Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3hblAUbohBwFT91IssPjV90kLNw.roa
File: 3hblAUbohBwFT91IssPjV90kLNw.roa (raw, json)
Hash identifier: 38EdVnlMAGIlx0Mlz1graFZq4XBH6eOlqF04LdXhHB4=
Subject key identifier: DE:16:E5:01:46:E8:84:1C:05:4F:DD:48:B2:C3:E3:57:DD:24:2C:DC
Certificate issuer: /CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
Certificate serial: 0194236A43CB146CE6D4DD57E12E00988FBA
Authority key identifier: AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3hblAUbohBwFT91IssPjV90kLNw.roa
Signing time: Wed 01 Jan 2025 19:49:14 +0000
ROA not before: Wed 01 Jan 2025 19:49:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 45.94.232.0/24 maxlen: 24
45.94.233.0/24 maxlen: 24
45.94.234.0/24 maxlen: 24
45.94.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl
rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.mft
rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:43:cb:14:6c:e6:d4:dd:57:e1:2e:00:98:8f:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
Validity
Not Before: Jan 1 19:49:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de16e50146e8841c054fdd48b2c3e357dd242cdc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:20:9b:84:ae:7f:d7:e2:a3:d7:a7:ef:ae:82:
dd:74:64:c4:c8:68:1a:0c:4f:70:6b:71:69:e8:b1:
13:1c:fc:51:69:c5:a1:cd:48:68:d2:cf:37:ce:c9:
95:89:46:43:de:68:46:5b:06:b0:85:4a:91:d1:44:
6f:0f:4a:f6:a2:3c:8d:96:da:16:01:68:3a:3b:77:
0b:46:61:cc:b0:02:15:81:27:ad:fa:60:58:92:f1:
42:f1:3b:04:9a:8d:c3:32:d8:06:90:9c:4e:ac:5d:
7f:a9:ab:8c:0e:11:c6:13:db:50:68:93:8f:c0:4d:
56:2d:71:0c:db:83:d0:47:27:b5:a3:de:c6:92:e9:
33:ca:10:80:76:2b:63:9e:89:65:e7:0b:2d:84:4e:
2d:86:19:38:53:45:81:e5:b7:a8:ed:48:53:82:17:
ef:36:e6:36:36:b1:06:39:40:d3:26:ce:7f:02:a3:
ed:2d:10:4d:90:d2:13:fb:2a:95:6f:85:cc:3d:ee:
0d:5f:81:46:33:0a:08:6a:fd:3e:5f:e7:58:21:e9:
41:10:cb:89:7a:90:3b:a7:04:66:1a:89:43:9c:9a:
eb:d3:61:2c:7e:b5:34:3a:c5:36:71:e8:75:d7:27:
07:06:d5:67:ff:2d:94:aa:3a:f0:25:b1:04:10:86:
77:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:16:E5:01:46:E8:84:1C:05:4F:DD:48:B2:C3:E3:57:DD:24:2C:DC
X509v3 Authority Key Identifier:
keyid:AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3hblAUbohBwFT91IssPjV90kLNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.94.232.0/22
Signature Algorithm: sha256WithRSAEncryption
7c:e5:c3:dd:f1:e3:c8:e6:6c:f8:3a:c1:bf:7a:6c:22:c9:63:
5d:6e:c5:48:1d:30:e8:05:87:96:1d:d0:ec:29:3e:c6:3a:7a:
86:3c:d6:81:7f:35:e2:8d:06:d3:59:9f:3e:07:c1:4f:cc:97:
8c:97:71:92:fa:3c:85:e7:c5:4d:12:5e:34:fe:8d:5a:de:6e:
15:1b:c6:96:8e:24:a0:8a:c4:56:c9:73:92:27:17:bc:ce:1f:
a7:38:d4:3b:e1:3a:7a:5b:ac:5b:2b:b1:6c:10:22:21:07:94:
92:26:b7:4c:59:17:30:9a:85:d1:e1:0d:bb:f5:fd:dc:81:c6:
a0:58:81:96:e4:b8:45:74:c4:8a:02:7a:48:ff:d6:1a:63:0e:
6e:1c:a1:14:93:1f:d8:ba:e4:cc:18:2f:01:76:1a:4d:0f:e0:
8c:98:96:61:a9:17:3e:73:50:1a:12:fc:d1:47:c9:ff:cc:8f:
31:d2:b4:6b:50:0b:02:ae:14:6d:e1:52:a9:b7:d9:8b:d2:0b:
cc:e8:55:7a:e0:be:20:56:aa:e4:55:fe:37:c3:bf:17:18:76:
0a:77:20:eb:09:e3:f8:5c:f0:ca:17:28:e7:c5:50:65:26:3b:
30:a8:77:d8:06:c9:e9:d2:c9:1d:f2:b3:33:9c:e4:54:a1:bd:
f0:32:45:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakPLFGzm1N1X4S4AmI+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTMxNmZjNGE4M2IzZDAzZTI5NzVmOGJlYzI3MGNiMGY0
ZWZiMWQwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTE2ZTUwMTQ2ZTg4NDFjMDU0ZmRkNDhiMmMzZTM1N2RkMjQyY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiCbhK5/1+Kj16fvroLddGTEyGga
DE9wa3Fp6LETHPxRacWhzUho0s83zsmViUZD3mhGWwawhUqR0URvD0r2ojyNltoW
AWg6O3cLRmHMsAIVgSet+mBYkvFC8TsEmo3DMtgGkJxOrF1/qauMDhHGE9tQaJOP
wE1WLXEM24PQRye1o97GkukzyhCAditjnoll5wsthE4thhk4U0WB5beo7UhTghfv
NuY2NrEGOUDTJs5/AqPtLRBNkNIT+yqVb4XMPe4NX4FGMwoIav0+X+dYIelBEMuJ
epA7pwRmGolDnJrr02EsfrU0OsU2ceh11ycHBtVn/y2UqjrwJbEEEIZ3fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4W5QFG6IQcBU/dSLLD41fdJCzcMB8GA1UdIwQY
MBaAFK9TFvxKg7PQPil1+L7CcMsPTvsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEt
ZDEyMDVlMGMwY2NlLzEvM2hibEFVYm9oQndGVDkxSXNzUGpWOTBrTE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEtZDEyMDVlMGMwY2Nl
LzEvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV7oMA0G
CSqGSIb3DQEBCwUAA4IBAQB85cPd8ePI5mz4OsG/emwiyWNdbsVIHTDoBYeWHdDs
KT7GOnqGPNaBfzXijQbTWZ8+B8FPzJeMl3GS+jyF58VNEl40/o1a3m4VG8aWjiSg
isRWyXOSJxe8zh+nONQ74Tp6W6xbK7FsECIhB5SSJrdMWRcwmoXR4Q279f3cgcag
WIGW5LhFdMSKAnpI/9YaYw5uHKEUkx/YuuTMGC8BdhpND+CMmJZhqRc+c1AaEvzR
R8n/zI8x0rRrUAsCrhRt4VKpt9mL0gvM6FV64L4gVqrkVf43w78XGHYKdyDrCeP4
XPDKFyjnxVBlJjswqHfYBsnp0skd8rMznORUob3wMkXw
-----END CERTIFICATE-----
Generated at Sat Apr 5 13:20:20 2025 by rpki-client