Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1DJFlNRbs5BmZ7VkijEvslB1diY.roa
File: 1DJFlNRbs5BmZ7VkijEvslB1diY.roa (raw, json)
Hash identifier: S7ptynWCHam106B0OV8gdYJijDFMvcLRyPCetdAnbHY=
Subject key identifier: D4:32:45:94:D4:5B:B3:90:66:67:B5:64:8A:31:2F:B2:50:75:76:26
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195B8AAB6305C52B43252A5E2334C5BFE01
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1DJFlNRbs5BmZ7VkijEvslB1diY.roa
Signing time: Fri 21 Mar 2025 12:25:50 +0000
ROA not before: Fri 21 Mar 2025 12:25:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57043
IP address blocks: 45.12.255.0/24 maxlen: 24
87.120.33.0/24 maxlen: 24
87.121.58.0/24 maxlen: 24
94.103.127.0/24 maxlen: 24
94.156.2.0/24 maxlen: 24
94.156.79.0/24 maxlen: 24
94.156.253.0/24 maxlen: 24
141.98.4.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b8:aa:b6:30:5c:52:b4:32:52:a5:e2:33:4c:5b:fe:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 12:25:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4324594d45bb3906667b5648a312fb250757626
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:0c:de:ca:67:8c:33:ad:cb:49:4b:c0:93:5d:
3d:bf:9d:13:ab:a4:3d:93:b1:f3:52:43:da:6c:43:
fa:39:a8:0e:41:ba:97:5b:60:95:33:aa:82:75:23:
fd:11:c2:7e:04:9a:d6:3d:89:d6:dd:81:77:36:38:
1e:7a:6c:95:2f:57:e2:62:6d:0d:e4:e5:95:01:0e:
8a:0d:55:85:c4:b0:4d:6c:ea:30:28:66:03:e3:68:
e3:51:5c:fc:2e:c7:65:54:10:68:ea:d0:4e:00:b6:
aa:5b:5f:b4:37:2c:c4:b3:b5:f2:d9:d7:d1:87:40:
69:7e:b6:52:db:21:fd:4e:9b:35:1c:4a:a3:c1:a7:
de:e1:bd:e9:73:5c:f1:64:41:0a:ed:aa:3e:af:93:
2f:1e:5a:37:6f:27:59:69:d1:69:4c:3e:72:ef:69:
e8:cb:f7:64:13:36:52:00:51:cb:59:af:95:e7:1d:
22:d3:ec:e1:93:05:17:b0:34:65:2c:20:8d:0b:ad:
ad:76:ce:8a:4c:48:a3:9c:2f:9b:63:f4:8d:77:3f:
a6:5e:ae:ed:14:04:85:c1:51:55:ec:82:b4:41:88:
8b:2f:54:a8:d7:de:ab:cb:53:a5:ca:cb:e7:cd:67:
09:d2:12:06:8e:23:f1:73:53:f6:cf:86:52:73:6c:
e1:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:32:45:94:D4:5B:B3:90:66:67:B5:64:8A:31:2F:B2:50:75:76:26
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1DJFlNRbs5BmZ7VkijEvslB1diY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.255.0/24
87.120.33.0/24
87.121.58.0/24
94.103.127.0/24
94.156.2.0/24
94.156.79.0/24
94.156.253.0/24
141.98.4.0/24
Signature Algorithm: sha256WithRSAEncryption
14:bc:64:29:9c:5a:51:f0:33:19:c5:22:3d:16:ca:e2:61:8a:
3e:ab:46:ce:4b:dd:ed:39:6f:5e:40:1b:29:dd:03:fe:85:c1:
7d:ba:2c:d8:e6:31:97:fa:02:45:d8:c5:0e:a1:0e:18:77:a7:
fc:cf:c3:39:80:d8:89:08:9f:8c:94:1a:6e:b7:2c:68:23:7a:
01:e2:f9:6b:55:e3:b6:94:aa:a5:e5:52:36:5c:42:46:3c:ad:
0a:70:1f:9d:e9:51:a6:d6:5f:15:96:da:fa:34:13:66:0b:a0:
ae:91:5d:64:bd:75:27:be:04:54:e9:8e:e1:47:88:38:bb:60:
6d:1e:fb:bb:ff:08:86:95:df:96:7b:5e:2c:dc:0d:eb:ba:88:
56:19:0e:63:16:9d:dd:06:89:c8:3d:6a:f2:12:08:a0:26:3e:
50:e1:d5:4c:5f:60:e4:b7:18:88:86:9d:09:2a:3d:8b:da:e9:
6a:43:a7:4b:b7:6c:14:de:b8:d1:02:24:b2:06:a9:1f:9d:76:
ec:b9:05:c3:84:42:5b:ed:1c:2b:cf:0b:83:cb:d4:56:da:86:
c1:97:aa:10:91:5c:45:92:a0:e2:f2:74:0b:f2:e5:4e:ac:43:
ea:60:ff:d8:76:f7:75:75:4c:bb:38:10:0f:29:b2:31:e5:55:
55:81:dc:f1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZW4qrYwXFK0MlKl4jNMW/4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzIxMTIyNTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDMyNDU5NGQ0NWJiMzkwNjY2N2I1NjQ4YTMxMmZiMjUwNzU3NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwzeymeMM63LSUvAk109v50Tq6Q9
k7HzUkPabEP6OagOQbqXW2CVM6qCdSP9EcJ+BJrWPYnW3YF3NjgeemyVL1fiYm0N
5OWVAQ6KDVWFxLBNbOowKGYD42jjUVz8LsdlVBBo6tBOALaqW1+0NyzEs7Xy2dfR
h0BpfrZS2yH9Tps1HEqjwafe4b3pc1zxZEEK7ao+r5MvHlo3bydZadFpTD5y72no
y/dkEzZSAFHLWa+V5x0i0+zhkwUXsDRlLCCNC62tds6KTEijnC+bY/SNdz+mXq7t
FASFwVFV7IK0QYiLL1So196ry1OlysvnzWcJ0hIGjiPxc1P2z4ZSc2zhDwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNQyRZTUW7OQZme1ZIoxL7JQdXYmMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMURKRmxOUmJzNUJtWjdWa2lqRXZzbEIxZGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQz/AwQA
V3ghAwQAV3k6AwQAXmd/AwQAXpwCAwQAXpxPAwQAXpz9AwQAjWIEMA0GCSqGSIb3
DQEBCwUAA4IBAQAUvGQpnFpR8DMZxSI9FsriYYo+q0bOS93tOW9eQBsp3QP+hcF9
uizY5jGX+gJF2MUOoQ4Yd6f8z8M5gNiJCJ+MlBputyxoI3oB4vlrVeO2lKql5VI2
XEJGPK0KcB+d6VGm1l8Vltr6NBNmC6CukV1kvXUnvgRU6Y7hR4g4u2BtHvu7/wiG
ld+We14s3A3ruohWGQ5jFp3dBonIPWryEgigJj5Q4dVMX2DktxiIhp0JKj2L2ulq
Q6dLt2wU3rjRAiSyBqkfnXbsuQXDhEJb7RwrzwuDy9RW2obBl6oQkVxFkqDi8nQL
8uVOrEPqYP/Ydvd1dUy7OBAPKbIx5VVVgdzx
-----END CERTIFICATE-----
Generated at Fri Apr 4 19:38:15 2025 by rpki-client