Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/BR3K5fXUIgTyut830-9N_EQKnNY.roa
File: BR3K5fXUIgTyut830-9N_EQKnNY.roa (raw, json)
Hash identifier: zGHEAHhLEg2+uUJ0XbGBmSIUpysKCNc17ZlWAWzKrP0=
Subject key identifier: 05:1D:CA:E5:F5:D4:22:04:F2:BA:DF:37:D3:EF:4D:FC:44:0A:9C:D6
Certificate issuer: /CN=94962e2afa7748f45265d89fd15624b584e72466
Certificate serial: 018CC8DEB9B5AB1B2308DA523D55D66C3418
Authority key identifier: 94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/BR3K5fXUIgTyut830-9N_EQKnNY.roa
Signing time: Tue 02 Jan 2024 06:31:28 +0000
ROA not before: Tue 02 Jan 2024 06:31:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 680
IP address blocks: 131.220.0.0/16 maxlen: 17
193.23.254.0/24 maxlen: 32
193.30.3.0/24 maxlen: 24
2a00:5ba0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.mft
rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 09:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:b9:b5:ab:1b:23:08:da:52:3d:55:d6:6c:34:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94962e2afa7748f45265d89fd15624b584e72466
Validity
Not Before: Jan 2 06:31:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=051dcae5f5d42204f2badf37d3ef4dfc440a9cd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:b4:f4:ef:b1:da:50:d7:88:48:29:4d:ff:01:
dd:0f:61:9f:ee:7e:6b:40:3e:57:4e:a8:89:52:a8:
5e:bd:67:4f:c2:87:2e:ba:66:44:16:c0:fa:c2:86:
83:81:f1:07:5a:7d:60:80:88:f1:92:bf:28:c5:97:
9c:d7:3e:d0:23:90:bf:04:20:06:d7:8f:6d:64:40:
51:35:ba:aa:cb:bd:cd:64:c9:77:dc:90:ee:a4:25:
c4:ae:b5:75:51:35:77:54:ef:dc:1d:3e:35:db:56:
ae:f3:ca:f7:a9:8f:38:5f:ba:6a:33:3d:e5:d8:40:
90:17:81:31:03:37:a8:13:c1:35:a6:0c:84:e6:5d:
34:fa:90:98:7e:71:6d:0a:cb:2e:90:07:e7:9f:af:
d6:2a:20:c4:12:2e:90:0c:37:13:c9:4f:ef:08:a2:
41:ef:9b:24:b7:31:95:f5:bd:d2:ba:52:72:d1:df:
5c:80:4d:b8:50:e6:78:75:0b:53:81:0f:ee:45:f7:
2f:15:71:9e:84:7d:5b:a1:90:32:5e:7a:c4:25:2d:
cb:6c:5e:45:44:21:2d:39:dc:6d:e4:3b:17:8d:a7:
7c:7b:09:7a:3c:1b:c4:19:cb:0a:6c:5a:7f:6c:83:
2d:3d:f9:d5:c2:fc:71:63:ec:3a:ba:eb:9a:67:2a:
06:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:1D:CA:E5:F5:D4:22:04:F2:BA:DF:37:D3:EF:4D:FC:44:0A:9C:D6
X509v3 Authority Key Identifier:
keyid:94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/BR3K5fXUIgTyut830-9N_EQKnNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.220.0.0/16
193.23.254.0/24
193.30.3.0/24
IPv6:
2a00:5ba0::/29
Signature Algorithm: sha256WithRSAEncryption
30:b3:ab:37:14:79:ee:11:6a:bc:88:e1:6b:32:e2:f4:53:5b:
f1:b5:f0:39:20:52:63:a2:0d:47:09:f5:8a:0e:3f:4b:34:f1:
a1:f9:c8:44:cf:20:19:ae:29:bf:ec:75:bb:0f:9c:11:e9:b2:
6b:81:8b:76:72:05:27:e4:61:92:c9:bb:90:21:e7:0d:d9:ce:
aa:75:f1:21:c5:84:02:06:48:78:c4:f1:e1:8c:c0:42:13:fd:
2f:19:23:28:7c:01:52:88:9d:a6:c8:e3:08:99:5b:09:62:ba:
fc:77:63:9e:ac:e3:99:b7:57:d7:d0:d2:4a:c8:20:62:1f:1d:
89:c2:14:c7:18:2a:2f:c2:86:66:0a:b7:b9:c7:2e:94:95:0b:
1b:d2:0f:9f:39:33:52:81:f6:c9:f8:2e:72:35:96:4c:e7:da:
d8:30:6a:45:cd:ef:5a:22:04:b9:02:ad:2d:a2:29:88:9c:d2:
91:ba:df:bc:83:32:71:a9:29:aa:1a:42:a3:d7:5f:63:a0:d1:
f5:f4:fd:fb:d9:f6:dd:a7:19:43:4c:7d:ba:22:58:b8:6e:15:
41:5c:71:af:d2:39:e1:cc:a2:2d:5c:dc:ad:03:e4:95:21:36:
eb:d7:d4:6c:c7:30:da:4d:ac:cd:9c:37:9f:73:cc:30:8e:4b:
2e:a9:3f:10
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzI3rm1qxsjCNpSPVXWbDQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTYyZTJhZmE3NzQ4ZjQ1MjY1ZDg5ZmQxNTYyNGI1ODRl
NzI0NjYwHhcNMjQwMTAyMDYzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFkY2FlNWY1ZDQyMjA0ZjJiYWRmMzdkM2VmNGRmYzQ0MGE5Y2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LT077HaUNeISClN/wHdD2Gf7n5r
QD5XTqiJUqhevWdPwocuumZEFsD6woaDgfEHWn1ggIjxkr8oxZec1z7QI5C/BCAG
149tZEBRNbqqy73NZMl33JDupCXErrV1UTV3VO/cHT4121au88r3qY84X7pqMz3l
2ECQF4ExAzeoE8E1pgyE5l00+pCYfnFtCssukAfnn6/WKiDEEi6QDDcTyU/vCKJB
75sktzGV9b3SulJy0d9cgE24UOZ4dQtTgQ/uRfcvFXGehH1boZAyXnrEJS3LbF5F
RCEtOdxt5DsXjad8ewl6PBvEGcsKbFp/bIMtPfnVwvxxY+w6uuuaZyoGOwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAUdyuX11CIE8rrfN9PvTfxECpzWMB8GA1UdIwQY
MBaAFJSWLir6d0j0UmXYn9FWJLWE5yRmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2It
Y2Q0MDNiZGVlNGRmLzEvQlIzSzVmWFVJZ1R5dXQ4MzAtOU5fRVFLbk5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2ItY2Q0MDNiZGVlNGRm
LzEvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwMAg9wDBADB
F/4DBADBHgMwDQQCAAIwBwMFAyoAW6AwDQYJKoZIhvcNAQELBQADggEBADCzqzcU
ee4RaryI4Wsy4vRTW/G18DkgUmOiDUcJ9YoOP0s08aH5yETPIBmuKb/sdbsPnBHp
smuBi3ZyBSfkYZLJu5Ah5w3Zzqp18SHFhAIGSHjE8eGMwEIT/S8ZIyh8AVKInabI
4wiZWwliuvx3Y56s45m3V9fQ0krIIGIfHYnCFMcYKi/ChmYKt7nHLpSVCxvSD585
M1KB9sn4LnI1lkzn2tgwakXN71oiBLkCrS2iKYic0pG637yDMnGpKaoaQqPXX2Og
0fX0/fvZ9t2nGUNMfboiWLhuFUFcca/SOeHMoi1c3K0D5JUhNuvX1GzHMNpNrM2c
N59zzDCOSy6pPxA=
-----END CERTIFICATE-----
Generated at Sat Jun 1 12:30:50 2024 by rpki-client on console-fra.rpki-client.org