Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/93dd43-9933-42ca-afc2-2c1891cacac7/1/djCZyDS3Av-3n9Oi3QzE4yqgYHQ.roa
File: djCZyDS3Av-3n9Oi3QzE4yqgYHQ.roa (raw, json)
Hash identifier: umRqAsXCH4x+gTRMItrAG7erZAX903krnPo4zn0Ncs0=
Subject key identifier: 76:30:99:C8:34:B7:02:FF:B7:9F:D3:A2:DD:0C:C4:E3:2A:A0:60:74
Certificate issuer: /CN=992c6e09c192c5580a4a1d294150d6237ab8925d
Certificate serial: 019420D5E99CF9DB30F0D6C75592306279B4
Authority key identifier: 99:2C:6E:09:C1:92:C5:58:0A:4A:1D:29:41:50:D6:23:7A:B8:92:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSxuCcGSxVgKSh0pQVDWI3q4kl0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/93dd43-9933-42ca-afc2-2c1891cacac7/1/djCZyDS3Av-3n9Oi3QzE4yqgYHQ.roa
Signing time: Wed 01 Jan 2025 07:47:57 +0000
ROA not before: Wed 01 Jan 2025 07:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15439
IP address blocks: 91.195.152.0/23 maxlen: 23
91.195.152.0/24 maxlen: 24
91.195.153.0/24 maxlen: 24
91.200.20.0/22 maxlen: 22
91.200.20.0/23 maxlen: 23
91.200.22.0/23 maxlen: 23
193.58.70.0/23 maxlen: 23
193.58.70.0/24 maxlen: 24
193.58.71.0/24 maxlen: 24
195.66.158.0/23 maxlen: 23
195.66.158.0/24 maxlen: 24
195.66.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/93dd43-9933-42ca-afc2-2c1891cacac7/1/mSxuCcGSxVgKSh0pQVDWI3q4kl0.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/93dd43-9933-42ca-afc2-2c1891cacac7/1/mSxuCcGSxVgKSh0pQVDWI3q4kl0.mft
rsync://rpki.ripe.net/repository/DEFAULT/mSxuCcGSxVgKSh0pQVDWI3q4kl0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:e9:9c:f9:db:30:f0:d6:c7:55:92:30:62:79:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992c6e09c192c5580a4a1d294150d6237ab8925d
Validity
Not Before: Jan 1 07:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=763099c834b702ffb79fd3a2dd0cc4e32aa06074
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:f5:56:04:45:9e:b4:b9:0c:24:6b:db:e9:d7:
67:86:0c:18:2e:09:2c:7c:7e:69:9e:b1:73:06:93:
58:73:47:3b:b8:72:3f:e2:73:d3:46:b8:c4:68:e7:
fb:f6:d0:14:85:07:56:8f:40:47:8f:82:8a:56:0e:
03:15:f6:85:f3:fa:85:35:e9:1f:00:1d:25:d3:53:
ae:fd:79:22:d9:77:13:ce:09:7c:88:ad:4c:07:d8:
42:65:5b:51:c0:6d:55:b7:3f:a0:63:4a:09:7c:97:
27:08:a4:e8:95:93:e6:46:4f:b0:8c:91:18:cc:e0:
c0:0c:75:09:30:e5:38:96:ac:c3:4c:20:66:ca:5e:
1a:8e:c1:cf:4f:c8:22:c6:69:98:d2:ae:f1:c8:7a:
4a:ee:bc:14:8d:a5:50:04:8c:f2:18:ef:a8:06:b4:
ea:fd:d9:98:c2:8d:58:58:f0:69:9b:43:10:6c:15:
8f:7f:15:1c:8e:0e:d9:ab:62:96:70:ed:62:95:51:
2e:9f:1e:15:85:45:3b:06:c9:62:55:b0:54:89:b1:
28:c1:31:17:fd:3b:56:38:dd:b4:a3:1f:fa:c4:56:
68:f5:1a:28:59:59:18:ad:64:82:ce:9c:8f:7e:73:
0b:7f:40:52:98:ba:9a:03:f9:09:42:87:01:76:3e:
84:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:30:99:C8:34:B7:02:FF:B7:9F:D3:A2:DD:0C:C4:E3:2A:A0:60:74
X509v3 Authority Key Identifier:
keyid:99:2C:6E:09:C1:92:C5:58:0A:4A:1D:29:41:50:D6:23:7A:B8:92:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSxuCcGSxVgKSh0pQVDWI3q4kl0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/93dd43-9933-42ca-afc2-2c1891cacac7/1/djCZyDS3Av-3n9Oi3QzE4yqgYHQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/93dd43-9933-42ca-afc2-2c1891cacac7/1/mSxuCcGSxVgKSh0pQVDWI3q4kl0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.152.0/23
91.200.20.0/22
193.58.70.0/23
195.66.158.0/23
Signature Algorithm: sha256WithRSAEncryption
a4:bf:af:c2:43:bc:25:d6:b3:f2:1f:44:4d:9b:3b:18:8c:c5:
2c:66:a8:8b:28:43:5e:85:85:71:2e:5c:bb:c5:25:22:51:c3:
e0:cb:a2:c1:00:20:6b:b7:83:3e:99:95:49:89:4e:f4:a8:2d:
eb:70:f2:2e:cf:3b:ab:7a:77:15:24:ef:99:92:bb:6d:1d:e0:
15:7e:b1:da:be:6b:77:33:d9:4e:e1:fb:1e:6e:29:45:01:28:
2c:9c:d2:07:be:ab:33:c5:57:2d:ea:90:50:4a:db:48:bc:06:
ae:e2:2d:b5:13:3f:d7:56:03:10:67:e6:35:f3:65:82:f4:5e:
55:16:07:e1:ce:5d:72:7f:37:14:ac:05:c5:43:2c:2d:4f:a8:
88:e2:87:c2:f1:47:54:16:2f:e3:2a:cc:ad:28:bf:98:a6:3c:
e7:56:fd:b8:81:64:d9:f3:f7:09:fa:39:11:21:62:28:7c:a4:
8f:43:4e:67:a5:a0:af:b2:2b:6e:8f:f0:d2:af:a8:c0:f1:95:
19:9a:35:43:8b:e8:7c:12:23:d7:19:88:02:66:4d:71:b2:a3:
a3:94:69:17:80:a1:68:05:c7:aa:95:0b:0c:e9:38:bc:18:9b:
c0:87:4f:62:4a:f3:0a:ee:50:b5:63:43:cb:ac:8d:38:aa:0c:
f4:1b:c6:54
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQg1emc+dsw8NbHVZIwYnm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmM2ZTA5YzE5MmM1NTgwYTRhMWQyOTQxNTBkNjIzN2Fi
ODkyNWQwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjMwOTljODM0YjcwMmZmYjc5ZmQzYTJkZDBjYzRlMzJhYTA2MDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fVWBEWetLkMJGvb6ddnhgwYLgks
fH5pnrFzBpNYc0c7uHI/4nPTRrjEaOf79tAUhQdWj0BHj4KKVg4DFfaF8/qFNekf
AB0l01Ou/Xki2XcTzgl8iK1MB9hCZVtRwG1Vtz+gY0oJfJcnCKTolZPmRk+wjJEY
zODADHUJMOU4lqzDTCBmyl4ajsHPT8gixmmY0q7xyHpK7rwUjaVQBIzyGO+oBrTq
/dmYwo1YWPBpm0MQbBWPfxUcjg7Zq2KWcO1ilVEunx4VhUU7BsliVbBUibEowTEX
/TtWON20ox/6xFZo9RooWVkYrWSCzpyPfnMLf0BSmLqaA/kJQocBdj6E+QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHYwmcg0twL/t5/Tot0MxOMqoGB0MB8GA1UdIwQY
MBaAFJksbgnBksVYCkodKUFQ1iN6uJJdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN4dUNjR1N4VmdLU2gwcFFWRFdJM3E0a2wwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85M2RkNDMtOTkzMy00MmNhLWFmYzIt
MmMxODkxY2FjYWM3LzEvZGpDWnlEUzNBdi0zbjlPaTNRekU0eXFnWUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85M2RkNDMtOTkzMy00MmNhLWFmYzItMmMxODkxY2FjYWM3
LzEvbVN4dUNjR1N4VmdLU2gwcFFWRFdJM3E0a2wwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW8OYAwQC
W8gUAwQBwTpGAwQBw0KeMA0GCSqGSIb3DQEBCwUAA4IBAQCkv6/CQ7wl1rPyH0RN
mzsYjMUsZqiLKENehYVxLly7xSUiUcPgy6LBACBrt4M+mZVJiU70qC3rcPIuzzur
encVJO+ZkrttHeAVfrHavmt3M9lO4fsebilFASgsnNIHvqszxVct6pBQSttIvAau
4i21Ez/XVgMQZ+Y182WC9F5VFgfhzl1yfzcUrAXFQywtT6iI4ofC8UdUFi/jKsyt
KL+YpjznVv24gWTZ8/cJ+jkRIWIofKSPQ05npaCvsituj/DSr6jA8ZUZmjVDi+h8
EiPXGYgCZk1xsqOjlGkXgKFoBceqlQsM6Ti8GJvAh09iSvMK7lC1Y0PLrI04qgz0
G8ZU
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:37:38 2025 by rpki-client