Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/CYFUFtBXinMco7TH1PiEpiFEfxo.roa
File: CYFUFtBXinMco7TH1PiEpiFEfxo.roa (raw, json)
Hash identifier: 1016wnrUTtBGlCS+fBWdGY57lWyOa1AiD8ccI6zK1WU=
Subject key identifier: 09:81:54:16:D0:57:8A:73:1C:A3:B4:C7:D4:F8:84:A6:21:44:7F:1A
Certificate issuer: /CN=b68a994e42e60da4f4a5475b15f5e27516c7cf14
Certificate serial: 018CC8012A6ACC27B247183324B81BC7CB2A
Authority key identifier: B6:8A:99:4E:42:E6:0D:A4:F4:A5:47:5B:15:F5:E2:75:16:C7:CF:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/toqZTkLmDaT0pUdbFfXidRbHzxQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/CYFUFtBXinMco7TH1PiEpiFEfxo.roa
Signing time: Tue 02 Jan 2024 02:29:28 +0000
ROA not before: Tue 02 Jan 2024 02:29:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 46616
IP address blocks: 45.149.121.0/24 maxlen: 24
45.149.120.0/22 maxlen: 22
45.149.120.0/24 maxlen: 24
45.149.123.0/24 maxlen: 24
45.149.122.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/toqZTkLmDaT0pUdbFfXidRbHzxQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/toqZTkLmDaT0pUdbFfXidRbHzxQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/toqZTkLmDaT0pUdbFfXidRbHzxQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 16:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:2a:6a:cc:27:b2:47:18:33:24:b8:1b:c7:cb:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b68a994e42e60da4f4a5475b15f5e27516c7cf14
Validity
Not Before: Jan 2 02:29:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=09815416d0578a731ca3b4c7d4f884a621447f1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ca:3a:69:43:7a:64:c3:17:ea:8c:d0:46:38:
0d:2c:df:77:0b:64:b6:f0:bf:0e:d4:02:65:0c:fa:
33:b9:49:c4:a5:f6:98:68:a1:6c:8b:98:a5:c5:88:
7c:1f:06:05:64:e7:4b:f3:3a:7d:6c:df:74:d6:ba:
f3:5d:f3:d4:89:24:23:a5:b1:05:27:62:88:79:b4:
a4:f7:1e:a8:68:48:07:ab:ee:e3:52:42:95:6e:1f:
bf:f7:da:3c:16:eb:5c:36:d5:ba:dd:07:89:66:17:
89:1c:07:64:ca:99:bd:9d:db:c7:db:3f:9c:61:61:
97:2e:f7:b9:67:5c:5e:fc:3c:f5:1b:5e:82:19:44:
6a:1b:37:c1:91:f6:6e:c0:3a:14:9a:f2:78:75:80:
6f:d8:c1:62:c8:33:1b:9d:2f:0b:1d:fc:fb:af:0b:
59:da:f3:a4:b9:e8:41:43:5d:80:ee:d5:fd:d8:01:
7e:06:27:f2:4f:5b:49:a4:83:e3:0d:28:5d:32:f4:
1e:a1:78:fe:9d:34:a8:14:f7:56:82:43:2f:eb:fa:
93:bf:36:9e:8b:73:79:9f:ee:43:8f:e1:9e:a7:2f:
e7:de:db:06:5f:d7:42:7c:35:ca:b4:97:db:25:e0:
e9:b4:ad:9f:28:57:a5:4d:49:6c:77:74:a0:00:cf:
a6:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:81:54:16:D0:57:8A:73:1C:A3:B4:C7:D4:F8:84:A6:21:44:7F:1A
X509v3 Authority Key Identifier:
keyid:B6:8A:99:4E:42:E6:0D:A4:F4:A5:47:5B:15:F5:E2:75:16:C7:CF:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toqZTkLmDaT0pUdbFfXidRbHzxQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/CYFUFtBXinMco7TH1PiEpiFEfxo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f3804d-e8ad-4d08-990e-bd3bebcddeb3/1/toqZTkLmDaT0pUdbFfXidRbHzxQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.120.0/22
Signature Algorithm: sha256WithRSAEncryption
14:63:a4:5e:11:5d:b4:01:e0:5c:3a:38:54:81:08:fb:cc:9c:
cd:f0:92:ae:7e:bc:4a:2b:c4:c5:15:0e:b5:ed:03:1a:59:6d:
df:cf:36:19:cc:27:45:d7:31:42:3e:a5:a1:57:51:1a:36:a9:
86:ce:64:2e:d7:58:41:62:6c:c4:0c:4e:4f:33:db:23:20:12:
c8:18:51:22:65:ec:26:d7:a4:26:36:70:47:66:5a:aa:5e:10:
58:cf:0d:d8:ec:89:a9:46:d5:3b:4e:19:a7:b4:ff:45:ec:a4:
4d:bf:d0:71:f0:bc:8a:bc:49:9b:98:60:51:54:07:df:df:eb:
3f:de:a0:b8:c2:ea:89:11:3c:6e:98:77:77:df:99:14:ce:53:
b8:4f:c3:4d:49:c0:12:c2:5b:a9:3f:97:c4:44:22:8b:08:d9:
d6:75:db:f1:60:9e:7d:36:16:43:f2:f1:2e:32:cc:f4:af:73:
14:ba:83:37:5a:a7:c0:fe:07:b3:60:d7:6e:26:fe:97:fb:78:
88:9d:d7:18:39:df:f2:09:ef:0e:d5:94:56:ef:f8:79:e4:6a:
96:fe:66:7f:73:0f:64:9b:2c:2b:6f:c6:fb:1c:dd:ad:50:b4:
a6:b4:5e:60:0e:8c:4f:07:98:30:68:59:61:f2:c5:83:be:9e:
e8:39:f9:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASpqzCeyRxgzJLgbx8sqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGE5OTRlNDJlNjBkYTRmNGE1NDc1YjE1ZjVlMjc1MTZj
N2NmMTQwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTgxNTQxNmQwNTc4YTczMWNhM2I0YzdkNGY4ODRhNjIxNDQ3ZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsco6aUN6ZMMX6ozQRjgNLN93C2S2
8L8O1AJlDPozuUnEpfaYaKFsi5ilxYh8HwYFZOdL8zp9bN901rrzXfPUiSQjpbEF
J2KIebSk9x6oaEgHq+7jUkKVbh+/99o8FutcNtW63QeJZheJHAdkypm9ndvH2z+c
YWGXLve5Z1xe/Dz1G16CGURqGzfBkfZuwDoUmvJ4dYBv2MFiyDMbnS8LHfz7rwtZ
2vOkuehBQ12A7tX92AF+BifyT1tJpIPjDShdMvQeoXj+nTSoFPdWgkMv6/qTvzae
i3N5n+5Dj+Gepy/n3tsGX9dCfDXKtJfbJeDptK2fKFelTUlsd3SgAM+mSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmBVBbQV4pzHKO0x9T4hKYhRH8aMB8GA1UdIwQY
MBaAFLaKmU5C5g2k9KVHWxX14nUWx88UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG9xWlRrTG1EYVQwcFVkYkZmWGlkUmJIenhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9mMzgwNGQtZThhZC00ZDA4LTk5MGUt
YmQzYmViY2RkZWIzLzEvQ1lGVUZ0Qlhpbk1jbzdUSDFQaUVwaUZFZnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9mMzgwNGQtZThhZC00ZDA4LTk5MGUtYmQzYmViY2RkZWIz
LzEvdG9xWlRrTG1EYVQwcFVkYkZmWGlkUmJIenhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZV4MA0G
CSqGSIb3DQEBCwUAA4IBAQAUY6ReEV20AeBcOjhUgQj7zJzN8JKufrxKK8TFFQ61
7QMaWW3fzzYZzCdF1zFCPqWhV1EaNqmGzmQu11hBYmzEDE5PM9sjIBLIGFEiZewm
16QmNnBHZlqqXhBYzw3Y7ImpRtU7ThmntP9F7KRNv9Bx8LyKvEmbmGBRVAff3+s/
3qC4wuqJETxumHd335kUzlO4T8NNScASwlupP5fERCKLCNnWddvxYJ59NhZD8vEu
Msz0r3MUuoM3WqfA/gezYNduJv6X+3iIndcYOd/yCe8O1ZRW7/h55GqW/mZ/cw9k
mywrb8b7HN2tULSmtF5gDoxPB5gwaFlh8sWDvp7oOfnd
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:07:59 2024 by rpki-client on console-fra.rpki-client.org