Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/632e89-8842-48b1-9dcf-2aeadb966b76/1/TUphJ-jTdc6RyopsPbQVUooNovI.roa
File: TUphJ-jTdc6RyopsPbQVUooNovI.roa (raw, json)
Hash identifier: 5SMLcPW5pd+tHnvqH88hThCDDFketkICiSOllb1LCN8=
Subject key identifier: 4D:4A:61:27:E8:D3:75:CE:91:CA:8A:6C:3D:B4:15:52:8A:0D:A2:F2
Certificate issuer: /CN=6bba6d0f0f9b19f7f43ceb43e7359a3d84e99d99
Certificate serial: 019426D95E308B9B75911474639282695154
Authority key identifier: 6B:BA:6D:0F:0F:9B:19:F7:F4:3C:EB:43:E7:35:9A:3D:84:E9:9D:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a7ptDw-bGff0POtD5zWaPYTpnZk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/632e89-8842-48b1-9dcf-2aeadb966b76/1/TUphJ-jTdc6RyopsPbQVUooNovI.roa
Signing time: Thu 02 Jan 2025 11:49:27 +0000
ROA not before: Thu 02 Jan 2025 11:49:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201502
IP address blocks: 46.255.240.0/21 maxlen: 24
176.124.114.0/24 maxlen: 24
185.13.220.0/22 maxlen: 24
185.25.136.0/22 maxlen: 24
185.203.172.0/22 maxlen: 24
185.220.80.0/24 maxlen: 24
185.253.80.0/22 maxlen: 24
188.208.19.0/24 maxlen: 24
188.214.82.0/23 maxlen: 24
2a03:a6c0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/12/632e89-8842-48b1-9dcf-2aeadb966b76/1/a7ptDw-bGff0POtD5zWaPYTpnZk.crl
rsync://rpki.ripe.net/repository/DEFAULT/12/632e89-8842-48b1-9dcf-2aeadb966b76/1/a7ptDw-bGff0POtD5zWaPYTpnZk.mft
rsync://rpki.ripe.net/repository/DEFAULT/a7ptDw-bGff0POtD5zWaPYTpnZk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:5e:30:8b:9b:75:91:14:74:63:92:82:69:51:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bba6d0f0f9b19f7f43ceb43e7359a3d84e99d99
Validity
Not Before: Jan 2 11:49:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4d4a6127e8d375ce91ca8a6c3db415528a0da2f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e7:47:52:52:61:e5:bc:93:34:82:ba:45:13:
1a:96:fa:6d:49:4c:b0:55:7a:77:e2:88:0d:cf:9d:
82:f8:9c:ae:97:91:a7:27:28:28:1e:83:f7:32:5a:
db:99:1d:d7:66:47:7b:0f:ac:83:3f:b0:28:ff:69:
34:58:8c:ec:a4:62:14:5b:27:58:a0:cc:8b:d1:b4:
6d:df:4d:81:ae:60:7f:8d:dc:d9:97:63:80:08:21:
e6:55:3b:6e:f4:6f:17:14:6f:a0:b6:21:22:08:fd:
ec:17:64:55:b8:79:01:1e:2b:f0:ad:6f:7c:05:be:
50:be:99:cd:d3:7d:76:35:c7:8e:cd:ce:11:d0:40:
3b:40:ef:d2:3e:86:5d:71:99:67:70:4e:80:36:49:
f7:3c:1b:61:a2:d3:ad:6e:56:7b:cf:a3:88:77:ed:
9b:5c:e3:be:71:3f:44:4d:af:cf:30:06:8b:a1:d3:
19:78:a5:29:d3:ad:e8:56:7e:86:ce:06:e5:f8:6e:
56:fb:8a:a4:28:92:a7:e1:2e:6d:e2:ce:a9:9f:90:
06:8a:2d:76:f1:99:f0:88:07:dd:be:f9:bd:40:3f:
06:68:12:1e:b6:2f:b5:52:f9:66:14:ea:eb:68:08:
56:34:6a:28:d7:bb:f9:81:83:51:d0:a3:19:06:f9:
c1:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:4A:61:27:E8:D3:75:CE:91:CA:8A:6C:3D:B4:15:52:8A:0D:A2:F2
X509v3 Authority Key Identifier:
keyid:6B:BA:6D:0F:0F:9B:19:F7:F4:3C:EB:43:E7:35:9A:3D:84:E9:9D:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7ptDw-bGff0POtD5zWaPYTpnZk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/632e89-8842-48b1-9dcf-2aeadb966b76/1/TUphJ-jTdc6RyopsPbQVUooNovI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/632e89-8842-48b1-9dcf-2aeadb966b76/1/a7ptDw-bGff0POtD5zWaPYTpnZk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.255.240.0/21
176.124.114.0/24
185.13.220.0/22
185.25.136.0/22
185.203.172.0/22
185.220.80.0/24
185.253.80.0/22
188.208.19.0/24
188.214.82.0/23
IPv6:
2a03:a6c0::/32
Signature Algorithm: sha256WithRSAEncryption
6c:c2:7c:4b:fa:b2:9d:77:b1:2c:05:65:69:01:64:b0:4d:c2:
aa:71:78:07:08:c8:03:8e:12:ae:c8:6a:2b:b2:eb:55:2c:a3:
02:1a:d4:b4:32:2d:19:a7:73:31:c6:60:3b:bc:e1:4f:66:48:
61:7e:e9:2f:a7:01:9e:bd:e6:6f:68:bc:ae:05:71:83:b1:80:
3b:a5:e5:69:ac:b3:03:7f:ce:7c:9f:d9:f6:2b:37:b7:48:6e:
07:41:d8:3b:1e:3d:d6:1c:5b:41:04:b7:5f:b3:dd:35:ec:26:
13:be:b0:95:17:41:9b:27:3e:0a:60:07:05:95:08:af:ec:a5:
22:8e:60:9e:a5:99:59:11:b0:74:0d:3a:a1:09:ed:92:72:bc:
ce:50:f4:e3:a0:bd:41:52:d4:f2:be:07:52:76:6c:5f:c6:e2:
3a:be:e7:f2:f5:1a:9e:03:d5:c6:50:26:ed:f1:92:8e:a7:76:
c5:08:5b:ef:f8:f9:87:9d:cf:09:7b:75:db:6e:cb:bb:e6:3f:
4c:41:53:5b:3a:be:0e:3b:bd:24:da:79:e1:a0:05:36:ad:2c:
25:37:b3:d9:82:57:b8:b1:1b:ba:4b:7d:96:a6:ad:e8:3a:05:
0f:3e:57:54:b2:cc:56:99:a7:c1:b9:bd:3b:a1:af:98:cc:8f:
09:35:78:1d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQm2V4wi5t1kRR0Y5KCaVFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYmE2ZDBmMGY5YjE5ZjdmNDNjZWI0M2U3MzU5YTNkODRl
OTlkOTkwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDRhNjEyN2U4ZDM3NWNlOTFjYThhNmMzZGI0MTU1MjhhMGRhMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuudHUlJh5byTNIK6RRMalvptSUyw
VXp34ogNz52C+Jyul5GnJygoHoP3MlrbmR3XZkd7D6yDP7Ao/2k0WIzspGIUWydY
oMyL0bRt302BrmB/jdzZl2OACCHmVTtu9G8XFG+gtiEiCP3sF2RVuHkBHivwrW98
Bb5QvpnN0312NceOzc4R0EA7QO/SPoZdcZlncE6ANkn3PBthotOtblZ7z6OId+2b
XOO+cT9ETa/PMAaLodMZeKUp063oVn6Gzgbl+G5W+4qkKJKn4S5t4s6pn5AGii12
8ZnwiAfdvvm9QD8GaBIeti+1UvlmFOrraAhWNGoo17v5gYNR0KMZBvnBTQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFE1KYSfo03XOkcqKbD20FVKKDaLyMB8GA1UdIwQY
MBaAFGu6bQ8Pmxn39DzrQ+c1mj2E6Z2ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTdwdER3LWJHZmYwUE90RDV6V2FQWVRwblprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82MzJlODktODg0Mi00OGIxLTlkY2Yt
MmFlYWRiOTY2Yjc2LzEvVFVwaEotalRkYzZSeW9wc1BiUVZVb29Ob3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82MzJlODktODg0Mi00OGIxLTlkY2YtMmFlYWRiOTY2Yjc2
LzEvYTdwdER3LWJHZmYwUE90RDV6V2FQWVRwblprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLv/wAwQA
sHxyAwQCuQ3cAwQCuRmIAwQCucusAwQAudxQAwQCuf1QAwQAvNATAwQBvNZSMA0E
AgACMAcDBQAqA6bAMA0GCSqGSIb3DQEBCwUAA4IBAQBswnxL+rKdd7EsBWVpAWSw
TcKqcXgHCMgDjhKuyGorsutVLKMCGtS0Mi0Zp3MxxmA7vOFPZkhhfukvpwGeveZv
aLyuBXGDsYA7peVprLMDf858n9n2Kze3SG4HQdg7Hj3WHFtBBLdfs9017CYTvrCV
F0GbJz4KYAcFlQiv7KUijmCepZlZEbB0DTqhCe2ScrzOUPTjoL1BUtTyvgdSdmxf
xuI6vufy9RqeA9XGUCbt8ZKOp3bFCFvv+PmHnc8Je3Xbbsu75j9MQVNbOr4OO70k
2nnhoAU2rSwlN7PZgle4sRu6S32Wpq3oOgUPPldUssxWmafBub07oa+YzI8JNXgd
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:33:25 2025 by rpki-client