Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/q3O2COEMgoiSDXjVJ84lnL6aAyo.roa
File: q3O2COEMgoiSDXjVJ84lnL6aAyo.roa (raw, json)
Hash identifier: B7qhA01CF3ltwDcwXCnRARNqO920qkgR8J9Do04z2S4=
Subject key identifier: AB:73:B6:08:E1:0C:82:88:92:0D:78:D5:27:CE:25:9C:BE:9A:03:2A
Certificate issuer: /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial: 018CC801316AB2A78A43F4476FFB9D72F141
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/q3O2COEMgoiSDXjVJ84lnL6aAyo.roa
Signing time: Tue 02 Jan 2024 02:29:30 +0000
ROA not before: Tue 02 Jan 2024 02:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209898
IP address blocks: 148.222.248.0/22 maxlen: 24
91.194.139.0/24 maxlen: 24
147.78.194.0/23 maxlen: 24
185.203.114.0/23 maxlen: 23
2a0a:e5c0::/29 maxlen: 48
2a0a:e5c0:2::/48 maxlen: 48
2a09:2940::/29 maxlen: 48
2a0a:e5c1:100::/40 maxlen: 48
2a0a:e5c0:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.mft
rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 07:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:31:6a:b2:a7:8a:43:f4:47:6f:fb:9d:72:f1:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Validity
Not Before: Jan 2 02:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ab73b608e10c8288920d78d527ce259cbe9a032a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:52:b0:d4:3e:6f:44:cd:2a:ad:7e:f6:cb:60:
53:b1:68:89:cb:c0:57:34:36:3d:22:a8:b4:f2:76:
00:82:e2:00:44:29:7b:dd:9d:f0:81:98:5a:dc:a6:
64:b5:43:b3:af:68:24:bb:0a:2b:d4:fc:ff:a1:bc:
ab:95:d1:e4:4e:b4:a3:ea:ad:63:65:29:b0:2b:0a:
30:2b:46:19:75:03:61:6c:b9:b5:2e:b2:5f:aa:5a:
c7:7b:d5:f0:ef:e5:4e:ef:36:6e:04:9b:38:1e:7e:
14:08:ae:7f:86:0e:32:38:c0:cc:44:29:b1:a7:60:
bf:84:5d:ee:47:e3:8e:44:15:d2:7e:e1:65:1f:c5:
fc:d5:ce:2d:61:f3:e6:6c:50:13:ea:03:70:4f:10:
7a:b1:d0:73:b6:ad:59:e1:1e:61:2a:22:5a:5c:b3:
63:64:34:41:a3:94:e9:8c:09:c7:d8:09:86:b9:c0:
cb:86:e4:4c:91:91:6b:25:a5:63:a5:98:6d:a6:2a:
cc:c7:37:b3:43:59:b2:b1:5b:0c:c3:24:c8:6f:6f:
3a:66:01:de:39:b5:ce:45:92:5d:5d:ba:7e:5f:af:
e1:3e:cd:47:b1:97:5d:3c:22:a8:c7:ba:d9:21:df:
b4:99:5d:6b:ad:0d:98:1f:e6:f2:45:53:f1:fa:80:
2b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:73:B6:08:E1:0C:82:88:92:0D:78:D5:27:CE:25:9C:BE:9A:03:2A
X509v3 Authority Key Identifier:
keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/q3O2COEMgoiSDXjVJ84lnL6aAyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.139.0/24
147.78.194.0/23
148.222.248.0/22
185.203.114.0/23
IPv6:
2a09:2940::/29
2a0a:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
77:12:71:72:3e:90:dd:5d:3d:b6:c0:b0:cf:34:08:03:ab:bc:
7e:70:82:71:67:35:00:ea:d8:9a:35:a6:14:04:1a:e6:9e:90:
60:2b:a1:41:1c:e4:b2:c9:e7:2a:02:c2:e4:7f:22:29:82:ad:
21:38:f6:92:56:c9:57:87:1c:ab:81:5f:1a:c5:8e:dc:e7:d7:
53:b0:d9:2f:81:66:9b:19:d2:60:3b:78:9f:ee:18:9e:15:52:
4b:a8:f5:21:66:53:e3:bd:34:79:44:b1:19:c9:12:3f:96:86:
d2:50:d8:90:50:9e:c4:3e:f8:90:7d:82:d4:61:a8:ac:16:c6:
41:bd:81:62:a1:ab:d6:23:98:1b:31:9a:d7:33:b7:b3:a9:ef:
59:47:d4:36:33:2e:a7:db:04:a9:e1:69:3b:ab:df:9d:32:5a:
c7:b5:7d:00:4d:4b:a1:e0:de:f5:92:9c:6c:61:ef:1a:ba:f4:
7c:30:b9:f0:40:9f:12:9f:80:38:bf:f9:91:37:c9:d2:84:f8:
26:61:0e:6e:72:23:53:a4:e3:4d:ad:23:43:40:e8:52:b2:3e:
a5:4a:01:20:6d:8d:c0:79:3a:d5:6e:8a:6b:ac:f7:8f:17:da:
1e:a7:43:75:7b:de:1f:27:68:45:4f:42:2f:2b:71:15:69:1f:
9b:e6:8a:4e
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzIATFqsqeKQ/RHb/udcvFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmZjNWExNzI2NTRkZDYwMDlkYjFkODJkOTJmZmFmNzEy
MzQxMjAwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjczYjYwOGUxMGM4Mjg4OTIwZDc4ZDUyN2NlMjU5Y2JlOWEwMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlKw1D5vRM0qrX72y2BTsWiJy8BX
NDY9Iqi08nYAguIARCl73Z3wgZha3KZktUOzr2gkuwor1Pz/obyrldHkTrSj6q1j
ZSmwKwowK0YZdQNhbLm1LrJfqlrHe9Xw7+VO7zZuBJs4Hn4UCK5/hg4yOMDMRCmx
p2C/hF3uR+OORBXSfuFlH8X81c4tYfPmbFAT6gNwTxB6sdBztq1Z4R5hKiJaXLNj
ZDRBo5TpjAnH2AmGucDLhuRMkZFrJaVjpZhtpirMxzezQ1mysVsMwyTIb286ZgHe
ObXORZJdXbp+X6/hPs1HsZddPCKox7rZId+0mV1rrQ2YH+byRVPx+oArpQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKtztgjhDIKIkg141SfOJZy+mgMqMB8GA1UdIwQY
MBaAFJa/xaFyZU3WAJ2x2C2S/69xI0EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmIt
YmZmYjc1N2MzMTM0LzEvcTNPMkNPRU1nb2lTRFhqVko4NGxuTDZhQXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmItYmZmYjc1N2MzMTM0
LzEvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAW8KLAwQB
k07CAwQClN74AwQBuctyMBQEAgACMA4DBQMqCSlAAwUDKgrlwDANBgkqhkiG9w0B
AQsFAAOCAQEAdxJxcj6Q3V09tsCwzzQIA6u8fnCCcWc1AOrYmjWmFAQa5p6QYCuh
QRzkssnnKgLC5H8iKYKtITj2klbJV4ccq4FfGsWO3OfXU7DZL4FmmxnSYDt4n+4Y
nhVSS6j1IWZT4700eUSxGckSP5aG0lDYkFCexD74kH2C1GGorBbGQb2BYqGr1iOY
GzGa1zO3s6nvWUfUNjMup9sEqeFpO6vfnTJax7V9AE1LoeDe9ZKcbGHvGrr0fDC5
8ECfEp+AOL/5kTfJ0oT4JmEObnIjU6TjTa0jQ0DoUrI+pUoBIG2NwHk61W6Ka6z3
jxfaHqdDdXveHydoRU9CLytxFWkfm+aKTg==
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:53:34 2024 by rpki-client on console-ams.rpki-client.org