Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/5d3BkT4g6BSm4A2tPk7SLnm-a2o.roa
File: 5d3BkT4g6BSm4A2tPk7SLnm-a2o.roa (raw, json)
Hash identifier: r7O0hom8hw87s+SCAknwxnQSAbbhz820jIMuUD9IwqI=
Subject key identifier: E5:DD:C1:91:3E:20:E8:14:A6:E0:0D:AD:3E:4E:D2:2E:79:BE:6B:6A
Certificate issuer: /CN=02fc5c064f5159c8a1fa4066c8cb8ff701671dd2
Certificate serial: 0194FEA4373018B7800B94A280A452BFF084
Authority key identifier: 02:FC:5C:06:4F:51:59:C8:A1:FA:40:66:C8:CB:8F:F7:01:67:1D:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AvxcBk9RWcih-kBmyMuP9wFnHdI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/5d3BkT4g6BSm4A2tPk7SLnm-a2o.roa
Signing time: Thu 13 Feb 2025 09:29:22 +0000
ROA not before: Thu 13 Feb 2025 09:29:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208731
IP address blocks: 147.78.192.0/23 maxlen: 24
147.78.192.0/24 maxlen: 24
147.78.193.0/24 maxlen: 24
185.42.161.0/24 maxlen: 24
185.203.112.0/24 maxlen: 24
2a0f:98c0::/29 maxlen: 48
2a0f:98c0:d::/48 maxlen: 48
2a0f:98c0:12::/48 maxlen: 48
2a0f:98c0:13::/48 maxlen: 48
2a0f:98c0:14::/48 maxlen: 48
2a0f:98c0:15::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/AvxcBk9RWcih-kBmyMuP9wFnHdI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/AvxcBk9RWcih-kBmyMuP9wFnHdI.mft
rsync://rpki.ripe.net/repository/DEFAULT/AvxcBk9RWcih-kBmyMuP9wFnHdI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:fe:a4:37:30:18:b7:80:0b:94:a2:80:a4:52:bf:f0:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02fc5c064f5159c8a1fa4066c8cb8ff701671dd2
Validity
Not Before: Feb 13 09:29:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e5ddc1913e20e814a6e00dad3e4ed22e79be6b6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:5e:39:67:5f:13:f3:85:01:5e:5d:1e:4b:73:
e3:68:bf:09:43:a9:45:ca:09:88:e2:bf:50:61:da:
34:5a:e8:0c:84:63:65:94:fd:27:fa:d9:12:5e:3a:
63:5e:ba:05:d9:96:e2:3e:ce:57:ce:79:bd:e6:a0:
06:47:87:15:3c:4f:ba:14:23:47:8d:08:0e:60:11:
ee:2c:d0:eb:6b:9a:69:b3:7f:06:9e:18:99:4e:78:
41:90:d4:93:2d:ad:49:20:aa:e1:25:e3:eb:e3:c6:
88:85:2b:b1:f4:e7:fd:94:c8:98:db:c7:51:4e:eb:
2f:0f:e5:4f:0a:81:4a:eb:3d:5d:2d:cd:ae:30:9c:
ae:7e:48:87:4c:e5:bd:43:a3:0c:8c:f9:e5:72:26:
95:37:23:53:2a:f2:6e:2a:dc:4f:ec:ae:1f:9c:4c:
ed:bf:4e:d8:c4:ec:19:cd:40:14:d8:49:43:c6:47:
0c:d5:8f:de:33:aa:4a:10:58:da:9a:6a:b9:54:52:
c9:69:43:be:af:8a:a9:c4:5c:46:c4:46:77:79:44:
18:3a:13:dd:4e:28:55:b5:ac:2a:f5:10:17:fe:26:
24:f5:0f:46:a8:42:3f:e0:b4:b5:3a:cc:f9:c6:60:
d1:3d:2d:06:f7:5e:67:f2:85:f5:38:23:5c:3b:f1:
0b:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:DD:C1:91:3E:20:E8:14:A6:E0:0D:AD:3E:4E:D2:2E:79:BE:6B:6A
X509v3 Authority Key Identifier:
keyid:02:FC:5C:06:4F:51:59:C8:A1:FA:40:66:C8:CB:8F:F7:01:67:1D:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AvxcBk9RWcih-kBmyMuP9wFnHdI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/5d3BkT4g6BSm4A2tPk7SLnm-a2o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/AvxcBk9RWcih-kBmyMuP9wFnHdI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.78.192.0/23
185.42.161.0/24
185.203.112.0/24
IPv6:
2a0f:98c0::/29
Signature Algorithm: sha256WithRSAEncryption
0f:fc:1a:59:fb:41:34:2b:41:2a:12:b6:fa:7d:55:b1:0d:29:
ba:35:df:c8:dc:f2:ba:6f:05:bb:50:a2:28:35:a3:4e:8e:64:
8c:45:95:a3:90:b0:7f:b3:01:aa:ea:5c:d9:98:02:bc:b0:ad:
9f:54:88:f9:13:fe:ae:60:80:35:e1:a1:0c:a9:94:6e:91:6c:
96:c1:44:c1:18:ed:2f:f7:87:4d:13:a7:16:62:97:d3:ed:63:
22:32:6a:f2:e4:34:51:21:a9:38:e9:bf:7f:e7:9e:1c:f9:8f:
85:9e:f2:88:6c:20:aa:58:dc:9a:62:f4:b7:ca:d5:ab:58:0a:
f6:fc:8a:14:a7:33:fd:55:39:dd:cb:81:96:61:51:93:36:94:
a2:6d:42:c8:5d:18:cc:06:6a:dd:c8:d7:c6:58:14:98:57:ed:
21:fb:56:48:eb:82:a1:0e:55:87:49:4c:dc:b1:c5:a4:79:fa:
a9:57:9f:cf:23:64:e0:dc:58:c0:d9:1a:6e:7d:ec:d1:59:ab:
2c:bf:bc:90:4d:4e:15:a4:07:91:47:6d:dc:06:18:01:a3:f4:
d7:34:30:91:27:92:97:cf:7c:1a:ad:a7:fa:13:b4:0d:6a:1d:
04:4b:4b:c6:dd:cd:ce:4d:3f:2b:53:0f:30:0a:99:bf:4e:6f:
35:28:90:23
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZT+pDcwGLeAC5SigKRSv/CEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZmM1YzA2NGY1MTU5YzhhMWZhNDA2NmM4Y2I4ZmY3MDE2
NzFkZDIwHhcNMjUwMjEzMDkyOTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWRkYzE5MTNlMjBlODE0YTZlMDBkYWQzZTRlZDIyZTc5YmU2YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l45Z18T84UBXl0eS3PjaL8JQ6lF
ygmI4r9QYdo0WugMhGNllP0n+tkSXjpjXroF2ZbiPs5Xznm95qAGR4cVPE+6FCNH
jQgOYBHuLNDra5pps38GnhiZTnhBkNSTLa1JIKrhJePr48aIhSux9Of9lMiY28dR
TusvD+VPCoFK6z1dLc2uMJyufkiHTOW9Q6MMjPnlciaVNyNTKvJuKtxP7K4fnEzt
v07YxOwZzUAU2ElDxkcM1Y/eM6pKEFjammq5VFLJaUO+r4qpxFxGxEZ3eUQYOhPd
TihVtawq9RAX/iYk9Q9GqEI/4LS1Osz5xmDRPS0G915n8oX1OCNcO/EL8QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOXdwZE+IOgUpuANrT5O0i55vmtqMB8GA1UdIwQY
MBaAFAL8XAZPUVnIofpAZsjLj/cBZx3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXZ4Y0JrOVJXY2loLWtCbXlNdVA5d0ZuSGRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iMTVhN2QtNWFlZS00ZDQwLWJlNWEt
NzkyYTkxYzVjYTJiLzEvNWQzQmtUNGc2QlNtNEEydFBrN1NMbm0tYTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iMTVhN2QtNWFlZS00ZDQwLWJlNWEtNzkyYTkxYzVjYTJi
LzEvQXZ4Y0JrOVJXY2loLWtCbXlNdVA5d0ZuSGRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBk07AAwQA
uSqhAwQAuctwMA0EAgACMAcDBQMqD5jAMA0GCSqGSIb3DQEBCwUAA4IBAQAP/BpZ
+0E0K0EqErb6fVWxDSm6Nd/I3PK6bwW7UKIoNaNOjmSMRZWjkLB/swGq6lzZmAK8
sK2fVIj5E/6uYIA14aEMqZRukWyWwUTBGO0v94dNE6cWYpfT7WMiMmry5DRRIak4
6b9/554c+Y+FnvKIbCCqWNyaYvS3ytWrWAr2/IoUpzP9VTndy4GWYVGTNpSibULI
XRjMBmrdyNfGWBSYV+0h+1ZI64KhDlWHSUzcscWkefqpV5/PI2Tg3FjA2RpufezR
Wassv7yQTU4VpAeRR23cBhgBo/TXNDCRJ5KXz3waraf6E7QNah0ES0vG3c3OTT8r
Uw8wCpm/Tm81KJAj
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:47:08 2025 by rpki-client