Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/HZks6rUp4qDByVVDUSeruilIZF8.roa
File: HZks6rUp4qDByVVDUSeruilIZF8.roa (raw, json)
Hash identifier: wbtyBWjZAPKsN7F9FS9PHRCEchE8w86EltPXU7R360c=
Subject key identifier: 1D:99:2C:EA:B5:29:E2:A0:C1:C9:55:43:51:27:AB:BA:29:48:64:5F
Certificate issuer: /CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Certificate serial: 018CC5DBE7162C652AF1079CCA4B5CBAFE89
Authority key identifier: D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/HZks6rUp4qDByVVDUSeruilIZF8.roa
Signing time: Mon 01 Jan 2024 16:29:32 +0000
ROA not before: Mon 01 Jan 2024 16:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207974
IP address blocks: 185.214.168.0/24 maxlen: 24
185.214.168.0/22 maxlen: 22
185.214.170.0/24 maxlen: 24
185.214.169.0/24 maxlen: 24
2a0a:3b40:3000::/36 maxlen: 36
2a0a:3b40:2000::/36 maxlen: 36
2a0a:3b40:1000::/36 maxlen: 36
2a0a:3b40::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.mft
rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 24 May 2024 17:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:db:e7:16:2c:65:2a:f1:07:9c:ca:4b:5c:ba:fe:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Validity
Not Before: Jan 1 16:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1d992ceab529e2a0c1c955435127abba2948645f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:f7:17:c5:cc:a7:35:1a:21:8b:81:ab:36:75:
20:86:02:f0:d5:78:ee:bc:f8:f7:8e:bc:e1:13:e4:
e5:f0:b0:7b:55:78:42:f2:1a:bc:cc:d6:f6:79:5d:
3c:b4:30:2a:d2:ed:2c:a2:76:75:78:06:5d:26:73:
ba:73:a2:fd:c7:df:e2:b4:5f:14:5d:5e:9c:22:03:
1e:b2:c3:20:53:7d:b1:88:fa:4e:16:fc:ec:e2:12:
ef:e5:a1:b5:94:3a:3f:3c:93:97:e2:34:cd:bd:f4:
3a:41:06:96:22:7b:20:4d:91:39:e4:b6:d0:33:64:
21:f5:5e:eb:f7:7c:ae:f6:1d:ac:2a:30:0e:7a:19:
b0:52:7e:dd:0c:00:a9:de:8d:d1:d7:34:82:9e:82:
c2:42:e4:20:ce:91:e3:20:9a:90:37:2d:c3:9a:99:
1c:ee:cc:e8:cd:52:be:0f:09:78:4f:f5:87:9b:75:
d0:bd:1c:0d:53:1d:5e:12:55:ca:88:89:17:db:71:
29:ad:fd:2a:8f:b5:a5:c1:37:7f:35:b1:e7:2a:62:
31:7c:25:f7:79:db:80:21:9d:85:bb:cb:b0:10:6b:
c3:7c:9c:be:f0:a6:2c:7c:99:64:26:3d:8c:8a:a4:
41:67:c8:56:5c:4d:34:93:25:52:1c:90:49:03:8f:
a0:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:99:2C:EA:B5:29:E2:A0:C1:C9:55:43:51:27:AB:BA:29:48:64:5F
X509v3 Authority Key Identifier:
keyid:D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/HZks6rUp4qDByVVDUSeruilIZF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.214.168.0/22
IPv6:
2a0a:3b40::/34
Signature Algorithm: sha256WithRSAEncryption
94:a9:37:50:e4:eb:ff:9d:d6:37:74:dc:f4:02:e6:4e:2d:74:
60:24:5f:1f:ed:79:a1:ab:f7:95:8c:fa:68:f1:14:02:df:ce:
c8:c7:a5:ce:8d:fd:7f:c2:ac:3c:08:38:de:ac:4d:d5:34:4a:
fe:58:c2:84:83:61:ca:f4:3e:8f:62:b7:64:21:c6:90:26:c1:
85:b5:a6:a7:69:a4:40:92:7d:2a:29:e0:f2:9d:56:9d:d9:ca:
23:df:53:33:da:77:e9:bc:ea:32:bf:cd:c7:00:70:2c:8f:ed:
9b:a6:58:bf:26:41:b7:67:d7:20:0e:b3:b7:f1:be:5d:39:8a:
d2:1c:2c:3e:fe:e0:3c:38:a7:d9:97:99:56:c6:a5:14:f9:53:
d0:40:e7:98:a6:1a:ba:09:f2:00:e8:14:06:9a:da:43:1d:a9:
08:cf:72:be:17:cf:0b:cf:8c:04:b5:41:f0:b0:06:6e:52:7f:
11:a1:aa:3d:c5:91:a1:85:40:77:59:ce:92:30:2d:97:60:d8:
38:0e:6d:04:52:f6:2a:f7:6e:4b:af:8a:e9:15:97:8e:43:05:
9f:c4:cd:7e:f2:4a:e3:d7:1c:30:77:ef:09:99:9d:ba:e6:61:
e1:42:37:30:49:b7:67:9d:25:62:72:52:f2:ef:1d:5d:a3:9f:
5a:ab:27:14
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzF2+cWLGUq8Qecyktcuv6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2JmNGZiZWE4OTRmNDNlZWIzZGIxYjIxNmU1Nzc2NmUw
MWFiODEwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk5MmNlYWI1MjllMmEwYzFjOTU1NDM1MTI3YWJiYTI5NDg2NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvcXxcynNRohi4GrNnUghgLw1Xju
vPj3jrzhE+Tl8LB7VXhC8hq8zNb2eV08tDAq0u0sonZ1eAZdJnO6c6L9x9/itF8U
XV6cIgMessMgU32xiPpOFvzs4hLv5aG1lDo/PJOX4jTNvfQ6QQaWInsgTZE55LbQ
M2Qh9V7r93yu9h2sKjAOehmwUn7dDACp3o3R1zSCnoLCQuQgzpHjIJqQNy3Dmpkc
7szozVK+Dwl4T/WHm3XQvRwNUx1eElXKiIkX23Eprf0qj7WlwTd/NbHnKmIxfCX3
eduAIZ2Fu8uwEGvDfJy+8KYsfJlkJj2MiqRBZ8hWXE00kyVSHJBJA4+gkQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFB2ZLOq1KeKgwclVQ1Enq7opSGRfMB8GA1UdIwQY
MBaAFNF79PvqiU9D7rPbGyFuV3ZuAauBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDIt
MmMyMDFkMzBhZTA1LzEvSFprczZyVXA0cURCeVZWRFVTZXJ1aWxJWkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDItMmMyMDFkMzBhZTA1
LzEvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCudaoMA4E
AgACMAgDBgYqCjtAADANBgkqhkiG9w0BAQsFAAOCAQEAlKk3UOTr/53WN3Tc9ALm
Ti10YCRfH+15oav3lYz6aPEUAt/OyMelzo39f8KsPAg43qxN1TRK/ljChINhyvQ+
j2K3ZCHGkCbBhbWmp2mkQJJ9King8p1WndnKI99TM9p36bzqMr/NxwBwLI/tm6ZY
vyZBt2fXIA6zt/G+XTmK0hwsPv7gPDin2ZeZVsalFPlT0EDnmKYaugnyAOgUBpra
Qx2pCM9yvhfPC8+MBLVB8LAGblJ/EaGqPcWRoYVAd1nOkjAtl2DYOA5tBFL2Kvdu
S6+K6RWXjkMFn8TNfvJK49ccMHfvCZmduuZh4UI3MEm3Z50lYnJS8u8dXaOfWqsn
FA==
-----END CERTIFICATE-----
Generated at Fri May 24 01:25:18 2024 by rpki-client on console-ams.rpki-client.org