Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/18b6da-b02e-40b1-97ae-d7399292019a/1/xd_ulFUkeSmauZZHfygS0GuYPDk.roa
File: xd_ulFUkeSmauZZHfygS0GuYPDk.roa (raw, json)
Hash identifier: 0UrnjaSCTnjc1IdqCWJgrHL+McaCLRgIVm4A1cu8hrY=
Subject key identifier: C5:DF:EE:94:55:24:79:29:9A:B9:96:47:7F:28:12:D0:6B:98:3C:39
Certificate issuer: /CN=9ededf47822aee27da28d34dab1fe7a3c60a6aaa
Certificate serial: 01941F8C7878D2E8BF9C4F9915E5CB07B63D
Authority key identifier: 9E:DE:DF:47:82:2A:EE:27:DA:28:D3:4D:AB:1F:E7:A3:C6:0A:6A:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nt7fR4Iq7ifaKNNNqx_no8YKaqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/18b6da-b02e-40b1-97ae-d7399292019a/1/xd_ulFUkeSmauZZHfygS0GuYPDk.roa
Signing time: Wed 01 Jan 2025 01:48:07 +0000
ROA not before: Wed 01 Jan 2025 01:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15525
IP address blocks: 176.221.32.0/21 maxlen: 24
185.99.233.0/24 maxlen: 24
185.99.234.0/23 maxlen: 24
2a03:9c80::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/12/18b6da-b02e-40b1-97ae-d7399292019a/1/nt7fR4Iq7ifaKNNNqx_no8YKaqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/12/18b6da-b02e-40b1-97ae-d7399292019a/1/nt7fR4Iq7ifaKNNNqx_no8YKaqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/nt7fR4Iq7ifaKNNNqx_no8YKaqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:78:78:d2:e8:bf:9c:4f:99:15:e5:cb:07:b6:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9ededf47822aee27da28d34dab1fe7a3c60a6aaa
Validity
Not Before: Jan 1 01:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5dfee94552479299ab996477f2812d06b983c39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:7b:52:e0:d1:7e:63:78:6c:9b:f1:53:a0:45:
fb:0a:2d:aa:0c:25:aa:28:60:6c:41:39:d9:45:e0:
69:2b:02:94:d6:53:68:07:7e:b8:ec:2f:6c:54:6e:
42:36:c3:7b:08:f7:55:64:dd:93:88:86:f5:e2:a9:
a8:f0:ff:7d:df:15:c5:08:50:c9:42:ba:e9:19:93:
f9:c7:d2:fa:8c:09:a2:ef:15:48:ab:9e:66:bc:1a:
39:29:b0:93:48:ba:9a:53:a2:36:95:10:bd:a0:f8:
97:65:3a:6d:90:bb:cf:61:fd:d3:27:01:03:83:39:
b2:28:af:48:db:3d:7a:d7:8c:4f:79:be:c3:64:cd:
88:48:bf:f8:2a:12:b6:9f:b7:d1:04:d2:9b:9b:79:
8b:1f:74:74:36:2b:7c:0b:fb:28:3f:4f:01:a4:2b:
13:41:31:c3:23:49:94:0f:da:35:d1:3f:a3:1a:bf:
90:be:2c:3c:90:25:a8:8e:b4:a9:c1:b6:e0:97:ea:
5d:07:a9:1a:fb:01:68:2c:b0:b1:c1:1c:d9:f7:54:
b9:76:ec:93:1e:19:95:cf:eb:cb:c9:9e:33:e3:fe:
c3:88:ef:54:c3:f3:a5:ea:27:8c:d0:cc:f8:35:e7:
99:29:59:d0:07:7c:45:f3:a9:e0:1c:4d:9f:7c:03:
65:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:DF:EE:94:55:24:79:29:9A:B9:96:47:7F:28:12:D0:6B:98:3C:39
X509v3 Authority Key Identifier:
keyid:9E:DE:DF:47:82:2A:EE:27:DA:28:D3:4D:AB:1F:E7:A3:C6:0A:6A:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nt7fR4Iq7ifaKNNNqx_no8YKaqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/18b6da-b02e-40b1-97ae-d7399292019a/1/xd_ulFUkeSmauZZHfygS0GuYPDk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/18b6da-b02e-40b1-97ae-d7399292019a/1/nt7fR4Iq7ifaKNNNqx_no8YKaqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.221.32.0/21
185.99.233.0-185.99.235.255
IPv6:
2a03:9c80::/34
Signature Algorithm: sha256WithRSAEncryption
51:3d:ab:7e:92:e3:eb:8f:cb:e8:23:81:45:eb:50:3c:77:06:
c3:f9:de:51:c3:2f:98:96:41:db:63:14:13:83:43:2b:32:94:
1c:28:ca:7e:d3:fb:72:e9:e9:5d:b8:24:49:37:03:a6:f2:c5:
7a:93:90:fd:32:d0:c2:d9:43:43:68:43:9d:f8:f8:96:56:6f:
07:27:72:82:c2:ea:f3:46:de:34:62:e7:cc:be:38:22:58:73:
82:9c:c0:fb:d9:fa:63:1f:58:b4:8c:d2:53:17:aa:9b:d8:75:
90:b7:1c:16:59:4d:1b:7a:71:16:0d:8d:a9:bd:b6:75:40:39:
9f:15:8b:5f:99:78:79:97:e0:39:b8:49:4f:af:4f:b5:f6:c7:
70:b3:2c:78:52:ee:4e:a2:58:a0:05:4e:ae:a3:48:b9:06:56:
40:e0:9a:4c:be:e9:78:73:3d:90:5e:34:93:79:fe:6c:4b:f2:
0d:35:12:fc:9f:26:c0:02:46:de:48:12:8c:76:73:14:dd:79:
fb:c6:eb:9e:81:c1:5e:5a:c0:23:2f:59:d4:87:50:41:ed:cb:
8c:f6:e0:3b:49:68:01:ad:90:8c:ea:8f:4f:69:a8:95:37:87:
8c:9f:f0:0d:17:73:a9:8f:07:6d:08:1e:f2:6c:0c:4c:7e:fa:
44:49:61:0f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQfjHh40ui/nE+ZFeXLB7Y9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZGVkZjQ3ODIyYWVlMjdkYTI4ZDM0ZGFiMWZlN2EzYzYw
YTZhYWEwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWRmZWU5NDU1MjQ3OTI5OWFiOTk2NDc3ZjI4MTJkMDZiOTgzYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3tS4NF+Y3hsm/FToEX7Ci2qDCWq
KGBsQTnZReBpKwKU1lNoB3647C9sVG5CNsN7CPdVZN2TiIb14qmo8P993xXFCFDJ
QrrpGZP5x9L6jAmi7xVIq55mvBo5KbCTSLqaU6I2lRC9oPiXZTptkLvPYf3TJwED
gzmyKK9I2z1614xPeb7DZM2ISL/4KhK2n7fRBNKbm3mLH3R0Nit8C/soP08BpCsT
QTHDI0mUD9o10T+jGr+Qviw8kCWojrSpwbbgl+pdB6ka+wFoLLCxwRzZ91S5duyT
HhmVz+vLyZ4z4/7DiO9Uw/Ol6ieM0Mz4NeeZKVnQB3xF86ngHE2ffANlgQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMXf7pRVJHkpmrmWR38oEtBrmDw5MB8GA1UdIwQY
MBaAFJ7e30eCKu4n2ijTTasf56PGCmqqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnQ3ZlI0SXE3aWZhS05OTnF4X25vOFlLYXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8xOGI2ZGEtYjAyZS00MGIxLTk3YWUt
ZDczOTkyOTIwMTlhLzEveGRfdWxGVWtlU21hdVpaSGZ5Z1MwR3VZUERrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8xOGI2ZGEtYjAyZS00MGIxLTk3YWUtZDczOTkyOTIwMTlh
LzEvbnQ3ZlI0SXE3aWZhS05OTnF4X25vOFlLYXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAaBAIAATAUAwQDsN0gMAwD
BAC5Y+kDBAK5Y+gwDgQCAAIwCAMGBioDnIAAMA0GCSqGSIb3DQEBCwUAA4IBAQBR
Pat+kuPrj8voI4FF61A8dwbD+d5Rwy+YlkHbYxQTg0MrMpQcKMp+0/ty6elduCRJ
NwOm8sV6k5D9MtDC2UNDaEOd+PiWVm8HJ3KCwurzRt40YufMvjgiWHOCnMD72fpj
H1i0jNJTF6qb2HWQtxwWWU0benEWDY2pvbZ1QDmfFYtfmXh5l+A5uElPr0+19sdw
syx4Uu5OoligBU6uo0i5BlZA4JpMvul4cz2QXjSTef5sS/INNRL8nybAAkbeSBKM
dnMU3Xn7xuuegcFeWsAjL1nUh1BB7cuM9uA7SWgBrZCM6o9PaaiVN4eMn/ANF3Op
jwdtCB7ybAxMfvpESWEP
-----END CERTIFICATE-----
Generated at Sun Apr 13 09:30:57 2025 by rpki-client