Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/pMFqEmwS9VgWePybMMLWIr1p4kc.roa
File: pMFqEmwS9VgWePybMMLWIr1p4kc.roa (raw, json)
Hash identifier: 1OT5vYEVfSiHh9JyOSUeB0dWDfF32SmYzi1miA33Ql0=
Subject key identifier: A4:C1:6A:12:6C:12:F5:58:16:78:FC:9B:30:C2:D6:22:BD:69:E2:47
Certificate issuer: /CN=5dc6245ca820899d7eb4140302c21041b5dbca06
Certificate serial: 018CF31973E4BB285CED285575AE78CB3EA1
Authority key identifier: 5D:C6:24:5C:A8:20:89:9D:7E:B4:14:03:02:C2:10:41:B5:DB:CA:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XcYkXKggiZ1-tBQDAsIQQbXbygY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/pMFqEmwS9VgWePybMMLWIr1p4kc.roa
Signing time: Wed 10 Jan 2024 11:19:40 +0000
ROA not before: Wed 10 Jan 2024 11:19:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 38984
IP address blocks: 188.65.232.0/22 maxlen: 22
188.65.236.0/23 maxlen: 23
188.65.238.0/23 maxlen: 23
185.23.228.0/23 maxlen: 23
185.23.230.0/24 maxlen: 24
185.23.231.0/24 maxlen: 24
195.135.237.0/24 maxlen: 24
195.135.236.0/24 maxlen: 24
195.135.238.0/24 maxlen: 24
195.135.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/XcYkXKggiZ1-tBQDAsIQQbXbygY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/XcYkXKggiZ1-tBQDAsIQQbXbygY.mft
rsync://rpki.ripe.net/repository/DEFAULT/XcYkXKggiZ1-tBQDAsIQQbXbygY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 09:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f3:19:73:e4:bb:28:5c:ed:28:55:75:ae:78:cb:3e:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5dc6245ca820899d7eb4140302c21041b5dbca06
Validity
Not Before: Jan 10 11:19:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a4c16a126c12f5581678fc9b30c2d622bd69e247
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:f2:c4:97:44:f8:8e:39:01:08:d4:63:f6:47:
a1:3b:be:b4:39:b9:78:2b:ca:61:0c:61:9a:ef:11:
9a:16:8b:91:05:10:80:1b:8e:12:dc:8e:fe:7f:0a:
52:c9:89:b4:d6:db:30:95:cf:65:1a:53:e2:7c:a1:
e8:df:b3:00:ed:38:33:43:3d:ed:b4:f7:7b:f3:ef:
2f:72:94:83:87:33:08:dd:f0:82:5e:eb:ec:98:f4:
86:95:b7:23:6f:00:23:29:5c:7c:84:74:95:75:20:
f6:ec:c1:52:ec:d7:78:ea:1d:8f:80:6a:13:1d:37:
71:91:f1:46:f4:2e:24:8f:30:e2:b6:a2:ab:cd:4d:
c3:db:87:87:39:92:d2:36:20:b9:80:bd:91:8b:9c:
20:c7:1f:f8:57:ae:68:af:73:e8:16:07:e2:b6:c7:
a2:36:dc:a2:cc:7a:c9:d2:17:ce:8d:da:b8:12:04:
43:4e:e8:de:c0:f8:12:91:6f:f1:3c:d8:f4:3e:42:
18:0b:09:9d:41:7a:e4:7b:83:8c:69:6c:90:dc:6d:
a7:d2:a8:9c:fa:01:f0:45:b1:2f:15:95:42:ed:9b:
3d:ab:9c:fe:ae:45:cd:3f:90:53:74:d0:3b:37:a9:
be:98:5b:91:a2:fc:eb:08:14:f0:56:b6:bd:d1:86:
15:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:C1:6A:12:6C:12:F5:58:16:78:FC:9B:30:C2:D6:22:BD:69:E2:47
X509v3 Authority Key Identifier:
keyid:5D:C6:24:5C:A8:20:89:9D:7E:B4:14:03:02:C2:10:41:B5:DB:CA:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XcYkXKggiZ1-tBQDAsIQQbXbygY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/pMFqEmwS9VgWePybMMLWIr1p4kc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/XcYkXKggiZ1-tBQDAsIQQbXbygY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.23.228.0/22
188.65.232.0/21
195.135.236.0/22
Signature Algorithm: sha256WithRSAEncryption
13:3e:02:ec:50:c6:f6:74:90:55:4e:61:d3:ad:70:02:ca:58:
52:e3:ff:a8:b9:06:8e:55:1b:56:5d:90:26:b7:c1:97:fe:9b:
b4:b6:3b:ce:c7:60:d9:c0:10:89:79:23:f8:2c:ab:86:26:60:
d7:f5:5d:b5:9a:a6:34:ea:26:ae:65:05:ae:b2:a2:1b:2c:cd:
fd:79:5d:a0:32:87:05:26:1b:c0:bd:49:f1:07:ed:df:6a:18:
63:3f:c5:a6:3a:42:91:e1:b8:8f:33:d6:60:b1:18:3c:a8:0d:
85:6f:12:e4:90:11:88:86:74:d8:f5:c3:fe:13:a2:01:92:85:
1b:59:02:70:b7:b3:d4:4b:05:2c:bd:ce:6a:f4:23:22:cf:7c:
9d:48:d2:2f:74:c1:22:dc:ac:08:c8:ca:66:a2:fb:91:4d:76:
cb:de:10:2c:0d:a6:5e:03:8e:2c:c5:16:11:62:66:05:1e:b8:
63:12:f0:ac:03:f2:50:07:d3:d2:5e:3b:58:5d:d4:2f:3d:09:
44:b0:d2:4f:b3:27:ba:00:48:d9:b6:c8:e6:d3:81:cb:a4:da:
f1:50:b6:9c:fc:e1:6d:0d:be:46:83:1d:53:88:09:fd:c9:c5:
2e:a7:b3:4f:c5:25:2e:b7:dd:eb:95:f2:f8:48:78:4d:cf:5c:
b6:71:85:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzzGXPkuyhc7ShVda54yz6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYzYyNDVjYTgyMDg5OWQ3ZWI0MTQwMzAyYzIxMDQxYjVk
YmNhMDYwHhcNMjQwMTEwMTExOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGMxNmExMjZjMTJmNTU4MTY3OGZjOWIzMGMyZDYyMmJkNjllMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPLEl0T4jjkBCNRj9kehO760Obl4
K8phDGGa7xGaFouRBRCAG44S3I7+fwpSyYm01tswlc9lGlPifKHo37MA7TgzQz3t
tPd78+8vcpSDhzMI3fCCXuvsmPSGlbcjbwAjKVx8hHSVdSD27MFS7Nd46h2PgGoT
HTdxkfFG9C4kjzDitqKrzU3D24eHOZLSNiC5gL2Ri5wgxx/4V65or3PoFgfitsei
NtyizHrJ0hfOjdq4EgRDTujewPgSkW/xPNj0PkIYCwmdQXrke4OMaWyQ3G2n0qic
+gHwRbEvFZVC7Zs9q5z+rkXNP5BTdNA7N6m+mFuRovzrCBTwVra90YYVDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKTBahJsEvVYFnj8mzDC1iK9aeJHMB8GA1UdIwQY
MBaAFF3GJFyoIImdfrQUAwLCEEG128oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGNZa1hLZ2dpWjEtdEJRREFzSVFRYlhieWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YTQzMGYtNDBjNS00NzRiLThmZDkt
MDc0ZWQ3MGI0NjczLzEvcE1GcUVtd1M5VmdXZVB5Yk1NTFdJcjFwNGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YTQzMGYtNDBjNS00NzRiLThmZDktMDc0ZWQ3MGI0Njcz
LzEvWGNZa1hLZ2dpWjEtdEJRREFzSVFRYlhieWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuRfkAwQD
vEHoAwQCw4fsMA0GCSqGSIb3DQEBCwUAA4IBAQATPgLsUMb2dJBVTmHTrXACylhS
4/+ouQaOVRtWXZAmt8GX/pu0tjvOx2DZwBCJeSP4LKuGJmDX9V21mqY06iauZQWu
sqIbLM39eV2gMocFJhvAvUnxB+3fahhjP8WmOkKR4biPM9ZgsRg8qA2FbxLkkBGI
hnTY9cP+E6IBkoUbWQJwt7PUSwUsvc5q9CMiz3ydSNIvdMEi3KwIyMpmovuRTXbL
3hAsDaZeA44sxRYRYmYFHrhjEvCsA/JQB9PSXjtYXdQvPQlEsNJPsye6AEjZtsjm
04HLpNrxULac/OFtDb5Ggx1TiAn9ycUup7NPxSUut93rlfL4SHhNz1y2cYUq
-----END CERTIFICATE-----
Generated at Sat Jun 1 12:26:34 2024 by rpki-client on console-fra.rpki-client.org