Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/1PALQizsQYGDI5kxKp7E-SnUTOY.roa
File: 1PALQizsQYGDI5kxKp7E-SnUTOY.roa (raw, json)
Hash identifier: Bru7Dv+pkMJca3MvqvpavhTFsas7BBxz4PKAHnyJTxI=
Subject key identifier: D4:F0:0B:42:2C:EC:41:81:83:23:99:31:2A:9E:C4:F9:29:D4:4C:E6
Certificate issuer: /CN=420387c94134d9a08ffd32630967703adc582b6c
Certificate serial: 018CC50043052E34A1868B0DFACADD358AF4
Authority key identifier: 42:03:87:C9:41:34:D9:A0:8F:FD:32:63:09:67:70:3A:DC:58:2B:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QgOHyUE02aCP_TJjCWdwOtxYK2w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/1PALQizsQYGDI5kxKp7E-SnUTOY.roa
Signing time: Mon 01 Jan 2024 12:29:37 +0000
ROA not before: Mon 01 Jan 2024 12:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200918
IP address blocks: 185.186.36.0/24 maxlen: 24
185.126.196.0/22 maxlen: 22
185.186.38.0/24 maxlen: 24
185.186.37.0/24 maxlen: 24
185.186.39.0/24 maxlen: 24
2a06:bfc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/QgOHyUE02aCP_TJjCWdwOtxYK2w.crl
rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/QgOHyUE02aCP_TJjCWdwOtxYK2w.mft
rsync://rpki.ripe.net/repository/DEFAULT/QgOHyUE02aCP_TJjCWdwOtxYK2w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:43:05:2e:34:a1:86:8b:0d:fa:ca:dd:35:8a:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=420387c94134d9a08ffd32630967703adc582b6c
Validity
Not Before: Jan 1 12:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d4f00b422cec4181832399312a9ec4f929d44ce6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:4e:df:ef:d1:68:58:54:65:5f:90:56:32:69:
2d:eb:72:f7:ad:b8:b0:20:20:d4:8f:1e:1e:5d:d8:
51:d8:55:05:81:67:e1:21:7c:1b:c1:10:4e:e8:03:
eb:2a:20:cf:18:a8:42:19:14:54:e0:10:4e:9f:92:
d7:7e:96:a4:88:e4:bc:78:8d:b3:7c:98:ca:f9:8a:
3d:ba:41:df:90:07:e5:07:6c:d3:12:2a:c0:4e:8d:
5e:a7:52:81:ea:21:e7:b9:dd:45:29:ed:ea:a0:f7:
2e:82:19:11:6b:bb:27:78:62:05:76:53:d7:47:58:
b0:d1:a9:39:b0:fb:85:96:cc:c9:3e:df:8f:19:1b:
9c:e5:3f:c8:06:21:b8:96:e9:fb:a9:51:cc:b0:a9:
b3:a1:88:da:5c:e6:a0:c3:1c:fa:51:d0:d9:7f:99:
5b:f8:e2:b4:d3:8a:dc:46:e8:25:de:a7:5c:eb:bb:
b5:65:15:b3:de:0a:ca:d8:1b:b6:46:a6:ff:eb:53:
ff:2b:c5:b6:e5:20:de:4d:95:85:09:5b:ee:e3:f8:
5f:ef:5e:8a:1f:1e:83:19:7f:14:5e:d0:bd:29:d2:
58:06:32:5a:87:56:b9:d9:48:7a:cc:9a:6e:89:9f:
64:56:4d:b5:34:37:05:1c:e8:90:ff:ab:d2:9e:3d:
36:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:F0:0B:42:2C:EC:41:81:83:23:99:31:2A:9E:C4:F9:29:D4:4C:E6
X509v3 Authority Key Identifier:
keyid:42:03:87:C9:41:34:D9:A0:8F:FD:32:63:09:67:70:3A:DC:58:2B:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QgOHyUE02aCP_TJjCWdwOtxYK2w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/1PALQizsQYGDI5kxKp7E-SnUTOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/QgOHyUE02aCP_TJjCWdwOtxYK2w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.126.196.0/22
185.186.36.0/22
IPv6:
2a06:bfc0::/29
Signature Algorithm: sha256WithRSAEncryption
90:c4:d2:9f:1a:2a:e6:25:e6:05:4c:78:b3:8a:ac:2c:84:dd:
08:1f:21:f9:16:f9:d3:c8:4b:b6:a1:08:61:e0:aa:48:80:76:
fd:f2:a9:08:4b:7c:11:5a:18:9c:ab:64:b7:56:0b:5c:f9:2a:
a8:7c:6f:08:fd:b7:52:ac:62:16:ec:f9:89:b3:d7:99:80:4f:
2f:09:ba:24:d3:c5:32:5c:f0:34:12:c5:bb:fc:98:86:42:0d:
31:f5:7d:6d:c3:e7:d6:dd:21:52:53:94:db:99:95:8d:6a:41:
29:21:cd:10:74:95:5b:ed:f9:4b:88:41:1e:74:6f:49:e8:97:
de:84:be:df:4f:96:89:04:87:da:37:bf:a5:5f:ee:6a:fb:f7:
72:fe:62:1a:9f:e2:3b:40:29:6d:0a:31:a5:e1:a0:7a:d3:5b:
19:7c:1a:1f:6c:dc:3d:fa:1f:e5:b6:b1:66:dd:7a:5e:50:3b:
94:54:09:ff:3d:7a:2e:98:02:5d:4a:05:bf:dc:e2:f0:4a:ca:
04:e3:d9:12:ed:ea:dd:5f:c8:f5:15:7b:33:e8:11:da:d2:eb:
ce:90:41:54:dd:3b:57:f3:94:b4:94:47:36:f5:b3:99:aa:bd:
92:ba:c0:1f:77:12:69:11:87:b4:10:b7:6d:7c:0c:dc:54:0b:
a4:70:2d:12
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAEMFLjShhosN+srdNYr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMDM4N2M5NDEzNGQ5YTA4ZmZkMzI2MzA5Njc3MDNhZGM1
ODJiNmMwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGYwMGI0MjJjZWM0MTgxODMyMzk5MzEyYTllYzRmOTI5ZDQ0Y2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn07f79FoWFRlX5BWMmkt63L3rbiw
ICDUjx4eXdhR2FUFgWfhIXwbwRBO6APrKiDPGKhCGRRU4BBOn5LXfpakiOS8eI2z
fJjK+Yo9ukHfkAflB2zTEirATo1ep1KB6iHnud1FKe3qoPcughkRa7sneGIFdlPX
R1iw0ak5sPuFlszJPt+PGRuc5T/IBiG4lun7qVHMsKmzoYjaXOagwxz6UdDZf5lb
+OK004rcRugl3qdc67u1ZRWz3grK2Bu2Rqb/61P/K8W25SDeTZWFCVvu4/hf716K
Hx6DGX8UXtC9KdJYBjJah1a52Uh6zJpuiZ9kVk21NDcFHOiQ/6vSnj02vQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNTwC0Is7EGBgyOZMSqexPkp1EzmMB8GA1UdIwQY
MBaAFEIDh8lBNNmgj/0yYwlncDrcWCtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWdPSHlVRTAyYUNQX1RKakNXZHdPdHhZSzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hMzhhODctMDE1OS00OTBlLWI2OWMt
Mzc2ZjRiNGQ5ZGE2LzEvMVBBTFFpenNRWUdESTVreEtwN0UtU25VVE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hMzhhODctMDE1OS00OTBlLWI2OWMtMzc2ZjRiNGQ5ZGE2
LzEvUWdPSHlVRTAyYUNQX1RKakNXZHdPdHhZSzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuX7EAwQC
ubokMA0EAgACMAcDBQMqBr/AMA0GCSqGSIb3DQEBCwUAA4IBAQCQxNKfGirmJeYF
THiziqwshN0IHyH5FvnTyEu2oQhh4KpIgHb98qkIS3wRWhicq2S3Vgtc+SqofG8I
/bdSrGIW7PmJs9eZgE8vCbok08UyXPA0EsW7/JiGQg0x9X1tw+fW3SFSU5TbmZWN
akEpIc0QdJVb7flLiEEedG9J6JfehL7fT5aJBIfaN7+lX+5q+/dy/mIan+I7QClt
CjGl4aB601sZfBofbNw9+h/ltrFm3XpeUDuUVAn/PXoumAJdSgW/3OLwSsoE49kS
7erdX8j1FXsz6BHa0uvOkEFU3TtX85S0lEc29bOZqr2SusAfdxJpEYe0ELdtfAzc
VAukcC0S
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:47:27 2024 by rpki-client on console-ams.rpki-client.org