Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa
File: xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa (raw, json)
Hash identifier: RNFX7ZH2Q3tCIIXn6I9hnLNAc37OF2ay9Gxo9HokUTQ=
Subject key identifier: C4:D8:0A:53:35:13:07:C2:BD:C2:2E:16:C5:33:F1:04:9D:58:40:AE
Certificate issuer: /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial: 018CC6B8C45365A2142E4D16F4D2DA08AF79
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa
Signing time: Mon 01 Jan 2024 20:30:46 +0000
ROA not before: Mon 01 Jan 2024 20:30:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208959
IP address blocks: 46.232.210.0/23 maxlen: 23
185.207.164.0/22 maxlen: 22
45.86.221.0/24 maxlen: 24
2a11:b00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 16 May 2024 23:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:c4:53:65:a2:14:2e:4d:16:f4:d2:da:08:af:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
Validity
Not Before: Jan 1 20:30:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c4d80a53351307c2bdc22e16c533f1049d5840ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:4c:d4:0b:e6:86:0c:ef:b9:8e:c4:bb:b9:29:
1d:16:f6:67:e1:0e:69:0e:85:ad:6a:2f:56:c1:bf:
d8:3a:3e:59:fa:5f:38:b9:3f:73:77:6c:be:3c:57:
04:d2:74:97:2d:4d:c1:80:de:23:2c:6a:0a:2f:c9:
2e:33:b5:d0:28:62:11:e4:a8:37:4a:3e:57:fd:9a:
2f:5a:ed:71:5c:4e:e0:27:e0:c9:5c:7d:fc:6e:3a:
0e:a6:e9:ec:9e:64:d1:0c:22:62:8b:00:fc:fd:91:
a8:54:da:66:a7:bb:ab:44:41:94:eb:ae:fc:6e:f5:
69:3a:ba:51:d2:8d:3c:fb:72:a7:c1:82:a8:f6:d2:
39:8a:78:3b:98:6e:91:29:28:8c:b6:c0:04:51:80:
04:f1:3e:2e:cd:f4:d2:34:47:20:87:33:02:67:3f:
8d:1c:a6:30:3d:4a:d5:88:dc:9b:e9:b4:07:a8:76:
c2:e4:fc:e0:1f:c9:9a:72:b9:fb:cb:99:b2:bf:11:
94:bb:ac:4c:e1:14:35:c0:4c:f5:53:7f:8c:33:f7:
b6:a2:7a:ab:87:c5:29:62:11:83:1e:07:02:e3:b8:
69:d8:97:b7:4f:fb:41:01:ce:7e:29:73:2d:57:3b:
d8:b4:66:4e:aa:a2:0f:7e:c5:72:22:a7:95:a8:1c:
d9:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:D8:0A:53:35:13:07:C2:BD:C2:2E:16:C5:33:F1:04:9D:58:40:AE
X509v3 Authority Key Identifier:
keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.221.0/24
46.232.210.0/23
185.207.164.0/22
IPv6:
2a11:b00::/29
Signature Algorithm: sha256WithRSAEncryption
46:4b:83:b9:00:41:b8:fb:7e:28:2f:b1:40:48:0b:1f:b6:ce:
25:7b:c8:24:04:f4:df:24:e4:7c:55:5f:da:37:e1:5f:1a:c3:
f8:ce:43:b6:82:2d:be:bc:9c:01:89:e7:a1:33:b0:1d:74:a2:
c9:5c:9e:f1:bd:54:22:7f:8d:cb:b2:e0:d1:83:2c:47:54:eb:
7b:4a:e0:b2:ca:ad:d4:22:91:4b:30:8a:17:49:15:fe:f1:f4:
90:87:c2:f0:ef:1a:6d:9e:13:ac:3b:40:98:39:79:d1:66:fe:
c0:10:44:45:38:1f:3d:93:00:81:83:6e:63:65:29:f3:0f:95:
a1:0e:13:ed:21:5d:0e:ec:c8:11:1a:bf:ea:d9:0a:9e:e1:ca:
77:29:fb:65:1a:7a:03:4a:15:b5:45:12:73:e9:60:94:d6:f5:
0a:f9:1f:04:89:e2:3e:54:3d:3c:a1:0e:b3:ab:e1:9f:a2:58:
a8:e6:e7:6a:14:ac:ee:d4:ff:0d:ea:1f:d9:1c:68:d6:fd:76:
a8:b1:49:f7:61:39:ba:d4:fc:12:7b:1e:8a:1c:29:91:fd:d4:
a8:ba:59:25:1e:e3:66:94:77:0f:ac:d6:f1:8f:5a:42:78:1b:
95:1e:a6:6d:2b:ea:bc:ac:34:a6:22:86:6a:af:57:43:be:e0:
af:8c:07:df
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGuMRTZaIULk0W9NLaCK95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjQwMTAxMjAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ4MGE1MzM1MTMwN2MyYmRjMjJlMTZjNTMzZjEwNDlkNTg0MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUzUC+aGDO+5jsS7uSkdFvZn4Q5p
DoWtai9Wwb/YOj5Z+l84uT9zd2y+PFcE0nSXLU3BgN4jLGoKL8kuM7XQKGIR5Kg3
Sj5X/ZovWu1xXE7gJ+DJXH38bjoOpunsnmTRDCJiiwD8/ZGoVNpmp7urREGU6678
bvVpOrpR0o08+3KnwYKo9tI5ing7mG6RKSiMtsAEUYAE8T4uzfTSNEcghzMCZz+N
HKYwPUrViNyb6bQHqHbC5PzgH8macrn7y5myvxGUu6xM4RQ1wEz1U3+MM/e2onqr
h8UpYhGDHgcC47hp2Je3T/tBAc5+KXMtVzvYtGZOqqIPfsVyIqeVqBzZbQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMTYClM1EwfCvcIuFsUz8QSdWECuMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEveE5nS1V6VVRCOEs5d2k0V3hUUHhCSjFZUUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQALVbdAwQB
LujSAwQCuc+kMA0EAgACMAcDBQMqEQsAMA0GCSqGSIb3DQEBCwUAA4IBAQBGS4O5
AEG4+34oL7FASAsfts4le8gkBPTfJOR8VV/aN+FfGsP4zkO2gi2+vJwBieehM7Ad
dKLJXJ7xvVQif43LsuDRgyxHVOt7SuCyyq3UIpFLMIoXSRX+8fSQh8Lw7xptnhOs
O0CYOXnRZv7AEERFOB89kwCBg25jZSnzD5WhDhPtIV0O7MgRGr/q2Qqe4cp3Kftl
GnoDShW1RRJz6WCU1vUK+R8EieI+VD08oQ6zq+Gfolio5udqFKzu1P8N6h/ZHGjW
/XaosUn3YTm61PwSex6KHCmR/dSoulklHuNmlHcPrNbxj1pCeBuVHqZtK+q8rDSm
IoZqr1dDvuCvjAff
-----END CERTIFICATE-----
Generated at Thu May 16 06:02:18 2024 by rpki-client on console-ams.rpki-client.org