Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/ad55e4-c0c9-4319-8bd8-04bc87a29e4d/1/PvWxO00iUa3ctfHwCdtyJD0RWh0.roa
File: PvWxO00iUa3ctfHwCdtyJD0RWh0.roa (raw, json)
Hash identifier: WHY5/KEo1RVdlR9QfwLVXSmW+Ddxfbtak63Ebi49yak=
Subject key identifier: 3E:F5:B1:3B:4D:22:51:AD:DC:B5:F1:F0:09:DB:72:24:3D:11:5A:1D
Certificate issuer: /CN=0a1fdb80eff5bce1654ac8c6b922e781fd2d36a5
Certificate serial: 01942068276F74D2EC67CF2554A765FBED67
Authority key identifier: 0A:1F:DB:80:EF:F5:BC:E1:65:4A:C8:C6:B9:22:E7:81:FD:2D:36:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ch_bgO_1vOFlSsjGuSLngf0tNqU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/ad55e4-c0c9-4319-8bd8-04bc87a29e4d/1/PvWxO00iUa3ctfHwCdtyJD0RWh0.roa
Signing time: Wed 01 Jan 2025 05:48:04 +0000
ROA not before: Wed 01 Jan 2025 05:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36492
IP address blocks: 185.150.148.0/22 maxlen: 22
185.150.148.0/23 maxlen: 23
185.150.148.0/24 maxlen: 24
185.150.149.0/24 maxlen: 24
185.150.150.0/23 maxlen: 23
185.150.150.0/24 maxlen: 24
185.150.151.0/24 maxlen: 24
2a03:ace0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/ad55e4-c0c9-4319-8bd8-04bc87a29e4d/1/Ch_bgO_1vOFlSsjGuSLngf0tNqU.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/ad55e4-c0c9-4319-8bd8-04bc87a29e4d/1/Ch_bgO_1vOFlSsjGuSLngf0tNqU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ch_bgO_1vOFlSsjGuSLngf0tNqU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 17:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:27:6f:74:d2:ec:67:cf:25:54:a7:65:fb:ed:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a1fdb80eff5bce1654ac8c6b922e781fd2d36a5
Validity
Not Before: Jan 1 05:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ef5b13b4d2251addcb5f1f009db72243d115a1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:52:69:bc:e4:e7:c7:07:9e:3a:6c:76:d7:b2:
d6:f0:d1:c2:ff:2a:5e:27:10:46:e3:80:0b:38:db:
30:cf:21:6e:7c:6a:75:8d:cf:44:c5:71:9e:1e:a0:
f4:4b:c4:f2:14:8f:99:2f:ae:50:c9:6f:bb:57:b9:
c4:2b:bf:c7:1d:48:ed:5e:fb:37:a5:3c:6e:77:e0:
2e:34:81:3e:6e:87:ce:ee:f5:f1:4e:ed:38:e6:7d:
62:ca:74:c1:41:7d:42:59:e6:5e:b3:2f:ba:d0:42:
0a:5e:e7:33:3f:49:1d:bd:dd:4f:9c:6a:b4:09:f2:
72:37:03:e4:c9:05:82:23:d7:cb:f7:11:c3:00:b9:
0a:59:e0:ac:ca:be:39:10:43:25:e1:2a:3b:be:02:
95:a9:7d:e6:72:45:7b:83:2e:4d:be:b8:60:1d:78:
88:5d:d2:f5:d4:66:97:b3:f9:ef:2d:85:fd:a0:20:
c1:da:3b:f0:97:2c:b3:eb:8f:7f:dc:ff:ed:6d:8b:
0b:74:1c:02:8a:e8:16:89:d9:2d:4e:47:f9:07:dc:
42:4a:e7:81:2a:c6:ea:44:db:af:4a:45:96:af:00:
34:e3:f0:6a:63:6f:5e:68:d8:fb:8b:89:d3:ef:ed:
af:af:36:d5:93:96:8c:af:e6:d7:db:17:13:55:8b:
14:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:F5:B1:3B:4D:22:51:AD:DC:B5:F1:F0:09:DB:72:24:3D:11:5A:1D
X509v3 Authority Key Identifier:
keyid:0A:1F:DB:80:EF:F5:BC:E1:65:4A:C8:C6:B9:22:E7:81:FD:2D:36:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ch_bgO_1vOFlSsjGuSLngf0tNqU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/ad55e4-c0c9-4319-8bd8-04bc87a29e4d/1/PvWxO00iUa3ctfHwCdtyJD0RWh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/ad55e4-c0c9-4319-8bd8-04bc87a29e4d/1/Ch_bgO_1vOFlSsjGuSLngf0tNqU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.150.148.0/22
IPv6:
2a03:ace0::/32
Signature Algorithm: sha256WithRSAEncryption
2b:1f:38:e4:b1:56:b1:ce:d3:72:34:b1:c5:03:81:34:a3:5c:
72:cd:7d:6c:3d:5c:44:d1:21:6d:7d:1c:8b:18:21:da:3a:0c:
39:fe:a2:67:1d:17:bb:c3:28:39:39:55:bc:2f:13:a9:7d:e9:
a1:3d:d4:5a:5e:08:e9:e3:7d:ef:fa:83:c5:fa:30:dc:de:c8:
7f:bb:bf:c2:ca:f5:27:3e:0f:29:65:8b:02:33:2f:16:8b:29:
bb:23:39:e9:45:19:ab:37:ce:41:c8:cf:be:d1:6e:c7:d9:8e:
16:73:ef:3f:02:30:e7:a3:f9:53:2e:d2:e6:14:a5:79:a5:02:
ab:f8:9d:d4:88:73:7c:e4:bd:92:b3:4c:f3:51:bc:3b:89:00:
b2:d1:f6:2f:fb:9b:4a:ab:4c:63:f1:ad:f1:73:ea:fa:9f:70:
a3:a7:ae:ee:d7:46:da:09:60:68:45:78:3b:3f:03:a6:18:0d:
34:da:71:29:f0:be:e9:dd:3c:64:91:7c:58:bf:ed:28:e8:40:
51:44:1e:ee:73:e7:54:43:44:3e:18:47:d0:95:19:84:0b:db:
a4:0f:c8:16:2e:6b:aa:ea:4b:62:31:25:76:d8:6c:1d:38:4d:
db:45:af:56:bc:29:ee:c6:c5:8c:b4:15:87:81:64:df:ab:72:
14:dd:f2:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaCdvdNLsZ88lVKdl++1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMWZkYjgwZWZmNWJjZTE2NTRhYzhjNmI5MjJlNzgxZmQy
ZDM2YTUwHhcNMjUwMTAxMDU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY1YjEzYjRkMjI1MWFkZGNiNWYxZjAwOWRiNzIyNDNkMTE1YTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FJpvOTnxweeOmx217LW8NHC/ype
JxBG44ALONswzyFufGp1jc9ExXGeHqD0S8TyFI+ZL65QyW+7V7nEK7/HHUjtXvs3
pTxud+AuNIE+bofO7vXxTu045n1iynTBQX1CWeZesy+60EIKXuczP0kdvd1PnGq0
CfJyNwPkyQWCI9fL9xHDALkKWeCsyr45EEMl4So7vgKVqX3mckV7gy5NvrhgHXiI
XdL11GaXs/nvLYX9oCDB2jvwlyyz649/3P/tbYsLdBwCiugWidktTkf5B9xCSueB
KsbqRNuvSkWWrwA04/BqY29eaNj7i4nT7+2vrzbVk5aMr+bX2xcTVYsUEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD71sTtNIlGt3LXx8AnbciQ9EVodMB8GA1UdIwQY
MBaAFAof24Dv9bzhZUrIxrki54H9LTalMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2hfYmdPXzF2T0ZsU3NqR3VTTG5nZjB0TnFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hZDU1ZTQtYzBjOS00MzE5LThiZDgt
MDRiYzg3YTI5ZTRkLzEvUHZXeE8wMGlVYTNjdGZId0NkdHlKRDBSV2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hZDU1ZTQtYzBjOS00MzE5LThiZDgtMDRiYzg3YTI5ZTRk
LzEvQ2hfYmdPXzF2T0ZsU3NqR3VTTG5nZjB0TnFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZaUMA0E
AgACMAcDBQAqA6zgMA0GCSqGSIb3DQEBCwUAA4IBAQArHzjksVaxztNyNLHFA4E0
o1xyzX1sPVxE0SFtfRyLGCHaOgw5/qJnHRe7wyg5OVW8LxOpfemhPdRaXgjp433v
+oPF+jDc3sh/u7/CyvUnPg8pZYsCMy8Wiym7IznpRRmrN85ByM++0W7H2Y4Wc+8/
AjDno/lTLtLmFKV5pQKr+J3UiHN85L2Ss0zzUbw7iQCy0fYv+5tKq0xj8a3xc+r6
n3Cjp67u10baCWBoRXg7PwOmGA002nEp8L7p3TxkkXxYv+0o6EBRRB7uc+dUQ0Q+
GEfQlRmEC9ukD8gWLmuq6ktiMSV22GwdOE3bRa9WvCnuxsWMtBWHgWTfq3IU3fJ4
-----END CERTIFICATE-----
Generated at Sun Apr 6 00:45:56 2025 by rpki-client