Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/HKNH5qVY82EVhwf41jFwu0WLXWQ.roa
File: HKNH5qVY82EVhwf41jFwu0WLXWQ.roa (raw, json)
Hash identifier: lq97v+q7hVfTasgsk/QjtVrEG9iM12Kuyq3A6kQDZ7s=
Subject key identifier: 1C:A3:47:E6:A5:58:F3:61:15:87:07:F8:D6:31:70:BB:45:8B:5D:64
Certificate issuer: /CN=62c5fce77dde4e2ee4fd6535100529c2f444d79a
Certificate serial: 019422FBFFB792733E0B3F8D49DE2B7775C4
Authority key identifier: 62:C5:FC:E7:7D:DE:4E:2E:E4:FD:65:35:10:05:29:C2:F4:44:D7:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/HKNH5qVY82EVhwf41jFwu0WLXWQ.roa
Signing time: Wed 01 Jan 2025 17:48:47 +0000
ROA not before: Wed 01 Jan 2025 17:48:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.158.64.0/22 maxlen: 22
45.158.64.0/24 maxlen: 24
45.158.65.0/24 maxlen: 24
45.158.66.0/24 maxlen: 24
45.158.67.0/24 maxlen: 24
95.214.128.0/22 maxlen: 22
95.214.128.0/24 maxlen: 24
95.214.129.0/24 maxlen: 24
95.214.130.0/24 maxlen: 24
95.214.131.0/24 maxlen: 24
193.104.15.0/24 maxlen: 24
2a09:e180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.mft
rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:ff:b7:92:73:3e:0b:3f:8d:49:de:2b:77:75:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=62c5fce77dde4e2ee4fd6535100529c2f444d79a
Validity
Not Before: Jan 1 17:48:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1ca347e6a558f361158707f8d63170bb458b5d64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:c8:ea:4e:33:67:80:9b:8d:d9:ad:05:65:15:
0f:f6:c5:9c:05:7b:f7:42:09:48:76:9f:14:19:dd:
f5:cb:b7:63:da:9f:f6:89:9b:ea:2c:b0:46:9c:5a:
08:d8:42:c4:65:86:90:0a:1f:be:bb:67:d4:71:ab:
6b:9e:f4:b9:4b:59:94:4f:70:cb:67:62:f1:db:ed:
39:5f:23:70:ed:2f:b5:5b:14:81:18:f2:c0:ba:e9:
a7:86:f3:d4:5f:5e:4f:5d:6e:27:3c:e3:b4:62:5f:
81:d4:c0:8a:10:b8:62:62:d0:9f:32:04:be:ae:3a:
60:5b:db:01:be:b1:55:9e:72:48:29:68:41:77:8b:
b3:65:f3:26:28:47:50:6d:85:68:a8:ee:f6:04:9e:
6b:08:71:2c:96:7e:78:27:62:ef:3d:8a:bb:bb:1f:
fb:3c:44:76:6b:d9:0c:3b:4e:11:9a:3e:7d:32:69:
02:5b:54:d9:82:c2:5c:de:78:9d:89:c2:d7:0c:27:
3d:63:1e:84:27:25:66:de:64:54:fe:28:64:07:62:
de:45:7e:95:fd:d3:6b:e2:8c:53:65:78:c3:30:ae:
ec:d7:b5:4f:8b:d1:fb:20:f3:20:4b:d3:90:2e:13:
85:43:37:07:c6:4d:d8:fd:5c:eb:9e:86:01:5a:f1:
4d:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:A3:47:E6:A5:58:F3:61:15:87:07:F8:D6:31:70:BB:45:8B:5D:64
X509v3 Authority Key Identifier:
keyid:62:C5:FC:E7:7D:DE:4E:2E:E4:FD:65:35:10:05:29:C2:F4:44:D7:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/HKNH5qVY82EVhwf41jFwu0WLXWQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.158.64.0/22
95.214.128.0/22
193.104.15.0/24
IPv6:
2a09:e180::/29
Signature Algorithm: sha256WithRSAEncryption
6c:a8:a1:01:7f:66:73:76:e8:b1:98:08:a8:9a:92:68:27:3c:
06:f1:dd:81:f0:b5:92:a8:d3:1e:44:25:19:2a:4e:94:bb:bd:
f1:c5:da:72:9b:d6:71:53:3b:b7:35:e8:c1:54:c6:b7:59:30:
bc:50:d5:b0:86:f7:c5:54:37:31:14:09:72:93:e0:62:19:82:
b3:86:15:89:cd:64:e3:e2:2d:9a:0e:01:33:14:f7:94:6c:7b:
96:23:8f:13:42:c5:04:0c:1b:f9:05:74:82:bf:02:21:da:74:
70:f1:cb:76:1c:15:0d:ea:6b:d2:05:d7:df:5b:de:0f:59:35:
d8:06:88:06:31:04:6b:de:8d:a9:ae:26:7f:a0:ce:ee:4d:e3:
da:e9:59:e1:0d:66:63:44:5d:a1:b6:43:a2:89:fe:c5:79:36:
e6:7c:70:3a:c1:da:34:8d:0d:0e:c8:76:ad:74:0e:4d:87:28:
2f:a9:ed:d1:ff:a3:61:20:4e:58:57:6d:01:b3:8c:a2:ac:39:
ea:2b:8f:ce:19:3f:05:12:aa:1d:96:9b:cd:73:41:f2:88:55:
fd:99:1f:4c:c9:63:aa:42:b4:d6:c8:05:27:2a:61:25:18:d6:
b9:35:6a:ce:ad:4b:ce:d7:64:6e:a0:fd:33:e9:8c:ac:cd:09:
5d:d8:c1:df
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQi+/+3knM+Cz+NSd4rd3XEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYzVmY2U3N2RkZTRlMmVlNGZkNjUzNTEwMDUyOWMyZjQ0
NGQ3OWEwHhcNMjUwMTAxMTc0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2EzNDdlNmE1NThmMzYxMTU4NzA3ZjhkNjMxNzBiYjQ1OGI1ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcjqTjNngJuN2a0FZRUP9sWcBXv3
QglIdp8UGd31y7dj2p/2iZvqLLBGnFoI2ELEZYaQCh++u2fUcatrnvS5S1mUT3DL
Z2Lx2+05XyNw7S+1WxSBGPLAuumnhvPUX15PXW4nPOO0Yl+B1MCKELhiYtCfMgS+
rjpgW9sBvrFVnnJIKWhBd4uzZfMmKEdQbYVoqO72BJ5rCHEsln54J2LvPYq7ux/7
PER2a9kMO04Rmj59MmkCW1TZgsJc3nidicLXDCc9Yx6EJyVm3mRU/ihkB2LeRX6V
/dNr4oxTZXjDMK7s17VPi9H7IPMgS9OQLhOFQzcHxk3Y/VzrnoYBWvFNHwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFByjR+alWPNhFYcH+NYxcLtFi11kMB8GA1UdIwQY
MBaAFGLF/Od93k4u5P1lNRAFKcL0RNeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXNYODUzM2VUaTdrX1dVMUVBVXB3dlJFMTVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMDNmNzAtMGE4OC00ZmFiLWIzNzQt
YWY2YmU5MDU3OTlkLzEvSEtOSDVxVlk4MkVWaHdmNDFqRnd1MFdMWFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMDNmNzAtMGE4OC00ZmFiLWIzNzQtYWY2YmU5MDU3OTlk
LzEvWXNYODUzM2VUaTdrX1dVMUVBVXB3dlJFMTVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLZ5AAwQC
X9aAAwQAwWgPMA0EAgACMAcDBQMqCeGAMA0GCSqGSIb3DQEBCwUAA4IBAQBsqKEB
f2ZzduixmAiompJoJzwG8d2B8LWSqNMeRCUZKk6Uu73xxdpym9ZxUzu3NejBVMa3
WTC8UNWwhvfFVDcxFAlyk+BiGYKzhhWJzWTj4i2aDgEzFPeUbHuWI48TQsUEDBv5
BXSCvwIh2nRw8ct2HBUN6mvSBdffW94PWTXYBogGMQRr3o2priZ/oM7uTePa6Vnh
DWZjRF2htkOiif7FeTbmfHA6wdo0jQ0OyHatdA5Nhygvqe3R/6NhIE5YV20Bs4yi
rDnqK4/OGT8FEqodlpvNc0HyiFX9mR9MyWOqQrTWyAUnKmElGNa5NWrOrUvO12Ru
oP0z6YyszQld2MHf
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:19:10 2025 by rpki-client