Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/FjIahcKt09OuzmKTy1-sTrhxfJE.roa
File: FjIahcKt09OuzmKTy1-sTrhxfJE.roa (raw, json)
Hash identifier: vdC0TpdFOFzZCc1CfiRmwTujlsmnztXNdvUzRtn8G+A=
Subject key identifier: 16:32:1A:85:C2:AD:D3:D3:AE:CE:62:93:CB:5F:AC:4E:B8:71:7C:91
Certificate issuer: /CN=1daf46a40c246d6540d992c321b1cc3623d65995
Certificate serial: 0194244567681EBD9F10AA1575350D3DD3A5
Authority key identifier: 1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/FjIahcKt09OuzmKTy1-sTrhxfJE.roa
Signing time: Wed 01 Jan 2025 23:48:35 +0000
ROA not before: Wed 01 Jan 2025 23:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62370
IP address blocks: 5.104.224.0/21 maxlen: 21
37.148.160.0/21 maxlen: 21
77.95.224.0/21 maxlen: 21
78.41.200.0/21 maxlen: 21
89.207.128.0/21 maxlen: 21
128.204.192.0/20 maxlen: 20
185.62.56.0/22 maxlen: 22
193.33.60.0/23 maxlen: 23
193.34.166.0/23 maxlen: 23
195.20.204.0/24 maxlen: 24
195.20.205.0/24 maxlen: 24
2a00:7b80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:67:68:1e:bd:9f:10:aa:15:75:35:0d:3d:d3:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1daf46a40c246d6540d992c321b1cc3623d65995
Validity
Not Before: Jan 1 23:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=16321a85c2add3d3aece6293cb5fac4eb8717c91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:bc:7f:02:5e:4f:ea:23:d7:5e:c8:df:c5:27:
4d:13:72:9b:37:53:c7:ab:9a:c7:b2:49:8d:d6:95:
08:02:b8:e2:67:0c:10:1a:48:c8:eb:b6:d1:0f:56:
39:1f:da:8c:5f:d8:5f:74:43:ac:6a:61:e0:02:23:
37:55:c3:90:c2:30:c2:f6:00:ae:c5:89:64:4e:cc:
ef:49:9d:73:d1:f0:69:70:3b:06:b1:40:a1:70:83:
66:8e:84:e4:94:5a:31:35:63:c6:6f:5f:83:b9:44:
77:63:fa:77:a9:82:4c:20:8c:2b:7f:2e:f9:a5:6a:
d0:4d:ea:d5:bc:74:b7:0e:76:6b:86:70:94:b4:65:
d4:db:9f:42:d0:c7:c0:28:96:7d:be:0f:8e:13:32:
b4:70:56:27:7c:2a:d5:8c:13:4e:3f:c9:e3:e5:22:
be:0b:18:df:c9:6e:a3:95:5b:b5:39:20:c0:e1:15:
e8:4e:fa:ec:77:fb:e1:9e:cf:50:e5:7b:d7:63:2c:
4e:8f:0e:65:10:8e:0c:7a:6a:25:1c:8a:ea:82:e9:
37:0f:44:95:9c:34:cb:1e:d2:5c:1c:5a:f4:31:8e:
8b:c5:13:d9:8a:4a:02:16:14:84:34:ec:bc:0a:b9:
f0:74:6e:95:ae:a0:c1:60:aa:84:ff:ec:b1:03:a5:
7b:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:32:1A:85:C2:AD:D3:D3:AE:CE:62:93:CB:5F:AC:4E:B8:71:7C:91
X509v3 Authority Key Identifier:
keyid:1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/FjIahcKt09OuzmKTy1-sTrhxfJE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.104.224.0/21
37.148.160.0/21
77.95.224.0/21
78.41.200.0/21
89.207.128.0/21
128.204.192.0/20
185.62.56.0/22
193.33.60.0/23
193.34.166.0/23
195.20.204.0/23
IPv6:
2a00:7b80::/32
Signature Algorithm: sha256WithRSAEncryption
00:21:26:4f:af:0a:9a:f4:bc:66:9d:c9:e5:56:2a:08:b7:a4:
6f:b9:d3:34:54:0f:3e:e0:20:47:72:d6:68:ff:8a:9e:8a:42:
b8:5c:69:a6:d8:09:08:06:8a:20:55:64:9d:ff:07:97:8b:bc:
dc:3e:61:d2:f9:ef:a8:2b:09:e2:e2:29:1b:c2:6a:5f:4c:cd:
2e:ce:dd:cb:a3:d3:c2:a1:8b:d3:bf:e8:30:87:d7:74:3e:ef:
a4:64:7e:c0:7f:e3:21:d4:b9:0a:e3:22:7b:d5:71:1a:e8:9c:
20:8e:3f:e9:2a:68:3d:d1:e4:2c:cf:1c:f6:e5:f9:a6:7d:91:
b5:30:98:1e:bf:33:8b:3c:14:2f:ab:33:43:73:c8:ff:20:4e:
a7:c4:5c:66:45:5e:f9:d7:46:d5:b1:7e:69:45:0f:19:c6:a1:
a3:5a:6b:d9:0a:da:77:51:93:e2:ec:6f:f5:bf:85:78:6b:74:
d3:e8:de:7c:b8:5d:f7:34:60:f2:e3:06:4c:9e:2d:4f:ff:62:
52:5b:7a:24:88:09:39:1b:1a:36:da:dc:d0:5c:c1:d6:9c:3b:
bb:a3:0a:11:b9:99:7a:d6:5f:a3:4c:dc:ce:07:8e:87:7d:f1:
54:f0:3e:51:64:e0:d7:58:ac:2b:b6:b8:aa:f9:37:6b:44:de:
6a:3c:30:59
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZQkRWdoHr2fEKoVdTUNPdOlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWY0NmE0MGMyNDZkNjU0MGQ5OTJjMzIxYjFjYzM2MjNk
NjU5OTUwHhcNMjUwMTAxMjM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjMyMWE4NWMyYWRkM2QzYWVjZTYyOTNjYjVmYWM0ZWI4NzE3YzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7x/Al5P6iPXXsjfxSdNE3KbN1PH
q5rHskmN1pUIArjiZwwQGkjI67bRD1Y5H9qMX9hfdEOsamHgAiM3VcOQwjDC9gCu
xYlkTszvSZ1z0fBpcDsGsUChcINmjoTklFoxNWPGb1+DuUR3Y/p3qYJMIIwrfy75
pWrQTerVvHS3DnZrhnCUtGXU259C0MfAKJZ9vg+OEzK0cFYnfCrVjBNOP8nj5SK+
CxjfyW6jlVu1OSDA4RXoTvrsd/vhns9Q5XvXYyxOjw5lEI4MemolHIrqguk3D0SV
nDTLHtJcHFr0MY6LxRPZikoCFhSENOy8CrnwdG6VrqDBYKqE/+yxA6V7yQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFBYyGoXCrdPTrs5ik8tfrE64cXyRMB8GA1UdIwQY
MBaAFB2vRqQMJG1lQNmSwyGxzDYj1lmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYt
NzlmMDQ4YmQyYTdhLzEvRmpJYWhjS3QwOU91em1LVHkxLXNUcmh4ZkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYtNzlmMDQ4YmQyYTdh
LzEvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDBWjgAwQD
JZSgAwQDTV/gAwQDTinIAwQDWc+AAwQEgMzAAwQCuT44AwQBwSE8AwQBwSKmAwQB
wxTMMA0EAgACMAcDBQAqAHuAMA0GCSqGSIb3DQEBCwUAA4IBAQAAISZPrwqa9Lxm
ncnlVioIt6RvudM0VA8+4CBHctZo/4qeikK4XGmm2AkIBoogVWSd/weXi7zcPmHS
+e+oKwni4ikbwmpfTM0uzt3Lo9PCoYvTv+gwh9d0Pu+kZH7Af+Mh1LkK4yJ71XEa
6Jwgjj/pKmg90eQszxz25fmmfZG1MJgevzOLPBQvqzNDc8j/IE6nxFxmRV7510bV
sX5pRQ8ZxqGjWmvZCtp3UZPi7G/1v4V4a3TT6N58uF33NGDy4wZMni1P/2JSW3ok
iAk5Gxo22tzQXMHWnDu7owoRuZl61l+jTNzOB46HffFU8D5RZODXWKwrtriq+Tdr
RN5qPDBZ
-----END CERTIFICATE-----
Generated at Tue Apr 22 10:34:08 2025 by rpki-client