Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/BXFe2oF7KnpbmmM-bYc666JVFq4.roa
File: BXFe2oF7KnpbmmM-bYc666JVFq4.roa (raw, json)
Hash identifier: 55HkQlQzuvF2JQXQHSMtKuMWG0PTEtbhx5cfmyDNnio=
Subject key identifier: 05:71:5E:DA:81:7B:2A:7A:5B:9A:63:3E:6D:87:3A:EB:A2:55:16:AE
Certificate issuer: /CN=535761913f575c411c992322ebb06cd2f37f02a2
Certificate serial: 018CC64AB563F679648CD7E429977F20A742
Authority key identifier: 53:57:61:91:3F:57:5C:41:1C:99:23:22:EB:B0:6C:D2:F3:7F:02:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U1dhkT9XXEEcmSMi67Bs0vN_AqI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/BXFe2oF7KnpbmmM-bYc666JVFq4.roa
Signing time: Mon 01 Jan 2024 18:30:33 +0000
ROA not before: Mon 01 Jan 2024 18:30:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5520
IP address blocks: 134.95.0.0/16 maxlen: 16
185.240.116.0/22 maxlen: 22
2a00:a200::/32 maxlen: 32
2a00:a200::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/U1dhkT9XXEEcmSMi67Bs0vN_AqI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/U1dhkT9XXEEcmSMi67Bs0vN_AqI.mft
rsync://rpki.ripe.net/repository/DEFAULT/U1dhkT9XXEEcmSMi67Bs0vN_AqI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 02 Jul 2024 13:50:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:b5:63:f6:79:64:8c:d7:e4:29:97:7f:20:a7:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=535761913f575c411c992322ebb06cd2f37f02a2
Validity
Not Before: Jan 1 18:30:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=05715eda817b2a7a5b9a633e6d873aeba25516ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:dd:ba:f5:67:79:b8:96:6b:4e:6c:eb:6b:03:
22:e3:e6:4a:de:90:bd:c6:6a:d5:f0:59:3d:2f:e5:
21:a1:15:63:6a:cd:7b:e8:a8:11:5d:c6:f9:7c:2a:
23:cf:77:06:e4:15:2d:3d:b5:74:b9:fa:47:c9:b1:
f3:7b:b0:3e:92:61:24:44:25:f5:78:8f:f4:95:ff:
30:be:ae:00:1b:b5:8f:57:31:cf:71:4d:f5:39:7d:
f1:f8:8e:3a:1d:03:37:a4:f1:5c:31:b1:6d:ab:5f:
80:1f:b1:c5:14:bd:35:d2:41:53:76:07:04:1f:81:
56:34:b9:c9:47:cd:7e:00:ac:06:30:08:e0:23:02:
e3:d2:fd:d2:77:64:7f:e4:5c:f5:24:6b:79:bc:8c:
85:28:61:4e:1a:40:a9:80:dc:06:cf:72:71:9c:44:
cf:15:fb:74:7e:52:f9:8d:b7:7c:69:a6:6c:99:5a:
be:bb:8f:e8:e0:b2:43:f0:34:0c:21:b0:69:84:e8:
d8:fe:a8:42:6f:c2:fb:75:d8:be:a3:b5:dd:4b:ae:
98:27:a1:db:89:8b:ca:d7:a7:f1:f8:0a:55:57:e1:
17:17:d3:0a:a3:da:48:7e:94:08:f1:32:b1:b3:05:
f1:a2:50:fa:da:78:ea:47:52:43:45:10:51:0f:94:
64:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:71:5E:DA:81:7B:2A:7A:5B:9A:63:3E:6D:87:3A:EB:A2:55:16:AE
X509v3 Authority Key Identifier:
keyid:53:57:61:91:3F:57:5C:41:1C:99:23:22:EB:B0:6C:D2:F3:7F:02:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1dhkT9XXEEcmSMi67Bs0vN_AqI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/BXFe2oF7KnpbmmM-bYc666JVFq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/9f00a9-b60f-4e32-9037-04dfc3663e35/1/U1dhkT9XXEEcmSMi67Bs0vN_AqI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
134.95.0.0/16
185.240.116.0/22
IPv6:
2a00:a200::/29
Signature Algorithm: sha256WithRSAEncryption
53:dd:f9:07:b4:66:71:31:ae:93:e2:69:a0:c3:b1:bd:d4:57:
9b:ca:2f:fc:f9:7e:e9:3e:f1:fe:cd:c8:e7:83:68:83:52:7f:
ae:5a:cd:f5:92:f2:52:f8:29:35:a5:10:55:27:17:ee:c6:56:
7a:20:69:79:0b:47:a8:33:60:94:8a:a3:a9:5f:66:45:71:1f:
42:4a:ff:55:05:91:0d:95:cb:43:5a:da:68:65:01:e6:28:ca:
24:9e:77:7c:d2:db:c7:44:6d:27:22:c9:01:98:ee:98:a5:75:
76:82:88:56:f9:c1:53:c3:20:29:2d:22:23:58:e0:38:c0:59:
7a:c4:a5:4e:b5:a0:7b:e7:bf:65:c1:61:8b:87:be:94:4b:30:
1c:ca:ca:5d:65:b8:d4:3c:ee:3d:ff:e2:a7:bb:b8:d8:8e:26:
6d:10:2d:ed:fe:cf:bc:00:64:10:b9:4e:d0:1e:45:e5:d9:0b:
14:5a:89:f4:44:32:09:5c:d9:71:0c:fc:c2:64:e1:2d:63:bf:
80:ad:76:90:5b:9f:a3:dd:7e:fe:08:f6:a6:f1:dc:7c:49:01:
15:e5:08:e4:ed:65:e1:49:a6:ee:0e:1c:a9:64:0b:81:8e:f5:
28:18:4e:93:cc:4a:02:9e:52:6e:fd:83:c9:87:13:6f:a7:7e:
83:e1:0a:46
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzGSrVj9nlkjNfkKZd/IKdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTc2MTkxM2Y1NzVjNDExYzk5MjMyMmViYjA2Y2QyZjM3
ZjAyYTIwHhcNMjQwMTAxMTgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcxNWVkYTgxN2IyYTdhNWI5YTYzM2U2ZDg3M2FlYmEyNTUxNmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhN269Wd5uJZrTmzrawMi4+ZK3pC9
xmrV8Fk9L+UhoRVjas176KgRXcb5fCojz3cG5BUtPbV0ufpHybHze7A+kmEkRCX1
eI/0lf8wvq4AG7WPVzHPcU31OX3x+I46HQM3pPFcMbFtq1+AH7HFFL010kFTdgcE
H4FWNLnJR81+AKwGMAjgIwLj0v3Sd2R/5Fz1JGt5vIyFKGFOGkCpgNwGz3JxnETP
Fft0flL5jbd8aaZsmVq+u4/o4LJD8DQMIbBphOjY/qhCb8L7ddi+o7XdS66YJ6Hb
iYvK16fx+ApVV+EXF9MKo9pIfpQI8TKxswXxolD62njqR1JDRRBRD5RkCwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAVxXtqBeyp6W5pjPm2HOuuiVRauMB8GA1UdIwQY
MBaAFFNXYZE/V1xBHJkjIuuwbNLzfwKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFkaGtUOVhYRUVjbVNNaTY3QnMwdk5fQXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85ZjAwYTktYjYwZi00ZTMyLTkwMzct
MDRkZmMzNjYzZTM1LzEvQlhGZTJvRjdLbnBibW1NLWJZYzY2NkpWRnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85ZjAwYTktYjYwZi00ZTMyLTkwMzctMDRkZmMzNjYzZTM1
LzEvVTFkaGtUOVhYRUVjbVNNaTY3QnMwdk5fQXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAhl8DBAK5
8HQwDQQCAAIwBwMFAyoAogAwDQYJKoZIhvcNAQELBQADggEBAFPd+Qe0ZnExrpPi
aaDDsb3UV5vKL/z5fuk+8f7NyOeDaINSf65azfWS8lL4KTWlEFUnF+7GVnogaXkL
R6gzYJSKo6lfZkVxH0JK/1UFkQ2Vy0Na2mhlAeYoyiSed3zS28dEbSciyQGY7pil
dXaCiFb5wVPDICktIiNY4DjAWXrEpU61oHvnv2XBYYuHvpRLMBzKyl1luNQ87j3/
4qe7uNiOJm0QLe3+z7wAZBC5TtAeReXZCxRaifREMglc2XEM/MJk4S1jv4CtdpBb
n6Pdfv4I9qbx3HxJARXlCOTtZeFJpu4OHKlkC4GO9SgYTpPMSgKeUm79g8mHE2+n
foPhCkY=
-----END CERTIFICATE-----
Generated at Mon Jul 1 17:17:05 2024 by rpki-client on console-fra.rpki-client.org