Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/otc1oikAXi-stwJ8bbDC95musCM.roa
File: otc1oikAXi-stwJ8bbDC95musCM.roa (raw, json)
Hash identifier: hW/5B1eyo8J0leS/UxNNa/tlpz9c2tGOWa90hj4BBE4=
Subject key identifier: A2:D7:35:A2:29:00:5E:2F:AC:B7:02:7C:6D:B0:C2:F7:99:AE:B0:23
Certificate issuer: /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial: 018CC5011C1B00CD0F90D2FED065C5F848E4
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/otc1oikAXi-stwJ8bbDC95musCM.roa
Signing time: Mon 01 Jan 2024 12:30:33 +0000
ROA not before: Mon 01 Jan 2024 12:30:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204402
IP address blocks: 45.157.200.0/24 maxlen: 24
45.157.201.0/24 maxlen: 24
45.152.10.0/24 maxlen: 24
45.152.38.0/24 maxlen: 24
45.159.192.0/24 maxlen: 24
45.152.39.0/24 maxlen: 24
45.159.193.0/24 maxlen: 24
45.159.194.0/24 maxlen: 24
2a0b:3c40:24::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 03 May 2024 16:59:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:1c:1b:00:cd:0f:90:d2:fe:d0:65:c5:f8:48:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Validity
Not Before: Jan 1 12:30:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a2d735a229005e2facb7027c6db0c2f799aeb023
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:e2:58:30:43:56:30:45:31:77:9c:9f:a0:3b:
2d:99:89:70:6f:ab:65:52:7e:ef:c4:57:9c:b2:2a:
25:37:9e:00:c8:d7:69:bf:6f:ef:ec:5d:73:aa:5a:
e1:68:20:98:db:6c:71:69:77:d5:58:2e:b6:84:bf:
d3:e8:af:65:01:f7:4e:62:6d:c2:60:64:25:f2:97:
81:de:8f:ad:ee:33:98:4b:eb:e3:be:2a:da:6f:02:
d0:b5:d9:9e:aa:72:e9:b4:27:d2:1d:fa:b5:c9:fe:
4b:cd:96:87:0e:31:f1:cd:be:9e:95:17:ad:0a:a7:
99:53:64:0a:79:de:01:e0:62:f9:c8:eb:f0:bd:d8:
92:93:76:c1:f4:2a:94:23:ff:10:67:6c:bb:4e:fb:
d3:78:a1:58:fc:ad:c6:31:09:8c:f6:5d:1b:aa:fe:
77:ce:bc:68:ab:ed:c7:b0:f7:84:64:da:fa:de:7b:
1e:9b:a8:b6:96:97:99:10:6a:22:6a:15:57:44:d6:
f0:7a:3e:d1:33:04:c7:27:10:84:da:9f:59:65:07:
92:3f:b0:e0:2a:72:59:02:a3:90:80:e4:eb:36:ae:
fc:89:55:89:6c:6d:e7:de:5c:fd:7a:70:ed:09:0b:
46:d0:03:20:de:99:a3:2b:54:ea:4d:b0:5a:ae:bd:
91:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:D7:35:A2:29:00:5E:2F:AC:B7:02:7C:6D:B0:C2:F7:99:AE:B0:23
X509v3 Authority Key Identifier:
keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/otc1oikAXi-stwJ8bbDC95musCM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.152.10.0/24
45.152.38.0/23
45.157.200.0/23
45.159.192.0-45.159.194.255
IPv6:
2a0b:3c40:24::/48
Signature Algorithm: sha256WithRSAEncryption
78:23:4d:e5:eb:60:c8:02:f4:26:29:1a:2c:97:a4:e3:14:1a:
61:05:39:2b:cc:73:b0:7b:fa:89:ec:70:ad:de:fe:db:23:57:
81:3a:cf:e0:16:18:bd:46:9f:49:c8:47:f5:96:81:91:f3:40:
22:ca:0e:d1:de:a2:de:d6:5c:23:70:dc:75:8f:1e:e0:a2:dd:
62:e7:2c:8d:88:9b:a0:78:53:39:56:de:1b:22:57:e5:67:c7:
44:68:f0:6b:07:db:a5:aa:5a:80:96:8c:a9:4d:88:aa:39:a1:
f0:83:f8:22:e1:d4:0a:d6:1f:c3:ec:52:13:90:dd:02:05:60:
e1:9e:20:ed:45:6b:ea:38:32:2e:4d:bc:7b:2a:f1:3d:5f:ef:
a4:50:0d:ba:46:40:70:3b:85:8b:4d:dc:63:29:47:c2:0c:41:
68:f8:63:f5:a2:ff:77:a6:67:a1:8d:a2:08:e4:91:c1:63:cb:
7b:6b:c3:08:03:94:8c:6d:6d:b6:28:9b:b1:56:33:9f:87:7f:
e7:5f:d5:36:f6:d1:13:79:fd:4f:1f:93:93:fc:07:3c:cf:bc:
cf:19:b4:a0:0c:63:1e:d2:1e:30:c9:9f:b9:d2:eb:7c:e8:00:
5c:4e:34:cb:e0:71:95:13:2f:b9:86:d6:08:80:a8:0d:ed:ee:
b7:5a:8b:1c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzFARwbAM0PkNL+0GXF+EjkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQ3MzVhMjI5MDA1ZTJmYWNiNzAyN2M2ZGIwYzJmNzk5YWViMDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuJYMENWMEUxd5yfoDstmYlwb6tl
Un7vxFecsiolN54AyNdpv2/v7F1zqlrhaCCY22xxaXfVWC62hL/T6K9lAfdOYm3C
YGQl8peB3o+t7jOYS+vjvirabwLQtdmeqnLptCfSHfq1yf5LzZaHDjHxzb6elRet
CqeZU2QKed4B4GL5yOvwvdiSk3bB9CqUI/8QZ2y7TvvTeKFY/K3GMQmM9l0bqv53
zrxoq+3HsPeEZNr63nsem6i2lpeZEGoiahVXRNbwej7RMwTHJxCE2p9ZZQeSP7Dg
KnJZAqOQgOTrNq78iVWJbG3n3lz9enDtCQtG0AMg3pmjK1TqTbBarr2RvQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFKLXNaIpAF4vrLcCfG2wwveZrrAjMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvb3RjMW9pa0FYaS1zdHdKOGJiREM5NW11c0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQALZgKAwQB
LZgmAwQBLZ3IMAwDBAYtn8ADBAAtn8IwDwQCAAIwCQMHACoLPEAAJDANBgkqhkiG
9w0BAQsFAAOCAQEAeCNN5etgyAL0JikaLJek4xQaYQU5K8xzsHv6iexwrd7+2yNX
gTrP4BYYvUafSchH9ZaBkfNAIsoO0d6i3tZcI3DcdY8e4KLdYucsjYiboHhTOVbe
GyJX5WfHRGjwawfbpapagJaMqU2Iqjmh8IP4IuHUCtYfw+xSE5DdAgVg4Z4g7UVr
6jgyLk28eyrxPV/vpFANukZAcDuFi03cYylHwgxBaPhj9aL/d6ZnoY2iCOSRwWPL
e2vDCAOUjG1ttiibsVYzn4d/51/VNvbRE3n9Tx+Tk/wHPM+8zxm0oAxjHtIeMMmf
udLrfOgAXE40y+BxlRMvuYbWCICoDe3ut1qLHA==
-----END CERTIFICATE-----
Generated at Thu May 2 20:25:13 2024 by rpki-client on console-ams.rpki-client.org