Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/9e1a77-7c17-4481-877c-7788748f67cb/1/v0cM7ejKupuvBOF7GVQdzE4ewLE.roa
File: v0cM7ejKupuvBOF7GVQdzE4ewLE.roa (raw, json)
Hash identifier: Olfoammy9W8V4qA9QJ/lChoGxPyFbDUUsR2/k/NMr4w=
Subject key identifier: BF:47:0C:ED:E8:CA:BA:9B:AF:04:E1:7B:19:54:1D:CC:4E:1E:C0:B1
Certificate issuer: /CN=843be8639f4039993c1f6e7879f4729e47dc37ae
Certificate serial: 018D13866FC33CCBB07BCCEE4DFD23C3215E
Authority key identifier: 84:3B:E8:63:9F:40:39:99:3C:1F:6E:78:79:F4:72:9E:47:DC:37:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hDvoY59AOZk8H254efRynkfcN64.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/9e1a77-7c17-4481-877c-7788748f67cb/1/v0cM7ejKupuvBOF7GVQdzE4ewLE.roa
Signing time: Tue 16 Jan 2024 18:26:33 +0000
ROA not before: Tue 16 Jan 2024 18:26:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199800
IP address blocks: 185.45.140.0/22 maxlen: 24
185.45.140.0/23 maxlen: 23
185.45.142.0/24 maxlen: 24
185.45.143.0/24 maxlen: 24
2a01:8020::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fb/9e1a77-7c17-4481-877c-7788748f67cb/1/hDvoY59AOZk8H254efRynkfcN64.crl
rsync://rpki.ripe.net/repository/DEFAULT/fb/9e1a77-7c17-4481-877c-7788748f67cb/1/hDvoY59AOZk8H254efRynkfcN64.mft
rsync://rpki.ripe.net/repository/DEFAULT/hDvoY59AOZk8H254efRynkfcN64.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 05:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:86:6f:c3:3c:cb:b0:7b:cc:ee:4d:fd:23:c3:21:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=843be8639f4039993c1f6e7879f4729e47dc37ae
Validity
Not Before: Jan 16 18:26:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bf470cede8caba9baf04e17b19541dcc4e1ec0b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:49:c8:c9:d2:fc:59:57:66:40:32:70:8c:aa:
aa:72:32:43:75:b3:17:32:cb:d4:cf:f3:6d:27:5e:
b5:61:b0:92:ad:f5:67:f0:df:b6:d5:e4:23:7b:f2:
74:0b:69:c4:65:8c:81:27:fc:81:72:8f:37:c4:2d:
ee:94:89:78:52:b2:71:f1:74:e3:24:2e:b8:94:42:
88:1c:f4:d6:18:8b:17:ef:ef:32:99:45:62:de:f2:
4d:7f:fc:3e:cd:84:8f:d4:64:d0:99:47:48:70:3e:
8c:76:52:e8:f7:83:a0:ef:b7:80:0d:6c:a1:0a:35:
09:1c:3a:bd:07:75:2f:57:12:e5:3c:fa:c4:3d:55:
a9:92:d6:84:81:8f:4b:96:62:09:e6:7a:aa:8b:1c:
1a:e1:60:1c:6e:b1:24:e5:b8:bd:bc:b8:91:15:05:
43:fa:76:31:c3:62:8e:81:b6:d1:8d:1a:e4:7c:5e:
03:08:25:c4:8b:30:8c:b0:d7:96:0d:88:e7:fc:4a:
fd:07:e4:d5:f8:ac:7e:64:c6:8e:88:30:ec:86:e4:
af:bf:4f:0a:13:97:f5:9b:95:3a:86:7c:19:c0:05:
d9:75:25:17:3b:b3:c6:88:a4:59:aa:bb:63:52:18:
2d:9f:9f:a7:d7:18:7b:c3:4c:25:28:f6:16:15:d5:
31:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:47:0C:ED:E8:CA:BA:9B:AF:04:E1:7B:19:54:1D:CC:4E:1E:C0:B1
X509v3 Authority Key Identifier:
keyid:84:3B:E8:63:9F:40:39:99:3C:1F:6E:78:79:F4:72:9E:47:DC:37:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hDvoY59AOZk8H254efRynkfcN64.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9e1a77-7c17-4481-877c-7788748f67cb/1/v0cM7ejKupuvBOF7GVQdzE4ewLE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9e1a77-7c17-4481-877c-7788748f67cb/1/hDvoY59AOZk8H254efRynkfcN64.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.45.140.0/22
IPv6:
2a01:8020::/32
Signature Algorithm: sha256WithRSAEncryption
16:4e:cd:28:bc:51:e7:ae:0e:ea:c2:12:27:fa:c5:ed:a3:cf:
f4:f8:c8:c9:ce:a4:5f:ac:99:f9:e2:7c:75:01:fa:5f:14:a0:
0b:74:39:f3:d2:35:16:e9:44:bd:44:2e:2e:80:6e:47:32:5c:
88:14:e0:01:74:6d:53:51:f5:0b:91:44:91:94:d1:c9:8c:91:
54:18:75:47:be:06:fd:b4:e1:e5:cc:81:71:5c:30:7f:33:57:
63:5a:9b:7d:6b:ee:50:72:1b:05:d6:3f:d9:ef:44:52:d9:39:
35:2b:c9:96:3b:16:14:87:43:2d:fc:b0:5b:6a:39:41:75:07:
13:78:79:ab:ac:d1:2e:4b:2d:ef:58:80:02:28:7e:c3:fb:ea:
8c:2f:17:cf:1a:e3:ce:58:7e:61:38:9a:43:1b:9a:01:d7:a1:
bd:ba:3d:af:e7:ee:b1:4e:b1:f6:a5:9c:6a:70:83:bf:96:70:
c4:82:a7:5c:81:03:6c:b0:d1:36:e4:e6:1e:24:b1:85:58:9a:
9e:4c:81:b8:3a:82:11:9a:5b:3e:e1:c6:99:e7:1a:1a:9a:61:
de:e5:c4:55:3b:c8:60:51:6a:8a:62:fc:b7:08:70:3e:2c:cd:
e7:e6:f2:fa:02:be:bd:a8:3f:d4:c2:9e:3c:ca:72:31:24:dc:
6b:ee:c8:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0Thm/DPMuwe8zuTf0jwyFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0M2JlODYzOWY0MDM5OTkzYzFmNmU3ODc5ZjQ3MjllNDdk
YzM3YWUwHhcNMjQwMTE2MTgyNjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQ3MGNlZGU4Y2FiYTliYWYwNGUxN2IxOTU0MWRjYzRlMWVjMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0nIydL8WVdmQDJwjKqqcjJDdbMX
MsvUz/NtJ161YbCSrfVn8N+21eQje/J0C2nEZYyBJ/yBco83xC3ulIl4UrJx8XTj
JC64lEKIHPTWGIsX7+8ymUVi3vJNf/w+zYSP1GTQmUdIcD6MdlLo94Og77eADWyh
CjUJHDq9B3UvVxLlPPrEPVWpktaEgY9LlmIJ5nqqixwa4WAcbrEk5bi9vLiRFQVD
+nYxw2KOgbbRjRrkfF4DCCXEizCMsNeWDYjn/Er9B+TV+Kx+ZMaOiDDshuSvv08K
E5f1m5U6hnwZwAXZdSUXO7PGiKRZqrtjUhgtn5+n1xh7w0wlKPYWFdUx9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL9HDO3oyrqbrwThexlUHcxOHsCxMB8GA1UdIwQY
MBaAFIQ76GOfQDmZPB9ueHn0cp5H3DeuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaER2b1k1OUFPWms4SDI1NGVmUnlua2ZjTjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi85ZTFhNzctN2MxNy00NDgxLTg3N2Mt
Nzc4ODc0OGY2N2NiLzEvdjBjTTdlakt1cHV2Qk9GN0dWUWR6RTRld0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi85ZTFhNzctN2MxNy00NDgxLTg3N2MtNzc4ODc0OGY2N2Ni
LzEvaER2b1k1OUFPWms4SDI1NGVmUnlua2ZjTjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS2MMA0E
AgACMAcDBQAqAYAgMA0GCSqGSIb3DQEBCwUAA4IBAQAWTs0ovFHnrg7qwhIn+sXt
o8/0+MjJzqRfrJn54nx1AfpfFKALdDnz0jUW6US9RC4ugG5HMlyIFOABdG1TUfUL
kUSRlNHJjJFUGHVHvgb9tOHlzIFxXDB/M1djWpt9a+5QchsF1j/Z70RS2Tk1K8mW
OxYUh0Mt/LBbajlBdQcTeHmrrNEuSy3vWIACKH7D++qMLxfPGuPOWH5hOJpDG5oB
16G9uj2v5+6xTrH2pZxqcIO/lnDEgqdcgQNssNE25OYeJLGFWJqeTIG4OoIRmls+
4caZ5xoammHe5cRVO8hgUWqKYvy3CHA+LM3n5vL6Ar69qD/Uwp48ynIxJNxr7sgp
-----END CERTIFICATE-----
Generated at Fri Jun 7 14:29:01 2024 by rpki-client on console-ams.rpki-client.org