Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/86772e-5e6b-406c-8a9e-1654a80dbc36/1/PO0Q53Bef1BQ6rV-PJpRIf9knY4.roa
File: PO0Q53Bef1BQ6rV-PJpRIf9knY4.roa (raw, json)
Hash identifier: 4D0SAv0ahrzcJFAN4DaqHJkmqVoAds0jVp4+Ac3cDAo=
Subject key identifier: 3C:ED:10:E7:70:5E:7F:50:50:EA:B5:7E:3C:9A:51:21:FF:64:9D:8E
Certificate issuer: /CN=adc8a9bbc2bc3a4c8bb876ccdd95fd865250b6db
Certificate serial: 018CC3B69114C34D428306E814CAB61C6A95
Authority key identifier: AD:C8:A9:BB:C2:BC:3A:4C:8B:B8:76:CC:DD:95:FD:86:52:50:B6:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rcipu8K8OkyLuHbM3ZX9hlJQtts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/86772e-5e6b-406c-8a9e-1654a80dbc36/1/PO0Q53Bef1BQ6rV-PJpRIf9knY4.roa
Signing time: Mon 01 Jan 2024 06:29:30 +0000
ROA not before: Mon 01 Jan 2024 06:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60813
IP address blocks: 45.148.222.0/24 maxlen: 24
45.148.221.0/24 maxlen: 24
45.148.223.0/24 maxlen: 24
81.90.98.0/24 maxlen: 24
81.90.97.0/24 maxlen: 24
81.90.96.0/24 maxlen: 24
81.90.96.0/20 maxlen: 20
81.90.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/86772e-5e6b-406c-8a9e-1654a80dbc36/1/rcipu8K8OkyLuHbM3ZX9hlJQtts.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/86772e-5e6b-406c-8a9e-1654a80dbc36/1/rcipu8K8OkyLuHbM3ZX9hlJQtts.mft
rsync://rpki.ripe.net/repository/DEFAULT/rcipu8K8OkyLuHbM3ZX9hlJQtts.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:91:14:c3:4d:42:83:06:e8:14:ca:b6:1c:6a:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adc8a9bbc2bc3a4c8bb876ccdd95fd865250b6db
Validity
Not Before: Jan 1 06:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3ced10e7705e7f5050eab57e3c9a5121ff649d8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:db:9c:4b:4b:2a:e5:97:f4:9c:22:a1:ff:63:
72:41:14:d5:aa:58:23:3b:85:1d:b5:3e:7f:f9:09:
34:e8:8a:7e:2b:18:e2:33:be:4e:d1:48:01:bf:6e:
a0:38:a5:a6:10:dc:ac:86:64:32:71:41:51:df:75:
c7:50:1d:4c:3d:55:b2:4c:89:f8:41:20:d8:fd:19:
ff:9a:47:25:2c:62:74:52:66:75:36:5f:e9:89:85:
d1:51:10:e9:95:1b:af:f8:6f:7b:d5:dd:e2:0d:a2:
3d:a5:45:51:26:85:32:97:2b:33:04:d6:01:36:58:
66:58:21:87:ed:43:6a:15:9b:ef:bb:ef:57:30:f9:
83:0a:8a:66:8e:7a:b8:3f:07:6e:e3:b3:d9:4b:b1:
e8:a2:48:10:13:16:2f:5c:34:77:cd:d1:b8:37:c7:
1a:8a:1e:9a:6e:bd:28:0c:08:53:ed:f6:6b:c7:db:
0a:1d:57:c9:c1:a0:6d:ff:79:70:96:85:d6:1f:4f:
3a:3f:d2:17:f7:a7:d1:8c:ca:04:48:b1:c2:04:bf:
bd:b5:eb:a0:99:a7:28:fe:58:36:a9:25:dc:f0:a2:
57:7c:ea:99:e3:d7:64:c9:94:57:fa:64:65:78:01:
a4:74:e8:02:dc:dd:b7:1c:05:b8:a1:77:3a:36:c8:
63:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:ED:10:E7:70:5E:7F:50:50:EA:B5:7E:3C:9A:51:21:FF:64:9D:8E
X509v3 Authority Key Identifier:
keyid:AD:C8:A9:BB:C2:BC:3A:4C:8B:B8:76:CC:DD:95:FD:86:52:50:B6:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rcipu8K8OkyLuHbM3ZX9hlJQtts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/86772e-5e6b-406c-8a9e-1654a80dbc36/1/PO0Q53Bef1BQ6rV-PJpRIf9knY4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/86772e-5e6b-406c-8a9e-1654a80dbc36/1/rcipu8K8OkyLuHbM3ZX9hlJQtts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.148.221.0-45.148.223.255
81.90.96.0/20
Signature Algorithm: sha256WithRSAEncryption
67:c2:b2:c4:1e:af:84:d4:2e:42:0a:75:82:f6:b5:75:15:df:
49:72:d2:34:7d:80:b3:22:d5:e2:65:a4:a7:0f:39:3b:ee:de:
a6:ac:19:cd:0c:79:ce:b1:fb:0d:0e:a3:9c:ee:f7:0b:f6:74:
44:ae:e8:c0:de:a9:ab:3c:29:31:9c:7d:8a:9d:d6:1b:ee:d9:
a6:17:22:20:94:a8:c5:c9:cc:42:bf:e1:2d:a2:68:af:bf:28:
c0:79:90:f2:e9:85:6a:a3:0e:d7:f6:2b:35:30:7f:12:d4:f0:
33:cb:8e:09:8e:d2:80:7b:6a:94:40:9b:fc:c4:f4:94:9f:e2:
9c:c0:30:28:4c:38:f7:c5:ea:f2:db:83:6a:9f:0e:6c:62:56:
1a:4c:ae:d1:9f:bc:81:cb:81:52:89:98:e7:e6:7a:e9:9f:42:
bd:c6:47:53:c8:df:6e:18:27:35:a0:35:46:13:90:c7:f8:40:
13:75:cc:50:16:fc:e7:7e:cd:1d:d3:c9:c0:1b:0d:82:5b:4f:
0e:05:7f:50:8a:5b:29:0c:2f:1d:a9:07:72:32:c3:7e:93:be:
e1:1d:93:90:c3:93:e8:18:68:56:08:e8:d0:b3:9e:a5:f3:a9:
69:df:53:08:91:a9:d3:25:8c:16:98:e4:19:f7:0b:da:e7:94:
e2:f4:fe:68
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDtpEUw01CgwboFMq2HGqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYzhhOWJiYzJiYzNhNGM4YmI4NzZjY2RkOTVmZDg2NTI1
MGI2ZGIwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2VkMTBlNzcwNWU3ZjUwNTBlYWI1N2UzYzlhNTEyMWZmNjQ5ZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNucS0sq5Zf0nCKh/2NyQRTVqlgj
O4UdtT5/+Qk06Ip+KxjiM75O0UgBv26gOKWmENyshmQycUFR33XHUB1MPVWyTIn4
QSDY/Rn/mkclLGJ0UmZ1Nl/piYXRURDplRuv+G971d3iDaI9pUVRJoUylyszBNYB
NlhmWCGH7UNqFZvvu+9XMPmDCopmjnq4Pwdu47PZS7HookgQExYvXDR3zdG4N8ca
ih6abr0oDAhT7fZrx9sKHVfJwaBt/3lwloXWH086P9IX96fRjMoESLHCBL+9teug
maco/lg2qSXc8KJXfOqZ49dkyZRX+mRleAGkdOgC3N23HAW4oXc6NshjUQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDztEOdwXn9QUOq1fjyaUSH/ZJ2OMB8GA1UdIwQY
MBaAFK3IqbvCvDpMi7h2zN2V/YZSULbbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmNpcHU4SzhPa3lMdUhiTTNaWDlobEpRdHRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS84Njc3MmUtNWU2Yi00MDZjLThhOWUt
MTY1NGE4MGRiYzM2LzEvUE8wUTUzQmVmMUJRNnJWLVBKcFJJZjlrblk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS84Njc3MmUtNWU2Yi00MDZjLThhOWUtMTY1NGE4MGRiYzM2
LzEvcmNpcHU4SzhPa3lMdUhiTTNaWDlobEpRdHRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtlN0D
BAUtlMADBARRWmAwDQYJKoZIhvcNAQELBQADggEBAGfCssQer4TULkIKdYL2tXUV
30ly0jR9gLMi1eJlpKcPOTvu3qasGc0Mec6x+w0Oo5zu9wv2dESu6MDeqas8KTGc
fYqd1hvu2aYXIiCUqMXJzEK/4S2iaK+/KMB5kPLphWqjDtf2KzUwfxLU8DPLjgmO
0oB7apRAm/zE9JSf4pzAMChMOPfF6vLbg2qfDmxiVhpMrtGfvIHLgVKJmOfmeumf
Qr3GR1PI324YJzWgNUYTkMf4QBN1zFAW/Od+zR3TycAbDYJbTw4Ff1CKWykMLx2p
B3Iyw36TvuEdk5DDk+gYaFYI6NCznqXzqWnfUwiRqdMljBaY5Bn3C9rnlOL0/mg=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:22:36 2024 by rpki-client on console-ams.rpki-client.org