Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/UFOKhaK0v1gPCCQKJ0nfF2TPj8Q.roa
File: UFOKhaK0v1gPCCQKJ0nfF2TPj8Q.roa (raw, json)
Hash identifier: gXk89omIH5bBJ5a1OXq1J0BsTh4qVLHTS/I1WBLRmYU=
Subject key identifier: 50:53:8A:85:A2:B4:BF:58:0F:08:24:0A:27:49:DF:17:64:CF:8F:C4
Certificate issuer: /CN=8a72b60f5fb4930016ceb860cc174a53135f1616
Certificate serial: 019423D6A5C754B1933125EF44A87F526707
Authority key identifier: 8A:72:B6:0F:5F:B4:93:00:16:CE:B8:60:CC:17:4A:53:13:5F:16:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/inK2D1-0kwAWzrhgzBdKUxNfFhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/UFOKhaK0v1gPCCQKJ0nfF2TPj8Q.roa
Signing time: Wed 01 Jan 2025 21:47:37 +0000
ROA not before: Wed 01 Jan 2025 21:47:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 45009
IP address blocks: 45.150.40.0/22 maxlen: 22
45.150.40.0/24 maxlen: 24
45.150.41.0/24 maxlen: 24
45.150.42.0/24 maxlen: 24
45.150.43.0/24 maxlen: 24
2a0f:9200::/29 maxlen: 29
2a0f:9200::/48 maxlen: 48
2a0f:9201::/48 maxlen: 48
2a0f:9207::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/inK2D1-0kwAWzrhgzBdKUxNfFhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/inK2D1-0kwAWzrhgzBdKUxNfFhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/inK2D1-0kwAWzrhgzBdKUxNfFhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:a5:c7:54:b1:93:31:25:ef:44:a8:7f:52:67:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a72b60f5fb4930016ceb860cc174a53135f1616
Validity
Not Before: Jan 1 21:47:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=50538a85a2b4bf580f08240a2749df1764cf8fc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:62:fb:30:11:25:57:d9:1d:e0:ff:8d:23:0f:
aa:d2:06:1b:70:dd:5a:55:61:ad:67:13:93:06:ab:
8b:88:05:22:24:55:e8:5a:3e:0b:75:f7:7b:30:92:
62:c2:0e:40:89:5f:e8:bb:e7:5c:f0:e0:a9:0b:c8:
17:9d:94:4b:7e:24:cb:d2:2c:d2:47:53:82:1f:77:
6b:f0:f1:b9:10:21:7c:3c:fa:bd:d6:1a:7e:81:24:
70:36:dc:34:0f:af:95:6a:a5:ed:e1:77:23:97:9c:
78:0c:86:ca:df:60:dd:e4:d7:76:ee:ee:d4:0e:ce:
49:7c:92:65:e2:60:52:81:65:8c:9f:df:98:c4:79:
6b:0e:c1:63:89:cc:89:9b:72:7c:46:74:cd:6f:50:
8e:2c:03:4c:82:b6:89:44:3e:55:69:77:0f:2d:45:
33:39:15:f6:e2:fc:4d:7f:86:ed:96:ad:dc:9a:75:
e4:f4:1e:c1:e2:b0:0c:c1:1a:ea:ab:88:dd:c4:1d:
5e:99:3c:99:9c:7c:9e:91:1b:bf:42:b2:81:7d:03:
70:75:83:4a:38:17:92:d0:e5:da:54:80:bf:33:86:
dc:63:e4:48:6f:fa:1e:00:c4:e9:d7:e7:ac:2e:c0:
4f:0d:76:79:8f:30:3a:6e:41:bf:99:79:8d:db:e1:
67:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:53:8A:85:A2:B4:BF:58:0F:08:24:0A:27:49:DF:17:64:CF:8F:C4
X509v3 Authority Key Identifier:
keyid:8A:72:B6:0F:5F:B4:93:00:16:CE:B8:60:CC:17:4A:53:13:5F:16:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/inK2D1-0kwAWzrhgzBdKUxNfFhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/UFOKhaK0v1gPCCQKJ0nfF2TPj8Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/41fe89-08d6-44f8-b754-e08505c91066/1/inK2D1-0kwAWzrhgzBdKUxNfFhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.40.0/22
IPv6:
2a0f:9200::/29
Signature Algorithm: sha256WithRSAEncryption
16:62:e0:26:e4:71:a4:f4:e3:e5:ce:81:48:0c:65:bd:0d:fd:
23:9c:ce:ba:0c:c8:e2:6e:58:18:20:34:42:d8:20:c2:d8:7c:
94:17:6b:97:89:b9:47:7e:37:43:c8:40:6d:dc:25:1f:c0:8d:
a6:8c:c0:0b:6d:bd:77:b0:b0:56:73:7c:c9:bd:a8:00:63:3d:
a9:df:d5:43:2a:7e:94:93:fb:c8:79:91:3a:02:60:fa:9d:41:
48:1a:48:66:d4:d8:4b:84:65:03:b2:03:ea:0c:45:89:cb:9e:
7f:08:d1:c8:dc:bc:ad:ba:52:b3:14:05:ec:7b:93:66:78:97:
71:87:c9:6f:84:64:6a:86:85:0d:da:0d:8a:15:e4:5d:f4:78:
1c:bd:8e:ba:45:a2:b9:08:51:be:23:77:10:55:fe:c9:bc:c3:
bf:91:b4:c3:0d:2e:d8:ad:02:cf:02:9d:65:11:03:88:a3:0d:
a9:b6:fc:f2:69:38:bc:44:68:c7:35:01:d6:2a:92:e4:d2:a9:
70:ce:3a:b9:06:ab:72:a6:2d:c3:59:00:42:3d:c8:93:37:63:
1f:b9:f6:19:6b:6c:d3:2c:51:19:99:44:71:bf:92:91:2d:b6:
ec:e6:36:ba:04:6e:cd:c5:1d:a3:d7:ea:e2:f5:73:ba:78:4d:
a9:11:e0:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1qXHVLGTMSXvRKh/UmcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNzJiNjBmNWZiNDkzMDAxNmNlYjg2MGNjMTc0YTUzMTM1
ZjE2MTYwHhcNMjUwMTAxMjE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUzOGE4NWEyYjRiZjU4MGYwODI0MGEyNzQ5ZGYxNzY0Y2Y4ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mL7MBElV9kd4P+NIw+q0gYbcN1a
VWGtZxOTBquLiAUiJFXoWj4Ldfd7MJJiwg5AiV/ou+dc8OCpC8gXnZRLfiTL0izS
R1OCH3dr8PG5ECF8PPq91hp+gSRwNtw0D6+VaqXt4Xcjl5x4DIbK32Dd5Nd27u7U
Ds5JfJJl4mBSgWWMn9+YxHlrDsFjicyJm3J8RnTNb1COLANMgraJRD5VaXcPLUUz
ORX24vxNf4btlq3cmnXk9B7B4rAMwRrqq4jdxB1emTyZnHyekRu/QrKBfQNwdYNK
OBeS0OXaVIC/M4bcY+RIb/oeAMTp1+esLsBPDXZ5jzA6bkG/mXmN2+FnbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFBTioWitL9YDwgkCidJ3xdkz4/EMB8GA1UdIwQY
MBaAFIpytg9ftJMAFs64YMwXSlMTXxYWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW5LMkQxLTBrd0FXenJoZ3pCZEtVeE5mRmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80MWZlODktMDhkNi00NGY4LWI3NTQt
ZTA4NTA1YzkxMDY2LzEvVUZPS2hhSzB2MWdQQ0NRS0owbmZGMlRQajhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80MWZlODktMDhkNi00NGY4LWI3NTQtZTA4NTA1YzkxMDY2
LzEvaW5LMkQxLTBrd0FXenJoZ3pCZEtVeE5mRmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZYoMA0E
AgACMAcDBQMqD5IAMA0GCSqGSIb3DQEBCwUAA4IBAQAWYuAm5HGk9OPlzoFIDGW9
Df0jnM66DMjiblgYIDRC2CDC2HyUF2uXiblHfjdDyEBt3CUfwI2mjMALbb13sLBW
c3zJvagAYz2p39VDKn6Uk/vIeZE6AmD6nUFIGkhm1NhLhGUDsgPqDEWJy55/CNHI
3LytulKzFAXse5NmeJdxh8lvhGRqhoUN2g2KFeRd9HgcvY66RaK5CFG+I3cQVf7J
vMO/kbTDDS7YrQLPAp1lEQOIow2ptvzyaTi8RGjHNQHWKpLk0qlwzjq5Bqtypi3D
WQBCPciTN2MfufYZa2zTLFEZmURxv5KRLbbs5ja6BG7NxR2j1+ri9XO6eE2pEeAh
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:46:53 2025 by rpki-client