Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TPmfhxh0_nTXnn3Ex03aeMGiB4c.roa
File: TPmfhxh0_nTXnn3Ex03aeMGiB4c.roa (raw, json)
Hash identifier: HFnYo4N0HI3o2+ViKgPlzaJxO2Vou6oIlA6YqMzd3m4=
Subject key identifier: 4C:F9:9F:87:18:74:FE:74:D7:9E:7D:C4:C7:4D:DA:78:C1:A2:07:87
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 018CC6B7B95F11B4320CC173EE99C6E30D1D
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TPmfhxh0_nTXnn3Ex03aeMGiB4c.roa
Signing time: Mon 01 Jan 2024 20:29:38 +0000
ROA not before: Mon 01 Jan 2024 20:29:38 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202656
IP address blocks: 45.149.83.0/24 maxlen: 24
195.245.110.0/24 maxlen: 24
45.140.171.0/24 maxlen: 24
45.140.173.0/24 maxlen: 24
45.139.28.0/24 maxlen: 24
45.139.31.0/24 maxlen: 24
194.33.9.0/24 maxlen: 24
194.33.8.0/24 maxlen: 24
92.249.13.0/24 maxlen: 24
92.249.14.0/24 maxlen: 24
194.55.104.0/24 maxlen: 24
194.55.103.0/24 maxlen: 24
91.220.126.0/24 maxlen: 24
213.139.194.0/24 maxlen: 24
45.152.225.0/24 maxlen: 24
45.137.191.0/24 maxlen: 24
45.154.162.0/24 maxlen: 24
91.220.84.0/24 maxlen: 24
91.220.90.0/24 maxlen: 24
45.141.186.0/24 maxlen: 24
45.141.187.0/24 maxlen: 24
91.212.82.0/24 maxlen: 24
194.61.76.0/24 maxlen: 24
193.150.171.0/24 maxlen: 24
193.150.170.0/24 maxlen: 24
45.137.55.0/24 maxlen: 24
45.137.53.0/24 maxlen: 24
45.137.52.0/24 maxlen: 24
45.145.162.0/24 maxlen: 24
45.147.1.0/24 maxlen: 24
193.150.98.0/24 maxlen: 24
91.221.38.0/24 maxlen: 24
85.202.166.0/24 maxlen: 24
85.202.167.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 11:00:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:b9:5f:11:b4:32:0c:c1:73:ee:99:c6:e3:0d:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: Jan 1 20:29:38 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4cf99f871874fe74d79e7dc4c74dda78c1a20787
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:71:bf:d1:50:24:2f:b4:35:3f:e3:e6:53:35:
d2:9f:a5:c9:b1:a1:dd:3e:15:56:e0:2b:cb:cd:94:
05:23:87:52:97:60:6c:a3:fd:b6:19:13:51:6f:e1:
60:bc:cb:a8:40:75:b9:30:10:a5:79:41:02:6e:a9:
71:50:c6:5c:08:9a:86:13:cd:e9:fb:31:e2:60:56:
89:0f:71:3a:36:28:d1:23:c1:40:25:3a:c0:2f:98:
ca:a0:24:99:ec:91:28:26:6e:3f:d9:ca:81:3d:95:
a7:81:71:ab:46:ee:26:d3:4e:cb:bb:7d:d8:f1:fc:
0a:9a:64:ee:4d:12:26:69:1b:c6:23:2e:23:a8:3a:
02:69:38:d0:60:93:71:be:97:80:b2:61:6d:94:03:
d4:0d:d1:13:f6:21:08:15:36:da:b2:52:fb:34:b4:
90:f8:de:37:7f:e9:ae:29:07:26:8e:03:6e:17:c8:
a2:ec:a0:35:ca:52:51:34:26:9c:05:e6:e1:2e:b4:
0f:cf:86:b5:be:26:be:32:a4:86:ae:47:5b:d6:c6:
a8:6b:98:74:c9:6c:2e:6e:3b:3a:d3:5f:b4:d7:40:
3b:90:4c:36:52:fc:60:90:64:bd:8f:21:72:38:77:
94:0a:98:3f:f2:41:b9:cf:ab:30:27:28:14:c2:62:
e7:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:F9:9F:87:18:74:FE:74:D7:9E:7D:C4:C7:4D:DA:78:C1:A2:07:87
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TPmfhxh0_nTXnn3Ex03aeMGiB4c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.52.0/23
45.137.55.0/24
45.137.191.0/24
45.139.28.0/24
45.139.31.0/24
45.140.171.0/24
45.140.173.0/24
45.141.186.0/23
45.145.162.0/24
45.147.1.0/24
45.149.83.0/24
45.152.225.0/24
45.154.162.0/24
85.202.166.0/23
91.212.82.0/24
91.220.84.0/24
91.220.90.0/24
91.220.126.0/24
91.221.38.0/24
92.249.13.0-92.249.14.255
193.150.98.0/24
193.150.170.0/23
194.33.8.0/23
194.55.103.0-194.55.104.255
194.61.76.0/24
195.245.110.0/24
213.139.194.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:b5:50:57:1d:9b:f0:5a:55:79:0b:fb:18:93:0e:94:30:3b:
b6:dc:05:9d:79:05:4b:68:69:52:81:32:e0:42:57:51:92:b3:
7a:55:08:30:76:b7:70:72:ce:5a:72:28:71:f7:76:7c:c5:5b:
60:18:4a:3b:37:a5:ad:7d:c6:47:86:e7:15:a8:8d:c7:d9:88:
07:25:89:58:5b:e9:e9:fd:c7:04:a7:4d:e8:2c:33:08:74:83:
28:19:5d:3c:69:c6:47:b3:64:ca:90:1b:d8:c1:95:79:9c:d6:
85:69:db:a3:aa:49:c1:e3:25:ea:6a:64:0b:0f:d3:31:04:89:
34:37:3f:44:ec:a3:c0:e9:a2:49:c0:af:35:c7:5c:c8:65:b9:
7f:24:16:c0:7a:79:a2:6f:c1:7c:c2:87:1d:ba:09:b9:9b:17:
09:16:db:36:70:38:23:27:27:12:67:e3:99:39:57:00:ef:42:
fc:5e:78:82:96:fc:be:30:13:2f:ba:12:57:97:3e:66:1c:d6:
0a:ca:a7:2c:c6:09:71:73:5d:ea:07:a0:71:b0:53:68:01:cb:
eb:1c:c0:a0:1f:72:28:45:b8:70:0b:52:3a:87:ee:f0:6c:43:
c9:cc:71:35:63:30:82:35:9c:e7:7d:cf:65:bd:88:96:2c:90:
b0:8a:1e:98
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAYzGt7lfEbQyDMFz7pnG4w0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Y5OWY4NzE4NzRmZTc0ZDc5ZTdkYzRjNzRkZGE3OGMxYTIwNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3G/0VAkL7Q1P+PmUzXSn6XJsaHd
PhVW4CvLzZQFI4dSl2Bso/22GRNRb+FgvMuoQHW5MBCleUECbqlxUMZcCJqGE83p
+zHiYFaJD3E6NijRI8FAJTrAL5jKoCSZ7JEoJm4/2cqBPZWngXGrRu4m007Lu33Y
8fwKmmTuTRImaRvGIy4jqDoCaTjQYJNxvpeAsmFtlAPUDdET9iEIFTbaslL7NLSQ
+N43f+muKQcmjgNuF8ii7KA1ylJRNCacBebhLrQPz4a1via+MqSGrkdb1saoa5h0
yWwubjs601+010A7kEw2UvxgkGS9jyFyOHeUCpg/8kG5z6swJygUwmLn8wIDAQAB
o4ICujCCArYwHQYDVR0OBBYEFEz5n4cYdP501559xMdN2njBogeHMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvVFBtZmh4aDBfblRYbm4zRXgwM2FlTUdpQjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHPBggrBgEFBQcBBwEB/wSBvzCBvDCBuQQCAAEwgbIDBAEt
iTQDBAAtiTcDBAAtib8DBAAtixwDBAAtix8DBAAtjKsDBAAtjK0DBAEtjboDBAAt
kaIDBAAtkwEDBAAtlVMDBAAtmOEDBAAtmqIDBAFVyqYDBABb1FIDBABb3FQDBABb
3FoDBABb3H4DBABb3SYwDAMEAFz5DQMEAFz5DgMEAMGWYgMEAcGWqgMEAcIhCDAM
AwQAwjdnAwQAwjdoAwQAwj1MAwQAw/VuAwQA1YvCMA0GCSqGSIb3DQEBCwUAA4IB
AQB6tVBXHZvwWlV5C/sYkw6UMDu23AWdeQVLaGlSgTLgQldRkrN6VQgwdrdwcs5a
cihx93Z8xVtgGEo7N6WtfcZHhucVqI3H2YgHJYlYW+np/ccEp03oLDMIdIMoGV08
acZHs2TKkBvYwZV5nNaFadujqknB4yXqamQLD9MxBIk0Nz9E7KPA6aJJwK81x1zI
Zbl/JBbAenmib8F8wocdugm5mxcJFts2cDgjJycSZ+OZOVcA70L8XniClvy+MBMv
uhJXlz5mHNYKyqcsxglxc13qB6BxsFNoAcvrHMCgH3IoRbhwC1I6h+7wbEPJzHE1
YzCCNZznfc9lvYiWLJCwih6Y
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:41:54 2024 by rpki-client on console-ams.rpki-client.org