Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e9ca7a-411c-43a8-952f-cc540608c41d/1/hlXsROypaaVSV1BMYUNuzr7Krac.roa
File: hlXsROypaaVSV1BMYUNuzr7Krac.roa (raw, json)
Hash identifier: 9iyo6yQdVfG3KH09ThzxvwfVcS4/pvopJiWLUGqJkV8=
Subject key identifier: 86:55:EC:44:EC:A9:69:A5:52:57:50:4C:61:43:6E:CE:BE:CA:AD:A7
Certificate issuer: /CN=c7221e402998abc1f035475e158b74e8c76920c0
Certificate serial: 018CC794201819831154EA3395975E93ECD6
Authority key identifier: C7:22:1E:40:29:98:AB:C1:F0:35:47:5E:15:8B:74:E8:C7:69:20:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xyIeQCmYq8HwNUdeFYt06MdpIMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/e9ca7a-411c-43a8-952f-cc540608c41d/1/hlXsROypaaVSV1BMYUNuzr7Krac.roa
Signing time: Tue 02 Jan 2024 00:30:22 +0000
ROA not before: Tue 02 Jan 2024 00:30:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205935
IP address blocks: 185.201.132.0/24 maxlen: 24
185.201.135.0/24 maxlen: 24
185.201.134.0/24 maxlen: 24
2a0a:c441::/32 maxlen: 32
2a0a:c445::/32 maxlen: 32
2a0a:c443::/32 maxlen: 32
2a0a:c447::/32 maxlen: 32
2a0a:c444::/32 maxlen: 32
2a0a:c442::/32 maxlen: 32
2a0a:c440::/32 maxlen: 32
2a0a:c446::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/e9ca7a-411c-43a8-952f-cc540608c41d/1/xyIeQCmYq8HwNUdeFYt06MdpIMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/e9ca7a-411c-43a8-952f-cc540608c41d/1/xyIeQCmYq8HwNUdeFYt06MdpIMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xyIeQCmYq8HwNUdeFYt06MdpIMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 17:02:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:20:18:19:83:11:54:ea:33:95:97:5e:93:ec:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7221e402998abc1f035475e158b74e8c76920c0
Validity
Not Before: Jan 2 00:30:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8655ec44eca969a55257504c61436ecebecaada7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e7:60:68:84:d1:76:65:5e:53:d8:94:ef:9b:
ec:40:e9:0b:69:02:2b:c2:bf:75:03:40:d5:7b:ff:
e9:93:4d:2b:1a:bc:a4:7e:42:3e:23:20:45:13:b8:
6a:d0:4f:d4:5e:57:bf:59:94:45:ca:08:9e:13:6f:
07:3e:f6:2a:3f:02:c1:04:e1:98:df:f5:d8:e5:b6:
30:d0:f0:1d:9f:49:df:bf:79:fc:1b:fb:0f:f8:3f:
1d:a3:0b:c0:b4:b2:69:2a:3f:72:f0:b5:ef:3c:9e:
a7:69:57:92:1e:e7:d3:b1:5c:50:e9:51:86:b7:58:
d0:cd:68:15:c0:a4:e9:c2:95:9d:da:2c:75:6d:91:
26:06:29:30:dc:9a:05:ff:e1:34:06:66:80:9b:26:
a0:9c:00:ef:a4:8d:81:2e:57:2d:a2:f1:97:cb:a1:
14:09:95:7d:aa:d9:25:41:21:d3:bc:09:5f:e0:68:
6c:ec:36:27:f2:68:cc:81:12:3e:c3:e5:89:11:c9:
fc:e1:15:d9:0d:85:2d:19:10:4f:cc:4b:f3:26:74:
d7:6a:7d:e7:a7:df:93:91:4c:e4:df:67:eb:ef:33:
18:e5:ce:2c:c8:a5:ed:cc:90:14:31:46:5b:4a:ad:
be:89:7f:d6:07:90:0b:9e:2f:16:b1:14:35:38:a7:
53:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:55:EC:44:EC:A9:69:A5:52:57:50:4C:61:43:6E:CE:BE:CA:AD:A7
X509v3 Authority Key Identifier:
keyid:C7:22:1E:40:29:98:AB:C1:F0:35:47:5E:15:8B:74:E8:C7:69:20:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xyIeQCmYq8HwNUdeFYt06MdpIMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e9ca7a-411c-43a8-952f-cc540608c41d/1/hlXsROypaaVSV1BMYUNuzr7Krac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e9ca7a-411c-43a8-952f-cc540608c41d/1/xyIeQCmYq8HwNUdeFYt06MdpIMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.201.132.0/24
185.201.134.0/23
IPv6:
2a0a:c440::/29
Signature Algorithm: sha256WithRSAEncryption
a4:0e:62:07:89:ff:60:6a:39:65:1e:b2:fb:45:39:d3:1f:94:
55:f9:13:7a:9c:9c:32:47:d0:68:7e:0d:36:b2:68:a3:26:21:
92:35:5d:1b:50:44:aa:d9:63:4d:6a:d7:0f:4c:03:26:5e:24:
4e:41:c3:42:7a:28:46:c2:99:27:f1:0b:9b:84:50:02:8c:1c:
a0:67:01:9a:f2:62:90:bc:ef:d5:55:50:c7:10:4a:39:07:6b:
9b:91:e4:03:91:42:9b:c7:e7:e2:0d:72:78:64:ba:e5:c0:12:
56:4d:fc:c9:41:29:d6:95:ee:c4:32:f0:ad:ce:da:ca:53:e1:
79:4c:07:74:35:ba:03:bf:d4:81:38:29:e9:fa:9f:77:de:2c:
7e:03:5b:28:eb:f9:65:2c:8a:a8:3e:30:8d:e9:df:49:dd:67:
4c:40:e8:58:a6:da:fb:06:09:5c:22:02:98:13:88:c2:d3:df:
f7:3b:04:2a:f2:c2:be:0b:73:6d:cc:87:6d:a5:2e:bd:c3:3c:
d4:67:da:1c:ee:9b:f0:e8:89:a9:32:28:cb:9c:69:8f:32:24:
fd:4f:d6:ad:62:ea:22:70:db:86:bc:2d:45:b8:2d:f0:fd:6e:
12:b2:06:d0:ce:ff:11:2d:13:0a:3a:41:17:4f:03:67:e6:a0:
ee:b2:ed:30
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlCAYGYMRVOozlZdek+zWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MjIxZTQwMjk5OGFiYzFmMDM1NDc1ZTE1OGI3NGU4Yzc2
OTIwYzAwHhcNMjQwMTAyMDAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU1ZWM0NGVjYTk2OWE1NTI1NzUwNGM2MTQzNmVjZWJlY2FhZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+dgaITRdmVeU9iU75vsQOkLaQIr
wr91A0DVe//pk00rGrykfkI+IyBFE7hq0E/UXle/WZRFygieE28HPvYqPwLBBOGY
3/XY5bYw0PAdn0nfv3n8G/sP+D8dowvAtLJpKj9y8LXvPJ6naVeSHufTsVxQ6VGG
t1jQzWgVwKTpwpWd2ix1bZEmBikw3JoF/+E0BmaAmyagnADvpI2BLlctovGXy6EU
CZV9qtklQSHTvAlf4Ghs7DYn8mjMgRI+w+WJEcn84RXZDYUtGRBPzEvzJnTXan3n
p9+TkUzk32fr7zMY5c4syKXtzJAUMUZbSq2+iX/WB5ALni8WsRQ1OKdTEwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIZV7ETsqWmlUldQTGFDbs6+yq2nMB8GA1UdIwQY
MBaAFMciHkApmKvB8DVHXhWLdOjHaSDAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHlJZVFDbVlxOEh3TlVkZUZZdDA2TWRwSU1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOWNhN2EtNDExYy00M2E4LTk1MmYt
Y2M1NDA2MDhjNDFkLzEvaGxYc1JPeXBhYVZTVjFCTVlVTnV6cjdLcmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOWNhN2EtNDExYy00M2E4LTk1MmYtY2M1NDA2MDhjNDFk
LzEveHlJZVFDbVlxOEh3TlVkZUZZdDA2TWRwSU1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAucmEAwQB
ucmGMA0EAgACMAcDBQMqCsRAMA0GCSqGSIb3DQEBCwUAA4IBAQCkDmIHif9gajll
HrL7RTnTH5RV+RN6nJwyR9Bofg02smijJiGSNV0bUESq2WNNatcPTAMmXiROQcNC
eihGwpkn8QubhFACjBygZwGa8mKQvO/VVVDHEEo5B2ubkeQDkUKbx+fiDXJ4ZLrl
wBJWTfzJQSnWle7EMvCtztrKU+F5TAd0NboDv9SBOCnp+p933ix+A1so6/llLIqo
PjCN6d9J3WdMQOhYptr7BglcIgKYE4jC09/3OwQq8sK+C3NtzIdtpS69wzzUZ9oc
7pvw6ImpMijLnGmPMiT9T9atYuoicNuGvC1FuC3w/W4SsgbQzv8RLRMKOkEXTwNn
5qDusu0w
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:01 2024 by rpki-client on console-fra.rpki-client.org