Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/y1PDXaAfP9SE3-V-n3ZNmSynFZM.roa
File: y1PDXaAfP9SE3-V-n3ZNmSynFZM.roa (raw, json)
Hash identifier: grGAEdoX1gKT6dYv0u3Na/zGCGReIV2xMu9jF2N9z/8=
Subject key identifier: CB:53:C3:5D:A0:1F:3F:D4:84:DF:E5:7E:9F:76:4D:99:2C:A7:15:93
Certificate issuer: /CN=d94bddafb5df098419020a8fbc7a90b16e341d63
Certificate serial: 018CCA2A31E8A82D20CBC1566F4B74EC6415
Authority key identifier: D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/y1PDXaAfP9SE3-V-n3ZNmSynFZM.roa
Signing time: Tue 02 Jan 2024 12:33:31 +0000
ROA not before: Tue 02 Jan 2024 12:33:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58073
IP address blocks: 45.145.252.0/22 maxlen: 22
193.104.186.0/24 maxlen: 24
45.152.192.0/22 maxlen: 22
37.220.32.0/21 maxlen: 24
45.10.116.0/22 maxlen: 22
45.129.176.0/22 maxlen: 22
185.38.12.0/22 maxlen: 24
2.58.23.0/24 maxlen: 24
2.58.20.0/22 maxlen: 22
45.82.44.0/22 maxlen: 22
45.88.16.0/22 maxlen: 22
45.93.32.0/22 maxlen: 22
46.182.104.0/24 maxlen: 24
46.182.105.0/24 maxlen: 24
46.182.106.0/24 maxlen: 24
46.182.107.0/24 maxlen: 24
46.182.111.0/24 maxlen: 24
46.182.109.0/24 maxlen: 24
46.182.110.0/24 maxlen: 24
2a02:2a38::/32 maxlen: 32
2a02:2a38:37::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.mft
rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 07:01:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2a:31:e8:a8:2d:20:cb:c1:56:6f:4b:74:ec:64:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d94bddafb5df098419020a8fbc7a90b16e341d63
Validity
Not Before: Jan 2 12:33:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cb53c35da01f3fd484dfe57e9f764d992ca71593
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:71:fe:fe:7d:83:ad:41:69:45:94:8b:9d:35:
8b:4d:1e:bc:87:92:96:d7:ef:16:cb:12:bf:19:ef:
e3:bd:4b:f7:2c:21:59:a3:5d:1c:d8:27:43:08:61:
0a:61:a7:b4:01:45:ca:00:d8:c6:a4:d2:e4:5d:de:
26:37:ae:fd:cb:b9:e3:0a:99:c0:37:2e:15:6a:10:
54:05:ee:c9:3e:7e:99:33:ac:29:c0:89:ee:f4:64:
b2:3c:f6:36:6d:b5:25:77:cb:fe:d4:95:34:4d:fa:
e6:47:ca:3a:82:ee:b5:e0:37:09:fa:9c:2e:a3:c2:
c8:48:03:fe:b9:f3:30:9a:90:f8:d9:4f:06:73:18:
18:12:31:55:f0:53:64:59:0b:21:2f:9c:2d:cc:4a:
99:6a:98:1e:91:c8:cb:92:a0:3d:c3:f6:de:83:a2:
c9:5c:75:bc:77:33:d0:b9:51:df:a1:16:80:84:32:
e4:85:0f:74:6f:f4:b7:28:fd:5f:40:2a:e1:7b:56:
ea:ca:f2:63:9b:7a:81:2c:f7:ba:52:eb:aa:ee:af:
d7:b2:09:21:4c:29:45:ef:c9:8f:55:3a:f8:f7:72:
60:64:8e:c9:71:98:2b:40:72:bc:e3:3d:01:46:69:
97:66:f3:53:d6:b1:85:e0:8a:b4:fe:0c:e7:9b:bc:
19:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:53:C3:5D:A0:1F:3F:D4:84:DF:E5:7E:9F:76:4D:99:2C:A7:15:93
X509v3 Authority Key Identifier:
keyid:D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/y1PDXaAfP9SE3-V-n3ZNmSynFZM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.20.0/22
37.220.32.0/21
45.10.116.0/22
45.82.44.0/22
45.88.16.0/22
45.93.32.0/22
45.129.176.0/22
45.145.252.0/22
45.152.192.0/22
46.182.104.0/22
46.182.109.0-46.182.111.255
185.38.12.0/22
193.104.186.0/24
IPv6:
2a02:2a38::/32
Signature Algorithm: sha256WithRSAEncryption
40:7d:e8:75:ae:62:11:4a:0e:d3:21:6c:15:62:32:91:29:29:
23:32:a9:d4:43:03:6e:6d:0e:ae:d5:66:d7:a9:24:f9:09:6f:
5b:f1:f0:72:9a:66:e4:ea:6a:12:b1:ed:cd:35:4a:fe:44:1e:
d8:56:d6:99:fa:3a:d6:5a:d4:85:7a:01:79:1e:b3:f8:7c:28:
e4:91:2c:03:cb:ca:80:50:a4:b6:e1:af:a0:c4:c1:9d:64:bc:
22:da:21:8c:99:2f:d4:19:a6:d3:53:34:a5:69:d7:83:86:d2:
a7:89:83:7b:0a:ee:ae:cf:01:d2:17:87:2a:ee:d3:9b:7a:64:
81:7a:4a:0e:7b:6c:a0:80:fc:d9:c5:c9:1e:9a:ad:2a:68:6f:
38:6a:b4:15:6f:0f:6d:96:99:1c:58:fc:5c:4e:f1:2f:d0:31:
72:55:cc:97:0c:b2:6e:ea:69:0b:ef:b4:96:31:e0:dc:01:47:
5a:0a:11:a8:f2:a6:cc:9f:3a:e0:e6:bd:f6:de:3a:49:ff:ce:
09:ef:1c:48:24:f3:e4:86:63:27:dc:be:8e:43:79:b8:38:d4:
6c:67:6b:6a:f2:ef:42:8f:55:79:43:2f:10:0a:57:66:37:52:
3a:e6:08:24:fb:a0:7e:d5:02:1d:da:4d:81:81:9d:be:24:f1:
da:3a:0b:e5
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYzKKjHoqC0gy8FWb0t07GQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NGJkZGFmYjVkZjA5ODQxOTAyMGE4ZmJjN2E5MGIxNmUz
NDFkNjMwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUzYzM1ZGEwMWYzZmQ0ODRkZmU1N2U5Zjc2NGQ5OTJjYTcxNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3H+/n2DrUFpRZSLnTWLTR68h5KW
1+8WyxK/Ge/jvUv3LCFZo10c2CdDCGEKYae0AUXKANjGpNLkXd4mN679y7njCpnA
Ny4VahBUBe7JPn6ZM6wpwInu9GSyPPY2bbUld8v+1JU0TfrmR8o6gu614DcJ+pwu
o8LISAP+ufMwmpD42U8GcxgYEjFV8FNkWQshL5wtzEqZapgekcjLkqA9w/beg6LJ
XHW8dzPQuVHfoRaAhDLkhQ90b/S3KP1fQCrhe1bqyvJjm3qBLPe6Uuuq7q/Xsgkh
TClF78mPVTr493JgZI7JcZgrQHK84z0BRmmXZvNT1rGF4Iq0/gznm7wZgQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFMtTw12gHz/UhN/lfp92TZkspxWTMB8GA1UdIwQY
MBaAFNlL3a+13wmEGQIKj7x6kLFuNB1jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEt
NmUyNmI5MWY2OTEwLzEveTFQRFhhQWZQOVNFMy1WLW4zWk5tU3luRlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEtNmUyNmI5MWY2OTEw
LzEvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWAwQCAjoUAwQD
JdwgAwQCLQp0AwQCLVIsAwQCLVgQAwQCLV0gAwQCLYGwAwQCLZH8AwQCLZjAAwQC
LrZoMAwDBAAutm0DBAQutmADBAK5JgwDBADBaLowDQQCAAIwBwMFACoCKjgwDQYJ
KoZIhvcNAQELBQADggEBAEB96HWuYhFKDtMhbBViMpEpKSMyqdRDA25tDq7VZtep
JPkJb1vx8HKaZuTqahKx7c01Sv5EHthW1pn6OtZa1IV6AXkes/h8KOSRLAPLyoBQ
pLbhr6DEwZ1kvCLaIYyZL9QZptNTNKVp14OG0qeJg3sK7q7PAdIXhyru05t6ZIF6
Sg57bKCA/NnFyR6arSpobzhqtBVvD22WmRxY/FxO8S/QMXJVzJcMsm7qaQvvtJYx
4NwBR1oKEajypsyfOuDmvfbeOkn/zgnvHEgk8+SGYyfcvo5Debg41Gxna2ry70KP
VXlDLxAKV2Y3UjrmCCT7oH7VAh3aTYGBnb4k8do6C+U=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:12:19 2024 by rpki-client on console-fra.rpki-client.org