Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/e9f313-cd68-4fb5-bb8d-7396d8b640ad/1/3Ai2twUD1n9qOzU7P9W1qbpsgPA.roa
File: 3Ai2twUD1n9qOzU7P9W1qbpsgPA.roa (raw, json)
Hash identifier: FilXQbJ6eik7mlIh4GpZ64+B6ymmcWhSW+KJd2Z2m0E=
Subject key identifier: DC:08:B6:B7:05:03:D6:7F:6A:3B:35:3B:3F:D5:B5:A9:BA:6C:80:F0
Certificate issuer: /CN=a00b42604b3f8e9e5b72f2329389af18ffbd20b8
Certificate serial: 018CC500566B2CC5B8FE3EE385250F596117
Authority key identifier: A0:0B:42:60:4B:3F:8E:9E:5B:72:F2:32:93:89:AF:18:FF:BD:20:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oAtCYEs_jp5bcvIyk4mvGP-9ILg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/e9f313-cd68-4fb5-bb8d-7396d8b640ad/1/3Ai2twUD1n9qOzU7P9W1qbpsgPA.roa
Signing time: Mon 01 Jan 2024 12:29:42 +0000
ROA not before: Mon 01 Jan 2024 12:29:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198060
IP address blocks: 193.56.211.0/24 maxlen: 24
193.56.209.0/24 maxlen: 24
193.56.231.0/24 maxlen: 24
2001:67c:1108::/47 maxlen: 47
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/e9f313-cd68-4fb5-bb8d-7396d8b640ad/1/oAtCYEs_jp5bcvIyk4mvGP-9ILg.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/e9f313-cd68-4fb5-bb8d-7396d8b640ad/1/oAtCYEs_jp5bcvIyk4mvGP-9ILg.mft
rsync://rpki.ripe.net/repository/DEFAULT/oAtCYEs_jp5bcvIyk4mvGP-9ILg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:56:6b:2c:c5:b8:fe:3e:e3:85:25:0f:59:61:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a00b42604b3f8e9e5b72f2329389af18ffbd20b8
Validity
Not Before: Jan 1 12:29:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dc08b6b70503d67f6a3b353b3fd5b5a9ba6c80f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:77:09:e0:05:3a:a3:1b:be:2f:37:6b:56:8f:
db:b9:1e:d7:3d:70:81:c6:41:65:fe:bd:b1:08:48:
ae:6b:0a:89:46:01:3c:6a:19:e5:ce:45:dc:91:19:
2a:06:7e:4d:7c:87:a6:6c:18:a4:aa:3f:cd:be:61:
95:bc:2e:54:52:75:26:50:4e:14:0d:96:c5:bc:36:
9d:8e:db:e0:ef:4c:6e:75:3f:23:12:e8:6b:ae:ea:
5a:2e:f1:41:33:3c:4a:af:ad:71:07:16:4f:f6:7b:
fa:2d:0d:43:1b:a1:7b:c6:18:03:c1:5d:d4:96:ae:
b9:4f:a8:02:54:1a:f0:9e:3d:b0:8c:ed:f6:ad:6b:
f1:de:88:29:a1:a0:42:cf:eb:36:a4:d3:15:dc:74:
cf:ee:49:59:db:03:79:1e:3a:b7:4a:53:ce:cf:bf:
91:5f:c5:16:22:2d:50:18:c9:ee:2f:91:79:ed:39:
51:5f:1a:a8:e1:f6:fc:86:ca:c8:63:ed:de:4e:53:
72:ae:d7:ca:5c:db:a6:94:bd:49:6f:97:19:50:5b:
fd:b6:62:08:8e:42:97:83:17:d9:cb:47:6b:05:50:
ea:c4:d6:d9:c4:e8:76:b2:f7:29:53:6f:f1:62:3b:
28:bd:6d:67:5e:f8:37:e2:a3:e7:1e:b1:83:fd:53:
c5:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:08:B6:B7:05:03:D6:7F:6A:3B:35:3B:3F:D5:B5:A9:BA:6C:80:F0
X509v3 Authority Key Identifier:
keyid:A0:0B:42:60:4B:3F:8E:9E:5B:72:F2:32:93:89:AF:18:FF:BD:20:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oAtCYEs_jp5bcvIyk4mvGP-9ILg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/e9f313-cd68-4fb5-bb8d-7396d8b640ad/1/3Ai2twUD1n9qOzU7P9W1qbpsgPA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/e9f313-cd68-4fb5-bb8d-7396d8b640ad/1/oAtCYEs_jp5bcvIyk4mvGP-9ILg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.56.209.0/24
193.56.211.0/24
193.56.231.0/24
IPv6:
2001:67c:1108::/47
Signature Algorithm: sha256WithRSAEncryption
99:11:16:16:e4:26:6c:ee:66:44:18:74:fd:34:42:7d:7c:6f:
e9:fb:6c:94:08:98:1d:59:4b:12:b2:40:20:c2:7c:8f:4e:e5:
c3:ee:46:dc:03:00:93:06:c1:44:b5:0d:6b:0b:2e:25:a7:56:
bc:98:45:8d:07:2a:b8:11:a8:3d:0d:99:f9:02:fa:7a:3b:86:
59:03:4d:95:3c:c3:80:37:56:dd:3a:ca:84:73:4f:25:8f:72:
cf:d0:e7:8e:cf:7d:9d:ae:26:86:c9:23:1b:9e:1d:72:9e:a4:
10:1a:e7:62:11:4a:55:02:16:61:39:74:bb:81:0e:4d:17:0a:
0e:89:24:2c:e3:19:02:c9:17:58:1f:2a:b8:3b:c6:6b:a2:90:
30:4a:20:fb:8d:0d:fc:3a:db:a3:40:22:66:44:51:4a:7b:44:
12:60:96:7e:01:00:8d:4c:e9:63:b7:6c:69:d0:9f:40:ec:c9:
ac:75:86:cb:ee:55:03:18:cc:4e:74:bf:5d:fc:53:47:75:3c:
41:f6:59:a1:ca:00:86:a8:34:6c:ea:c7:ff:64:b7:d8:62:aa:
92:e6:bd:20:86:d4:ff:53:18:3b:f6:1b:5e:35:d4:0e:2f:8f:
ec:06:e2:95:12:c3:b8:8f:60:99:70:b8:7a:7a:46:60:61:d5:
a4:15:ad:17
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzFAFZrLMW4/j7jhSUPWWEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMGI0MjYwNGIzZjhlOWU1YjcyZjIzMjkzODlhZjE4ZmZi
ZDIwYjgwHhcNMjQwMTAxMTIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzA4YjZiNzA1MDNkNjdmNmEzYjM1M2IzZmQ1YjVhOWJhNmM4MGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3cJ4AU6oxu+LzdrVo/buR7XPXCB
xkFl/r2xCEiuawqJRgE8ahnlzkXckRkqBn5NfIembBikqj/NvmGVvC5UUnUmUE4U
DZbFvDadjtvg70xudT8jEuhrrupaLvFBMzxKr61xBxZP9nv6LQ1DG6F7xhgDwV3U
lq65T6gCVBrwnj2wjO32rWvx3ogpoaBCz+s2pNMV3HTP7klZ2wN5Hjq3SlPOz7+R
X8UWIi1QGMnuL5F57TlRXxqo4fb8hsrIY+3eTlNyrtfKXNumlL1Jb5cZUFv9tmII
jkKXgxfZy0drBVDqxNbZxOh2svcpU2/xYjsovW1nXvg34qPnHrGD/VPFQwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFNwItrcFA9Z/ajs1Oz/Vtam6bIDwMB8GA1UdIwQY
MBaAFKALQmBLP46eW3LyMpOJrxj/vSC4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0F0Q1lFc19qcDViY3ZJeWs0bXZHUC05SUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9lOWYzMTMtY2Q2OC00ZmI1LWJiOGQt
NzM5NmQ4YjY0MGFkLzEvM0FpMnR3VUQxbjlxT3pVN1A5VzFxYnBzZ1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9lOWYzMTMtY2Q2OC00ZmI1LWJiOGQtNzM5NmQ4YjY0MGFk
LzEvb0F0Q1lFc19qcDViY3ZJeWs0bXZHUC05SUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAwTjRAwQA
wTjTAwQAwTjnMA8EAgACMAkDBwEgAQZ8EQgwDQYJKoZIhvcNAQELBQADggEBAJkR
FhbkJmzuZkQYdP00Qn18b+n7bJQImB1ZSxKyQCDCfI9O5cPuRtwDAJMGwUS1DWsL
LiWnVryYRY0HKrgRqD0NmfkC+no7hlkDTZU8w4A3Vt06yoRzTyWPcs/Q547PfZ2u
JobJIxueHXKepBAa52IRSlUCFmE5dLuBDk0XCg6JJCzjGQLJF1gfKrg7xmuikDBK
IPuNDfw626NAImZEUUp7RBJgln4BAI1M6WO3bGnQn0Dsyax1hsvuVQMYzE50v138
U0d1PEH2WaHKAIaoNGzqx/9kt9hiqpLmvSCG1P9TGDv2G1411A4vj+wG4pUSw7iP
YJlwuHp6RmBh1aQVrRc=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:05 2024 by rpki-client on console-fra.rpki-client.org