Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b499b6-01f4-442c-be76-c0d8c866893f/1/e_Ed3LwhkDHRwMKUQb_N5zvaQIc.roa
File: e_Ed3LwhkDHRwMKUQb_N5zvaQIc.roa (raw, json)
Hash identifier: h3l+N0HtWZqmqwC/wqbbMS4p79kBL6l9EF4xQzVAW14=
Subject key identifier: 7B:F1:1D:DC:BC:21:90:31:D1:C0:C2:94:41:BF:CD:E7:3B:DA:40:87
Certificate issuer: /CN=dd71a129c8b08995942199ea6d1b228265350d0b
Certificate serial: 018CC3B6FAE88084FBC4DD10404E7360F5FB
Authority key identifier: DD:71:A1:29:C8:B0:89:95:94:21:99:EA:6D:1B:22:82:65:35:0D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3XGhKciwiZWUIZnqbRsigmU1DQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/b499b6-01f4-442c-be76-c0d8c866893f/1/e_Ed3LwhkDHRwMKUQb_N5zvaQIc.roa
Signing time: Mon 01 Jan 2024 06:29:57 +0000
ROA not before: Mon 01 Jan 2024 06:29:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200127
IP address blocks: 185.36.237.0/24 maxlen: 24
185.36.236.0/24 maxlen: 24
185.36.239.0/24 maxlen: 24
185.36.238.0/24 maxlen: 24
185.76.244.0/24 maxlen: 24
185.76.246.0/24 maxlen: 24
185.76.245.0/24 maxlen: 24
185.76.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/b499b6-01f4-442c-be76-c0d8c866893f/1/3XGhKciwiZWUIZnqbRsigmU1DQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/b499b6-01f4-442c-be76-c0d8c866893f/1/3XGhKciwiZWUIZnqbRsigmU1DQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/3XGhKciwiZWUIZnqbRsigmU1DQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 15:00:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:fa:e8:80:84:fb:c4:dd:10:40:4e:73:60:f5:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd71a129c8b08995942199ea6d1b228265350d0b
Validity
Not Before: Jan 1 06:29:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7bf11ddcbc219031d1c0c29441bfcde73bda4087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:83:cb:6d:de:1e:38:b1:d1:bd:3b:49:b8:44:
9e:a2:c2:74:94:f3:f8:48:ff:af:f4:4f:d7:11:40:
82:f5:7f:6a:a5:17:f2:38:0e:76:fe:a0:86:ed:31:
0e:aa:69:bd:b9:06:76:2a:72:b5:90:a0:3e:02:8d:
6c:82:5a:83:d8:85:9a:5e:3f:0e:f0:81:b4:3a:70:
21:a3:78:4b:6e:7a:fa:15:91:fd:8d:08:f4:0e:1d:
39:86:b6:7a:6a:ee:b1:26:1e:c6:ff:2b:e3:4a:82:
f0:6a:e2:96:27:e7:80:c0:c6:1f:87:68:e1:15:88:
cb:3a:21:eb:7c:ac:3d:64:c2:51:1d:40:b0:ce:75:
37:15:69:a8:84:72:fa:48:b3:dd:c9:24:df:28:35:
17:45:af:a7:79:25:5e:5e:e7:8f:bc:5d:91:fc:e1:
72:4d:8b:e4:26:41:6f:78:98:45:cf:45:a5:de:92:
e5:c5:1b:df:bf:ca:04:3d:92:36:c4:e9:cc:b5:7c:
ef:4c:61:c5:e1:70:f5:cb:21:f5:46:55:4e:23:27:
26:34:10:9a:66:e9:39:7c:4e:e8:f9:89:8b:fb:6e:
0a:1f:0b:08:58:61:0a:c5:1e:ba:06:eb:75:e0:ea:
2c:29:af:fd:b7:50:1a:87:9c:56:80:75:d4:70:c3:
6b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:F1:1D:DC:BC:21:90:31:D1:C0:C2:94:41:BF:CD:E7:3B:DA:40:87
X509v3 Authority Key Identifier:
keyid:DD:71:A1:29:C8:B0:89:95:94:21:99:EA:6D:1B:22:82:65:35:0D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XGhKciwiZWUIZnqbRsigmU1DQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b499b6-01f4-442c-be76-c0d8c866893f/1/e_Ed3LwhkDHRwMKUQb_N5zvaQIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b499b6-01f4-442c-be76-c0d8c866893f/1/3XGhKciwiZWUIZnqbRsigmU1DQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.36.236.0/22
185.76.244.0/22
Signature Algorithm: sha256WithRSAEncryption
08:0b:e8:20:c0:55:c9:d5:03:7f:ee:26:b6:cc:f8:a1:25:1e:
95:39:57:a1:18:f0:f2:b0:68:e1:ba:b3:0e:70:97:12:39:cf:
f7:5d:c4:df:29:f6:8e:ba:1a:54:fc:92:05:0e:68:e8:d0:90:
ef:a8:b9:01:e9:c7:7f:61:b3:0c:4c:42:ff:10:2f:12:06:ae:
50:c4:53:b3:de:c0:f7:24:f0:cd:83:7e:ce:3e:99:90:2c:c4:
3d:fe:6a:0b:7a:7d:ee:70:aa:55:44:9a:0d:a0:a9:2f:38:de:
82:1c:65:75:ef:2a:93:18:e8:83:17:b4:a3:5a:33:b6:b6:f8:
e7:1c:09:6c:9d:e9:ba:b6:bf:b3:3e:80:1b:91:3f:99:54:6a:
e1:bf:f9:15:7a:25:53:f7:a6:a0:ed:1a:50:c0:62:d2:bc:f7:
92:a3:5f:8b:c6:a8:ef:39:42:3b:96:64:a5:85:cd:63:90:6d:
78:c7:ec:a2:4b:d3:27:cd:b8:bc:ea:59:57:78:67:d9:1f:30:
64:58:ec:3f:8d:7f:67:49:7b:b3:9d:d7:52:cb:0a:49:6f:f9:
29:d3:7e:80:15:1c:ee:81:23:b3:a8:df:4f:7b:b4:35:6b:c2:
50:b7:64:61:6b:07:5f:93:05:6a:80:8b:62:59:77:14:68:ad:
29:8b:47:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtvrogIT7xN0QQE5zYPX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzFhMTI5YzhiMDg5OTU5NDIxOTllYTZkMWIyMjgyNjUz
NTBkMGIwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmYxMWRkY2JjMjE5MDMxZDFjMGMyOTQ0MWJmY2RlNzNiZGE0MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4PLbd4eOLHRvTtJuESeosJ0lPP4
SP+v9E/XEUCC9X9qpRfyOA52/qCG7TEOqmm9uQZ2KnK1kKA+Ao1sglqD2IWaXj8O
8IG0OnAho3hLbnr6FZH9jQj0Dh05hrZ6au6xJh7G/yvjSoLwauKWJ+eAwMYfh2jh
FYjLOiHrfKw9ZMJRHUCwznU3FWmohHL6SLPdySTfKDUXRa+neSVeXuePvF2R/OFy
TYvkJkFveJhFz0Wl3pLlxRvfv8oEPZI2xOnMtXzvTGHF4XD1yyH1RlVOIycmNBCa
Zuk5fE7o+YmL+24KHwsIWGEKxR66But14OosKa/9t1Aah5xWgHXUcMNrHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHvxHdy8IZAx0cDClEG/zec72kCHMB8GA1UdIwQY
MBaAFN1xoSnIsImVlCGZ6m0bIoJlNQ0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hHaEtjaXdpWldVSVpucWJSc2lnbVUxRFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iNDk5YjYtMDFmNC00NDJjLWJlNzYt
YzBkOGM4NjY4OTNmLzEvZV9FZDNMd2hrREhSd01LVVFiX041enZhUUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iNDk5YjYtMDFmNC00NDJjLWJlNzYtYzBkOGM4NjY4OTNm
LzEvM1hHaEtjaXdpWldVSVpucWJSc2lnbVUxRFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSTsAwQC
uUz0MA0GCSqGSIb3DQEBCwUAA4IBAQAIC+ggwFXJ1QN/7ia2zPihJR6VOVehGPDy
sGjhurMOcJcSOc/3XcTfKfaOuhpU/JIFDmjo0JDvqLkB6cd/YbMMTEL/EC8SBq5Q
xFOz3sD3JPDNg37OPpmQLMQ9/moLen3ucKpVRJoNoKkvON6CHGV17yqTGOiDF7Sj
WjO2tvjnHAlsnem6tr+zPoAbkT+ZVGrhv/kVeiVT96ag7RpQwGLSvPeSo1+Lxqjv
OUI7lmSlhc1jkG14x+yiS9Mnzbi86llXeGfZHzBkWOw/jX9nSXuznddSywpJb/kp
036AFRzugSOzqN9Pe7Q1a8JQt2RhawdfkwVqgItiWXcUaK0pi0cB
-----END CERTIFICATE-----
Generated at Tue Nov 26 21:15:50 2024 by rpki-client on console-fra.rpki-client.org