Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/P3HMd9nsNTIViSxOnvcRyGkC_SQ.roa
File: P3HMd9nsNTIViSxOnvcRyGkC_SQ.roa (raw, json)
Hash identifier: 8P2fGUW6Yx3dPmcRjRk6MKSIDP+YBwW7ISEDJ33MZc8=
Subject key identifier: 3F:71:CC:77:D9:EC:35:32:15:89:2C:4E:9E:F7:11:C8:69:02:FD:24
Certificate issuer: /CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Certificate serial: 018CC3B70B272D631EFD5E6D2A5378039B96
Authority key identifier: 38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/P3HMd9nsNTIViSxOnvcRyGkC_SQ.roa
Signing time: Mon 01 Jan 2024 06:30:02 +0000
ROA not before: Mon 01 Jan 2024 06:30:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34978
IP address blocks: 185.52.10.0/24 maxlen: 24
185.52.11.0/24 maxlen: 24
185.52.8.0/22 maxlen: 22
185.52.8.0/24 maxlen: 24
185.52.9.0/24 maxlen: 24
81.29.224.0/20 maxlen: 20
2a04:c640::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.mft
rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:0b:27:2d:63:1e:fd:5e:6d:2a:53:78:03:9b:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Validity
Not Before: Jan 1 06:30:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3f71cc77d9ec353215892c4e9ef711c86902fd24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:74:9b:92:74:be:35:17:1f:15:d9:73:f6:c2:
a1:3a:2d:6b:85:c6:f6:20:95:53:3c:c7:eb:49:2a:
1a:7e:6a:1e:10:ea:0b:a3:32:96:f9:8f:ab:85:ee:
07:be:f0:bf:8c:b4:75:fa:32:4e:42:5a:10:dd:ad:
0b:5c:a1:48:83:2a:29:18:06:03:e4:5d:96:4b:59:
82:48:69:2d:c7:85:aa:85:fd:4f:04:35:97:d9:f2:
10:34:4a:a2:2c:b0:e8:a3:8b:a1:26:45:4f:05:24:
72:f7:14:d6:49:eb:55:57:32:19:c9:3d:29:f1:ca:
2b:c5:58:da:c8:95:26:35:27:64:4c:e8:72:13:46:
a2:82:d5:d2:c4:ed:3b:8b:16:fd:61:ad:72:c1:33:
d3:be:e7:95:49:75:f5:5b:ea:87:41:25:86:bf:9c:
a2:24:e4:94:26:83:b0:38:2c:cb:fd:36:60:aa:0c:
7f:2a:e1:8e:88:95:70:a9:0f:a0:fc:e1:39:da:e0:
11:ff:5c:51:65:3a:de:ca:f0:a6:d7:7d:cd:93:ab:
c6:6a:8a:c5:d2:ea:e8:9b:46:59:a7:4d:20:f2:22:
5e:72:4c:3b:e6:1b:d9:ac:89:42:01:ab:b5:32:34:
a0:34:6a:61:9f:1e:6b:64:9d:80:5e:ae:87:02:34:
2d:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:71:CC:77:D9:EC:35:32:15:89:2C:4E:9E:F7:11:C8:69:02:FD:24
X509v3 Authority Key Identifier:
keyid:38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/P3HMd9nsNTIViSxOnvcRyGkC_SQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.29.224.0/20
185.52.8.0/22
IPv6:
2a04:c640::/29
Signature Algorithm: sha256WithRSAEncryption
02:9a:11:19:15:40:a5:02:a9:bb:ed:f9:16:23:27:1e:e4:ec:
d0:6e:ac:6c:6e:1f:c5:35:ca:bb:32:78:d3:65:32:42:c1:96:
cd:28:c7:77:eb:38:0b:ab:bc:ba:db:79:ae:54:21:7e:5e:72:
ea:fb:4c:d7:4c:27:ca:8c:4f:07:d4:44:7b:af:09:41:0f:a1:
60:9c:8d:8e:92:45:72:5a:0f:f7:cb:0d:2d:1e:e4:66:2c:a3:
5f:bb:bb:36:1e:32:52:42:9b:d6:cf:5b:47:b5:89:d7:81:97:
12:c4:76:0b:a4:32:d7:4f:c7:1e:3a:9a:44:ae:f3:0a:2c:fd:
5a:76:9e:bc:5f:28:40:3f:07:a2:67:90:b6:4f:a8:d8:4b:0b:
58:17:80:fb:fc:2d:52:54:04:ab:78:3e:60:7b:75:65:08:f4:
be:cf:62:09:56:76:f7:e8:3a:7d:af:d4:b4:8d:28:e5:e0:09:
9a:4c:3d:a5:db:8e:c3:89:59:5e:42:3d:0e:b6:b6:cb:49:51:
fe:f1:13:bc:67:ee:e2:25:53:ea:95:e9:13:5f:e3:61:f4:e2:
d7:89:ee:7f:46:63:b7:9a:05:72:37:c6:38:b1:29:a3:92:e7:
ce:48:8b:33:c8:37:4a:51:e6:b9:83:1d:b8:37:50:9d:7d:09:
3d:20:84:35
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtwsnLWMe/V5tKlN4A5uWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTM3YzI0ZGRjYTM0N2Q3MTNlZDc5NGQzM2NkNGE4MWE4
YjQ5OGEwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjcxY2M3N2Q5ZWMzNTMyMTU4OTJjNGU5ZWY3MTFjODY5MDJmZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXSbknS+NRcfFdlz9sKhOi1rhcb2
IJVTPMfrSSoafmoeEOoLozKW+Y+rhe4HvvC/jLR1+jJOQloQ3a0LXKFIgyopGAYD
5F2WS1mCSGktx4Wqhf1PBDWX2fIQNEqiLLDoo4uhJkVPBSRy9xTWSetVVzIZyT0p
8corxVjayJUmNSdkTOhyE0aigtXSxO07ixb9Ya1ywTPTvueVSXX1W+qHQSWGv5yi
JOSUJoOwOCzL/TZgqgx/KuGOiJVwqQ+g/OE52uAR/1xRZTreyvCm133Nk6vGaorF
0urom0ZZp00g8iJeckw75hvZrIlCAau1MjSgNGphnx5rZJ2AXq6HAjQtXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD9xzHfZ7DUyFYksTp73EchpAv0kMB8GA1UdIwQY
MBaAFDijfCTdyjR9cT7XlNM81Kgai0mKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0tOOEpOM0tOSDF4UHRlVTB6elVxQnFMU1lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZTMzYzMtZDE5Ny00NWYyLTgyOGUt
NDRhNDlkMjYzNzAwLzEvUDNITWQ5bnNOVElWaVN4T252Y1J5R2tDX1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZTMzYzMtZDE5Ny00NWYyLTgyOGUtNDRhNDlkMjYzNzAw
LzEvT0tOOEpOM0tOSDF4UHRlVTB6elVxQnFMU1lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUR3gAwQC
uTQIMA0EAgACMAcDBQMqBMZAMA0GCSqGSIb3DQEBCwUAA4IBAQACmhEZFUClAqm7
7fkWIyce5OzQbqxsbh/FNcq7MnjTZTJCwZbNKMd36zgLq7y623muVCF+XnLq+0zX
TCfKjE8H1ER7rwlBD6FgnI2OkkVyWg/3yw0tHuRmLKNfu7s2HjJSQpvWz1tHtYnX
gZcSxHYLpDLXT8ceOppErvMKLP1adp68XyhAPweiZ5C2T6jYSwtYF4D7/C1SVASr
eD5ge3VlCPS+z2IJVnb36Dp9r9S0jSjl4AmaTD2l247DiVleQj0OtrbLSVH+8RO8
Z+7iJVPqlekTX+Nh9OLXie5/RmO3mgVyN8Y4sSmjkufOSIszyDdKUea5gx24N1Cd
fQk9IIQ1
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:55:48 2024 by rpki-client on console-fra.rpki-client.org