Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/BnmHu_hitABCcsVcChjzfeLIGYI.roa
File: BnmHu_hitABCcsVcChjzfeLIGYI.roa (raw, json)
Hash identifier: Eb0i35qTLRRQxLFJCCM/m44fe0tuI5cnrksfGNYxSFE=
Subject key identifier: 06:79:87:BB:F8:62:B4:00:42:72:C5:5C:0A:18:F3:7D:E2:C8:19:82
Certificate issuer: /CN=7d02fa2c5ba2892045e7cd50a5adfd54d6dbb8c2
Certificate serial: 019348FC891484927EF192B303D08ACEC906
Authority key identifier: 7D:02:FA:2C:5B:A2:89:20:45:E7:CD:50:A5:AD:FD:54:D6:DB:B8:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/BnmHu_hitABCcsVcChjzfeLIGYI.roa
Signing time: Wed 20 Nov 2024 09:52:09 +0000
ROA not before: Wed 20 Nov 2024 09:52:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201205
IP address blocks: 37.230.120.0/21 maxlen: 21
78.24.168.0/21 maxlen: 21
147.12.64.0/19 maxlen: 24
147.12.64.0/24 maxlen: 24
176.62.136.0/21 maxlen: 21
185.29.4.0/22 maxlen: 22
185.160.220.0/22 maxlen: 24
2a01:5c00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/fQL6LFuiiSBF581Qpa39VNbbuMI.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/fQL6LFuiiSBF581Qpa39VNbbuMI.mft
rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 18:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:48:fc:89:14:84:92:7e:f1:92:b3:03:d0:8a:ce:c9:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d02fa2c5ba2892045e7cd50a5adfd54d6dbb8c2
Validity
Not Before: Nov 20 09:52:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=067987bbf862b4004272c55c0a18f37de2c81982
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:b3:a9:9e:e0:f2:d4:62:6e:19:59:05:04:ba:
cf:3b:6d:ed:82:57:d5:f3:e7:e6:98:72:80:24:a9:
96:76:e1:b8:43:eb:9c:36:0b:c6:e5:fa:78:7c:e2:
c0:96:3e:22:cc:69:e7:6e:d3:cf:f8:47:e3:b8:d7:
53:5f:0a:21:13:f6:11:31:43:33:9a:d1:d4:7b:96:
c6:69:71:a7:b6:4b:04:cf:a1:fe:a7:59:c1:21:35:
21:55:4e:53:04:cb:17:ce:2f:d1:a3:e8:a9:3e:88:
ff:98:f7:0b:63:e6:46:1d:49:a2:dc:b3:fd:21:fa:
ee:fc:08:cb:87:17:bc:e2:8e:27:22:74:19:98:a3:
b4:ad:65:e9:97:ee:25:a2:8f:78:e5:58:b1:a2:cc:
ce:b1:35:08:42:97:bf:13:f6:73:51:56:1d:01:54:
67:e5:c4:1c:42:b5:8b:4c:46:31:a1:0b:65:93:37:
b3:96:50:b3:c4:28:bc:a3:e6:c3:66:39:30:02:01:
9b:a4:57:ca:fb:ef:af:e2:20:91:99:df:67:9c:5f:
49:d9:8b:6e:1f:a5:62:77:3f:93:f2:99:b8:36:f2:
cd:0f:c3:d3:d6:15:5c:ae:15:f9:1a:da:36:a0:eb:
f3:b4:76:30:69:16:7d:14:5f:56:93:4e:38:69:b9:
f1:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:79:87:BB:F8:62:B4:00:42:72:C5:5C:0A:18:F3:7D:E2:C8:19:82
X509v3 Authority Key Identifier:
keyid:7D:02:FA:2C:5B:A2:89:20:45:E7:CD:50:A5:AD:FD:54:D6:DB:B8:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/BnmHu_hitABCcsVcChjzfeLIGYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/fQL6LFuiiSBF581Qpa39VNbbuMI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.230.120.0/21
78.24.168.0/21
147.12.64.0/19
176.62.136.0/21
185.29.4.0/22
185.160.220.0/22
IPv6:
2a01:5c00::/32
Signature Algorithm: sha256WithRSAEncryption
02:d2:59:6c:65:e3:17:e0:8d:d8:78:6b:17:27:44:8e:be:8f:
33:aa:4e:84:d5:f0:f8:6c:22:84:f3:70:58:59:c9:e6:4e:52:
54:d0:44:8e:c7:21:56:fb:88:86:83:23:2c:11:f8:62:62:9b:
84:8d:57:21:2e:4b:df:40:16:92:72:e1:94:6b:59:ca:90:ec:
48:b7:e3:1a:33:96:be:d5:2f:ce:77:03:bc:4b:e4:de:b1:4d:
c1:07:d7:4c:c6:67:79:1c:cd:38:df:f6:e5:75:75:8a:54:f7:
98:a9:c1:87:b9:9a:e9:3a:8e:3d:43:94:45:8c:c5:dd:16:ab:
ef:c6:f4:22:14:8e:e7:b0:2d:3c:1b:5b:a7:fa:bf:83:e8:a7:
29:a7:a0:c2:41:f9:7a:d3:82:06:c3:ed:8b:bb:8a:6e:db:c3:
19:29:d7:fa:4b:e7:f5:76:83:7a:84:c7:78:de:39:c9:1b:fe:
5f:9e:22:68:62:3e:2f:56:82:52:99:63:fb:0d:55:f9:ab:cb:
4c:95:4e:1d:8c:f8:84:01:17:d4:69:2e:bb:31:be:54:30:7e:
f2:46:bf:45:8e:28:a8:ba:9c:83:98:88:81:09:8a:9e:e1:96:
c6:a8:64:c1:ea:9a:04:33:82:e4:2b:05:a1:ee:76:25:ce:9c:
79:3b:48:37
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZNI/IkUhJJ+8ZKzA9CKzskGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDJmYTJjNWJhMjg5MjA0NWU3Y2Q1MGE1YWRmZDU0ZDZk
YmI4YzIwHhcNMjQxMTIwMDk1MjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjc5ODdiYmY4NjJiNDAwNDI3MmM1NWMwYTE4ZjM3ZGUyYzgxOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrOpnuDy1GJuGVkFBLrPO23tglfV
8+fmmHKAJKmWduG4Q+ucNgvG5fp4fOLAlj4izGnnbtPP+EfjuNdTXwohE/YRMUMz
mtHUe5bGaXGntksEz6H+p1nBITUhVU5TBMsXzi/Ro+ipPoj/mPcLY+ZGHUmi3LP9
Ifru/AjLhxe84o4nInQZmKO0rWXpl+4loo945VixoszOsTUIQpe/E/ZzUVYdAVRn
5cQcQrWLTEYxoQtlkzezllCzxCi8o+bDZjkwAgGbpFfK+++v4iCRmd9nnF9J2Ytu
H6Vidz+T8pm4NvLND8PT1hVcrhX5Gto2oOvztHYwaRZ9FF9Wk044abnx8wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFAZ5h7v4YrQAQnLFXAoY833iyBmCMB8GA1UdIwQY
MBaAFH0C+ixbookgRefNUKWt/VTW27jCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFMNkxGdWlpU0JGNTgxUXBhMzlWTmJidU1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jY2UyMGItNGQ1YS00OGY4LWI4OGUt
ODEwMzlmM2NmM2ZkLzEvQm5tSHVfaGl0QUJDY3NWY0NoanpmZUxJR1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jY2UyMGItNGQ1YS00OGY4LWI4OGUtODEwMzlmM2NmM2Zk
LzEvZlFMNkxGdWlpU0JGNTgxUXBhMzlWTmJidU1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDJeZ4AwQD
ThioAwQFkwxAAwQDsD6IAwQCuR0EAwQCuaDcMA0EAgACMAcDBQAqAVwAMA0GCSqG
SIb3DQEBCwUAA4IBAQAC0llsZeMX4I3YeGsXJ0SOvo8zqk6E1fD4bCKE83BYWcnm
TlJU0ESOxyFW+4iGgyMsEfhiYpuEjVchLkvfQBaScuGUa1nKkOxIt+MaM5a+1S/O
dwO8S+TesU3BB9dMxmd5HM043/bldXWKVPeYqcGHuZrpOo49Q5RFjMXdFqvvxvQi
FI7nsC08G1un+r+D6Kcpp6DCQfl604IGw+2Lu4pu28MZKdf6S+f1doN6hMd43jnJ
G/5fniJoYj4vVoJSmWP7DVX5q8tMlU4djPiEARfUaS67Mb5UMH7yRr9FjiioupyD
mIiBCYqe4ZbGqGTB6poEM4LkKwWh7nYlzpx5O0g3
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:18:15 2024 by rpki-client on console-ams.rpki-client.org