Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/HEWx2S34MiUqiw41A-aYdyP3GvI.roa
File: HEWx2S34MiUqiw41A-aYdyP3GvI.roa (raw, json)
Hash identifier: kvsRLY6f1ekDUMdh2mB9Xm6+C58+9Xmdj0LQBQStVcM=
Subject key identifier: 1C:45:B1:D9:2D:F8:32:25:2A:8B:0E:35:03:E6:98:77:23:F7:1A:F2
Certificate issuer: /CN=43dfc066ce7cd3e382574a68667973b0b468df3c
Certificate serial: 018CC49395DDA444F9C862D316616767A725
Authority key identifier: 43:DF:C0:66:CE:7C:D3:E3:82:57:4A:68:66:79:73:B0:B4:68:DF:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/HEWx2S34MiUqiw41A-aYdyP3GvI.roa
Signing time: Mon 01 Jan 2024 10:30:55 +0000
ROA not before: Mon 01 Jan 2024 10:30:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 45.155.99.0/24 maxlen: 24
2a10:ba00:bee4::/48 maxlen: 48
2a10:ba00:bee2::/48 maxlen: 48
2a10:ba00:bee5::/48 maxlen: 48
2a10:ba00:bee0::/48 maxlen: 48
2a10:ba00:bee3::/48 maxlen: 48
2a10:ba00:bee1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 18:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:95:dd:a4:44:f9:c8:62:d3:16:61:67:67:a7:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43dfc066ce7cd3e382574a68667973b0b468df3c
Validity
Not Before: Jan 1 10:30:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1c45b1d92df832252a8b0e3503e6987723f71af2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:65:53:ac:5a:eb:3e:be:19:6b:42:5c:24:23:
21:86:d1:6e:a9:8b:d5:8a:ab:cd:b5:46:75:a9:c9:
79:41:09:24:cb:59:5f:50:0d:0c:5f:80:97:75:7f:
69:b9:04:93:01:91:43:a3:a0:b5:9f:da:3d:45:05:
0e:27:16:d4:4b:52:c0:99:3e:a7:36:e3:83:52:5f:
35:56:d7:0b:5a:e3:2c:53:8b:fc:12:4b:91:13:13:
21:80:a8:ca:ab:73:7e:44:a0:95:17:e4:dd:6c:38:
48:a6:fc:88:98:d4:22:34:18:79:c8:cc:39:15:63:
67:c5:3e:37:91:f1:b2:4b:49:e3:04:1e:00:ee:4f:
8e:7a:55:7d:63:fa:e3:4c:ba:93:97:18:0a:b6:6d:
18:7a:b8:a3:b3:b8:ba:b6:e0:4d:7e:85:2a:37:88:
fc:0b:d9:12:f8:71:fd:fb:b6:92:45:f4:f2:2d:91:
42:4d:4e:f6:79:74:ee:18:36:14:ae:07:f5:6b:73:
76:5e:1b:50:e8:ef:b4:99:ec:e3:52:ec:95:d7:28:
d5:4b:7e:bd:46:93:9c:85:e5:30:68:32:34:64:64:
dd:06:f1:96:32:48:4f:25:a2:57:be:68:d6:17:9e:
bd:61:7d:1d:98:fa:76:c4:9a:20:be:6e:40:4e:32:
48:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:45:B1:D9:2D:F8:32:25:2A:8B:0E:35:03:E6:98:77:23:F7:1A:F2
X509v3 Authority Key Identifier:
keyid:43:DF:C0:66:CE:7C:D3:E3:82:57:4A:68:66:79:73:B0:B4:68:DF:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/HEWx2S34MiUqiw41A-aYdyP3GvI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.155.99.0/24
IPv6:
2a10:ba00:bee0::-2a10:ba00:bee5:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
72:0a:1d:8c:41:18:7d:88:91:42:d4:46:71:b7:71:81:7e:6b:
27:10:4d:ad:ea:c3:4a:0b:7e:4e:da:94:79:48:cc:4c:1f:26:
ed:75:48:e0:0f:2c:15:59:1f:be:2e:07:a4:65:ce:7f:dd:07:
93:dc:8d:b2:ee:29:8f:8c:34:08:a7:71:e8:be:65:55:c7:c4:
b6:d6:80:58:3b:03:66:92:b3:b9:c4:9e:34:80:e9:3a:e7:67:
61:94:f3:0b:2f:10:03:8c:d1:b5:03:18:3a:fa:49:76:3f:91:
3c:d1:a3:48:1a:fe:47:03:91:53:b6:c2:3b:f1:28:19:67:43:
06:42:69:a7:5e:9a:84:de:39:78:e8:4b:af:34:e8:99:64:00:
c6:49:12:cc:9e:a4:8c:21:b5:ad:4d:98:9f:71:65:26:f1:04:
ae:ac:58:7d:72:9a:20:d7:9b:2f:ff:58:22:75:86:20:5f:1d:
9a:0c:b0:27:1d:05:9a:fe:a4:96:7d:90:13:02:46:8a:fc:b3:
4c:e5:2a:cb:5a:33:7a:77:bc:5d:ae:29:a2:4d:32:98:a1:bc:
6c:f0:ee:db:5e:5d:9b:4b:d4:f8:a6:04:87:e3:5d:6a:1c:82:
61:bb:f4:6d:47:0c:76:15:ed:d3:15:55:5c:14:f3:05:1c:e7:
f3:3f:fb:15
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzEk5XdpET5yGLTFmFnZ6clMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZGZjMDY2Y2U3Y2QzZTM4MjU3NGE2ODY2Nzk3M2IwYjQ2
OGRmM2MwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ1YjFkOTJkZjgzMjI1MmE4YjBlMzUwM2U2OTg3NzIzZjcxYWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymVTrFrrPr4Za0JcJCMhhtFuqYvV
iqvNtUZ1qcl5QQkky1lfUA0MX4CXdX9puQSTAZFDo6C1n9o9RQUOJxbUS1LAmT6n
NuODUl81VtcLWuMsU4v8EkuRExMhgKjKq3N+RKCVF+TdbDhIpvyImNQiNBh5yMw5
FWNnxT43kfGyS0njBB4A7k+OelV9Y/rjTLqTlxgKtm0Yerijs7i6tuBNfoUqN4j8
C9kS+HH9+7aSRfTyLZFCTU72eXTuGDYUrgf1a3N2XhtQ6O+0mezjUuyV1yjVS369
RpOcheUwaDI0ZGTdBvGWMkhPJaJXvmjWF569YX0dmPp2xJogvm5ATjJIGwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFBxFsdkt+DIlKosONQPmmHcj9xryMB8GA1UdIwQY
MBaAFEPfwGbOfNPjgldKaGZ5c7C0aN88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlfQVpzNTgwLU9DVjBwb1pubHpzTFJvM3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xNjM2ZjgtNTAyNi00MDRlLWExYWUt
MjUwOTc0M2FkMjllLzEvSEVXeDJTMzRNaVVxaXc0MUEtYVlkeVAzR3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xNjM2ZjgtNTAyNi00MDRlLWExYWUtMjUwOTc0M2FkMjll
LzEvUTlfQVpzNTgwLU9DVjBwb1pubHpzTFJvM3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQALZtjMBoE
AgACMBQwEgMHBSoQugC+4AMHASoQugC+5DANBgkqhkiG9w0BAQsFAAOCAQEAcgod
jEEYfYiRQtRGcbdxgX5rJxBNrerDSgt+TtqUeUjMTB8m7XVI4A8sFVkfvi4HpGXO
f90Hk9yNsu4pj4w0CKdx6L5lVcfEttaAWDsDZpKzucSeNIDpOudnYZTzCy8QA4zR
tQMYOvpJdj+RPNGjSBr+RwORU7bCO/EoGWdDBkJpp16ahN45eOhLrzTomWQAxkkS
zJ6kjCG1rU2Yn3FlJvEErqxYfXKaINebL/9YInWGIF8dmgywJx0Fmv6kln2QEwJG
ivyzTOUqy1ozene8Xa4pok0ymKG8bPDu215dm0vU+KYEh+NdahyCYbv0bUcMdhXt
0xVVXBTzBRzn8z/7FQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:14:05 2024 by rpki-client on console-ams.rpki-client.org