Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/JXX7pmF3y33VNIeMzg-oOSG2WjM.roa
File: JXX7pmF3y33VNIeMzg-oOSG2WjM.roa (raw, json)
Hash identifier: RgbZI4t1n8bid77DAWk8BRBxPhdwhvES+Lx/rPjTrD0=
Subject key identifier: 25:75:FB:A6:61:77:CB:7D:D5:34:87:8C:CE:0F:A8:39:21:B6:5A:33
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 019424B2E43F49783C948604E6C5653C23C3
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/JXX7pmF3y33VNIeMzg-oOSG2WjM.roa
Signing time: Thu 02 Jan 2025 01:48:11 +0000
ROA not before: Thu 02 Jan 2025 01:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5511
IP address blocks: 159.148.109.0/24 maxlen: 24
159.148.157.0/24 maxlen: 24
159.148.236.0/24 maxlen: 24
159.148.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:e4:3f:49:78:3c:94:86:04:e6:c5:65:3c:23:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Jan 2 01:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2575fba66177cb7dd534878cce0fa83921b65a33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:26:31:23:9e:b7:7a:4b:86:41:db:41:67:4b:
c3:34:e1:57:88:ca:66:40:91:13:70:0e:f7:ef:b9:
6c:d4:24:dc:47:82:0c:31:82:14:f6:e4:6c:8d:aa:
99:3e:4c:e3:2a:b2:60:14:94:22:12:de:d0:14:21:
9b:26:eb:0b:eb:09:c2:45:c1:03:f9:7c:9f:94:1e:
16:53:e1:23:07:b1:e4:9a:40:1e:29:64:ef:d3:d7:
55:c6:7a:89:89:66:4b:13:79:cb:80:ad:8d:3d:d9:
57:70:b1:81:74:3c:40:3e:29:f9:64:eb:06:83:d5:
01:5a:8c:f2:aa:db:ee:ee:44:be:c6:a7:50:45:45:
af:1c:0f:27:83:52:69:5f:19:89:2a:83:da:b9:cd:
6e:10:6b:99:1a:fc:fa:96:25:79:5b:a5:d8:57:e3:
df:e8:09:f7:8b:4e:1b:85:a9:cb:e4:89:c4:cc:ae:
7d:f4:ab:46:38:c1:2d:e1:e9:a8:a3:00:0a:05:64:
22:70:05:cc:d3:59:a8:c6:d8:9d:d1:e4:2a:0d:1e:
f8:25:70:15:82:3d:01:5c:36:a0:d2:1b:ec:93:af:
c8:7e:1b:5e:e8:16:0f:fb:a5:9b:11:36:b2:b1:3d:
37:b2:a0:f4:2c:a7:a6:0e:00:b6:e0:2e:6c:9e:cc:
26:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:75:FB:A6:61:77:CB:7D:D5:34:87:8C:CE:0F:A8:39:21:B6:5A:33
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/JXX7pmF3y33VNIeMzg-oOSG2WjM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.148.109.0/24
159.148.157.0/24
159.148.236.0/24
159.148.239.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:af:b4:1f:98:b2:bb:58:ff:36:63:0f:84:cf:f3:91:aa:d0:
00:83:b6:3c:cd:f1:57:85:3a:bb:26:5d:40:39:41:c5:f8:1d:
18:67:85:59:60:a1:f1:77:9d:31:05:71:d8:3e:dc:ec:af:80:
23:85:6b:3a:7d:38:6b:27:eb:f0:29:df:70:26:92:13:45:55:
72:0e:75:1e:e3:a8:5c:b5:ec:4b:66:96:82:15:46:56:6b:f2:
b0:b9:d0:88:39:4d:5f:0a:03:c6:87:dc:f9:54:32:18:3e:41:
af:d8:1b:4b:d7:59:2d:29:62:aa:6b:15:23:a1:00:fa:88:c2:
f7:1a:c3:8b:37:d0:69:c6:40:ad:cc:b1:92:40:ae:ec:08:40:
50:b1:70:25:88:21:ae:71:f2:21:08:33:5c:21:ee:87:88:55:
d0:19:04:49:31:ab:b2:96:a9:13:65:d3:a3:57:4a:78:c0:8b:
bd:ba:c3:e8:c6:7d:f4:ec:69:a0:f5:55:86:02:63:41:e7:47:
61:da:65:d9:96:70:6a:88:84:96:0a:6a:30:cc:d2:db:b4:1e:
e0:eb:bf:ee:90:c9:1f:a2:9f:0b:06:82:9c:7f:6b:49:fd:69:
37:37:e4:eb:c9:dd:37:19:75:c7:1d:71:e4:8b:6a:49:66:f5:
52:6b:da:d7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQksuQ/SXg8lIYE5sVlPCPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc1ZmJhNjYxNzdjYjdkZDUzNDg3OGNjZTBmYTgzOTIxYjY1YTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSYxI563ekuGQdtBZ0vDNOFXiMpm
QJETcA7377ls1CTcR4IMMYIU9uRsjaqZPkzjKrJgFJQiEt7QFCGbJusL6wnCRcED
+XyflB4WU+EjB7HkmkAeKWTv09dVxnqJiWZLE3nLgK2NPdlXcLGBdDxAPin5ZOsG
g9UBWozyqtvu7kS+xqdQRUWvHA8ng1JpXxmJKoPauc1uEGuZGvz6liV5W6XYV+Pf
6An3i04bhanL5InEzK599KtGOMEt4emoowAKBWQicAXM01moxtid0eQqDR74JXAV
gj0BXDag0hvsk6/Ifhte6BYP+6WbETaysT03sqD0LKemDgC24C5snswmCwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCV1+6Zhd8t91TSHjM4PqDkhtlozMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvSlhYN3BtRjN5MzNWTkllTXpnLW9PU0cyV2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAn5RtAwQA
n5SdAwQAn5TsAwQAn5TvMA0GCSqGSIb3DQEBCwUAA4IBAQCsr7QfmLK7WP82Yw+E
z/ORqtAAg7Y8zfFXhTq7Jl1AOUHF+B0YZ4VZYKHxd50xBXHYPtzsr4AjhWs6fThr
J+vwKd9wJpITRVVyDnUe46hctexLZpaCFUZWa/KwudCIOU1fCgPGh9z5VDIYPkGv
2BtL11ktKWKqaxUjoQD6iML3GsOLN9BpxkCtzLGSQK7sCEBQsXAliCGucfIhCDNc
Ie6HiFXQGQRJMauylqkTZdOjV0p4wIu9usPoxn307Gmg9VWGAmNB50dh2mXZlnBq
iISWCmowzNLbtB7g67/ukMkfop8LBoKcf2tJ/Wk3N+Tryd03GXXHHXHki2pJZvVS
a9rX
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:22:59 2025 by rpki-client