Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/OFbejRNGpa-magWAM_TImX89qXI.roa
File: OFbejRNGpa-magWAM_TImX89qXI.roa (raw, json)
Hash identifier: FzyYCjOubPdl5E64dfV4g0uzeRtKEmLxaYhynil8cHs=
Subject key identifier: 38:56:DE:8D:13:46:A5:AF:A6:6A:05:80:33:F4:C8:99:7F:3D:A9:72
Certificate issuer: /CN=4c988b93ab7a2999a3255eeae4e18ab23b2e0f3e
Certificate serial: 018CC94D9A34684AB4967EC2B43C38B7220B
Authority key identifier: 4C:98:8B:93:AB:7A:29:99:A3:25:5E:EA:E4:E1:8A:B2:3B:2E:0F:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TJiLk6t6KZmjJV7q5OGKsjsuDz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/OFbejRNGpa-magWAM_TImX89qXI.roa
Signing time: Tue 02 Jan 2024 08:32:35 +0000
ROA not before: Tue 02 Jan 2024 08:32:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42422
IP address blocks: 46.36.36.0/24 maxlen: 24
46.36.38.0/24 maxlen: 24
46.36.35.0/24 maxlen: 24
46.36.37.0/24 maxlen: 24
46.36.39.0/24 maxlen: 24
46.36.41.0/24 maxlen: 24
46.36.40.0/24 maxlen: 24
2a02:25b0:aaaa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/TJiLk6t6KZmjJV7q5OGKsjsuDz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/TJiLk6t6KZmjJV7q5OGKsjsuDz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/TJiLk6t6KZmjJV7q5OGKsjsuDz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 05:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:9a:34:68:4a:b4:96:7e:c2:b4:3c:38:b7:22:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4c988b93ab7a2999a3255eeae4e18ab23b2e0f3e
Validity
Not Before: Jan 2 08:32:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3856de8d1346a5afa66a058033f4c8997f3da972
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:8d:aa:c1:5a:70:a0:0f:82:68:db:ea:7b:98:
f0:2a:84:b2:52:c8:15:35:ec:81:a1:1d:3d:b6:2a:
8b:ef:39:39:56:17:07:ca:e9:dd:5a:12:88:4a:a1:
dd:f5:42:db:60:25:e6:cc:6c:21:cd:0d:58:fb:0e:
4b:97:22:79:78:d6:55:22:1e:e9:23:79:a2:be:8f:
d4:73:9f:18:32:63:02:74:03:07:20:e1:0b:aa:07:
cb:fb:c8:37:1c:7f:37:71:06:1e:dd:40:85:31:6d:
5a:93:90:6a:6b:ef:19:18:5d:20:7e:46:55:bf:ad:
11:8d:c6:2f:a6:5b:db:18:02:98:82:87:13:61:45:
33:ac:a1:f9:63:43:47:2a:1d:77:16:4d:c2:1e:f7:
6c:27:21:db:8c:29:da:72:8c:1c:62:11:86:aa:48:
07:71:c2:ed:18:f0:2d:7f:56:2c:55:b6:7d:c1:0b:
f8:25:bb:3d:74:a9:38:9c:37:8c:f0:07:50:4c:b9:
de:f3:7a:e6:70:e1:fd:74:7e:8e:fd:d9:f0:7f:f7:
7a:fc:b7:b4:5b:72:8e:45:30:ca:1f:b8:a0:b7:fc:
0b:31:14:81:fa:f0:51:60:87:02:43:a4:23:67:5e:
be:f6:0a:9b:38:15:fc:64:35:2c:90:52:0d:4c:19:
fc:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:56:DE:8D:13:46:A5:AF:A6:6A:05:80:33:F4:C8:99:7F:3D:A9:72
X509v3 Authority Key Identifier:
keyid:4C:98:8B:93:AB:7A:29:99:A3:25:5E:EA:E4:E1:8A:B2:3B:2E:0F:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJiLk6t6KZmjJV7q5OGKsjsuDz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/OFbejRNGpa-magWAM_TImX89qXI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/TJiLk6t6KZmjJV7q5OGKsjsuDz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.36.35.0-46.36.41.255
IPv6:
2a02:25b0:aaaa::/48
Signature Algorithm: sha256WithRSAEncryption
7a:0e:e9:3e:3a:89:62:e8:8d:09:f3:4a:d0:7a:3e:55:f9:c2:
c1:47:36:00:0a:9b:85:72:0f:0b:b5:4e:f7:61:10:8a:ea:55:
02:49:f8:20:e8:97:11:3c:25:8e:b9:71:fe:37:fb:e4:09:cc:
24:cd:63:2c:aa:c9:b7:ca:b0:24:10:31:e3:df:21:b4:c1:0c:
66:0b:45:92:10:cb:8a:18:01:50:c3:f7:7b:92:ff:bd:21:a4:
9a:a7:be:d3:2a:38:f2:f8:e3:79:a7:3b:ce:95:22:9a:94:50:
ab:0b:49:48:32:5d:2c:2b:cf:90:0a:cd:03:bb:c9:6c:db:b3:
3b:06:58:dc:58:64:73:0b:9d:c7:64:9b:cc:26:42:31:92:af:
b9:36:c4:4c:28:2f:e0:c0:4e:52:c4:18:2a:3f:c4:5b:13:f5:
69:65:0a:63:26:9e:0c:3b:4d:23:bf:2c:49:85:1e:19:30:80:
e7:07:73:c1:3d:47:0d:73:67:f4:90:7f:ee:03:2c:78:6f:59:
6f:10:4e:5f:cd:e8:91:37:ae:4e:0a:b0:1d:d4:ca:f2:1e:c1:
ba:f1:2a:1e:ce:29:2d:49:42:6e:9b:2b:99:9a:42:5c:e6:36:
dd:52:71:07:fd:3f:d3:55:29:4e:fd:de:52:12:74:09:a2:ca:
18:a8:59:73
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzJTZo0aEq0ln7CtDw4tyILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTg4YjkzYWI3YTI5OTlhMzI1NWVlYWU0ZTE4YWIyM2Iy
ZTBmM2UwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU2ZGU4ZDEzNDZhNWFmYTY2YTA1ODAzM2Y0Yzg5OTdmM2RhOTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsY2qwVpwoA+CaNvqe5jwKoSyUsgV
NeyBoR09tiqL7zk5VhcHyundWhKISqHd9ULbYCXmzGwhzQ1Y+w5LlyJ5eNZVIh7p
I3mivo/Uc58YMmMCdAMHIOELqgfL+8g3HH83cQYe3UCFMW1ak5Bqa+8ZGF0gfkZV
v60RjcYvplvbGAKYgocTYUUzrKH5Y0NHKh13Fk3CHvdsJyHbjCnacowcYhGGqkgH
ccLtGPAtf1YsVbZ9wQv4Jbs9dKk4nDeM8AdQTLne83rmcOH9dH6O/dnwf/d6/Le0
W3KORTDKH7igt/wLMRSB+vBRYIcCQ6QjZ16+9gqbOBX8ZDUskFINTBn8cQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDhW3o0TRqWvpmoFgDP0yJl/PalyMB8GA1UdIwQY
MBaAFEyYi5OreimZoyVe6uThirI7Lg8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEppTGs2dDZLWm1qSlY3cTVPR0tzanN1RHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80YzFmNTktMGMxMi00MTUzLWExNWMt
NzE1ZjljZDYzMDg2LzEvT0ZiZWpSTkdwYS1tYWdXQU1fVEltWDg5cVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80YzFmNTktMGMxMi00MTUzLWExNWMtNzE1ZjljZDYzMDg2
LzEvVEppTGs2dDZLWm1qSlY3cTVPR0tzanN1RHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAAuJCMD
BAEuJCgwDwQCAAIwCQMHACoCJbCqqjANBgkqhkiG9w0BAQsFAAOCAQEAeg7pPjqJ
YuiNCfNK0Ho+VfnCwUc2AAqbhXIPC7VO92EQiupVAkn4IOiXETwljrlx/jf75AnM
JM1jLKrJt8qwJBAx498htMEMZgtFkhDLihgBUMP3e5L/vSGkmqe+0yo48vjjeac7
zpUimpRQqwtJSDJdLCvPkArNA7vJbNuzOwZY3Fhkcwudx2SbzCZCMZKvuTbETCgv
4MBOUsQYKj/EWxP1aWUKYyaeDDtNI78sSYUeGTCA5wdzwT1HDXNn9JB/7gMseG9Z
bxBOX83okTeuTgqwHdTK8h7BuvEqHs4pLUlCbpsrmZpCXOY23VJxB/0/01UpTv3e
UhJ0CaLKGKhZcw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:13 2024 by rpki-client on console-fra.rpki-client.org