Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/otWydKJIblYoFDAZjlf3bz3XaMM.roa
File: otWydKJIblYoFDAZjlf3bz3XaMM.roa (raw, json)
Hash identifier: xwlrdUyrXAa6g8e84xQqVsN9ku3EVyiSX1A/Nu5VNrY=
Subject key identifier: A2:D5:B2:74:A2:48:6E:56:28:14:30:19:8E:57:F7:6F:3D:D7:68:C3
Certificate issuer: /CN=f0150b3a9419627fdbcdb6580e878a1c9fa0cc58
Certificate serial: 01941FFA7198B017A9809646FA80C275E19B
Authority key identifier: F0:15:0B:3A:94:19:62:7F:DB:CD:B6:58:0E:87:8A:1C:9F:A0:CC:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8BULOpQZYn_bzbZYDoeKHJ-gzFg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/otWydKJIblYoFDAZjlf3bz3XaMM.roa
Signing time: Wed 01 Jan 2025 03:48:14 +0000
ROA not before: Wed 01 Jan 2025 03:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42451
IP address blocks: 77.242.0.0/24 maxlen: 24
77.242.1.0/24 maxlen: 24
77.242.2.0/24 maxlen: 24
77.242.3.0/24 maxlen: 24
77.242.4.0/24 maxlen: 24
77.242.5.0/24 maxlen: 24
77.242.6.0/24 maxlen: 24
77.242.7.0/24 maxlen: 24
77.242.8.0/24 maxlen: 24
2a02:5c40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/8BULOpQZYn_bzbZYDoeKHJ-gzFg.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/8BULOpQZYn_bzbZYDoeKHJ-gzFg.mft
rsync://rpki.ripe.net/repository/DEFAULT/8BULOpQZYn_bzbZYDoeKHJ-gzFg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 13:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:71:98:b0:17:a9:80:96:46:fa:80:c2:75:e1:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0150b3a9419627fdbcdb6580e878a1c9fa0cc58
Validity
Not Before: Jan 1 03:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a2d5b274a2486e56281430198e57f76f3dd768c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:a5:02:66:1c:21:82:7a:eb:33:d5:f6:54:f4:
1f:a9:01:a2:4d:24:ae:bf:59:e6:8f:cb:f2:82:0e:
54:19:07:fa:88:27:c7:d9:6b:dd:b3:26:a9:fb:a1:
0a:57:29:20:01:a4:73:02:d9:a0:03:2b:bf:c9:48:
1e:bf:60:f0:16:b5:37:be:7d:15:e1:fe:c4:b0:c4:
8f:02:d0:7a:82:98:5b:72:7f:2f:80:09:09:c7:73:
05:4c:f2:33:c6:4d:01:de:cd:e2:ee:7c:e5:e1:62:
8f:21:5a:db:59:f9:15:b5:83:b9:0d:a8:27:aa:57:
00:66:89:ad:60:fe:a2:42:57:b1:14:16:28:29:33:
67:9c:48:91:84:56:cd:1b:d0:0b:04:af:6f:62:f0:
23:7e:ed:cc:e4:34:3a:0f:68:73:c7:dc:6f:49:af:
5c:cc:bd:44:0c:a9:a1:c4:71:97:b2:e5:d2:0f:32:
ca:fd:4f:76:b6:44:50:3f:de:9b:f9:d0:14:c6:cc:
75:1c:0f:18:93:c5:a6:5e:ad:e6:ff:cf:74:10:a5:
ad:32:dc:29:de:9e:70:f2:b1:d5:55:8c:b6:0f:3f:
64:9d:f2:55:fa:05:05:1b:5e:2b:41:37:cc:f8:94:
b9:4e:2e:e2:c2:ed:8d:a2:45:eb:9b:d4:97:eb:82:
5d:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:D5:B2:74:A2:48:6E:56:28:14:30:19:8E:57:F7:6F:3D:D7:68:C3
X509v3 Authority Key Identifier:
keyid:F0:15:0B:3A:94:19:62:7F:DB:CD:B6:58:0E:87:8A:1C:9F:A0:CC:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8BULOpQZYn_bzbZYDoeKHJ-gzFg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/otWydKJIblYoFDAZjlf3bz3XaMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/8BULOpQZYn_bzbZYDoeKHJ-gzFg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.0.0-77.242.8.255
IPv6:
2a02:5c40::/32
Signature Algorithm: sha256WithRSAEncryption
24:bf:79:d6:0d:3c:79:f1:be:fe:8b:19:bc:74:96:4a:86:e0:
83:22:06:f4:e9:03:f5:8f:33:65:e7:33:ce:97:53:ab:94:05:
26:ca:3a:68:78:70:43:bb:4e:90:dc:6d:68:27:45:1d:26:1c:
ae:25:7d:93:8d:e0:3b:c3:ed:88:57:92:f7:01:e2:4a:61:8c:
b2:ce:5d:e2:39:c8:33:dd:cc:25:8c:d1:25:2e:54:d6:33:04:
01:0e:46:88:48:59:0d:ae:6d:01:bd:df:ac:5e:0f:5d:ed:aa:
97:67:02:34:e8:4b:2f:f1:e2:7e:62:ce:85:f0:40:d8:52:99:
52:58:1a:b8:77:68:4a:5f:85:3a:5f:f1:66:2d:74:ff:05:fc:
ac:49:1e:09:ef:33:43:e3:ca:4a:7c:51:b0:d2:09:83:0e:17:
8f:73:d0:56:a4:31:30:59:93:16:a9:0b:f5:2d:8b:06:ff:49:
c3:f6:e2:56:7a:af:85:22:03:c2:ef:d3:0b:b4:60:bb:39:09:
23:22:1f:4d:d1:27:12:0c:e3:ea:57:0e:f3:67:9e:6e:14:10:
5a:c3:d0:b4:75:0a:57:db:ba:e3:77:09:7c:92:b2:06:d3:e5:
d7:e5:27:2a:8f:e5:a3:4a:41:42:5d:f0:23:d5:e4:9c:6e:79:
99:c7:54:0e
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQf+nGYsBepgJZG+oDCdeGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMTUwYjNhOTQxOTYyN2ZkYmNkYjY1ODBlODc4YTFjOWZh
MGNjNTgwHhcNMjUwMTAxMDM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQ1YjI3NGEyNDg2ZTU2MjgxNDMwMTk4ZTU3Zjc2ZjNkZDc2OGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qUCZhwhgnrrM9X2VPQfqQGiTSSu
v1nmj8vygg5UGQf6iCfH2Wvdsyap+6EKVykgAaRzAtmgAyu/yUgev2DwFrU3vn0V
4f7EsMSPAtB6gphbcn8vgAkJx3MFTPIzxk0B3s3i7nzl4WKPIVrbWfkVtYO5Dagn
qlcAZomtYP6iQlexFBYoKTNnnEiRhFbNG9ALBK9vYvAjfu3M5DQ6D2hzx9xvSa9c
zL1EDKmhxHGXsuXSDzLK/U92tkRQP96b+dAUxsx1HA8Yk8WmXq3m/890EKWtMtwp
3p5w8rHVVYy2Dz9knfJV+gUFG14rQTfM+JS5Ti7iwu2NokXrm9SX64JdrwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKLVsnSiSG5WKBQwGY5X928912jDMB8GA1UdIwQY
MBaAFPAVCzqUGWJ/2822WA6HihyfoMxYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEJVTE9wUVpZbl9iemJaWURvZUtISi1nekZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81NzUxNzItZjdhMi00ZTQzLTk2MmMt
ZWRjNWFiOTk1ZGJmLzEvb3RXeWRLSklibFlvRkRBWmpsZjNiejNYYU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81NzUxNzItZjdhMi00ZTQzLTk2MmMtZWRjNWFiOTk1ZGJm
LzEvOEJVTE9wUVpZbl9iemJaWURvZUtISi1nekZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwFN8gME
AE3yCDANBAIAAjAHAwUAKgJcQDANBgkqhkiG9w0BAQsFAAOCAQEAJL951g08efG+
/osZvHSWSobggyIG9OkD9Y8zZeczzpdTq5QFJso6aHhwQ7tOkNxtaCdFHSYcriV9
k43gO8PtiFeS9wHiSmGMss5d4jnIM93MJYzRJS5U1jMEAQ5GiEhZDa5tAb3frF4P
Xe2ql2cCNOhLL/HifmLOhfBA2FKZUlgauHdoSl+FOl/xZi10/wX8rEkeCe8zQ+PK
SnxRsNIJgw4Xj3PQVqQxMFmTFqkL9S2LBv9Jw/biVnqvhSIDwu/TC7RguzkJIyIf
TdEnEgzj6lcO82eebhQQWsPQtHUKV9u643cJfJKyBtPl1+UnKo/lo0pBQl3wI9Xk
nG55mcdUDg==
-----END CERTIFICATE-----
Generated at Mon Apr 21 22:23:01 2025 by rpki-client