Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/iciSv140fL3PtQnQ9u8uKNyjZD0.roa
File: iciSv140fL3PtQnQ9u8uKNyjZD0.roa (raw, json)
Hash identifier: 3xoVorNvU/VeFcuXASi64FFVnBKDDjZqYnmoKneCFZE=
Subject key identifier: 89:C8:92:BF:5E:34:7C:BD:CF:B5:09:D0:F6:EF:2E:28:DC:A3:64:3D
Certificate issuer: /CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
Certificate serial: 0194221FA8AEAB415921CD1C605E3C24AF95
Authority key identifier: 01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/iciSv140fL3PtQnQ9u8uKNyjZD0.roa
Signing time: Wed 01 Jan 2025 13:48:07 +0000
ROA not before: Wed 01 Jan 2025 13:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50369
IP address blocks: 89.46.168.0/22 maxlen: 22
89.46.172.0/22 maxlen: 22
185.135.64.0/24 maxlen: 24
185.135.65.0/24 maxlen: 24
185.135.66.0/23 maxlen: 23
188.241.210.0/24 maxlen: 24
194.150.216.0/23 maxlen: 23
195.200.86.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl
rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.mft
rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 13:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:a8:ae:ab:41:59:21:cd:1c:60:5e:3c:24:af:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
Validity
Not Before: Jan 1 13:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89c892bf5e347cbdcfb509d0f6ef2e28dca3643d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:ab:e8:f7:23:e1:2a:d9:58:78:5f:c0:6f:90:
17:79:d0:f0:96:99:65:3d:c5:4c:81:8c:d3:1b:b0:
34:8f:0a:d3:1c:cc:d6:2d:d2:35:8c:83:d8:4d:77:
4c:25:c8:16:79:87:b0:52:b7:c4:af:35:9e:c8:62:
bc:9e:ca:23:3b:07:c1:fe:76:96:8b:e8:21:b6:61:
e6:d4:64:5e:60:a6:27:28:0b:16:1f:79:35:15:b3:
12:93:94:af:5c:a3:6a:0f:21:c1:64:01:01:2a:a8:
86:6b:9b:b9:fc:10:a8:53:44:5d:48:c7:40:05:a7:
a8:28:9e:be:34:a7:a6:91:be:75:d5:f6:08:2e:cc:
a9:4b:59:92:92:a2:12:b4:a9:b8:29:aa:7a:67:06:
51:cb:29:ed:96:70:32:a2:7b:89:30:52:3f:c9:96:
5e:cf:69:b2:70:67:16:e4:48:6c:bf:2a:7a:a4:3e:
f5:38:89:c5:7d:22:2f:83:de:01:58:c2:82:12:81:
6c:11:30:ea:1b:7e:58:38:a7:d9:40:1f:56:af:11:
a3:22:2f:ec:d6:9c:32:1d:e2:c1:a3:75:e7:af:06:
1c:09:8d:f3:9a:e5:42:6b:6e:cc:54:d4:89:e3:d7:
3b:7b:72:bc:97:61:7a:62:ba:4d:4c:76:87:31:49:
10:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:C8:92:BF:5E:34:7C:BD:CF:B5:09:D0:F6:EF:2E:28:DC:A3:64:3D
X509v3 Authority Key Identifier:
keyid:01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/iciSv140fL3PtQnQ9u8uKNyjZD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.168.0/21
185.135.64.0/22
188.241.210.0/24
194.150.216.0/23
195.200.86.0/23
Signature Algorithm: sha256WithRSAEncryption
64:1c:88:fe:6d:31:a3:09:1d:8c:99:57:a3:e8:f5:2e:ce:84:
fe:de:84:c0:6e:77:24:b4:c3:b8:f4:63:a5:08:02:2e:0c:71:
c5:8f:9b:64:b3:55:32:d9:f6:e7:cb:1b:f7:69:4f:cb:98:6f:
45:64:5d:2f:b9:fe:64:7d:42:f0:0b:f8:31:5a:fc:f3:ee:d2:
63:47:07:f3:2c:3d:71:f1:4f:bc:46:dc:6c:60:64:f8:43:5a:
8f:5a:fb:d6:2e:bd:4e:28:31:bf:d7:f5:c9:49:b6:40:d1:bf:
e2:75:94:ee:83:f3:66:60:b4:5e:a9:b3:e6:c2:9f:36:fc:d1:
91:20:f9:35:8a:8d:08:a9:27:7b:a8:0b:fb:51:ac:03:80:1b:
3b:94:08:78:7c:27:e1:26:40:f1:a5:d0:30:ac:08:0f:76:02:
e6:0c:54:ed:ed:d2:ed:60:7a:8f:bf:fb:1e:e4:c7:a5:f0:32:
a5:96:0f:bd:2c:f4:c0:29:f0:8f:8b:11:1d:da:b6:a8:49:66:
01:8a:1a:6e:e5:d7:c1:ea:05:ff:74:4f:b2:35:f2:2f:8e:58:
97:b5:ce:3c:db:b7:05:32:ad:85:22:36:b2:05:94:f8:d4:7c:
4b:8a:fd:52:48:15:54:c0:97:e8:86:7f:a5:c5:e6:3b:6f:2a:
90:9f:c5:13
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQiH6iuq0FZIc0cYF48JK+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDZiNDI5ZjhjNDk2MTFmY2ZlYTFlZmExYTUxYjljMGVk
ZGI2ZTcwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM4OTJiZjVlMzQ3Y2JkY2ZiNTA5ZDBmNmVmMmUyOGRjYTM2NDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKvo9yPhKtlYeF/Ab5AXedDwlpll
PcVMgYzTG7A0jwrTHMzWLdI1jIPYTXdMJcgWeYewUrfErzWeyGK8nsojOwfB/naW
i+ghtmHm1GReYKYnKAsWH3k1FbMSk5SvXKNqDyHBZAEBKqiGa5u5/BCoU0RdSMdA
BaeoKJ6+NKemkb511fYILsypS1mSkqIStKm4Kap6ZwZRyyntlnAyonuJMFI/yZZe
z2mycGcW5Ehsvyp6pD71OInFfSIvg94BWMKCEoFsETDqG35YOKfZQB9WrxGjIi/s
1pwyHeLBo3XnrwYcCY3zmuVCa27MVNSJ49c7e3K8l2F6YrpNTHaHMUkQQQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFInIkr9eNHy9z7UJ0PbvLijco2Q9MB8GA1UdIwQY
MBaAFAFGtCn4xJYR/P6h76GlG5wO3bbnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMt
ZWEyNmU3NDZhMGFkLzEvaWNpU3YxNDBmTDNQdFFuUTl1OHVLTnlqWkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMtZWEyNmU3NDZhMGFk
LzEvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDWS6oAwQC
uYdAAwQAvPHSAwQBwpbYAwQBw8hWMA0GCSqGSIb3DQEBCwUAA4IBAQBkHIj+bTGj
CR2MmVej6PUuzoT+3oTAbncktMO49GOlCAIuDHHFj5tks1Uy2fbnyxv3aU/LmG9F
ZF0vuf5kfULwC/gxWvzz7tJjRwfzLD1x8U+8RtxsYGT4Q1qPWvvWLr1OKDG/1/XJ
SbZA0b/idZTug/NmYLReqbPmwp82/NGRIPk1io0IqSd7qAv7UawDgBs7lAh4fCfh
JkDxpdAwrAgPdgLmDFTt7dLtYHqPv/se5Mel8DKllg+9LPTAKfCPixEd2raoSWYB
ihpu5dfB6gX/dE+yNfIvjliXtc4827cFMq2FIjayBZT41HxLiv1SSBVUwJfohn+l
xeY7byqQn8UT
-----END CERTIFICATE-----
Generated at Mon Apr 7 22:28:48 2025 by rpki-client