Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/31dbb7-bcfd-4a61-a641-4e5686be6b82/1/MlMDIz8sGK3RaHUy8jORMbCdz0g.roa
File: MlMDIz8sGK3RaHUy8jORMbCdz0g.roa (raw, json)
Hash identifier: yPFRaYCFC0TOHJ+UwY/Ku1AsRaOdmDs8kRo2Rju4NOM=
Subject key identifier: 32:53:03:23:3F:2C:18:AD:D1:68:75:32:F2:33:91:31:B0:9D:CF:48
Certificate issuer: /CN=3c775e1b9fb0ac93d563ba8e970884da57b6e197
Certificate serial: 0191EF94C07533722734FA261FABBEA0B47D
Authority key identifier: 3C:77:5E:1B:9F:B0:AC:93:D5:63:BA:8E:97:08:84:DA:57:B6:E1:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PHdeG5-wrJPVY7qOlwiE2le24Zc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/31dbb7-bcfd-4a61-a641-4e5686be6b82/1/MlMDIz8sGK3RaHUy8jORMbCdz0g.roa
Signing time: Sat 14 Sep 2024 08:09:48 +0000
ROA not before: Sat 14 Sep 2024 08:09:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9011
IP address blocks: 212.100.0.0/19 maxlen: 19
212.100.0.0/24 maxlen: 24
212.100.1.0/24 maxlen: 24
212.100.2.0/23 maxlen: 23
212.100.4.0/24 maxlen: 24
212.100.5.0/24 maxlen: 24
212.100.6.0/23 maxlen: 23
212.100.8.0/21 maxlen: 21
212.100.16.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/31dbb7-bcfd-4a61-a641-4e5686be6b82/1/PHdeG5-wrJPVY7qOlwiE2le24Zc.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/31dbb7-bcfd-4a61-a641-4e5686be6b82/1/PHdeG5-wrJPVY7qOlwiE2le24Zc.mft
rsync://rpki.ripe.net/repository/DEFAULT/PHdeG5-wrJPVY7qOlwiE2le24Zc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 04 Dec 2024 14:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:ef:94:c0:75:33:72:27:34:fa:26:1f:ab:be:a0:b4:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c775e1b9fb0ac93d563ba8e970884da57b6e197
Validity
Not Before: Sep 14 08:09:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=325303233f2c18add1687532f2339131b09dcf48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:23:63:07:46:2b:7d:62:bf:45:ab:54:05:22:
3f:01:0c:a5:8b:70:bd:b3:a9:02:cf:1e:99:93:d0:
27:ea:e4:aa:85:5b:3d:99:39:ea:04:21:03:55:b3:
df:52:5e:b4:dc:a4:58:92:41:f7:64:86:54:f7:2e:
b8:31:c2:dc:f8:6f:98:e0:f6:af:00:c9:36:9f:1d:
1f:67:03:25:3b:3b:5c:6d:65:f6:42:86:f8:11:95:
66:c7:8f:60:97:80:74:d3:75:57:6a:d6:ae:4e:b2:
a1:de:2f:67:e0:af:34:f8:54:60:10:d3:57:90:85:
71:5c:34:a8:87:38:a9:00:41:52:77:c6:a6:11:5b:
c5:88:b6:24:69:c2:b8:89:09:5b:d8:68:d6:35:34:
59:26:b4:08:b1:e7:4d:95:c8:48:90:a1:79:5a:84:
48:e7:5d:4e:36:f9:dd:25:a0:bb:72:c1:fa:4c:d8:
b4:95:27:8e:5f:dd:2c:1a:03:17:06:7b:51:bf:49:
8b:6a:63:f0:3c:a6:d0:97:19:87:1f:d9:54:a8:32:
bb:7b:b9:97:8a:46:96:2d:c8:ea:b2:b4:ee:21:f8:
88:f7:59:83:37:82:ce:8b:7c:2e:1a:60:a9:a1:60:
39:54:44:56:e8:ca:1b:83:c9:7d:fe:4f:71:48:f5:
0f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:53:03:23:3F:2C:18:AD:D1:68:75:32:F2:33:91:31:B0:9D:CF:48
X509v3 Authority Key Identifier:
keyid:3C:77:5E:1B:9F:B0:AC:93:D5:63:BA:8E:97:08:84:DA:57:B6:E1:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PHdeG5-wrJPVY7qOlwiE2le24Zc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/31dbb7-bcfd-4a61-a641-4e5686be6b82/1/MlMDIz8sGK3RaHUy8jORMbCdz0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/31dbb7-bcfd-4a61-a641-4e5686be6b82/1/PHdeG5-wrJPVY7qOlwiE2le24Zc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.100.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1d:e3:46:b7:e3:5f:23:bf:aa:57:55:1b:ea:a6:98:9c:c3:5d:
98:97:43:02:e7:80:ad:c6:a2:37:2e:17:34:74:07:06:7a:50:
bf:ad:58:0f:1a:8a:b7:cb:fa:46:9a:00:3f:a1:8d:55:a3:90:
04:8a:d2:2c:09:15:38:f5:33:cd:06:dc:53:aa:45:32:05:f3:
bc:f6:1a:34:24:b3:ec:7e:10:b1:65:6a:ac:ed:a4:6c:4f:41:
99:0a:d8:f2:e6:c3:d4:6d:2c:5d:77:cf:ca:ab:13:95:6b:31:
65:e0:bc:bf:44:e6:dc:aa:ee:90:0a:e1:e4:85:a5:4c:c8:51:
2e:da:3a:59:52:94:e4:ea:65:5b:e4:95:14:2a:f9:50:85:d0:
07:7b:da:b4:27:ca:f6:5a:c5:4d:be:a9:c1:9c:10:53:33:e3:
b1:df:d8:1f:6a:d6:78:7d:b8:6d:47:e5:56:86:97:dc:7e:35:
6c:64:52:ef:ee:25:48:b8:b8:dd:d5:32:b4:7b:dd:db:62:23:
7f:a1:36:3d:67:ce:a6:62:3b:26:35:ec:38:f0:65:9f:9a:80:
4d:0d:18:f0:df:f3:a4:75:1a:cf:99:91:49:b9:29:e3:d9:e4:
87:1a:ca:1a:3b:25:57:73:6d:e7:f5:80:d6:f6:a5:a8:2c:33:
55:aa:72:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHvlMB1M3InNPomH6u+oLR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNzc1ZTFiOWZiMGFjOTNkNTYzYmE4ZTk3MDg4NGRhNTdi
NmUxOTcwHhcNMjQwOTE0MDgwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjUzMDMyMzNmMmMxOGFkZDE2ODc1MzJmMjMzOTEzMWIwOWRjZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyNjB0YrfWK/RatUBSI/AQyli3C9
s6kCzx6Zk9An6uSqhVs9mTnqBCEDVbPfUl603KRYkkH3ZIZU9y64McLc+G+Y4Pav
AMk2nx0fZwMlOztcbWX2Qob4EZVmx49gl4B003VXatauTrKh3i9n4K80+FRgENNX
kIVxXDSohzipAEFSd8amEVvFiLYkacK4iQlb2GjWNTRZJrQIsedNlchIkKF5WoRI
511ONvndJaC7csH6TNi0lSeOX90sGgMXBntRv0mLamPwPKbQlxmHH9lUqDK7e7mX
ikaWLcjqsrTuIfiI91mDN4LOi3wuGmCpoWA5VERW6Mobg8l9/k9xSPUPnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJTAyM/LBit0Wh1MvIzkTGwnc9IMB8GA1UdIwQY
MBaAFDx3XhufsKyT1WO6jpcIhNpXtuGXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEhkZUc1LXdySlBWWTdxT2x3aUUybGUyNFpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zMWRiYjctYmNmZC00YTYxLWE2NDEt
NGU1Njg2YmU2YjgyLzEvTWxNREl6OHNHSzNSYUhVeThqT1JNYkNkejBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zMWRiYjctYmNmZC00YTYxLWE2NDEtNGU1Njg2YmU2Yjgy
LzEvUEhkZUc1LXdySlBWWTdxT2x3aUUybGUyNFpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GQAMA0G
CSqGSIb3DQEBCwUAA4IBAQAd40a3418jv6pXVRvqppicw12Yl0MC54CtxqI3Lhc0
dAcGelC/rVgPGoq3y/pGmgA/oY1Vo5AEitIsCRU49TPNBtxTqkUyBfO89ho0JLPs
fhCxZWqs7aRsT0GZCtjy5sPUbSxdd8/KqxOVazFl4Ly/RObcqu6QCuHkhaVMyFEu
2jpZUpTk6mVb5JUUKvlQhdAHe9q0J8r2WsVNvqnBnBBTM+Ox39gfatZ4fbhtR+VW
hpfcfjVsZFLv7iVIuLjd1TK0e93bYiN/oTY9Z86mYjsmNew48GWfmoBNDRjw3/Ok
dRrPmZFJuSnj2eSHGsoaOyVXc23n9YDW9qWoLDNVqnIk
-----END CERTIFICATE-----
Generated at Tue Dec 3 17:34:32 2024 by rpki-client on console-ams.rpki-client.org