Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/CM9tT4tG9NJfH_vJLTes11s9t4U.roa
File: CM9tT4tG9NJfH_vJLTes11s9t4U.roa (raw, json)
Hash identifier: PLXanPEGYp7NGcq0Zr0qe/EoSfPytorX09jucvlErJU=
Subject key identifier: 08:CF:6D:4F:8B:46:F4:D2:5F:1F:FB:C9:2D:37:AC:D7:5B:3D:B7:85
Certificate issuer: /CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
Certificate serial: 018CC493738B29F323B85A311A5241C0A07B
Authority key identifier: 4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/CM9tT4tG9NJfH_vJLTes11s9t4U.roa
Signing time: Mon 01 Jan 2024 10:30:46 +0000
ROA not before: Mon 01 Jan 2024 10:30:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21162
IP address blocks: 178.248.168.0/21 maxlen: 24
5.157.88.0/21 maxlen: 24
5.157.88.0/24 maxlen: 24
185.44.136.0/22 maxlen: 22
46.231.248.0/21 maxlen: 24
2a02:bd0::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.mft
rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:73:8b:29:f3:23:b8:5a:31:1a:52:41:c0:a0:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
Validity
Not Before: Jan 1 10:30:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=08cf6d4f8b46f4d25f1ffbc92d37acd75b3db785
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:d9:60:3c:53:ea:ec:b5:f6:c2:db:0e:df:6c:
3d:c0:33:14:97:86:10:03:ba:34:b1:be:5d:af:f3:
e1:ae:c8:b4:73:94:70:b6:fb:21:b9:7e:6f:27:a6:
ab:d6:53:7a:0d:64:dc:ab:12:f7:c0:57:b4:eb:26:
f3:7d:6c:1d:df:70:40:62:ba:b6:53:2f:e0:e9:91:
df:74:cb:ff:43:5e:16:be:d5:87:10:a8:a2:3f:2a:
a1:3c:ce:90:66:d9:18:e9:b4:ac:f2:be:b4:2e:f7:
a3:be:8e:cf:c4:22:73:c4:81:da:eb:66:3a:d3:27:
fa:20:bd:9a:13:94:e4:3e:5f:f3:75:03:ee:31:5c:
da:1e:85:f9:a5:f7:53:29:00:8c:cc:21:ab:c3:bc:
5f:87:d0:a8:81:a4:7f:a7:e9:7b:3c:a5:31:6c:ef:
b5:a2:f4:84:18:ef:43:b6:1e:4b:73:13:6e:f5:c3:
31:75:24:30:b7:f7:73:04:5f:37:f9:0a:f3:20:df:
2a:05:e4:00:86:dd:0d:ec:b6:3e:b0:77:61:49:ec:
a9:71:3f:f8:a7:46:1f:6c:64:f9:03:46:12:73:7e:
6d:1a:a3:cc:9f:90:4c:ba:84:83:d7:25:e4:89:88:
f8:f6:37:46:f8:4b:17:2a:cd:3e:ac:93:03:70:24:
29:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:CF:6D:4F:8B:46:F4:D2:5F:1F:FB:C9:2D:37:AC:D7:5B:3D:B7:85
X509v3 Authority Key Identifier:
keyid:4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/CM9tT4tG9NJfH_vJLTes11s9t4U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.157.88.0/21
46.231.248.0/21
178.248.168.0/21
185.44.136.0/22
IPv6:
2a02:bd0::/32
Signature Algorithm: sha256WithRSAEncryption
7c:6f:1f:e7:a5:00:f7:39:87:94:66:6f:2f:88:90:19:80:43:
a1:99:6f:38:22:68:81:e7:0b:ad:8b:55:bc:92:35:d1:9f:52:
90:0c:97:bf:fa:7c:45:81:57:21:b3:88:8a:56:db:0b:d7:db:
c5:a1:e3:e3:45:db:c7:7b:49:cb:9e:c7:ac:9e:79:e0:fe:18:
04:ad:68:fd:21:de:23:29:cf:f1:96:4a:c5:db:67:24:68:b8:
b9:cd:e0:20:79:27:cb:56:a9:3c:01:6c:e5:bd:40:18:92:55:
1f:c8:10:84:ba:e5:1a:06:a2:7e:3f:e4:57:ca:7e:70:5f:60:
b8:5a:f2:40:d1:70:e2:46:ca:b7:79:df:a8:2d:20:25:ce:b7:
ae:98:a0:27:66:d0:06:e8:0d:13:23:26:2a:e8:36:0b:84:d4:
2c:ca:2e:64:bc:f8:c6:09:a1:26:65:8b:2f:98:b8:af:89:8a:
94:a7:55:42:b8:27:d7:90:64:b5:69:2f:33:e0:d6:61:31:65:
7d:55:96:dd:00:f9:10:20:7b:86:d8:7f:1b:2b:a5:8e:7d:75:
23:f2:00:0b:dc:43:c4:5f:83:b6:7e:82:fd:8d:d5:bd:34:69:
a7:44:77:0f:5f:1d:c4:eb:d5:83:97:4e:02:a9:0b:58:b6:35:
15:d9:c3:05
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzEk3OLKfMjuFoxGlJBwKB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlOTg0YTVhNGI3ODA4YmI0ZWEzMmQzMTBiZGQwN2VjYzk1
NzUxMTMwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNmNmQ0ZjhiNDZmNGQyNWYxZmZiYzkyZDM3YWNkNzViM2RiNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNlgPFPq7LX2wtsO32w9wDMUl4YQ
A7o0sb5dr/Phrsi0c5RwtvshuX5vJ6ar1lN6DWTcqxL3wFe06ybzfWwd33BAYrq2
Uy/g6ZHfdMv/Q14WvtWHEKiiPyqhPM6QZtkY6bSs8r60Lvejvo7PxCJzxIHa62Y6
0yf6IL2aE5TkPl/zdQPuMVzaHoX5pfdTKQCMzCGrw7xfh9CogaR/p+l7PKUxbO+1
ovSEGO9Dth5LcxNu9cMxdSQwt/dzBF83+QrzIN8qBeQAht0N7LY+sHdhSeypcT/4
p0YfbGT5A0YSc35tGqPMn5BMuoSD1yXkiYj49jdG+EsXKs0+rJMDcCQp9QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAjPbU+LRvTSXx/7yS03rNdbPbeFMB8GA1UdIwQY
MBaAFE6YSlpLeAi7TqMtMQvdB+zJV1ETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAt
Y2E1OTVlMzRkNWFjLzEvQ005dFQ0dEc5TkpmSF92SkxUZXMxMXM5dDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAtY2E1OTVlMzRkNWFj
LzEvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDBZ1YAwQD
Luf4AwQDsvioAwQCuSyIMA0EAgACMAcDBQAqAgvQMA0GCSqGSIb3DQEBCwUAA4IB
AQB8bx/npQD3OYeUZm8viJAZgEOhmW84ImiB5wuti1W8kjXRn1KQDJe/+nxFgVch
s4iKVtsL19vFoePjRdvHe0nLnsesnnng/hgErWj9Id4jKc/xlkrF22ckaLi5zeAg
eSfLVqk8AWzlvUAYklUfyBCEuuUaBqJ+P+RXyn5wX2C4WvJA0XDiRsq3ed+oLSAl
zreumKAnZtAG6A0TIyYq6DYLhNQsyi5kvPjGCaEmZYsvmLiviYqUp1VCuCfXkGS1
aS8z4NZhMWV9VZbdAPkQIHuG2H8bK6WOfXUj8gAL3EPEX4O2foL9jdW9NGmnRHcP
Xx3E69WDl04CqQtYtjUV2cMF
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:54:10 2024 by rpki-client on console-fra.rpki-client.org