Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/PqPhveYy0qAF5pRRh7YlWU1Vr5s.roa
File: PqPhveYy0qAF5pRRh7YlWU1Vr5s.roa (raw, json)
Hash identifier: X2YQZikzOdeTk3yTemCPklb4t7/SGCGC1DNnbU2fgTQ=
Subject key identifier: 3E:A3:E1:BD:E6:32:D2:A0:05:E6:94:51:87:B6:25:59:4D:55:AF:9B
Certificate issuer: /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial: 018CC50009A17205660C68438CACF7DF31DC
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/PqPhveYy0qAF5pRRh7YlWU1Vr5s.roa
Signing time: Mon 01 Jan 2024 12:29:23 +0000
ROA not before: Mon 01 Jan 2024 12:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 62.201.32.0/21 maxlen: 21
62.201.40.0/24 maxlen: 24
62.201.43.0/24 maxlen: 24
62.201.44.0/22 maxlen: 22
62.201.41.0/24 maxlen: 24
62.201.48.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.mft
rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 28 Apr 2024 02:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:09:a1:72:05:66:0c:68:43:8c:ac:f7:df:31:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Validity
Not Before: Jan 1 12:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3ea3e1bde632d2a005e6945187b625594d55af9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:6d:5b:25:ff:9e:f8:c2:23:f1:8f:6f:e8:74:
b6:2e:01:70:6c:dd:fe:9e:5f:a5:34:cc:a8:48:d3:
3a:2b:d1:e6:43:23:90:3a:50:51:e8:8c:a8:96:d8:
58:ec:44:2e:8a:8b:69:3d:a1:c6:d9:0b:3f:6c:34:
e7:67:9d:7a:13:fe:35:27:8a:8d:22:39:46:6b:bc:
1c:bb:39:02:5c:cb:9c:a3:ff:1f:a4:e3:f4:6a:22:
72:35:e0:9a:9e:b8:a2:5a:f8:a4:f8:d9:d2:d8:9a:
b3:77:10:9f:36:de:b9:43:3d:28:7f:26:3a:b0:79:
89:5c:26:b6:3b:43:29:41:eb:3e:50:39:37:0d:3e:
37:15:fc:0d:f7:da:79:b8:9b:4f:a1:ee:08:d5:6f:
c0:6e:70:ca:ae:9d:cd:95:86:47:86:6a:83:90:24:
11:0c:bc:9a:69:c5:a7:45:70:88:ba:8f:2b:71:d3:
e6:4d:58:69:65:8f:4d:a8:f7:80:ad:9f:f7:15:04:
91:87:15:10:9f:9a:e4:2d:4a:ca:f2:68:21:04:17:
ab:44:45:78:0b:19:9d:c4:83:55:a6:72:96:ed:61:
2c:88:f5:cc:4b:63:99:4f:c9:fb:81:96:34:75:8a:
18:ef:7b:b2:da:43:11:39:98:0b:fb:6b:df:f5:57:
b6:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:A3:E1:BD:E6:32:D2:A0:05:E6:94:51:87:B6:25:59:4D:55:AF:9B
X509v3 Authority Key Identifier:
keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/PqPhveYy0qAF5pRRh7YlWU1Vr5s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.201.32.0-62.201.41.255
62.201.43.0-62.201.63.255
Signature Algorithm: sha256WithRSAEncryption
62:78:de:52:73:68:5b:2f:61:62:eb:6c:c1:47:42:27:f2:6d:
34:48:c4:68:cd:0e:e4:38:81:5e:ef:30:6c:59:70:5b:0a:f9:
49:71:ed:61:79:3b:dc:d2:d4:d3:29:37:48:ae:e7:96:ef:c9:
a6:44:8c:b7:3f:22:b2:6e:e8:45:56:b4:58:f8:8a:8a:f0:a4:
da:bc:02:48:55:08:21:6b:7c:6b:fe:fc:5f:8f:89:ec:a5:66:
1f:62:90:90:cc:91:0f:36:20:51:46:bf:83:62:20:bc:d1:df:
45:12:b5:a0:55:7d:e8:9a:99:0c:d7:4d:84:eb:8e:4c:55:ff:
23:46:93:6a:99:03:74:c6:7c:8c:c7:12:55:ca:d6:e3:30:58:
ae:40:2e:12:b3:b6:15:3e:e4:d0:ff:31:b1:5f:0b:a1:81:b1:
a3:0f:3e:71:03:38:b5:cd:ad:3b:a9:ae:38:73:99:66:ac:0a:
95:14:9b:16:26:a4:b1:dc:39:a7:81:b9:17:08:40:80:04:30:
60:cc:20:bc:94:66:8e:76:4b:36:59:ce:7b:15:92:32:69:e7:
cd:1f:94:34:7d:85:42:fe:0d:d3:2a:a1:6b:b0:c0:c6:e8:81:
ff:58:fa:17:2e:6c:a2:bd:d0:6f:5b:c0:bc:99:09:d9:30:74:
a1:2f:66:f1
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzFAAmhcgVmDGhDjKz33zHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWEzZTFiZGU2MzJkMmEwMDVlNjk0NTE4N2I2MjU1OTRkNTVhZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW1bJf+e+MIj8Y9v6HS2LgFwbN3+
nl+lNMyoSNM6K9HmQyOQOlBR6IyolthY7EQuiotpPaHG2Qs/bDTnZ516E/41J4qN
IjlGa7wcuzkCXMuco/8fpOP0aiJyNeCanriiWvik+NnS2JqzdxCfNt65Qz0ofyY6
sHmJXCa2O0MpQes+UDk3DT43FfwN99p5uJtPoe4I1W/AbnDKrp3NlYZHhmqDkCQR
DLyaacWnRXCIuo8rcdPmTVhpZY9NqPeArZ/3FQSRhxUQn5rkLUrK8mghBBerREV4
CxmdxINVpnKW7WEsiPXMS2OZT8n7gZY0dYoY73uy2kMROZgL+2vf9Ve2dQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFD6j4b3mMtKgBeaUUYe2JVlNVa+bMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvUHFQaHZlWXkwcUFGNXBSUmg3WWxXVTFWcjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAU+ySAD
BAE+ySgwDAMEAD7JKwMEBj7JADANBgkqhkiG9w0BAQsFAAOCAQEAYnjeUnNoWy9h
YutswUdCJ/JtNEjEaM0O5DiBXu8wbFlwWwr5SXHtYXk73NLU0yk3SK7nlu/JpkSM
tz8ism7oRVa0WPiKivCk2rwCSFUIIWt8a/78X4+J7KVmH2KQkMyRDzYgUUa/g2Ig
vNHfRRK1oFV96JqZDNdNhOuOTFX/I0aTapkDdMZ8jMcSVcrW4zBYrkAuErO2FT7k
0P8xsV8LoYGxow8+cQM4tc2tO6muOHOZZqwKlRSbFiaksdw5p4G5FwhAgAQwYMwg
vJRmjnZLNlnOexWSMmnnzR+UNH2FQv4N0yqha7DAxuiB/1j6Fy5sor3Qb1vAvJkJ
2TB0oS9m8Q==
-----END CERTIFICATE-----
Generated at Sat Apr 27 11:45:35 2024 by rpki-client on console-ams.rpki-client.org