Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/iTTW-6mQkAe_ptbEUsV9bdJZhbM.roa
File: iTTW-6mQkAe_ptbEUsV9bdJZhbM.roa (raw, json)
Hash identifier: IaZjtmRfbfeEiXlxoZz2N565FeKeU2Yttq1mO64u+IM=
Subject key identifier: 89:34:D6:FB:A9:90:90:07:BF:A6:D6:C4:52:C5:7D:6D:D2:59:85:B3
Certificate issuer: /CN=7078e75635a09dcc03f625a80bfa552b22e3662c
Certificate serial: 019420D6127FD2C47E98F474AAB7EF7C2BFC
Authority key identifier: 70:78:E7:56:35:A0:9D:CC:03:F6:25:A8:0B:FA:55:2B:22:E3:66:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cHjnVjWgncwD9iWoC_pVKyLjZiw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/iTTW-6mQkAe_ptbEUsV9bdJZhbM.roa
Signing time: Wed 01 Jan 2025 07:48:07 +0000
ROA not before: Wed 01 Jan 2025 07:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16019
IP address blocks: 46.174.16.0/21 maxlen: 21
46.174.20.0/24 maxlen: 24
46.174.21.0/24 maxlen: 24
46.174.22.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/cHjnVjWgncwD9iWoC_pVKyLjZiw.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/cHjnVjWgncwD9iWoC_pVKyLjZiw.mft
rsync://rpki.ripe.net/repository/DEFAULT/cHjnVjWgncwD9iWoC_pVKyLjZiw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 23:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:12:7f:d2:c4:7e:98:f4:74:aa:b7:ef:7c:2b:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7078e75635a09dcc03f625a80bfa552b22e3662c
Validity
Not Before: Jan 1 07:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8934d6fba9909007bfa6d6c452c57d6dd25985b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:83:dc:fd:c2:62:68:89:8a:22:07:94:b9:82:
7e:ea:23:fc:44:b0:b2:7f:3c:21:7d:b0:dc:ea:8c:
9b:d4:fc:37:84:36:0a:34:f2:d0:1d:60:29:2b:ca:
7e:d0:3d:7e:cc:7f:52:da:da:db:46:f4:cf:bd:d7:
f4:d4:53:49:21:b9:3f:c2:d0:66:79:42:b2:82:67:
23:22:0a:b5:1f:aa:7d:6d:2a:df:62:b9:d7:c0:f0:
e2:64:3b:b9:a2:d2:ad:a8:62:88:82:94:ab:dd:83:
a1:a4:ad:1d:2c:e8:02:68:41:36:58:36:98:95:d8:
1d:50:8c:94:8b:c8:b2:bf:e1:42:78:a0:11:70:74:
db:ea:63:a9:01:1b:a4:c4:39:44:5c:de:dc:b5:f0:
6f:54:3b:f8:0b:e9:14:17:50:46:63:25:ab:f6:05:
62:9e:85:ef:36:26:b4:44:9c:6e:43:93:75:c3:75:
0f:53:41:c8:15:4b:40:91:b6:48:3e:e1:f6:4c:62:
c2:93:79:2b:3c:6b:3b:1e:92:a7:7d:bb:20:06:28:
ce:ef:59:e1:77:7a:42:8e:b3:d9:0e:04:ee:1c:aa:
5b:46:92:a4:26:1d:99:0c:c7:74:6b:b5:58:a2:3e:
f8:0b:14:ea:f6:94:ac:75:50:4f:ab:77:47:dd:63:
93:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:34:D6:FB:A9:90:90:07:BF:A6:D6:C4:52:C5:7D:6D:D2:59:85:B3
X509v3 Authority Key Identifier:
keyid:70:78:E7:56:35:A0:9D:CC:03:F6:25:A8:0B:FA:55:2B:22:E3:66:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cHjnVjWgncwD9iWoC_pVKyLjZiw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/iTTW-6mQkAe_ptbEUsV9bdJZhbM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/cHjnVjWgncwD9iWoC_pVKyLjZiw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.174.16.0/21
Signature Algorithm: sha256WithRSAEncryption
3c:ec:56:57:4f:68:68:61:56:bc:d3:9a:4d:c8:c7:f3:73:db:
5b:12:c9:40:29:3c:6f:02:3a:74:96:1f:3f:66:2f:37:a6:c7:
bf:20:66:e8:2a:97:2a:64:91:92:89:e1:4a:5f:30:1f:07:1c:
dc:70:08:38:54:23:50:07:24:f0:a2:13:c4:67:b8:34:53:01:
9b:8d:7e:43:94:59:dd:a0:2f:45:da:d4:7a:93:ad:52:1f:8c:
a4:35:77:c2:f9:47:18:ea:b7:8f:4e:10:a2:6a:c3:87:70:4e:
49:46:f9:d7:6e:d2:d8:56:bf:73:0f:1b:97:68:be:e0:d8:55:
e7:cf:e4:12:5f:e6:de:21:f4:0c:aa:44:b2:43:e0:a1:fd:0d:
18:bb:ab:08:80:55:db:f4:cf:c6:ba:8d:c0:f0:93:7e:f5:e4:
16:4e:71:42:e3:a2:f9:59:36:29:bd:6b:75:6b:d7:f9:d8:53:
d7:c3:c3:4b:95:0f:79:e9:e6:a4:14:a2:49:85:82:a7:b6:e8:
e9:d6:9e:2b:c4:2b:ea:6e:98:35:ab:0c:85:7e:42:b8:b9:bd:
3d:57:dc:e2:44:fb:3e:85:3c:65:28:34:50:c9:b0:20:30:cd:
52:83:f5:2f:60:ed:b2:7a:30:a2:66:06:dd:09:97:ca:86:eb:
a3:50:00:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1hJ/0sR+mPR0qrfvfCv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNzhlNzU2MzVhMDlkY2MwM2Y2MjVhODBiZmE1NTJiMjJl
MzY2MmMwHhcNMjUwMTAxMDc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM0ZDZmYmE5OTA5MDA3YmZhNmQ2YzQ1MmM1N2Q2ZGQyNTk4NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YPc/cJiaImKIgeUuYJ+6iP8RLCy
fzwhfbDc6oyb1Pw3hDYKNPLQHWApK8p+0D1+zH9S2trbRvTPvdf01FNJIbk/wtBm
eUKygmcjIgq1H6p9bSrfYrnXwPDiZDu5otKtqGKIgpSr3YOhpK0dLOgCaEE2WDaY
ldgdUIyUi8iyv+FCeKARcHTb6mOpARukxDlEXN7ctfBvVDv4C+kUF1BGYyWr9gVi
noXvNia0RJxuQ5N1w3UPU0HIFUtAkbZIPuH2TGLCk3krPGs7HpKnfbsgBijO71nh
d3pCjrPZDgTuHKpbRpKkJh2ZDMd0a7VYoj74CxTq9pSsdVBPq3dH3WOT4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIk01vupkJAHv6bWxFLFfW3SWYWzMB8GA1UdIwQY
MBaAFHB451Y1oJ3MA/YlqAv6VSsi42YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0hqblZqV2duY3dEOWlXb0NfcFZLeUxqWml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYTE3ZjctYzU5My00NzRkLThjZjAt
NTM4YjQ3NzA5OTU2LzEvaVRUVy02bVFrQWVfcHRiRVVzVjliZEpaaGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYTE3ZjctYzU5My00NzRkLThjZjAtNTM4YjQ3NzA5OTU2
LzEvY0hqblZqV2duY3dEOWlXb0NfcFZLeUxqWml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLq4QMA0G
CSqGSIb3DQEBCwUAA4IBAQA87FZXT2hoYVa805pNyMfzc9tbEslAKTxvAjp0lh8/
Zi83pse/IGboKpcqZJGSieFKXzAfBxzccAg4VCNQByTwohPEZ7g0UwGbjX5DlFnd
oC9F2tR6k61SH4ykNXfC+UcY6rePThCiasOHcE5JRvnXbtLYVr9zDxuXaL7g2FXn
z+QSX+beIfQMqkSyQ+Ch/Q0Yu6sIgFXb9M/Guo3A8JN+9eQWTnFC46L5WTYpvWt1
a9f52FPXw8NLlQ956eakFKJJhYKntujp1p4rxCvqbpg1qwyFfkK4ub09V9ziRPs+
hTxlKDRQybAgMM1Sg/UvYO2yejCiZgbdCZfKhuujUAAu
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:48:17 2025 by rpki-client