Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/a07523-8392-47f5-82b3-30c430a398e6/1/YL20aOKzaTiO9LQL8EVkVl92eks.roa
File: YL20aOKzaTiO9LQL8EVkVl92eks.roa (raw, json)
Hash identifier: NPfxgdhjAqdlI1693nDnSDqpv2Vv4skJCytG9xlAUbU=
Subject key identifier: 60:BD:B4:68:E2:B3:69:38:8E:F4:B4:0B:F0:45:64:56:5F:76:7A:4B
Certificate issuer: /CN=4e72ac71eb4507ac0a652a54598dae451fe33f47
Certificate serial: 018CC5DC13A4F13675024B6A4666739C9533
Authority key identifier: 4E:72:AC:71:EB:45:07:AC:0A:65:2A:54:59:8D:AE:45:1F:E3:3F:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TnKscetFB6wKZSpUWY2uRR_jP0c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/a07523-8392-47f5-82b3-30c430a398e6/1/YL20aOKzaTiO9LQL8EVkVl92eks.roa
Signing time: Mon 01 Jan 2024 16:29:43 +0000
ROA not before: Mon 01 Jan 2024 16:29:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48431
IP address blocks: 185.57.132.0/22 maxlen: 22
95.80.190.0/24 maxlen: 24
95.80.128.0/20 maxlen: 20
95.80.128.0/18 maxlen: 18
95.80.144.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/a07523-8392-47f5-82b3-30c430a398e6/1/TnKscetFB6wKZSpUWY2uRR_jP0c.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/a07523-8392-47f5-82b3-30c430a398e6/1/TnKscetFB6wKZSpUWY2uRR_jP0c.mft
rsync://rpki.ripe.net/repository/DEFAULT/TnKscetFB6wKZSpUWY2uRR_jP0c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:13:a4:f1:36:75:02:4b:6a:46:66:73:9c:95:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e72ac71eb4507ac0a652a54598dae451fe33f47
Validity
Not Before: Jan 1 16:29:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=60bdb468e2b369388ef4b40bf04564565f767a4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:83:c4:8a:f6:4e:b8:49:2a:37:3f:8d:90:ce:
44:18:55:0c:61:c7:ef:1d:0d:f3:ca:ec:f6:c9:2c:
14:61:f6:2a:2b:d2:7a:c0:5c:61:2e:63:83:97:d6:
00:3e:de:d6:12:97:9f:9f:ea:5c:11:cd:c5:97:3e:
89:bd:0c:7c:42:2b:f8:0b:5b:f8:49:3b:21:04:f3:
6f:d9:18:12:e9:0a:bd:0c:d5:7c:f9:e9:ec:da:41:
7c:11:ac:44:bc:d0:c6:75:e2:52:fe:d1:c0:ba:78:
d2:9f:34:0a:3a:8b:be:b2:de:23:b6:e5:92:dd:44:
92:76:fb:d5:5b:94:6d:fa:bd:4e:5c:d1:c0:8b:0f:
08:09:83:81:f1:ef:5b:79:39:5e:3e:e2:68:58:c9:
be:a9:92:b9:ab:5e:ff:b4:37:00:64:45:50:10:a5:
a6:34:c7:d8:8a:12:17:db:6b:2b:bc:d7:9e:81:24:
67:99:12:00:29:0c:49:a3:7e:20:50:4d:50:61:32:
4e:67:7e:73:fd:3c:ec:6a:ea:dc:7f:18:51:9f:7f:
f9:a8:fa:66:b4:7a:ff:7b:f1:f5:2e:f7:33:5b:ee:
d2:c4:ee:83:52:f6:14:fe:d2:41:32:f0:4c:f0:2a:
5c:f4:19:ba:52:d7:31:1b:5a:27:48:8b:94:0a:22:
a7:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:BD:B4:68:E2:B3:69:38:8E:F4:B4:0B:F0:45:64:56:5F:76:7A:4B
X509v3 Authority Key Identifier:
keyid:4E:72:AC:71:EB:45:07:AC:0A:65:2A:54:59:8D:AE:45:1F:E3:3F:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TnKscetFB6wKZSpUWY2uRR_jP0c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/a07523-8392-47f5-82b3-30c430a398e6/1/YL20aOKzaTiO9LQL8EVkVl92eks.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/a07523-8392-47f5-82b3-30c430a398e6/1/TnKscetFB6wKZSpUWY2uRR_jP0c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.80.128.0/18
185.57.132.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:a4:d1:b3:9c:9e:45:fc:22:5e:f6:3f:0a:5e:7d:37:aa:51:
c8:70:0e:0f:c7:49:f3:31:66:ee:52:1a:70:17:35:0c:17:97:
7c:d0:b9:4e:f2:8c:16:b1:6d:17:a8:17:01:21:44:ce:65:f9:
75:bd:cc:79:d8:23:3b:a5:61:b8:49:74:12:4f:1e:a4:37:64:
ba:4b:db:76:12:bf:4a:4f:18:3e:88:49:5c:7b:7b:9b:4b:d1:
3c:ee:e9:13:f6:1d:9f:bd:58:5e:40:81:56:d2:fa:4d:09:96:
11:3d:51:a3:80:ec:4f:85:d0:0b:57:e1:26:bb:38:bd:39:22:
d9:59:69:fb:27:b4:fe:5c:da:e1:1b:47:d0:91:62:20:4c:7a:
79:7a:ff:cd:64:39:e1:13:5f:ff:6f:ab:f3:39:09:a4:af:d5:
83:20:0d:2e:e8:5c:36:90:a5:a3:bb:b2:7c:c4:0f:1a:2a:ff:
07:70:e9:e4:4f:2c:3b:f7:87:72:b6:30:0a:eb:f5:c3:95:d2:
5b:d0:bb:04:cf:b7:79:71:f6:4a:d1:cf:bc:3b:68:fe:bf:a5:
80:6e:55:32:9d:8c:59:b6:f8:b4:51:79:3c:fb:ce:5a:41:2f:
1d:21:54:5e:be:82:80:d7:31:96:18:05:4c:e1:18:8e:94:4b:
8f:3b:e5:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3BOk8TZ1AktqRmZznJUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNzJhYzcxZWI0NTA3YWMwYTY1MmE1NDU5OGRhZTQ1MWZl
MzNmNDcwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGJkYjQ2OGUyYjM2OTM4OGVmNGI0MGJmMDQ1NjQ1NjVmNzY3YTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4PEivZOuEkqNz+NkM5EGFUMYcfv
HQ3zyuz2ySwUYfYqK9J6wFxhLmODl9YAPt7WEpefn+pcEc3Flz6JvQx8Qiv4C1v4
STshBPNv2RgS6Qq9DNV8+ens2kF8EaxEvNDGdeJS/tHAunjSnzQKOou+st4jtuWS
3USSdvvVW5Rt+r1OXNHAiw8ICYOB8e9beTlePuJoWMm+qZK5q17/tDcAZEVQEKWm
NMfYihIX22srvNeegSRnmRIAKQxJo34gUE1QYTJOZ35z/TzsaurcfxhRn3/5qPpm
tHr/e/H1LvczW+7SxO6DUvYU/tJBMvBM8Cpc9Bm6UtcxG1onSIuUCiKncQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGC9tGjis2k4jvS0C/BFZFZfdnpLMB8GA1UdIwQY
MBaAFE5yrHHrRQesCmUqVFmNrkUf4z9HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG5Lc2NldEZCNndLWlNwVVdZMnVSUl9qUDBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9hMDc1MjMtODM5Mi00N2Y1LTgyYjMt
MzBjNDMwYTM5OGU2LzEvWUwyMGFPS3phVGlPOUxRTDhFVmtWbDkyZWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9hMDc1MjMtODM5Mi00N2Y1LTgyYjMtMzBjNDMwYTM5OGU2
LzEvVG5Lc2NldEZCNndLWlNwVVdZMnVSUl9qUDBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGX1CAAwQC
uTmEMA0GCSqGSIb3DQEBCwUAA4IBAQAOpNGznJ5F/CJe9j8KXn03qlHIcA4Px0nz
MWbuUhpwFzUMF5d80LlO8owWsW0XqBcBIUTOZfl1vcx52CM7pWG4SXQSTx6kN2S6
S9t2Er9KTxg+iElce3ubS9E87ukT9h2fvVheQIFW0vpNCZYRPVGjgOxPhdALV+Em
uzi9OSLZWWn7J7T+XNrhG0fQkWIgTHp5ev/NZDnhE1//b6vzOQmkr9WDIA0u6Fw2
kKWju7J8xA8aKv8HcOnkTyw794dytjAK6/XDldJb0LsEz7d5cfZK0c+8O2j+v6WA
blUynYxZtvi0UXk8+85aQS8dIVRevoKA1zGWGAVM4RiOlEuPO+Vv
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:55:50 2024 by rpki-client on console-fra.rpki-client.org