Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/44c365-6ced-45d9-865d-04fcecad70ec/1/aEyXcV2j-qxXCUAqOWRu5b_M0K8.roa
File: aEyXcV2j-qxXCUAqOWRu5b_M0K8.roa (raw, json)
Hash identifier: ox2Xlqh5AE1vLnNXsw9nNGnHTdi48fZsXp/i63BooLM=
Subject key identifier: 68:4C:97:71:5D:A3:FA:AC:57:09:40:2A:39:64:6E:E5:BF:CC:D0:AF
Certificate issuer: /CN=7e13414bdc2312400dfa9f50650d51ee0443df16
Certificate serial: 018CC79535B7E3F076179BF5D5BF0C5AFAD4
Authority key identifier: 7E:13:41:4B:DC:23:12:40:0D:FA:9F:50:65:0D:51:EE:04:43:DF:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fhNBS9wjEkAN-p9QZQ1R7gRD3xY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/44c365-6ced-45d9-865d-04fcecad70ec/1/aEyXcV2j-qxXCUAqOWRu5b_M0K8.roa
Signing time: Tue 02 Jan 2024 00:31:33 +0000
ROA not before: Tue 02 Jan 2024 00:31:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205086
IP address blocks: 185.231.20.0/24 maxlen: 24
185.231.23.0/24 maxlen: 24
185.231.22.0/24 maxlen: 24
185.231.21.0/24 maxlen: 24
2a0a:9580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/44c365-6ced-45d9-865d-04fcecad70ec/1/fhNBS9wjEkAN-p9QZQ1R7gRD3xY.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/44c365-6ced-45d9-865d-04fcecad70ec/1/fhNBS9wjEkAN-p9QZQ1R7gRD3xY.mft
rsync://rpki.ripe.net/repository/DEFAULT/fhNBS9wjEkAN-p9QZQ1R7gRD3xY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:95:35:b7:e3:f0:76:17:9b:f5:d5:bf:0c:5a:fa:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e13414bdc2312400dfa9f50650d51ee0443df16
Validity
Not Before: Jan 2 00:31:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=684c97715da3faac5709402a39646ee5bfccd0af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:f3:a7:52:14:81:5a:cd:01:70:57:e1:03:b4:
0d:dc:30:48:3e:42:f0:f6:b4:67:7c:88:98:40:58:
1e:35:b5:00:10:93:64:d5:99:25:e8:47:1a:30:f1:
65:b1:f2:67:44:55:51:bc:fe:48:21:3c:85:cb:4e:
be:9c:06:4a:ac:19:f1:9f:51:fd:4e:52:fb:cb:c2:
8a:40:59:0b:e1:bc:59:e9:2a:32:63:19:e2:0f:1c:
d3:bf:a4:bb:d0:11:a5:9d:ce:cb:27:8b:24:25:cb:
56:d6:c4:02:d1:76:24:e6:7e:c1:82:02:78:2e:f0:
56:5b:28:57:65:bb:14:2b:46:ba:05:73:54:48:07:
7e:bd:75:ab:ae:cd:76:97:42:90:5e:1d:8d:1b:a7:
49:09:d6:66:63:f6:d8:f5:65:39:3a:b3:ab:e7:00:
12:e2:67:67:ba:5d:8f:ea:0a:2c:4f:0a:25:10:fb:
36:0e:cf:af:47:6e:a1:e7:db:0b:fe:d1:d4:b2:1f:
a5:66:70:3e:77:90:da:28:c5:d8:05:42:a4:15:25:
06:ea:94:60:1a:12:c5:37:41:aa:20:34:f6:db:88:
65:64:f6:87:fb:e3:2f:94:b6:63:a9:96:5d:73:98:
8f:14:8c:0d:4e:0e:ff:e9:f8:57:6c:b9:e7:f9:b6:
9d:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:4C:97:71:5D:A3:FA:AC:57:09:40:2A:39:64:6E:E5:BF:CC:D0:AF
X509v3 Authority Key Identifier:
keyid:7E:13:41:4B:DC:23:12:40:0D:FA:9F:50:65:0D:51:EE:04:43:DF:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhNBS9wjEkAN-p9QZQ1R7gRD3xY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/44c365-6ced-45d9-865d-04fcecad70ec/1/aEyXcV2j-qxXCUAqOWRu5b_M0K8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/44c365-6ced-45d9-865d-04fcecad70ec/1/fhNBS9wjEkAN-p9QZQ1R7gRD3xY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.231.20.0/22
IPv6:
2a0a:9580::/29
Signature Algorithm: sha256WithRSAEncryption
5e:a0:20:7d:85:0a:42:69:79:ee:10:73:25:a2:a8:d9:13:34:
e4:87:37:b2:c2:83:dc:3b:48:8b:35:c3:11:40:28:99:c2:b1:
bc:45:be:94:19:c8:b7:9f:b8:33:ba:81:86:17:41:8c:9f:87:
bc:b7:b1:e3:55:aa:c7:60:30:82:97:b7:e7:41:32:80:69:f4:
1d:08:6e:b3:fd:06:20:6c:49:1a:c5:3e:97:78:98:b2:53:14:
53:a7:45:e2:39:21:f3:24:66:68:86:ea:c6:6a:0d:8c:b6:33:
be:92:5b:7a:c6:c8:b6:05:e3:ff:e7:4b:20:cd:a0:68:d1:36:
94:aa:49:17:18:72:28:42:b8:85:7a:8f:32:86:98:66:fb:36:
da:b3:5a:70:e4:47:06:3e:d5:6e:89:b9:76:93:bd:49:b5:f7:
3e:03:1b:72:d2:bf:f7:b5:ec:02:6c:19:3c:b6:b9:2a:e4:92:
d6:95:3b:a9:67:68:5d:ab:cf:4c:d5:1f:36:85:9b:c0:d2:9d:
13:6c:4c:64:02:12:89:96:34:07:5c:40:0c:3d:6c:23:fc:c7:
9e:01:aa:98:45:8a:20:19:01:80:e8:9c:94:7d:17:26:8f:a3:
c8:a4:e3:bc:80:95:2b:ee:77:fe:98:ab:73:a5:43:0a:ac:c4:
ae:81:a1:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlTW34/B2F5v11b8MWvrUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTM0MTRiZGMyMzEyNDAwZGZhOWY1MDY1MGQ1MWVlMDQ0
M2RmMTYwHhcNMjQwMTAyMDAzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODRjOTc3MTVkYTNmYWFjNTcwOTQwMmEzOTY0NmVlNWJmY2NkMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvOnUhSBWs0BcFfhA7QN3DBIPkLw
9rRnfIiYQFgeNbUAEJNk1Zkl6EcaMPFlsfJnRFVRvP5IITyFy06+nAZKrBnxn1H9
TlL7y8KKQFkL4bxZ6SoyYxniDxzTv6S70BGlnc7LJ4skJctW1sQC0XYk5n7BggJ4
LvBWWyhXZbsUK0a6BXNUSAd+vXWrrs12l0KQXh2NG6dJCdZmY/bY9WU5OrOr5wAS
4mdnul2P6gosTwolEPs2Ds+vR26h59sL/tHUsh+lZnA+d5DaKMXYBUKkFSUG6pRg
GhLFN0GqIDT224hlZPaH++MvlLZjqZZdc5iPFIwNTg7/6fhXbLnn+badRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGhMl3Fdo/qsVwlAKjlkbuW/zNCvMB8GA1UdIwQY
MBaAFH4TQUvcIxJADfqfUGUNUe4EQ98WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhOQlM5d2pFa0FOLXA5UVpRMVI3Z1JEM3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi80NGMzNjUtNmNlZC00NWQ5LTg2NWQt
MDRmY2VjYWQ3MGVjLzEvYUV5WGNWMmotcXhYQ1VBcU9XUnU1Yl9NMEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi80NGMzNjUtNmNlZC00NWQ5LTg2NWQtMDRmY2VjYWQ3MGVj
LzEvZmhOQlM5d2pFa0FOLXA5UVpRMVI3Z1JEM3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuecUMA0E
AgACMAcDBQMqCpWAMA0GCSqGSIb3DQEBCwUAA4IBAQBeoCB9hQpCaXnuEHMloqjZ
EzTkhzeywoPcO0iLNcMRQCiZwrG8Rb6UGci3n7gzuoGGF0GMn4e8t7HjVarHYDCC
l7fnQTKAafQdCG6z/QYgbEkaxT6XeJiyUxRTp0XiOSHzJGZohurGag2MtjO+klt6
xsi2BeP/50sgzaBo0TaUqkkXGHIoQriFeo8yhphm+zbas1pw5EcGPtVuibl2k71J
tfc+Axty0r/3tewCbBk8trkq5JLWlTupZ2hdq89M1R82hZvA0p0TbExkAhKJljQH
XEAMPWwj/MeeAaqYRYogGQGA6JyUfRcmj6PIpOO8gJUr7nf+mKtzpUMKrMSugaH1
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:51:50 2024 by rpki-client on console-fra.rpki-client.org