Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/VkZUzKMEC22O528ALAdV9pvMAJo.roa
File: VkZUzKMEC22O528ALAdV9pvMAJo.roa (raw, json)
Hash identifier: HNsqL376ulut5IiMJiwryplmbSRzaMwHvIfhCbzDW+k=
Subject key identifier: 56:46:54:CC:A3:04:0B:6D:8E:E7:6F:00:2C:07:55:F6:9B:CC:00:9A
Certificate issuer: /CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
Certificate serial: 018CC500F74402106E447172F82FAA310B71
Authority key identifier: 04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/VkZUzKMEC22O528ALAdV9pvMAJo.roa
Signing time: Mon 01 Jan 2024 12:30:23 +0000
ROA not before: Mon 01 Jan 2024 12:30:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39176
IP address blocks: 185.86.52.0/24 maxlen: 24
185.86.52.0/23 maxlen: 23
185.86.55.0/24 maxlen: 24
185.86.54.0/24 maxlen: 24
185.86.53.0/24 maxlen: 24
2a05:b500:54::/48 maxlen: 48
2a05:b500:52::/48 maxlen: 48
2a05:b500:55::/48 maxlen: 48
2a05:b500:53::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:f7:44:02:10:6e:44:71:72:f8:2f:aa:31:0b:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
Validity
Not Before: Jan 1 12:30:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=564654cca3040b6d8ee76f002c0755f69bcc009a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:77:1f:93:cd:7f:ae:b9:20:8f:bf:ed:c6:ab:
a4:69:7b:eb:b1:54:c6:0a:d6:57:5c:c4:65:4a:4c:
bb:a6:3b:d7:5b:4b:be:5d:54:91:95:fb:43:ee:c3:
33:99:3d:d7:0e:88:d5:4c:22:e2:9d:86:b6:ce:b5:
6d:ec:8e:01:09:e5:89:e1:96:33:91:cb:70:c2:2d:
c3:8c:3e:95:a5:04:e8:4a:ae:76:e8:51:30:20:82:
99:27:f4:2f:a5:63:3e:06:d1:a6:3d:66:31:b2:48:
6f:23:28:03:0a:23:25:d9:25:a8:04:ed:89:11:df:
5e:b1:62:dc:d3:90:51:a7:75:a2:51:58:9d:64:26:
63:2d:fb:77:d8:b0:d4:89:35:48:bd:d4:d5:ae:ab:
34:e7:bc:82:64:7e:e6:87:6c:68:24:e3:dc:3d:9b:
49:7b:2c:af:0a:e9:f9:18:c4:dd:c8:f8:dc:0b:52:
fb:28:db:10:88:0b:c9:0e:34:ee:4a:be:48:6e:1b:
de:68:8b:c6:a5:c5:1e:68:1d:7f:b8:03:ea:14:2f:
8c:4f:f7:54:ab:32:7f:76:a6:f4:a0:d0:d3:c4:fc:
74:37:d0:1f:eb:f4:c1:6f:41:e3:44:d5:46:88:8d:
82:52:79:83:ab:b9:e9:97:12:71:9f:dd:e6:a7:68:
71:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:46:54:CC:A3:04:0B:6D:8E:E7:6F:00:2C:07:55:F6:9B:CC:00:9A
X509v3 Authority Key Identifier:
keyid:04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/VkZUzKMEC22O528ALAdV9pvMAJo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.86.52.0/22
IPv6:
2a05:b500:52::-2a05:b500:55:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
93:c4:1a:36:f9:2f:30:52:51:51:9a:73:9b:76:81:bb:1d:72:
d2:f9:b7:5d:c8:61:f2:93:98:b7:8c:ca:1a:96:a1:a9:58:d7:
8b:21:bd:1a:b6:62:5d:50:f9:e2:36:89:0a:4d:0b:9a:02:d0:
e5:86:cf:95:3f:e4:fa:4d:eb:d9:cd:c9:59:05:1b:fa:64:9c:
35:03:25:17:31:3d:b2:54:c0:dd:98:a0:4b:72:6a:b3:9e:8a:
2f:06:a4:02:37:9b:f4:60:62:7f:1e:32:56:90:0f:46:61:3e:
8c:8a:af:2a:5b:88:e1:cd:6c:eb:bf:e5:e2:c7:d7:a0:4c:92:
9f:0b:14:37:1a:b3:d7:36:25:ed:ce:c4:68:f8:46:32:75:bf:
ae:81:e7:18:4a:76:a0:e2:fe:64:3c:e5:f8:43:7c:cd:bb:8e:
c8:05:c1:8b:24:f7:dd:29:a5:2c:b4:44:11:2b:11:21:f1:0f:
ea:3d:6f:ae:05:42:6a:78:8c:cd:e9:8c:97:e8:5c:1b:6b:e3:
b2:26:58:01:25:a5:f2:4f:f2:0c:da:58:e4:a0:eb:8e:63:b3:
8d:42:49:9c:64:54:ca:13:23:0d:3c:25:bb:5d:c0:72:3e:64:
76:28:05:0f:56:57:83:41:59:80:a9:3c:f4:8b:b4:81:fa:e2:
44:0b:60:9c
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzFAPdEAhBuRHFy+C+qMQtxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NzMyYjk4NWY4ZjYzZmY4YWU4ZWFjN2M3MDgzMmIzMGNl
ZTgwYWQwHhcNMjQwMTAxMTIzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjQ2NTRjY2EzMDQwYjZkOGVlNzZmMDAyYzA3NTVmNjliY2MwMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3cfk81/rrkgj7/txqukaXvrsVTG
CtZXXMRlSky7pjvXW0u+XVSRlftD7sMzmT3XDojVTCLinYa2zrVt7I4BCeWJ4ZYz
kctwwi3DjD6VpQToSq526FEwIIKZJ/QvpWM+BtGmPWYxskhvIygDCiMl2SWoBO2J
Ed9esWLc05BRp3WiUVidZCZjLft32LDUiTVIvdTVrqs057yCZH7mh2xoJOPcPZtJ
eyyvCun5GMTdyPjcC1L7KNsQiAvJDjTuSr5IbhveaIvGpcUeaB1/uAPqFC+MT/dU
qzJ/dqb0oNDTxPx0N9Af6/TBb0HjRNVGiI2CUnmDq7nplxJxn93mp2hxDQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFFZGVMyjBAttjudvACwHVfabzACaMB8GA1UdIwQY
MBaAFARzK5hfj2P/iujqx8cIMrMM7oCtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDct
YWRhMjcwODI1MjE4LzEvVmtaVXpLTUVDMjJPNTI4QUxBZFY5cHZNQUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDctYWRhMjcwODI1MjE4
LzEvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQCuVY0MBoE
AgACMBQwEgMHASoFtQAAUgMHASoFtQAAVDANBgkqhkiG9w0BAQsFAAOCAQEAk8Qa
NvkvMFJRUZpzm3aBux1y0vm3Xchh8pOYt4zKGpahqVjXiyG9GrZiXVD54jaJCk0L
mgLQ5YbPlT/k+k3r2c3JWQUb+mScNQMlFzE9slTA3ZigS3Jqs56KLwakAjeb9GBi
fx4yVpAPRmE+jIqvKluI4c1s67/l4sfXoEySnwsUNxqz1zYl7c7EaPhGMnW/roHn
GEp2oOL+ZDzl+EN8zbuOyAXBiyT33SmlLLREESsRIfEP6j1vrgVCaniMzemMl+hc
G2vjsiZYASWl8k/yDNpY5KDrjmOzjUJJnGRUyhMjDTwlu13Acj5kdigFD1ZXg0FZ
gKk89Iu0gfriRAtgnA==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:32:51 2024 by rpki-client on console-ams.rpki-client.org