Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/28nyzvc8WoekT4gQz_aS76dp54k.roa
File: 28nyzvc8WoekT4gQz_aS76dp54k.roa (raw, json)
Hash identifier: bPD207i4lL0hojueHKP8KuHkMYjNfLayyVNIRcpDO6s=
Subject key identifier: DB:C9:F2:CE:F7:3C:5A:87:A4:4F:88:10:CF:F6:92:EF:A7:69:E7:89
Certificate issuer: /CN=19c91f1cb0874232a04fbc092baa688accecc9d7
Certificate serial: 018CC34906EF385CEFD6024D3FC1A5133A77
Authority key identifier: 19:C9:1F:1C:B0:87:42:32:A0:4F:BC:09:2B:AA:68:8A:CC:EC:C9:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GckfHLCHQjKgT7wJK6poiszsydc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/28nyzvc8WoekT4gQz_aS76dp54k.roa
Signing time: Mon 01 Jan 2024 04:29:52 +0000
ROA not before: Mon 01 Jan 2024 04:29:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208759
IP address blocks: 45.85.237.0/24 maxlen: 24
45.85.236.0/24 maxlen: 24
45.85.239.0/24 maxlen: 24
45.85.238.0/24 maxlen: 24
2a0e:c885::/44 maxlen: 44
2a0e:c887::/44 maxlen: 44
2a0e:c884:3e80::/44 maxlen: 48
2a0e:c886::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/GckfHLCHQjKgT7wJK6poiszsydc.crl
rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/GckfHLCHQjKgT7wJK6poiszsydc.mft
rsync://rpki.ripe.net/repository/DEFAULT/GckfHLCHQjKgT7wJK6poiszsydc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 May 2024 20:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:06:ef:38:5c:ef:d6:02:4d:3f:c1:a5:13:3a:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19c91f1cb0874232a04fbc092baa688accecc9d7
Validity
Not Before: Jan 1 04:29:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dbc9f2cef73c5a87a44f8810cff692efa769e789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:a0:bf:31:de:69:a6:52:5e:77:8f:c6:31:e6:
2d:b5:74:7b:42:cf:de:6b:e9:0e:37:81:7b:7f:84:
30:55:47:4d:a3:6c:52:e3:b9:07:2d:75:c3:38:77:
51:a2:6f:66:fc:9a:b1:d0:ff:0a:0d:d7:e3:5f:e1:
75:ef:06:53:b6:36:56:26:dd:fb:90:4d:4c:c8:31:
ab:66:c5:c0:a4:1c:32:93:1f:e9:79:f9:05:96:b0:
c4:e3:2a:a0:11:f1:cc:0e:eb:f5:90:40:bd:39:1f:
a8:87:3c:ff:96:4b:0f:f2:97:db:21:02:c2:d6:65:
7d:f0:76:e7:67:b7:04:80:3c:2c:ff:d5:47:e2:bd:
48:26:25:c1:0c:72:fe:50:d4:4f:16:f2:95:43:b9:
08:eb:ce:cb:a6:db:a4:d8:3b:51:1d:98:be:ef:bc:
8b:3d:69:82:59:2f:5a:63:ab:0e:ca:de:a8:d6:56:
0f:03:83:7f:65:94:97:f9:e0:8b:65:d1:84:1c:14:
25:35:a4:ec:a7:29:0e:55:3f:35:15:cd:09:9a:6a:
42:0a:8b:07:7b:fb:35:d5:01:91:3e:9c:16:d7:bf:
61:7b:01:f0:14:fd:0e:e6:4a:4d:5a:17:5b:14:91:
76:56:2e:d7:5f:de:cc:f4:7d:6c:b8:97:e6:2b:b9:
8b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:C9:F2:CE:F7:3C:5A:87:A4:4F:88:10:CF:F6:92:EF:A7:69:E7:89
X509v3 Authority Key Identifier:
keyid:19:C9:1F:1C:B0:87:42:32:A0:4F:BC:09:2B:AA:68:8A:CC:EC:C9:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GckfHLCHQjKgT7wJK6poiszsydc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/28nyzvc8WoekT4gQz_aS76dp54k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/GckfHLCHQjKgT7wJK6poiszsydc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.236.0/22
IPv6:
2a0e:c884:3e80::/44
2a0e:c885::/44
2a0e:c886::/44
2a0e:c887::/44
Signature Algorithm: sha256WithRSAEncryption
4d:21:c4:ac:19:48:42:fb:3b:87:d2:89:92:8c:2a:47:d9:00:
12:e4:60:b2:17:22:e3:7e:c3:46:e2:89:fc:ba:4b:f9:d2:52:
83:7e:12:ef:2c:32:60:55:8d:7b:5c:f1:9d:1f:f8:78:e7:d9:
24:0d:a2:ba:d1:3f:c8:4d:13:6a:b6:70:85:d3:e0:2e:cf:f9:
f2:6a:51:0f:d9:b7:84:ed:cb:85:4b:68:ff:bb:c6:00:7c:38:
b9:64:b3:10:b1:9d:4b:fc:f5:a2:0e:8a:25:43:18:f7:e3:7f:
9b:e7:51:5a:a0:84:35:b7:ab:3d:61:6a:88:ee:7a:18:e2:32:
db:49:e6:19:77:de:53:f8:c4:96:41:bb:1f:6f:73:de:49:8a:
03:c9:f6:9e:30:47:d8:d3:0a:16:09:db:14:c5:42:20:7a:7b:
1b:f4:a7:4a:cd:7b:0f:f9:c9:bd:3f:b7:d2:ab:51:01:5c:0f:
ed:3c:74:1d:b3:ae:94:81:67:41:dc:36:96:8d:b6:de:22:11:
48:a5:61:16:8b:fd:c6:13:45:14:26:0a:40:47:1c:b7:70:b8:
8a:91:c4:40:81:e1:e2:a2:89:fb:e2:b9:8a:83:8d:11:00:c2:
a1:20:a5:9f:5d:77:be:72:02:f6:6a:25:b9:f4:a6:7c:1a:0c:
e6:a1:6e:c7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzDSQbvOFzv1gJNP8GlEzp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YzkxZjFjYjA4NzQyMzJhMDRmYmMwOTJiYWE2ODhhY2Nl
Y2M5ZDcwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM5ZjJjZWY3M2M1YTg3YTQ0Zjg4MTBjZmY2OTJlZmE3NjllNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6C/Md5pplJed4/GMeYttXR7Qs/e
a+kON4F7f4QwVUdNo2xS47kHLXXDOHdRom9m/Jqx0P8KDdfjX+F17wZTtjZWJt37
kE1MyDGrZsXApBwykx/pefkFlrDE4yqgEfHMDuv1kEC9OR+ohzz/lksP8pfbIQLC
1mV98HbnZ7cEgDws/9VH4r1IJiXBDHL+UNRPFvKVQ7kI687Lptuk2DtRHZi+77yL
PWmCWS9aY6sOyt6o1lYPA4N/ZZSX+eCLZdGEHBQlNaTspykOVT81Fc0JmmpCCosH
e/s11QGRPpwW179hewHwFP0O5kpNWhdbFJF2Vi7XX97M9H1suJfmK7mLVwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFNvJ8s73PFqHpE+IEM/2ku+naeeJMB8GA1UdIwQY
MBaAFBnJHxywh0IyoE+8CSuqaIrM7MnXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2NrZkhMQ0hRaktnVDd3Sks2cG9pc3pzeWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8wNDYzMzctNGYxZi00NDRlLTgzZDct
MDU0ZDY1ZDcyNDdmLzEvMjhueXp2YzhXb2VrVDRnUXpfYVM3NmRwNTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8wNDYzMzctNGYxZi00NDRlLTgzZDctMDU0ZDY1ZDcyNDdm
LzEvR2NrZkhMQ0hRaktnVDd3Sks2cG9pc3pzeWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAMBAIAATAGAwQCLVXsMCoE
AgACMCQDBwQqDsiEPoADBwQqDsiFAAADBwQqDsiGAAADBwQqDsiHAAAwDQYJKoZI
hvcNAQELBQADggEBAE0hxKwZSEL7O4fSiZKMKkfZABLkYLIXIuN+w0biify6S/nS
UoN+Eu8sMmBVjXtc8Z0f+Hjn2SQNorrRP8hNE2q2cIXT4C7P+fJqUQ/Zt4Tty4VL
aP+7xgB8OLlksxCxnUv89aIOiiVDGPfjf5vnUVqghDW3qz1haojuehjiMttJ5hl3
3lP4xJZBux9vc95JigPJ9p4wR9jTChYJ2xTFQiB6exv0p0rNew/5yb0/t9KrUQFc
D+08dB2zrpSBZ0HcNpaNtt4iEUilYRaL/cYTRRQmCkBHHLdwuIqRxECB4eKiifvi
uYqDjREAwqEgpZ9dd75yAvZqJbn0pnwaDOahbsc=
-----END CERTIFICATE-----
Generated at Sun May 19 00:45:57 2024 by rpki-client on console-ams.rpki-client.org