Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/vKgaShSTW6Zrzu5pCM3NLLQQY7A.roa
File: vKgaShSTW6Zrzu5pCM3NLLQQY7A.roa (raw, json)
Hash identifier: 7ZgQYnQ8NFc9yS9y4mjcBasB3PVU+om7omyPXRmvVJU=
Subject key identifier: BC:A8:1A:4A:14:93:5B:A6:6B:CE:EE:69:08:CD:CD:2C:B4:10:63:B0
Certificate issuer: /CN=a7aee67620d9c0ae63d295785c9d956f063c21c3
Certificate serial: 018CC56DE6B811BC852B13153079CE768918
Authority key identifier: A7:AE:E6:76:20:D9:C0:AE:63:D2:95:78:5C:9D:95:6F:06:3C:21:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/vKgaShSTW6Zrzu5pCM3NLLQQY7A.roa
Signing time: Mon 01 Jan 2024 14:29:23 +0000
ROA not before: Mon 01 Jan 2024 14:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198949
IP address blocks: 212.101.192.0/24 maxlen: 24
212.101.192.0/19 maxlen: 24
212.101.205.0/24 maxlen: 24
212.101.204.0/24 maxlen: 24
212.101.201.0/24 maxlen: 24
212.101.212.0/23 maxlen: 24
212.101.211.0/24 maxlen: 24
212.101.207.0/24 maxlen: 24
212.101.214.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.mft
rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 06 May 2024 17:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6d:e6:b8:11:bc:85:2b:13:15:30:79:ce:76:89:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7aee67620d9c0ae63d295785c9d956f063c21c3
Validity
Not Before: Jan 1 14:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bca81a4a14935ba66bceee6908cdcd2cb41063b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:2a:f8:18:f7:17:a4:d1:ed:41:2c:23:0f:0a:
00:72:51:d9:5a:5f:92:7b:e2:59:d0:91:ac:42:14:
2f:14:9b:bc:f7:d0:7c:c6:88:66:c8:5e:2b:6e:25:
bc:15:5e:22:37:60:50:7f:61:da:0a:7c:95:46:6b:
89:6c:09:95:f9:7a:45:85:66:b2:9a:9b:fa:ca:b9:
ce:6b:b5:0b:05:31:c9:f4:4d:83:ca:b3:80:2f:05:
dd:c7:55:39:ee:66:b5:7b:a3:f0:e0:30:d0:71:64:
1a:8b:c5:dc:5a:19:1d:31:38:14:57:9f:b6:c0:a2:
2b:67:86:da:5b:ca:eb:15:01:da:a4:8b:a5:e7:11:
92:79:01:e3:00:33:a3:ad:f7:bf:5b:93:d6:4d:d3:
23:d4:73:1d:7c:68:1f:8d:f5:3c:a9:8e:5a:84:16:
44:3b:42:68:b2:e9:f9:98:6d:03:fb:8d:77:15:67:
0a:93:92:02:8b:78:a5:47:1f:89:12:19:c7:5e:88:
2f:26:74:2e:fa:2a:29:3c:c1:9d:22:53:20:c2:8a:
3c:9a:f6:0e:a7:14:a2:02:ee:0a:2b:92:62:88:72:
4b:81:95:1f:25:97:e1:49:5d:48:f9:b3:57:62:53:
73:28:ab:a7:c4:af:47:09:89:f7:fc:e4:54:86:e9:
19:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:A8:1A:4A:14:93:5B:A6:6B:CE:EE:69:08:CD:CD:2C:B4:10:63:B0
X509v3 Authority Key Identifier:
keyid:A7:AE:E6:76:20:D9:C0:AE:63:D2:95:78:5C:9D:95:6F:06:3C:21:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/vKgaShSTW6Zrzu5pCM3NLLQQY7A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.101.192.0/19
Signature Algorithm: sha256WithRSAEncryption
29:c2:bd:0a:5a:b9:c7:d9:cb:6a:86:4d:c8:74:eb:ca:88:49:
94:15:5d:56:68:3f:d4:30:66:d8:d0:b8:34:cc:93:4c:22:eb:
33:58:f4:1f:29:ce:29:eb:6b:0e:cc:43:18:09:f3:5e:e0:ee:
35:9f:46:7e:c0:e2:9b:8d:dc:08:21:d5:98:8e:a1:4b:d1:8e:
42:34:7c:34:6e:96:54:00:e1:88:89:0d:c6:88:dc:1e:13:f7:
f4:ea:c0:a9:a5:83:13:61:ec:05:29:5b:6b:c9:63:01:1c:9c:
9b:ee:73:c0:47:dc:97:b6:16:89:2e:df:b9:32:bc:95:3c:89:
54:92:c2:75:31:56:00:c4:cf:b2:4a:78:84:d9:54:f1:69:b1:
cb:7e:c3:d5:b7:af:0d:fc:4f:45:a1:a7:36:b4:98:37:f1:56:
2d:70:d3:f1:12:e7:97:a8:85:b1:1f:ab:9f:1c:f9:b0:ce:55:
90:8e:52:a0:9c:76:78:9a:2c:4c:1e:a5:58:0e:f2:a8:36:0a:
6a:dc:e6:e4:51:c2:68:6d:f2:e3:f7:dc:b1:d1:e3:f8:36:0a:
ee:61:ed:a8:c1:cd:1d:ad:ff:5b:8b:b1:73:08:cd:2a:0d:16:
6a:eb:5b:75:15:24:1b:d5:3d:5f:35:b6:03:e2:0e:e6:bc:e9:
6c:26:42:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbea4EbyFKxMVMHnOdokYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YWVlNjc2MjBkOWMwYWU2M2QyOTU3ODVjOWQ5NTZmMDYz
YzIxYzMwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E4MWE0YTE0OTM1YmE2NmJjZWVlNjkwOGNkY2QyY2I0MTA2M2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyr4GPcXpNHtQSwjDwoAclHZWl+S
e+JZ0JGsQhQvFJu899B8xohmyF4rbiW8FV4iN2BQf2HaCnyVRmuJbAmV+XpFhWay
mpv6yrnOa7ULBTHJ9E2DyrOALwXdx1U57ma1e6Pw4DDQcWQai8XcWhkdMTgUV5+2
wKIrZ4baW8rrFQHapIul5xGSeQHjADOjrfe/W5PWTdMj1HMdfGgfjfU8qY5ahBZE
O0Josun5mG0D+413FWcKk5ICi3ilRx+JEhnHXogvJnQu+iopPMGdIlMgwoo8mvYO
pxSiAu4KK5JiiHJLgZUfJZfhSV1I+bNXYlNzKKunxK9HCYn3/ORUhukZ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyoGkoUk1uma87uaQjNzSy0EGOwMB8GA1UdIwQY
MBaAFKeu5nYg2cCuY9KVeFydlW8GPCHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDY3bWRpRFp3SzVqMHBWNFhKMlZid1k4SWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yYmEyNWEtMGFiZC00NTUwLWJjYTQt
MGI3ZjE1YjUwOWNiLzEvdktnYVNoU1RXNlpyenU1cENNM05MTFFRWTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yYmEyNWEtMGFiZC00NTUwLWJjYTQtMGI3ZjE1YjUwOWNi
LzEvcDY3bWRpRFp3SzVqMHBWNFhKMlZid1k4SWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GXAMA0G
CSqGSIb3DQEBCwUAA4IBAQApwr0KWrnH2ctqhk3IdOvKiEmUFV1WaD/UMGbY0Lg0
zJNMIuszWPQfKc4p62sOzEMYCfNe4O41n0Z+wOKbjdwIIdWYjqFL0Y5CNHw0bpZU
AOGIiQ3GiNweE/f06sCppYMTYewFKVtryWMBHJyb7nPAR9yXthaJLt+5MryVPIlU
ksJ1MVYAxM+ySniE2VTxabHLfsPVt68N/E9Foac2tJg38VYtcNPxEueXqIWxH6uf
HPmwzlWQjlKgnHZ4mixMHqVYDvKoNgpq3ObkUcJobfLj99yx0eP4NgruYe2owc0d
rf9bi7FzCM0qDRZq61t1FSQb1T1fNbYD4g7mvOlsJkLx
-----END CERTIFICATE-----
Generated at Sun May 5 21:27:48 2024 by rpki-client on console-ams.rpki-client.org