Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa
File: xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa (raw, json)
Hash identifier: AyiP/FF2qci3BxbNXp3IVhC0+1I+8uj6Wg87qOzx0Zo=
Subject key identifier: C5:FC:70:19:1B:66:06:81:8D:9B:03:8E:CA:1E:5E:14:D6:0F:7D:76
Certificate issuer: /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial: 018CC94CC5C99186A22EED1712D88DC6D323
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa
Signing time: Tue 02 Jan 2024 08:31:40 +0000
ROA not before: Tue 02 Jan 2024 08:31:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34665
IP address blocks: 45.143.202.0/24 maxlen: 24
92.63.202.0/24 maxlen: 24
92.63.200.0/24 maxlen: 24
185.156.75.0/24 maxlen: 24
2a0e:e5c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 May 2024 19:51:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4c:c5:c9:91:86:a2:2e:ed:17:12:d8:8d:c6:d3:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Validity
Not Before: Jan 2 08:31:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c5fc70191b6606818d9b038eca1e5e14d60f7d76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:71:e0:f9:de:ac:ef:a0:97:d5:03:cc:7d:b5:
83:66:5f:77:cf:69:e0:f4:28:58:bd:ef:f3:d9:dc:
5b:9d:71:da:05:84:b2:23:c6:d2:f9:60:f4:b8:96:
36:c8:f1:7d:be:f8:03:37:33:57:2f:26:91:81:d5:
7a:97:be:9b:b8:22:cf:1f:7d:a2:ad:72:82:44:d5:
3f:58:11:61:4f:a3:da:21:1d:f6:a9:17:fd:93:c6:
ca:45:f0:9b:43:c8:8d:e3:06:15:cf:56:3a:c9:5c:
ca:9d:29:16:aa:3f:e4:f0:45:23:af:87:7a:af:dd:
e3:1b:9c:43:2a:38:02:7b:e8:b4:f8:59:6e:07:94:
38:55:4b:25:99:b6:1b:2d:8f:7b:c1:a4:0e:da:90:
cc:56:83:65:e0:6e:83:eb:78:82:3a:cd:c6:49:8a:
da:b2:7c:03:8b:85:f1:6d:52:ab:bb:90:64:b1:59:
be:5f:d9:6c:04:c1:33:12:64:40:ef:db:d2:96:8e:
3f:62:eb:ff:43:a4:70:25:ae:33:11:a7:f7:33:ca:
53:7a:c6:86:9b:de:59:6a:d4:2e:e3:29:04:b5:53:
1c:b2:27:0e:b5:ca:cc:69:cf:3e:f0:92:72:a0:5b:
c4:78:0d:15:32:61:bf:3c:40:ec:fa:37:d7:63:a5:
80:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:FC:70:19:1B:66:06:81:8D:9B:03:8E:CA:1E:5E:14:D6:0F:7D:76
X509v3 Authority Key Identifier:
keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.202.0/24
92.63.200.0/24
92.63.202.0/24
185.156.75.0/24
IPv6:
2a0e:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
9c:71:37:d9:5b:ab:cd:82:b7:43:e4:c5:a3:2d:d0:7c:b4:a5:
70:d0:01:ff:45:6c:3e:40:9f:d0:4d:8e:ed:cb:57:ac:0f:13:
fe:4c:ef:6f:73:7c:44:2b:1b:c8:c0:f1:6b:15:aa:8e:7f:56:
f4:58:56:9c:e7:35:84:d4:8f:5f:96:ed:ba:00:38:b9:f0:04:
76:72:d6:e7:22:f1:b4:40:bb:0d:20:6e:2e:e7:11:83:06:45:
48:fa:4b:bf:1d:59:35:32:29:4d:4b:54:0e:fc:c5:d9:4d:99:
bb:f2:25:5d:e2:8e:f1:05:38:9a:55:1d:58:06:51:62:01:bc:
70:d0:5c:d3:51:2e:56:bb:3f:1c:33:dc:49:a8:52:d6:99:87:
54:f8:26:70:04:b9:f0:41:75:6d:c1:48:1a:fc:b7:1a:d4:ea:
f7:a5:84:88:25:db:d6:81:d4:2e:bb:24:7b:90:d7:9b:2d:d3:
ea:01:e5:43:b2:5f:45:51:1b:d0:be:0e:20:c8:3d:6c:d3:a6:
7a:be:75:f6:cd:99:11:55:e2:4f:cf:fb:39:19:7c:4b:91:3c:
ea:08:6b:19:31:ee:7f:aa:de:89:b7:39:5c:d3:09:0c:25:4a:
1a:b6:d0:4f:0f:d2:f0:36:a8:bf:99:e8:22:c4:f0:c3:bc:4a:
72:13:d4:cf
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJTMXJkYaiLu0XEtiNxtMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTAyMDgzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWZjNzAxOTFiNjYwNjgxOGQ5YjAzOGVjYTFlNWUxNGQ2MGY3ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3Hg+d6s76CX1QPMfbWDZl93z2ng
9ChYve/z2dxbnXHaBYSyI8bS+WD0uJY2yPF9vvgDNzNXLyaRgdV6l76buCLPH32i
rXKCRNU/WBFhT6PaIR32qRf9k8bKRfCbQ8iN4wYVz1Y6yVzKnSkWqj/k8EUjr4d6
r93jG5xDKjgCe+i0+FluB5Q4VUslmbYbLY97waQO2pDMVoNl4G6D63iCOs3GSYra
snwDi4XxbVKru5BksVm+X9lsBMEzEmRA79vSlo4/Yuv/Q6RwJa4zEaf3M8pTesaG
m95ZatQu4ykEtVMcsicOtcrMac8+8JJyoFvEeA0VMmG/PEDs+jfXY6WANQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMX8cBkbZgaBjZsDjsoeXhTWD312MB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEveGZ4d0dSdG1Cb0dObXdPT3loNWVGTllQZlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQALY/KAwQA
XD/IAwQAXD/KAwQAuZxLMA0EAgACMAcDBQMqDuXAMA0GCSqGSIb3DQEBCwUAA4IB
AQCccTfZW6vNgrdD5MWjLdB8tKVw0AH/RWw+QJ/QTY7ty1esDxP+TO9vc3xEKxvI
wPFrFaqOf1b0WFac5zWE1I9flu26ADi58AR2ctbnIvG0QLsNIG4u5xGDBkVI+ku/
HVk1MilNS1QO/MXZTZm78iVd4o7xBTiaVR1YBlFiAbxw0FzTUS5Wuz8cM9xJqFLW
mYdU+CZwBLnwQXVtwUga/Lca1Or3pYSIJdvWgdQuuyR7kNebLdPqAeVDsl9FURvQ
vg4gyD1s06Z6vnX2zZkRVeJPz/s5GXxLkTzqCGsZMe5/qt6Jtzlc0wkMJUoattBP
D9LwNqi/megixPDDvEpyE9TP
-----END CERTIFICATE-----
Generated at Mon May 20 01:55:37 2024 by rpki-client on console-ams.rpki-client.org