024 13:44:04 +0000
ROA not before: Mon 05 Aug 2024 13:44:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200017
IP address blocks: 82.152.14.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
82.153.245.0/24 maxlen: 24
89.213.117.0/24 maxlen: 24
109.176.24.0/24 maxlen: 24
109.176.26.0/24 maxlen: 24
212.38.68.0/24 maxlen: 24
212.38.74.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 01:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:22:c8:68:30:35:b5:a7:54:72:d7:51:ac:f5:76:a1:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 5 13:44:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=75ca742abdadaffc2b5eebfdc229edc64fff280c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:40:a5:d0:27:50:4d:82:66:d8:3c:e3:34:7a:
a1:04:b4:4b:dd:c8:43:40:6c:20:2f:af:aa:9a:39:
0b:0c:17:d1:f9:58:c3:fe:ae:bb:87:50:bf:41:02:
5c:1f:32:ef:37:c2:48:44:29:1a:d9:bc:8a:57:53:
15:28:df:3f:6f:e4:ba:81:47:71:fe:9d:6e:45:b4:
d4:e6:03:e1:1c:fb:33:3e:31:30:ef:58:83:74:59:
3b:6b:c4:04:c4:64:25:5e:98:b1:73:9c:67:c4:a2:
de:b4:49:61:52:45:e7:97:af:c6:3e:d7:2c:7f:c3:
ab:a3:a7:17:86:91:38:ee:f6:7e:87:53:55:3d:40:
e3:23:31:ab:1a:62:0c:6d:b7:d9:4b:75:94:30:85:
40:e8:9a:21:e0:31:07:ce:3a:1a:f0:ef:fd:41:f9:
5c:09:d4:6d:c2:9f:29:94:52:ed:bb:d2:a0:6b:78:
dd:5f:c2:9c:9c:15:f3:4e:7e:70:d3:5c:96:a7:3d:
81:6f:5a:f7:9b:17:ae:c3:36:b2:c5:f5:49:cb:e6:
a4:f4:f8:64:68:a4:1a:14:57:b1:8d:ea:66:19:88:
63:20:6c:3c:fd:51:a7:bf:f9:b3:42:53:55:d4:25:
4a:c2:ec:22:a0:01:f3:14:f3:69:5f:fc:35:3b:72:
bc:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:CA:74:2A:BD:AD:AF:FC:2B:5E:EB:FD:C2:29:ED:C6:4F:FF:28:0C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dcp0Kr2tr_wrXuv9wintxk__KAw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.14.0/24
82.153.1.0/24
82.153.245.0/24
89.213.117.0/24
109.176.24.0/24
109.176.26.0/24
212.38.68.0/24
212.38.74.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:0a:6b:4a:29:af:31:a9:92:bd:17:bd:1c:e9:aa:d5:13:0b:
83:52:05:53:d7:d7:8d:b9:08:a7:bb:3b:bb:fb:48:4d:1f:26:
90:87:be:2a:17:28:5a:12:50:12:bb:66:dd:0e:07:22:44:98:
e6:db:9b:fa:48:8c:bc:21:61:c0:f9:a7:a8:de:04:1f:f7:8b:
82:7c:f7:4d:f5:b2:cc:55:5b:74:50:eb:55:db:98:66:1c:23:
99:a8:bf:b8:38:18:81:43:48:f8:e7:25:5c:e8:b5:7e:79:c0:
8c:04:b2:02:77:b6:60:9a:e5:d9:05:26:48:00:f4:93:73:3d:
e9:dc:75:ca:4b:f8:68:54:ce:45:63:5b:2b:c1:9f:6c:b4:60:
4e:84:8b:5f:5f:a6:68:85:16:d4:98:e3:f8:49:ad:47:74:16:
31:d0:bc:64:7d:c9:2b:1e:af:73:bb:a8:b1:25:eb:d0:bd:e4:
57:8f:b0:d3:90:20:61:6c:ba:0d:2f:5b:1f:89:c0:62:fb:18:
8e:dc:b7:f8:48:53:ae:e4:16:d5:8f:90:f2:26:8d:ae:32:7a:
8b:46:a7:f7:9f:9c:41:eb:4b:1c:2d:ec:77:48:f3:9e:79:d8:
58:8b:71:64:30:94:34:8c:dd:31:b1:50:cf:8c:71:2e:6f:51:
c2:6b:6f:3b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZEiyGgwNbWnVHLXUaz1dqF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODA1MTM0NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNhNzQyYWJkYWRhZmZjMmI1ZWViZmRjMjI5ZWRjNjRmZmYyODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UCl0CdQTYJm2DzjNHqhBLRL3chD
QGwgL6+qmjkLDBfR+VjD/q67h1C/QQJcHzLvN8JIRCka2byKV1MVKN8/b+S6gUdx
/p1uRbTU5gPhHPszPjEw71iDdFk7a8QExGQlXpixc5xnxKLetElhUkXnl6/GPtcs
f8Oro6cXhpE47vZ+h1NVPUDjIzGrGmIMbbfZS3WUMIVA6Joh4DEHzjoa8O/9Qflc
CdRtwp8plFLtu9Kga3jdX8KcnBXzTn5w01yWpz2Bb1r3mxeuwzayxfVJy+ak9Phk
aKQaFFexjepmGYhjIGw8/VGnv/mzQlNV1CVKwuwioAHzFPNpX/w1O3K8xQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHXKdCq9ra/8K17r/cIp7cZP/ygMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZGNwMEtyMnRyX3dyWHV2OXdpbnR4a19fS0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUpgOAwQA
UpkBAwQAUpn1AwQAWdV1AwQAbbAYAwQAbbAaAwQA1CZEAwQA1CZKMA0GCSqGSIb3
DQEBCwUAA4IBAQA6CmtKKa8xqZK9F70c6arVEwuDUgVT19eNuQinuzu7+0hNHyaQ
h74qFyhaElASu2bdDgciRJjm25v6SIy8IWHA+aeo3gQf94uCfPdN9bLMVVt0UOtV
25hmHCOZqL+4OBiBQ0j45yVc6LV+ecCMBLICd7ZgmuXZBSZIAPSTcz3p3HXKS/ho
VM5FY1srwZ9stGBOhItfX6ZohRbUmOP4Sa1HdBYx0LxkfckrHq9zu6ixJevQveRX
j7DTkCBhbLoNL1sficBi+xiO3Lf4SFOu5BbVj5DyJo2uMnqLRqf3n5xB60scLex3
SPOeedhYi3FkMJQ0jN0xsVDPjHEub1HCa287
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:45:01 2024 by rpki-client on console-fra.rpki-client.org