Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/TZVMTbn2lC314qxspX8x-MT63kE.roa
File: TZVMTbn2lC314qxspX8x-MT63kE.roa (raw, json)
Hash identifier: FdTosmC4QLTWBR4mPIa+OQthOXiBqzDjcX2oeplsdeE=
Subject key identifier: 4D:95:4C:4D:B9:F6:94:2D:F5:E2:AC:6C:A5:7F:31:F8:C4:FA:DE:41
Certificate issuer: /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial: 018CF3397F32B8E0EC58154E8D1F15E7CEA6
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/TZVMTbn2lC314qxspX8x-MT63kE.roa
Signing time: Wed 10 Jan 2024 11:54:40 +0000
ROA not before: Wed 10 Jan 2024 11:54:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16125
IP address blocks: 46.166.160.0/20 maxlen: 32
185.8.104.0/22 maxlen: 32
5.199.160.0/20 maxlen: 32
5.199.165.0/24 maxlen: 32
93.115.24.0/21 maxlen: 32
185.150.116.0/22 maxlen: 32
188.214.128.0/21 maxlen: 32
2a02:ae00::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 05 May 2024 14:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f3:39:7f:32:b8:e0:ec:58:15:4e:8d:1f:15:e7:ce:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Validity
Not Before: Jan 10 11:54:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4d954c4db9f6942df5e2ac6ca57f31f8c4fade41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:70:f8:35:7b:52:11:79:c0:0e:d2:0e:fb:01:
0e:82:2b:f6:1f:c7:c7:ec:72:b8:58:aa:1b:58:44:
fc:21:80:29:93:dd:21:b4:92:94:0d:67:77:ad:ea:
db:8c:88:b8:be:cf:eb:d5:70:e0:c0:6c:24:01:c5:
e3:63:4d:ee:ae:e3:86:48:cc:46:e6:ea:56:9d:ff:
c8:31:c2:20:66:8d:29:a1:dd:39:76:bb:15:d1:9a:
a1:81:a9:47:ae:19:9e:ba:0d:56:f0:ea:8e:f3:d4:
93:e2:ab:9b:ff:e5:88:6b:c7:a6:0a:8a:95:38:a2:
d0:90:44:0b:44:c0:84:8a:95:d0:a4:8e:8d:74:66:
0e:36:1e:12:39:8a:50:dd:e5:46:9b:15:39:17:79:
aa:64:e7:50:76:05:83:34:47:b0:64:27:99:7a:63:
c2:06:af:1f:3e:75:8b:86:68:6b:b5:fa:00:bb:6f:
46:9a:64:42:69:ca:99:bb:c6:b5:d0:9b:f4:0c:d8:
c9:65:49:20:6d:d1:55:dc:fd:f9:4d:42:32:95:7f:
91:7f:dd:65:47:6c:93:15:e5:5c:c6:c1:84:a4:fb:
e8:bb:6b:9e:42:41:87:83:ea:e1:7f:2c:16:20:c1:
30:09:46:a1:8d:8c:75:75:37:ac:04:c4:6a:e4:fb:
19:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:95:4C:4D:B9:F6:94:2D:F5:E2:AC:6C:A5:7F:31:F8:C4:FA:DE:41
X509v3 Authority Key Identifier:
keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/TZVMTbn2lC314qxspX8x-MT63kE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.199.160.0/20
46.166.160.0/20
93.115.24.0/21
185.8.104.0/22
185.150.116.0/22
188.214.128.0/21
IPv6:
2a02:ae00::/36
Signature Algorithm: sha256WithRSAEncryption
c8:05:68:f1:79:1d:c2:43:ee:60:a9:3a:f5:50:8f:24:14:d6:
75:bc:8a:46:f5:b0:1a:3a:58:d5:86:72:fb:54:02:2c:02:d0:
e8:90:9b:8e:66:9d:22:2b:81:49:9a:83:4f:a4:88:90:c8:6c:
ae:d9:97:02:c8:34:9a:c6:07:2b:ed:3a:e1:d3:2c:a6:f9:62:
08:f5:b5:53:47:39:8f:35:0b:d1:72:d1:8e:d3:00:00:34:cf:
6c:4c:cb:11:95:83:f4:ed:fb:73:9b:d7:76:e7:8d:64:eb:dd:
48:7a:a3:96:54:05:9d:4f:de:0a:e9:57:86:71:d6:3a:31:29:
7f:77:d7:3d:d6:e3:b7:6f:fe:46:17:31:56:7a:a0:b8:84:14:
e6:e0:66:f8:cf:2b:38:69:55:46:6d:a0:c6:06:aa:8f:76:f2:
c7:4a:d2:a0:bc:49:e1:41:7a:91:9d:91:92:ad:1a:06:75:75:
53:a4:3e:59:07:7d:af:6c:21:46:35:27:2f:92:72:29:52:1c:
6a:4f:94:2a:03:36:ae:2e:9b:81:b4:29:5f:df:74:84:fa:47:
5a:0e:a5:2e:dd:52:69:c4:af:77:22:7c:18:8d:1a:8a:f5:c7:
7d:1e:43:9d:82:58:87:ae:25:c8:0d:27:21:c4:41:e5:a6:8b:
7d:c2:c3:57
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzzOX8yuODsWBVOjR8V586mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjQwMTEwMTE1NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk1NGM0ZGI5ZjY5NDJkZjVlMmFjNmNhNTdmMzFmOGM0ZmFkZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3D4NXtSEXnADtIO+wEOgiv2H8fH
7HK4WKobWET8IYApk90htJKUDWd3rerbjIi4vs/r1XDgwGwkAcXjY03uruOGSMxG
5upWnf/IMcIgZo0pod05drsV0ZqhgalHrhmeug1W8OqO89ST4qub/+WIa8emCoqV
OKLQkEQLRMCEipXQpI6NdGYONh4SOYpQ3eVGmxU5F3mqZOdQdgWDNEewZCeZemPC
Bq8fPnWLhmhrtfoAu29GmmRCacqZu8a10Jv0DNjJZUkgbdFV3P35TUIylX+Rf91l
R2yTFeVcxsGEpPvou2ueQkGHg+rhfywWIMEwCUahjYx1dTesBMRq5PsZRwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFE2VTE259pQt9eKsbKV/MfjE+t5BMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvVFpWTVRibjJsQzMxNHF4c3BYOHgtTVQ2M2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAqBAIAATAkAwQEBcegAwQE
LqagAwQDXXMYAwQCuQhoAwQCuZZ0AwQDvNaAMA4EAgACMAgDBgQqAq4AADANBgkq
hkiG9w0BAQsFAAOCAQEAyAVo8XkdwkPuYKk69VCPJBTWdbyKRvWwGjpY1YZy+1QC
LALQ6JCbjmadIiuBSZqDT6SIkMhsrtmXAsg0msYHK+064dMspvliCPW1U0c5jzUL
0XLRjtMAADTPbEzLEZWD9O37c5vXdueNZOvdSHqjllQFnU/eCulXhnHWOjEpf3fX
Pdbjt2/+RhcxVnqguIQU5uBm+M8rOGlVRm2gxgaqj3byx0rSoLxJ4UF6kZ2Rkq0a
BnV1U6Q+WQd9r2whRjUnL5JyKVIcak+UKgM2ri6bgbQpX990hPpHWg6lLt1SacSv
dyJ8GI0aivXHfR5DnYJYh64lyA0nIcRB5aaLfcLDVw==
-----END CERTIFICATE-----
Generated at Sat May 4 22:23:23 2024 by rpki-client on console-ams.rpki-client.org