Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/o-rX4KPLn074Gr8tt97zKUIBHC0.roa
File: o-rX4KPLn074Gr8tt97zKUIBHC0.roa (raw, json)
Hash identifier: vMevzng2dAIPTHAaLsJHjXDQkm246IqWfTj0CmqRJWE=
Subject key identifier: A3:EA:D7:E0:A3:CB:9F:4E:F8:1A:BF:2D:B7:DE:F3:29:42:01:1C:2D
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 0194236A1B5F8163731F148826FBBDDE99F9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/o-rX4KPLn074Gr8tt97zKUIBHC0.roa
Signing time: Wed 01 Jan 2025 19:49:03 +0000
ROA not before: Wed 01 Jan 2025 19:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2856
IP address blocks: 163.5.37.0/24 maxlen: 24
163.5.67.0/24 maxlen: 24
163.5.98.0/24 maxlen: 24
163.5.115.0/24 maxlen: 24
163.5.122.0/24 maxlen: 24
163.5.208.0/24 maxlen: 24
163.5.217.0/24 maxlen: 24
163.5.222.0/24 maxlen: 24
163.5.249.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:1b:5f:81:63:73:1f:14:88:26:fb:bd:de:99:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Jan 1 19:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3ead7e0a3cb9f4ef81abf2db7def32942011c2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:86:bf:31:5e:65:e7:d2:b1:e3:02:a9:e1:b4:
81:0b:a2:a8:5f:50:23:f3:76:e1:ec:c6:b1:95:d5:
26:29:7c:7d:d0:c8:47:10:26:68:91:f7:66:3d:76:
5c:49:ae:24:9b:52:c3:61:00:b3:77:0f:50:2a:67:
dc:73:8d:3d:88:61:b7:6b:bb:c5:ed:e7:98:14:f6:
ed:58:24:94:04:09:f1:9a:cd:4f:92:23:2a:96:de:
a1:11:22:26:6f:64:89:f1:a5:2d:a4:29:f4:fd:26:
22:56:fa:a6:e8:a5:67:3d:77:65:20:f6:8c:90:bb:
bd:7c:5a:85:4c:78:7e:be:9d:48:a1:35:f8:45:58:
13:4a:bb:56:6b:d0:27:44:90:f3:79:c8:e2:21:53:
c6:35:95:46:d6:f8:a7:2d:10:6a:8d:bd:fc:9e:98:
f4:b5:c7:e2:01:3d:f6:4d:36:b3:40:1c:0f:5b:57:
0f:68:fb:90:d7:cc:8d:10:3d:e4:52:48:7a:57:aa:
b4:1c:d4:80:bd:3c:b0:bc:55:3d:27:64:d6:a6:56:
6c:cc:dd:6b:3a:06:d8:f3:9e:ef:f1:e0:db:fd:c2:
3d:85:93:56:f7:dc:c3:fc:e7:87:b1:2f:9b:a5:74:
bd:14:3f:f9:2c:21:62:c2:f2:98:1c:31:97:a0:09:
f4:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:EA:D7:E0:A3:CB:9F:4E:F8:1A:BF:2D:B7:DE:F3:29:42:01:1C:2D
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/o-rX4KPLn074Gr8tt97zKUIBHC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.37.0/24
163.5.67.0/24
163.5.98.0/24
163.5.115.0/24
163.5.122.0/24
163.5.208.0/24
163.5.217.0/24
163.5.222.0/24
163.5.249.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:23:1d:8a:6d:f8:9d:14:d6:9f:bd:48:f4:96:46:22:ef:65:
bf:5f:c2:c9:1c:b3:7c:4d:d5:8e:30:d2:b5:48:e3:b3:f2:f3:
b8:b3:c1:a1:19:f3:bc:bf:5d:b6:14:27:9c:0a:15:d0:02:d8:
1d:4f:8c:0b:4c:51:e2:2f:c8:4c:97:b1:f5:56:e8:a7:91:76:
cd:21:e3:62:cf:ff:f8:ff:7b:e6:76:b4:5e:10:e1:c5:05:6e:
cc:d6:26:83:75:2b:30:36:32:d5:14:29:a6:24:2f:e9:5d:e5:
19:b7:69:1a:56:21:eb:5e:0a:b8:6f:dd:49:fe:fd:31:67:d6:
5d:38:74:ea:f5:2c:b6:f8:cd:ff:c2:2c:74:80:f0:e5:9a:0e:
6b:8b:e6:27:98:94:1f:87:98:e3:57:7a:1e:cc:3d:92:82:61:
04:d3:9e:97:b9:f7:65:3b:e7:93:93:ea:a9:02:ca:6e:0c:b6:
2c:d2:4b:92:6d:f3:8c:f1:12:68:45:41:39:27:57:b3:41:e0:
fe:82:ea:e7:39:bf:94:d1:20:28:06:ac:79:53:49:e0:bf:86:
04:1d:51:33:f9:73:48:62:f1:4c:21:e2:cb:95:87:04:df:31:
38:21:43:d5:2c:ad:cd:d9:39:da:ef:61:0f:51:67:8c:a2:cb:
6c:a6:ab:04
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQjahtfgWNzHxSIJvu93pn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2VhZDdlMGEzY2I5ZjRlZjgxYWJmMmRiN2RlZjMyOTQyMDExYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oa/MV5l59Kx4wKp4bSBC6KoX1Aj
83bh7MaxldUmKXx90MhHECZokfdmPXZcSa4km1LDYQCzdw9QKmfcc409iGG3a7vF
7eeYFPbtWCSUBAnxms1PkiMqlt6hESImb2SJ8aUtpCn0/SYiVvqm6KVnPXdlIPaM
kLu9fFqFTHh+vp1IoTX4RVgTSrtWa9AnRJDzecjiIVPGNZVG1vinLRBqjb38npj0
tcfiAT32TTazQBwPW1cPaPuQ18yNED3kUkh6V6q0HNSAvTywvFU9J2TWplZszN1r
OgbY857v8eDb/cI9hZNW99zD/OeHsS+bpXS9FD/5LCFiwvKYHDGXoAn0awIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKPq1+Cjy59O+Bq/Lbfe8ylCARwtMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvby1yWDRLUExuMDc0R3I4dHQ5N3pLVUlCSEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAowUlAwQA
owVDAwQAowViAwQAowVzAwQAowV6AwQAowXQAwQAowXZAwQAowXeAwQAowX5MA0G
CSqGSIb3DQEBCwUAA4IBAQBMIx2KbfidFNafvUj0lkYi72W/X8LJHLN8TdWOMNK1
SOOz8vO4s8GhGfO8v122FCecChXQAtgdT4wLTFHiL8hMl7H1VuinkXbNIeNiz//4
/3vmdrReEOHFBW7M1iaDdSswNjLVFCmmJC/pXeUZt2kaViHrXgq4b91J/v0xZ9Zd
OHTq9Sy2+M3/wix0gPDlmg5ri+YnmJQfh5jjV3oezD2SgmEE056XufdlO+eTk+qp
AspuDLYs0kuSbfOM8RJoRUE5J1ezQeD+gurnOb+U0SAoBqx5U0ngv4YEHVEz+XNI
YvFMIeLLlYcE3zE4IUPVLK3N2Tna72EPUWeMostspqsE
-----END CERTIFICATE-----
Generated at Wed Feb 5 08:52:11 2025 by rpki-client