Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/0gv5nMmgH_3MIhHlOgLEl6Gt12k.roa
File: 0gv5nMmgH_3MIhHlOgLEl6Gt12k.roa (raw, json)
Hash identifier: ClCk2KP2ofNsQAsp+5bcqVbL2ZMggYN6TFo4yhnM1mk=
Subject key identifier: D2:0B:F9:9C:C9:A0:1F:FD:CC:22:11:E5:3A:02:C4:97:A1:AD:D7:69
Certificate issuer: /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial: 018CC3B6F05456FC22A4657A8376F020009C
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/0gv5nMmgH_3MIhHlOgLEl6Gt12k.roa
Signing time: Mon 01 Jan 2024 06:29:55 +0000
ROA not before: Mon 01 Jan 2024 06:29:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6886
IP address blocks: 141.98.148.0/22 maxlen: 24
212.66.48.0/21 maxlen: 24
185.29.252.0/22 maxlen: 24
2a09:10c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:f0:54:56:fc:22:a4:65:7a:83:76:f0:20:00:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Validity
Not Before: Jan 1 06:29:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d20bf99cc9a01ffdcc2211e53a02c497a1add769
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:75:db:c9:39:24:fd:8c:d9:25:e8:59:c3:35:
59:aa:0a:64:ff:fb:3a:a0:0d:92:52:7d:ac:33:e6:
29:49:ef:82:b2:8a:78:b7:37:c2:8b:91:f3:f7:cf:
f3:e7:06:0e:be:2f:61:94:43:0b:d2:f9:0c:3d:f9:
7e:d1:be:0b:e2:ae:67:5c:af:bc:4f:94:07:c0:63:
87:72:06:c9:11:af:14:33:1d:17:50:a8:96:2d:93:
0d:14:15:95:87:6c:9c:b5:b1:61:9d:3e:b0:6e:d7:
5b:4b:c0:bd:0b:c6:99:07:49:83:6d:7a:5a:c0:1e:
66:96:d2:3f:4c:b4:98:36:d6:b7:95:eb:da:9c:60:
bc:20:ba:14:e5:1b:58:9a:ef:29:01:d2:d2:b5:7a:
bf:96:25:e8:a0:f0:59:0f:62:08:30:5c:99:aa:3e:
57:f1:bd:e0:b8:1d:03:6a:c0:2d:64:c7:55:33:fc:
e9:48:b7:3e:3e:a2:f0:e2:c4:25:71:14:bb:40:46:
ff:43:e4:8e:fd:a8:44:3b:0e:5c:89:f5:0b:a8:93:
19:f5:90:1d:de:c3:63:26:e3:ef:b9:69:c2:f1:94:
f1:55:b9:59:25:08:f3:d6:91:84:d9:ab:25:5b:4f:
a7:d4:46:0f:e8:e1:16:26:39:6c:9f:85:d1:9e:a3:
13:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:0B:F9:9C:C9:A0:1F:FD:CC:22:11:E5:3A:02:C4:97:A1:AD:D7:69
X509v3 Authority Key Identifier:
keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/0gv5nMmgH_3MIhHlOgLEl6Gt12k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.98.148.0/22
185.29.252.0/22
212.66.48.0/21
IPv6:
2a09:10c0::/29
Signature Algorithm: sha256WithRSAEncryption
dc:b8:a2:1b:b6:dc:1a:27:09:8d:48:40:4c:aa:31:fa:26:71:
e2:87:dd:b1:41:f3:59:70:53:13:df:9d:8b:b1:1b:86:5a:54:
9a:56:c1:24:47:2a:89:a4:b8:0f:30:20:e0:f2:9e:82:88:f7:
be:38:da:12:91:92:ee:b8:87:6b:61:5f:29:36:58:39:72:97:
ca:38:50:31:9e:4b:3f:ef:db:00:d2:c9:9d:dc:a4:3b:17:43:
7b:7b:9c:89:a5:bf:a7:1e:83:2b:c4:62:55:13:c3:25:36:55:
5e:ee:56:ac:58:73:51:a1:89:f8:9b:8c:ca:1f:d6:06:74:92:
00:d6:d9:85:48:f2:51:8c:69:01:22:0f:e4:6d:4e:07:81:02:
37:ae:77:4d:db:42:40:25:02:43:f9:a4:f5:5e:63:f2:a7:9b:
25:9a:fa:9a:3e:68:35:24:9e:19:15:5f:7d:a7:35:70:96:f5:
27:12:29:f8:19:65:38:f3:24:ee:7c:22:15:22:41:5c:6b:fe:
2c:f0:41:d3:81:b7:45:85:57:e3:b4:d9:6e:fc:2a:57:07:6d:
bd:ee:0f:1c:da:2c:86:76:7b:8b:9c:3c:05:34:32:31:a5:31:
51:a4:bb:7a:48:3a:d4:94:41:d4:ff:ff:ba:b4:95:59:d6:b7:
1e:e1:62:e3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzDtvBUVvwipGV6g3bwIACcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjBiZjk5Y2M5YTAxZmZkY2MyMjExZTUzYTAyYzQ5N2ExYWRkNzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnXbyTkk/YzZJehZwzVZqgpk//s6
oA2SUn2sM+YpSe+Csop4tzfCi5Hz98/z5wYOvi9hlEML0vkMPfl+0b4L4q5nXK+8
T5QHwGOHcgbJEa8UMx0XUKiWLZMNFBWVh2yctbFhnT6wbtdbS8C9C8aZB0mDbXpa
wB5mltI/TLSYNta3levanGC8ILoU5RtYmu8pAdLStXq/liXooPBZD2IIMFyZqj5X
8b3guB0DasAtZMdVM/zpSLc+PqLw4sQlcRS7QEb/Q+SO/ahEOw5cifULqJMZ9ZAd
3sNjJuPvuWnC8ZTxVblZJQjz1pGE2aslW0+n1EYP6OEWJjlsn4XRnqMTSwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNIL+ZzJoB/9zCIR5ToCxJehrddpMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvMGd2NW5NbWdIXzNNSWhIbE9nTEVsNkd0MTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCjWKUAwQC
uR38AwQD1EIwMA0EAgACMAcDBQMqCRDAMA0GCSqGSIb3DQEBCwUAA4IBAQDcuKIb
ttwaJwmNSEBMqjH6JnHih92xQfNZcFMT352LsRuGWlSaVsEkRyqJpLgPMCDg8p6C
iPe+ONoSkZLuuIdrYV8pNlg5cpfKOFAxnks/79sA0smd3KQ7F0N7e5yJpb+nHoMr
xGJVE8MlNlVe7lasWHNRoYn4m4zKH9YGdJIA1tmFSPJRjGkBIg/kbU4HgQI3rndN
20JAJQJD+aT1XmPyp5slmvqaPmg1JJ4ZFV99pzVwlvUnEin4GWU48yTufCIVIkFc
a/4s8EHTgbdFhVfjtNlu/CpXB2297g8c2iyGdnuLnDwFNDIxpTFRpLt6SDrUlEHU
//+6tJVZ1rce4WLj
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:40 2024 by rpki-client on console-fra.rpki-client.org