Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/XsPkIZS8Cl0p4kVIN-Udgt2moRE.roa
File: XsPkIZS8Cl0p4kVIN-Udgt2moRE.roa (raw, json)
Hash identifier: PvOatFqvLpKAIvTT4tzjSTKkRt04pmWRSegkLbDDwFQ=
Subject key identifier: 5E:C3:E4:21:94:BC:0A:5D:29:E2:45:48:37:E5:1D:82:DD:A6:A1:11
Certificate issuer: /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial: 01931386306C915FAFFF0975BD095C22BC30
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/XsPkIZS8Cl0p4kVIN-Udgt2moRE.roa
Signing time: Sun 10 Nov 2024 00:43:01 +0000
ROA not before: Sun 10 Nov 2024 00:43:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 214785
IP address blocks: 45.134.144.0/24 maxlen: 24
45.155.224.0/24 maxlen: 24
103.211.100.0/24 maxlen: 24
103.211.102.0/24 maxlen: 24
185.245.1.0/24 maxlen: 24
185.245.2.0/24 maxlen: 24
194.120.164.0/24 maxlen: 24
194.145.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 02:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:13:86:30:6c:91:5f:af:ff:09:75:bd:09:5c:22:bc:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Validity
Not Before: Nov 10 00:43:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5ec3e42194bc0a5d29e2454837e51d82dda6a111
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:4e:17:26:16:cc:b1:dd:56:90:f3:b5:eb:17:
9f:af:8e:77:90:92:d5:0d:93:9d:9f:a9:12:2b:7d:
8c:7a:10:66:99:3b:e3:15:de:0a:39:e3:f8:be:11:
04:cf:f7:0b:79:20:b9:37:58:12:85:2a:aa:4c:b0:
15:ad:13:f7:16:14:74:83:d5:9c:24:d8:51:bd:87:
a9:cb:2c:2e:0d:54:09:48:2b:11:99:f3:3c:64:47:
be:d0:45:2b:6c:3a:a6:e0:91:de:a7:3e:53:c4:13:
5c:c1:be:fd:59:e6:f6:4f:3d:24:41:41:69:e6:3b:
e5:08:ff:50:18:56:44:20:e6:47:78:ca:9e:58:56:
71:de:8a:5d:e8:e4:8d:48:e9:74:d0:21:d3:76:66:
2e:8e:a9:84:df:76:6d:9a:e7:48:16:92:97:95:39:
b3:d4:9d:77:d2:79:11:8f:a0:25:03:98:cb:01:3f:
f0:9a:35:ad:89:0f:aa:f9:bc:9d:46:fc:4d:d5:8c:
64:ea:f4:52:d5:13:43:87:27:83:ca:f2:68:a3:74:
9d:f0:1e:f8:86:30:2c:2c:84:af:28:04:34:e2:84:
71:9c:1c:51:6e:64:6b:0a:8e:e5:f3:14:c3:56:6d:
a4:ae:db:7e:37:51:9f:73:96:82:e9:a9:c8:d7:0e:
84:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:C3:E4:21:94:BC:0A:5D:29:E2:45:48:37:E5:1D:82:DD:A6:A1:11
X509v3 Authority Key Identifier:
keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/XsPkIZS8Cl0p4kVIN-Udgt2moRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.144.0/24
45.155.224.0/24
103.211.100.0/24
103.211.102.0/24
185.245.1.0-185.245.2.255
194.120.164.0/24
194.145.237.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:8a:fc:e7:82:3c:d6:d7:93:94:9d:0e:91:a9:05:4b:55:9f:
2a:49:5d:80:f3:a0:dc:c2:03:30:5b:ad:17:35:3d:1d:55:29:
ba:5d:5b:4b:d6:bd:3f:d3:b8:95:1b:65:7a:6c:bf:60:8e:06:
35:d4:4a:c3:e8:ab:13:ae:86:86:40:6f:ab:b6:c5:08:0a:a4:
6b:d1:85:39:2c:63:f3:ee:50:0c:b6:5d:d0:1b:34:65:04:b3:
f4:98:3f:df:6d:46:65:f4:b6:c7:6d:69:24:fc:11:e4:8b:74:
e1:ea:7b:70:38:fb:1c:f7:79:c7:a2:7e:e8:3d:5e:d0:d4:3f:
5d:5d:ec:56:0e:98:b8:94:ed:6a:ce:1b:a7:6a:be:ad:06:8a:
32:db:a5:fb:fe:b8:09:df:24:ab:c4:3d:f1:7c:9a:b2:79:b5:
08:14:69:61:d4:00:0c:27:ef:88:32:e8:0c:f5:d5:4d:86:c3:
b7:ab:d7:d4:91:e9:eb:12:a9:55:85:29:60:38:36:3a:8c:30:
53:87:1e:2f:e3:22:92:6a:91:52:97:2b:af:fe:c7:91:81:75:
7b:fa:2e:88:d0:68:91:59:f6:6b:96:0c:21:9b:f3:76:6f:90:
e3:fa:9b:72:4c:aa:f9:af:cc:f3:c9:92:af:cd:30:11:0c:f3:
e7:ab:fa:2d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZMThjBskV+v/wl1vQlcIrwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQxMTEwMDA0MzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMzZTQyMTk0YmMwYTVkMjllMjQ1NDgzN2U1MWQ4MmRkYTZhMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2E4XJhbMsd1WkPO16xefr453kJLV
DZOdn6kSK32MehBmmTvjFd4KOeP4vhEEz/cLeSC5N1gShSqqTLAVrRP3FhR0g9Wc
JNhRvYepyywuDVQJSCsRmfM8ZEe+0EUrbDqm4JHepz5TxBNcwb79Web2Tz0kQUFp
5jvlCP9QGFZEIOZHeMqeWFZx3opd6OSNSOl00CHTdmYujqmE33ZtmudIFpKXlTmz
1J130nkRj6AlA5jLAT/wmjWtiQ+q+bydRvxN1Yxk6vRS1RNDhyeDyvJoo3Sd8B74
hjAsLISvKAQ04oRxnBxRbmRrCo7l8xTDVm2krtt+N1Gfc5aC6anI1w6EqwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFF7D5CGUvApdKeJFSDflHYLdpqERMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvWHNQa0laUzhDbDBwNGtWSU4tVWRndDJtb1JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALYaQAwQA
LZvgAwQAZ9NkAwQAZ9NmMAwDBAC59QEDBAC59QIDBADCeKQDBADCke0wDQYJKoZI
hvcNAQELBQADggEBAKSK/OeCPNbXk5SdDpGpBUtVnypJXYDzoNzCAzBbrRc1PR1V
KbpdW0vWvT/TuJUbZXpsv2COBjXUSsPoqxOuhoZAb6u2xQgKpGvRhTksY/PuUAy2
XdAbNGUEs/SYP99tRmX0tsdtaST8EeSLdOHqe3A4+xz3eceifug9XtDUP11d7FYO
mLiU7WrOG6dqvq0GijLbpfv+uAnfJKvEPfF8mrJ5tQgUaWHUAAwn74gy6Az11U2G
w7er19SR6esSqVWFKWA4NjqMMFOHHi/jIpJqkVKXK6/+x5GBdXv6LojQaJFZ9muW
DCGb83ZvkOP6m3JMqvmvzPPJkq/NMBEM8+er+i0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:23:17 2024 by rpki-client on console-ams.rpki-client.org