Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/9200ca-a680-44d9-92f9-8d64df01c0c4/1/PZqxndcj1N-gbrlpllIie-YwLZg.roa
File: PZqxndcj1N-gbrlpllIie-YwLZg.roa (raw, json)
Hash identifier: mFK9GMFbHl4YWAXFAmXb8rZr52/58kHhZOrfVa2HGWA=
Subject key identifier: 3D:9A:B1:9D:D7:23:D4:DF:A0:6E:B9:69:96:52:22:7B:E6:30:2D:98
Certificate issuer: /CN=059fa6a6b1ec7ae6ea8b44934cf7c3d4fa508ef2
Certificate serial: 018CC8DF995E29F3934AE90545D44F6174EA
Authority key identifier: 05:9F:A6:A6:B1:EC:7A:E6:EA:8B:44:93:4C:F7:C3:D4:FA:50:8E:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BZ-mprHseubqi0STTPfD1PpQjvI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/9200ca-a680-44d9-92f9-8d64df01c0c4/1/PZqxndcj1N-gbrlpllIie-YwLZg.roa
Signing time: Tue 02 Jan 2024 06:32:26 +0000
ROA not before: Tue 02 Jan 2024 06:32:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1741
IP address blocks: 195.148.0.0/16 maxlen: 16
86.50.0.0/16 maxlen: 16
185.229.128.0/22 maxlen: 22
193.166.4.0/24 maxlen: 24
128.214.0.0/16 maxlen: 16
193.166.0.0/15 maxlen: 15
2001:708::/32 maxlen: 32
2001:708:10::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/9200ca-a680-44d9-92f9-8d64df01c0c4/1/BZ-mprHseubqi0STTPfD1PpQjvI.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/9200ca-a680-44d9-92f9-8d64df01c0c4/1/BZ-mprHseubqi0STTPfD1PpQjvI.mft
rsync://rpki.ripe.net/repository/DEFAULT/BZ-mprHseubqi0STTPfD1PpQjvI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:99:5e:29:f3:93:4a:e9:05:45:d4:4f:61:74:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=059fa6a6b1ec7ae6ea8b44934cf7c3d4fa508ef2
Validity
Not Before: Jan 2 06:32:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3d9ab19dd723d4dfa06eb9699652227be6302d98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:e9:c1:1a:8e:68:41:f5:9a:66:21:8c:28:7c:
7b:1b:c8:fe:09:21:b2:54:0e:bc:01:0e:ea:5d:72:
f4:27:1c:5a:bb:cb:33:97:3c:3d:10:c8:97:81:4c:
46:77:7a:2b:29:87:6e:e5:25:ab:d9:e1:4a:75:0d:
c3:9b:0a:52:7b:3b:4d:a2:e7:01:f9:16:ad:18:65:
e3:ca:04:9d:62:8f:41:33:bd:32:fd:dd:f6:9b:9d:
6a:04:72:97:02:bd:21:80:a6:c7:d9:6f:d6:20:ea:
40:42:01:30:c9:4c:d8:81:bd:8d:cf:e5:69:fe:c1:
38:ac:56:93:66:25:4d:99:36:ba:45:fe:b7:20:91:
cd:57:bb:28:c7:15:d0:0d:66:2e:42:bd:28:d1:e8:
77:11:be:43:20:08:e2:d0:80:bc:9b:0c:2c:68:ce:
83:a9:86:6a:2c:e7:51:fc:08:7b:70:29:b5:02:2a:
0e:09:9c:33:f8:74:03:f6:4a:73:7d:7d:43:15:6b:
df:9a:a9:c1:20:7c:43:92:cc:34:c6:74:cc:73:e5:
9c:c5:02:2c:a4:4b:34:d0:da:fd:cf:a1:aa:ba:fc:
b6:b0:47:9e:2b:29:71:51:b0:cd:25:39:d7:75:02:
63:c8:e3:ee:ca:19:d5:f9:9c:97:b4:fd:0d:3f:51:
95:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:9A:B1:9D:D7:23:D4:DF:A0:6E:B9:69:96:52:22:7B:E6:30:2D:98
X509v3 Authority Key Identifier:
keyid:05:9F:A6:A6:B1:EC:7A:E6:EA:8B:44:93:4C:F7:C3:D4:FA:50:8E:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZ-mprHseubqi0STTPfD1PpQjvI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/9200ca-a680-44d9-92f9-8d64df01c0c4/1/PZqxndcj1N-gbrlpllIie-YwLZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/9200ca-a680-44d9-92f9-8d64df01c0c4/1/BZ-mprHseubqi0STTPfD1PpQjvI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.50.0.0/16
128.214.0.0/16
185.229.128.0/22
193.166.0.0/15
195.148.0.0/16
IPv6:
2001:708::/32
Signature Algorithm: sha256WithRSAEncryption
65:b3:8f:c5:e5:38:65:69:62:9d:df:33:e0:e2:52:31:1d:19:
be:27:2f:1c:41:27:6f:f3:7f:92:34:94:42:5e:0c:3a:ba:b8:
ed:6d:b8:1a:b7:c2:b8:2e:36:f8:6f:ae:c2:b0:a6:9b:4d:5e:
23:39:8e:cd:9c:21:c8:3c:5c:ec:b5:dc:a3:d7:cf:41:f3:05:
32:fc:bb:93:22:04:bf:b4:e1:69:39:2b:19:91:b4:7b:4a:b7:
7f:07:e2:de:7e:f0:df:2f:16:65:01:58:12:a7:cf:ec:9c:93:
53:ba:66:7d:39:00:d5:41:35:bc:92:6d:26:e4:5c:9c:b5:43:
fd:db:49:a3:02:fc:74:09:6d:10:8b:d8:63:43:e4:87:6a:b6:
d6:d1:cd:0c:1b:39:8f:6d:c2:50:7b:0b:70:50:c3:5e:90:b3:
eb:35:be:4b:aa:31:ba:f8:a9:ca:c3:2c:1d:ea:08:28:ff:8d:
58:8c:2b:8d:47:e5:d8:27:16:8e:0f:84:40:37:bf:7f:59:2c:
ea:2b:05:0b:3d:25:5c:99:11:e6:a0:38:89:c9:95:55:ac:38:
47:63:02:bb:b0:87:3f:a5:a4:b4:7b:8e:0d:d3:06:e3:12:f9:
38:a9:ad:0e:dc:88:42:25:50:9a:a4:71:a4:e6:e5:69:92:f5:
32:38:2c:3a
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzI35leKfOTSukFRdRPYXTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OWZhNmE2YjFlYzdhZTZlYThiNDQ5MzRjZjdjM2Q0ZmE1
MDhlZjIwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDlhYjE5ZGQ3MjNkNGRmYTA2ZWI5Njk5NjUyMjI3YmU2MzAyZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+nBGo5oQfWaZiGMKHx7G8j+CSGy
VA68AQ7qXXL0Jxxau8szlzw9EMiXgUxGd3orKYdu5SWr2eFKdQ3DmwpSeztNoucB
+RatGGXjygSdYo9BM70y/d32m51qBHKXAr0hgKbH2W/WIOpAQgEwyUzYgb2Nz+Vp
/sE4rFaTZiVNmTa6Rf63IJHNV7soxxXQDWYuQr0o0eh3Eb5DIAji0IC8mwwsaM6D
qYZqLOdR/Ah7cCm1AioOCZwz+HQD9kpzfX1DFWvfmqnBIHxDksw0xnTMc+WcxQIs
pEs00Nr9z6Gquvy2sEeeKylxUbDNJTnXdQJjyOPuyhnV+ZyXtP0NP1GV4QIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFD2asZ3XI9TfoG65aZZSInvmMC2YMB8GA1UdIwQY
MBaAFAWfpqax7Hrm6otEk0z3w9T6UI7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlotbXBySHNldWJxaTBTVFRQZkQxUHBRanZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjAwY2EtYTY4MC00NGQ5LTkyZjkt
OGQ2NGRmMDFjMGM0LzEvUFpxeG5kY2oxTi1nYnJscGxsSWllLVl3TFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjAwY2EtYTY4MC00NGQ5LTkyZjktOGQ2NGRmMDFjMGM0
LzEvQlotbXBySHNldWJxaTBTVFRQZkQxUHBRanZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwMAVjIDAwCA
1gMEArnlgAMDAcGmAwMAw5QwDQQCAAIwBwMFACABBwgwDQYJKoZIhvcNAQELBQAD
ggEBAGWzj8XlOGVpYp3fM+DiUjEdGb4nLxxBJ2/zf5I0lEJeDDq6uO1tuBq3wrgu
NvhvrsKwpptNXiM5js2cIcg8XOy13KPXz0HzBTL8u5MiBL+04Wk5KxmRtHtKt38H
4t5+8N8vFmUBWBKnz+yck1O6Zn05ANVBNbySbSbkXJy1Q/3bSaMC/HQJbRCL2GND
5IdqttbRzQwbOY9twlB7C3BQw16Qs+s1vkuqMbr4qcrDLB3qCCj/jViMK41H5dgn
Fo4PhEA3v39ZLOorBQs9JVyZEeagOInJlVWsOEdjAruwhz+lpLR7jg3TBuMS+Tip
rQ7ciEIlUJqkcaTm5WmS9TI4LDo=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:58 2024 by rpki-client on console-ams.rpki-client.org