Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/RBfdmlCxgYCd_DkIXSIh7AbsrIY.roa
File: RBfdmlCxgYCd_DkIXSIh7AbsrIY.roa (raw, json)
Hash identifier: jq0R1qjVmIgrA7x0eZ6s0Awz8H75wE/sIqWZWxkMaQ0=
Subject key identifier: 44:17:DD:9A:50:B1:81:80:9D:FC:39:08:5D:22:21:EC:06:EC:AC:86
Certificate issuer: /CN=33954330349f57502a76ae6e99987efc3e3b8109
Certificate serial: 018CC56E58BCB65BCD08FB213DEC33E169A4
Authority key identifier: 33:95:43:30:34:9F:57:50:2A:76:AE:6E:99:98:7E:FC:3E:3B:81:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/RBfdmlCxgYCd_DkIXSIh7AbsrIY.roa
Signing time: Mon 01 Jan 2024 14:29:52 +0000
ROA not before: Mon 01 Jan 2024 14:29:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198330
IP address blocks: 185.55.96.0/22 maxlen: 24
185.104.172.0/22 maxlen: 24
185.128.64.0/22 maxlen: 24
45.12.224.0/22 maxlen: 24
134.90.136.0/21 maxlen: 24
185.243.1.0/24 maxlen: 24
45.10.180.0/22 maxlen: 24
2a03:c280::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.crl
rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.mft
rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 05:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:58:bc:b6:5b:cd:08:fb:21:3d:ec:33:e1:69:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33954330349f57502a76ae6e99987efc3e3b8109
Validity
Not Before: Jan 1 14:29:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4417dd9a50b181809dfc39085d2221ec06ecac86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:21:72:e5:a6:19:a4:0d:47:99:26:e4:67:1a:
95:8e:80:75:06:4d:0a:6e:11:08:26:67:10:37:51:
9c:f7:c0:5b:c5:92:87:af:2c:af:b5:fe:f0:e9:39:
81:59:27:9c:5b:0b:b8:32:04:75:8f:3d:13:43:b4:
98:b0:7c:e9:f0:3c:bf:e5:3f:4d:a7:c8:b0:fc:69:
bd:14:22:c2:49:bc:82:b9:40:af:95:57:be:0a:82:
94:a6:04:7d:e4:9f:a1:5e:af:e4:67:aa:dd:ad:09:
ce:4a:c5:7d:0e:a1:81:0a:d7:c2:c6:02:6c:f7:fc:
25:61:3c:f6:9e:d3:38:b3:bc:ad:22:d3:3b:0a:37:
50:4c:81:9a:ae:a2:b5:56:b5:3e:73:4d:57:27:7a:
1c:64:f2:e8:e3:3f:e1:89:33:9f:a5:8c:0f:3d:8a:
56:d0:3a:ff:3c:b8:4e:79:eb:f2:40:50:c5:3e:e5:
70:f0:58:d1:66:35:98:d4:80:55:20:7e:fb:09:67:
1b:05:fa:4b:d1:c9:5a:22:a9:bb:c7:74:0f:fc:9f:
84:0e:c4:50:4e:f1:db:5f:55:16:40:14:f8:dd:9e:
b3:a0:65:ce:e2:33:eb:6b:1c:53:65:80:90:36:d1:
92:30:2d:2e:7c:38:73:48:d2:84:bc:aa:ae:68:a5:
40:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:17:DD:9A:50:B1:81:80:9D:FC:39:08:5D:22:21:EC:06:EC:AC:86
X509v3 Authority Key Identifier:
keyid:33:95:43:30:34:9F:57:50:2A:76:AE:6E:99:98:7E:FC:3E:3B:81:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/RBfdmlCxgYCd_DkIXSIh7AbsrIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.180.0/22
45.12.224.0/22
134.90.136.0/21
185.55.96.0/22
185.104.172.0/22
185.128.64.0/22
185.243.1.0/24
IPv6:
2a03:c280::/32
Signature Algorithm: sha256WithRSAEncryption
6a:7b:8b:c5:78:27:f3:56:0d:3c:9b:20:29:04:f3:5b:7e:57:
5c:1d:53:9e:09:71:a7:07:2c:3c:21:0f:58:4f:3e:fc:dd:ae:
51:b0:3a:33:2b:b1:e9:90:b6:a7:c2:f1:d9:ae:ed:63:08:fd:
45:0b:55:8a:e0:36:29:66:d9:65:48:57:11:e5:c4:da:c0:f5:
81:32:bd:1e:cb:56:f9:01:ba:94:42:58:62:58:10:23:ca:13:
1d:00:da:3b:81:b6:55:f4:36:c7:dc:4a:cd:2e:21:dc:46:40:
6a:0e:84:b0:8b:01:6a:a6:21:d7:93:05:e2:79:38:6f:a3:16:
10:f0:af:3b:64:27:00:35:ba:ab:24:4c:a9:91:45:92:ae:e3:
68:17:c5:9d:7e:b1:2f:3b:4e:63:d5:1f:93:9c:80:76:d9:7d:
06:b7:87:ae:a1:bc:cd:54:e0:2e:fe:cd:d6:94:aa:6f:2e:29:
e0:19:44:6c:76:de:a8:ee:69:00:57:56:ec:8a:0b:6a:cc:80:
ef:ff:24:fc:8b:a6:e8:e9:d9:4a:84:8f:3f:4a:8b:69:84:d4:
e9:30:a0:9e:30:9b:06:dc:62:c3:9f:61:91:d6:3e:3c:84:a0:
24:8d:ed:61:17:24:00:ad:89:52:15:9e:bd:c2:be:4c:46:bc:
39:b6:e9:9e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzFbli8tlvNCPshPewz4WmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOTU0MzMwMzQ5ZjU3NTAyYTc2YWU2ZTk5OTg3ZWZjM2Uz
YjgxMDkwHhcNMjQwMTAxMTQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDE3ZGQ5YTUwYjE4MTgwOWRmYzM5MDg1ZDIyMjFlYzA2ZWNhYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSFy5aYZpA1HmSbkZxqVjoB1Bk0K
bhEIJmcQN1Gc98BbxZKHryyvtf7w6TmBWSecWwu4MgR1jz0TQ7SYsHzp8Dy/5T9N
p8iw/Gm9FCLCSbyCuUCvlVe+CoKUpgR95J+hXq/kZ6rdrQnOSsV9DqGBCtfCxgJs
9/wlYTz2ntM4s7ytItM7CjdQTIGarqK1VrU+c01XJ3ocZPLo4z/hiTOfpYwPPYpW
0Dr/PLhOeevyQFDFPuVw8FjRZjWY1IBVIH77CWcbBfpL0claIqm7x3QP/J+EDsRQ
TvHbX1UWQBT43Z6zoGXO4jPraxxTZYCQNtGSMC0ufDhzSNKEvKquaKVAJQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFEQX3ZpQsYGAnfw5CF0iIewG7KyGMB8GA1UdIwQY
MBaAFDOVQzA0n1dQKnaubpmYfvw+O4EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTVWRE1EU2ZWMUFxZHE1dW1aaC1fRDQ3Z1FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8wZjE5ZTktMWIyYi00ODEyLWFiNWEt
ZmRmODRmODNhMjc0LzEvUkJmZG1sQ3hnWUNkX0RrSVhTSWg3QWJzcklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8wZjE5ZTktMWIyYi00ODEyLWFiNWEtZmRmODRmODNhMjc0
LzEvTTVWRE1EU2ZWMUFxZHE1dW1aaC1fRDQ3Z1FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLQq0AwQC
LQzgAwQDhlqIAwQCuTdgAwQCuWisAwQCuYBAAwQAufMBMA0EAgACMAcDBQAqA8KA
MA0GCSqGSIb3DQEBCwUAA4IBAQBqe4vFeCfzVg08myApBPNbfldcHVOeCXGnByw8
IQ9YTz783a5RsDozK7HpkLanwvHZru1jCP1FC1WK4DYpZtllSFcR5cTawPWBMr0e
y1b5AbqUQlhiWBAjyhMdANo7gbZV9DbH3ErNLiHcRkBqDoSwiwFqpiHXkwXieThv
oxYQ8K87ZCcANbqrJEypkUWSruNoF8WdfrEvO05j1R+TnIB22X0Gt4euobzNVOAu
/s3WlKpvLingGURsdt6o7mkAV1bsigtqzIDv/yT8i6bo6dlKhI8/SotphNTpMKCe
MJsG3GLDn2GR1j48hKAkje1hFyQArYlSFZ69wr5MRrw5tume
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:02:56 2024 by rpki-client on console-fra.rpki-client.org