Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/l1x488I_srvfGE92bVfWcUw5PNE.roa
File: l1x488I_srvfGE92bVfWcUw5PNE.roa (raw, json)
Hash identifier: C8WoZdybVL9xHmKmXAh08zthUkfzApHjtxX0JZ0Pbl8=
Subject key identifier: 97:5C:78:F3:C2:3F:B2:BB:DF:18:4F:76:6D:57:D6:71:4C:39:3C:D1
Certificate issuer: /CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Certificate serial: 0190495B8B14F7A3CD6E9718F69B4F54F534
Authority key identifier: 6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/l1x488I_srvfGE92bVfWcUw5PNE.roa
Signing time: Mon 24 Jun 2024 08:27:34 +0000
ROA not before: Mon 24 Jun 2024 08:27:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 145.219.32.0/22 maxlen: 22
145.219.36.0/22 maxlen: 22
145.219.40.0/21 maxlen: 21
145.219.48.0/21 maxlen: 21
145.219.56.0/21 maxlen: 21
145.219.64.0/18 maxlen: 18
145.219.128.0/17 maxlen: 17
193.176.255.0/24 maxlen: 24
2a04:b0c4::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.mft
rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Oct 2024 14:44:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:49:5b:8b:14:f7:a3:cd:6e:97:18:f6:9b:4f:54:f5:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Validity
Not Before: Jun 24 08:27:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=975c78f3c23fb2bbdf184f766d57d6714c393cd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:b3:20:46:f3:7e:ae:65:7b:82:71:30:e9:50:
b9:84:f3:ee:cc:17:09:e3:6a:bd:b7:35:cf:b1:17:
b8:43:d3:ab:ca:74:46:af:23:bd:68:58:04:9e:9e:
fe:84:20:6d:6f:e7:83:51:db:33:f0:d4:49:23:a8:
1c:78:df:d4:d8:9d:8a:01:c7:53:eb:d4:e2:87:38:
2d:b7:7e:c5:ef:f2:ac:38:d3:db:64:c5:10:e6:48:
1b:2e:02:20:d7:be:8e:77:75:00:66:5e:c9:a9:93:
74:72:ea:03:17:63:9c:67:d6:cd:bf:da:57:65:80:
c2:a0:eb:39:45:fa:1b:e9:2b:a1:2e:40:f3:ce:18:
05:0a:e2:a5:ab:a1:bb:6a:17:da:d4:29:14:c4:7d:
db:fc:c1:a9:af:71:57:07:2c:51:1b:14:70:90:75:
24:b5:58:08:ff:97:6c:d5:e4:d9:87:80:e1:22:b5:
3f:dc:8f:86:00:3e:73:3e:98:8b:31:0f:30:06:49:
57:d2:3a:ae:70:d4:a1:c0:97:07:88:b6:91:49:6f:
04:eb:08:0e:38:3d:41:0e:a3:da:77:f4:03:c6:fd:
cd:c5:28:a4:63:f3:67:22:f2:6a:d2:86:18:c9:ca:
a8:3b:80:ed:9c:c0:e8:ab:c7:ba:08:27:be:8a:a7:
75:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:5C:78:F3:C2:3F:B2:BB:DF:18:4F:76:6D:57:D6:71:4C:39:3C:D1
X509v3 Authority Key Identifier:
keyid:6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/l1x488I_srvfGE92bVfWcUw5PNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.219.32.0-145.219.255.255
193.176.255.0/24
IPv6:
2a04:b0c4::/30
Signature Algorithm: sha256WithRSAEncryption
66:85:41:f9:70:d6:49:db:f9:cb:6f:4d:6a:f4:59:8d:3e:34:
2c:95:26:35:1b:89:ae:d4:23:d1:19:e6:40:a2:6a:d4:42:a8:
6d:73:c5:75:bd:de:e2:89:fc:ba:d6:e9:1c:f5:a4:de:7d:23:
7c:c1:81:a1:5d:1c:9a:cc:94:e7:06:5e:59:40:e3:a3:40:8a:
76:58:64:cd:57:53:96:3a:72:5a:45:16:bb:56:09:c6:be:f7:
42:f2:c7:28:f0:0b:18:24:73:ae:df:99:28:ba:28:b0:a6:d8:
ce:08:07:2c:0a:53:a2:cf:b3:e4:52:2f:0a:8e:b9:c0:5b:fc:
5d:27:22:ff:cd:be:91:02:90:62:20:9d:5d:b0:e8:6b:8d:f3:
4f:e6:99:06:f4:b5:67:f1:c3:6f:1c:5d:e8:f8:ee:53:29:e0:
79:82:f5:b2:d1:52:88:2b:2d:28:59:95:48:41:2a:fc:b8:09:
1d:3f:52:6f:0e:87:8e:ad:89:4b:61:c3:d4:38:6b:7e:94:b8:
de:c9:46:6b:95:18:a2:26:3d:02:0f:e9:4b:b9:3a:eb:c5:8b:
b4:d5:f5:73:71:af:6a:55:a2:2d:75:b2:af:9d:f8:0d:c9:e9:
bc:f7:6c:de:5a:9f:a0:d2:05:fb:78:38:15:45:8c:31:fe:a2:
95:7d:32:e1
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZBJW4sU96PNbpcY9ptPVPU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmQ3YmNhYmZjYzMwOGQ0MjAwNTNjNDgyYTBkNTlmYjEy
ODJlMzAwHhcNMjQwNjI0MDgyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzVjNzhmM2MyM2ZiMmJiZGYxODRmNzY2ZDU3ZDY3MTRjMzkzY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLMgRvN+rmV7gnEw6VC5hPPuzBcJ
42q9tzXPsRe4Q9OrynRGryO9aFgEnp7+hCBtb+eDUdsz8NRJI6gceN/U2J2KAcdT
69Tihzgtt37F7/KsONPbZMUQ5kgbLgIg176Od3UAZl7JqZN0cuoDF2OcZ9bNv9pX
ZYDCoOs5Rfob6SuhLkDzzhgFCuKlq6G7ahfa1CkUxH3b/MGpr3FXByxRGxRwkHUk
tVgI/5ds1eTZh4DhIrU/3I+GAD5zPpiLMQ8wBklX0jqucNShwJcHiLaRSW8E6wgO
OD1BDqPad/QDxv3NxSikY/NnIvJq0oYYycqoO4DtnMDoq8e6CCe+iqd11QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJdcePPCP7K73xhPdm1X1nFMOTzRMB8GA1UdIwQY
MBaAFG5te8q/zDCNQgBTxIKg1Z+xKC4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDIt
OTMxOTRlYjYxMDhkLzEvbDF4NDg4SV9zcnZmR0U5MmJWZldjVXc1UE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDItOTMxOTRlYjYxMDhk
LzEvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATMAsDBAWR2yAD
AwKR2AMEAMGw/zANBAIAAjAHAwUCKgSwxDANBgkqhkiG9w0BAQsFAAOCAQEAZoVB
+XDWSdv5y29NavRZjT40LJUmNRuJrtQj0RnmQKJq1EKobXPFdb3e4on8utbpHPWk
3n0jfMGBoV0cmsyU5wZeWUDjo0CKdlhkzVdTljpyWkUWu1YJxr73QvLHKPALGCRz
rt+ZKLoosKbYzggHLApTos+z5FIvCo65wFv8XSci/82+kQKQYiCdXbDoa43zT+aZ
BvS1Z/HDbxxd6PjuUyngeYL1stFSiCstKFmVSEEq/LgJHT9Sbw6Hjq2JS2HD1Dhr
fpS43slGa5UYoiY9Ag/pS7k668WLtNX1c3GvalWiLXWyr534DcnpvPds3lqfoNIF
+3g4FUWMMf6ilX0y4Q==
-----END CERTIFICATE-----
Generated at Tue Oct 22 18:54:41 2024 by rpki-client on console-fra.rpki-client.org