Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/oAbqR3kG7LoiZXxF1UQ_LftT7BQ.roa
File: oAbqR3kG7LoiZXxF1UQ_LftT7BQ.roa (raw, json)
Hash identifier: 5h2TCAddmyCEmv2EclM4C4a677ny0YxlmBdSG7ml6N4=
Subject key identifier: A0:06:EA:47:79:06:EC:BA:22:65:7C:45:D5:44:3F:2D:FB:53:EC:14
Certificate issuer: /CN=f71d4a4374df222ac3235b9602206d96bf1dac82
Certificate serial: 0194221FBF5CA62395E1D48E766E0FD894BE
Authority key identifier: F7:1D:4A:43:74:DF:22:2A:C3:23:5B:96:02:20:6D:96:BF:1D:AC:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/oAbqR3kG7LoiZXxF1UQ_LftT7BQ.roa
Signing time: Wed 01 Jan 2025 13:48:13 +0000
ROA not before: Wed 01 Jan 2025 13:48:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 80.238.32.0/19 maxlen: 19
84.38.32.0/20 maxlen: 20
85.188.192.0/18 maxlen: 18
89.200.128.0/21 maxlen: 21
194.50.165.0/24 maxlen: 24
195.189.158.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.mft
rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 00:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:bf:5c:a6:23:95:e1:d4:8e:76:6e:0f:d8:94:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f71d4a4374df222ac3235b9602206d96bf1dac82
Validity
Not Before: Jan 1 13:48:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a006ea477906ecba22657c45d5443f2dfb53ec14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:5f:d5:1d:45:0e:2d:e8:fa:44:24:49:8e:0b:
47:7e:a3:d1:56:2d:0b:86:84:c1:8c:fd:d5:ea:c3:
2b:ac:83:0a:c5:6b:c7:ed:c3:ac:2c:96:90:ba:42:
af:4f:8a:63:83:15:e0:ef:ec:f0:9e:73:5d:7a:bc:
0a:e5:a3:a2:a8:4a:07:d8:33:ff:2e:25:a9:cd:f5:
ab:6d:c6:33:39:09:56:35:e8:31:69:d4:d4:99:43:
79:fa:41:12:a2:4f:ac:f5:50:cf:fc:f4:9c:75:ea:
c3:d8:eb:1f:8b:38:05:6b:03:d9:ff:63:82:37:0d:
43:b5:21:b6:43:fa:c2:67:9b:7d:93:b3:7e:e2:5e:
af:58:13:79:5b:ea:6a:e0:58:b6:f1:92:19:79:3c:
f0:bb:d3:1c:3c:8d:15:df:fd:da:cc:6c:b2:3c:cf:
51:f6:43:6f:c1:2a:9d:a1:89:20:4a:fd:a5:e3:73:
60:9b:08:09:83:de:00:2c:aa:ee:92:45:f6:dc:db:
a6:8f:25:7b:6c:2f:8d:0a:59:09:b4:68:7e:86:4c:
76:73:6b:94:3d:9f:d0:d5:ec:23:e3:9c:16:04:17:
a3:ec:d6:d8:ce:4a:72:68:6d:6b:a4:6e:c4:18:b9:
7e:a8:f7:70:0d:ee:08:33:39:67:a1:62:1f:57:f8:
bb:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:06:EA:47:79:06:EC:BA:22:65:7C:45:D5:44:3F:2D:FB:53:EC:14
X509v3 Authority Key Identifier:
keyid:F7:1D:4A:43:74:DF:22:2A:C3:23:5B:96:02:20:6D:96:BF:1D:AC:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/oAbqR3kG7LoiZXxF1UQ_LftT7BQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.238.32.0/19
84.38.32.0/20
85.188.192.0/18
89.200.128.0/21
194.50.165.0/24
195.189.158.0/23
Signature Algorithm: sha256WithRSAEncryption
42:ed:9f:35:f3:2d:3b:a8:01:a1:c7:be:70:ac:7b:f4:c1:9b:
a6:61:14:c4:cf:ce:65:a4:b0:d9:05:2d:5c:28:c2:c4:17:25:
d8:08:e1:bc:dd:1f:15:fd:4e:f2:8f:d0:fd:ee:4f:de:ae:36:
81:06:3e:a7:dd:23:56:81:b0:3b:da:be:01:eb:75:31:8a:e7:
4a:b1:9b:1e:d8:25:3a:99:3d:1d:a9:82:30:c0:ac:28:a2:22:
55:3d:69:53:99:e4:d0:e3:ec:53:2b:50:f8:1e:15:0c:fc:79:
82:56:f9:d7:42:98:e6:06:e9:68:0a:bb:2e:bb:0d:ef:63:9b:
f0:eb:3c:b2:ae:5f:64:9f:a3:c3:80:d6:3b:7c:50:56:8b:b2:
10:50:89:4c:15:47:c0:d1:19:30:84:fe:10:3a:3a:a7:67:e5:
8a:82:27:e1:15:56:50:c3:96:32:5c:7c:96:b7:d0:82:85:12:
c5:e5:2a:2c:b2:5f:30:36:af:86:4a:10:bf:4d:28:9a:03:b9:
b8:ad:98:e9:62:af:61:45:3b:24:95:13:46:14:6f:e6:67:4a:
ca:9b:15:59:c3:d4:8c:68:a7:33:50:b0:8d:be:fa:89:47:dc:
0f:2a:7b:b9:89:83:8b:48:6a:2d:d7:f9:9b:5b:82:82:81:19:
57:b9:c7:d3
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQiH79cpiOV4dSOdm4P2JS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MWQ0YTQzNzRkZjIyMmFjMzIzNWI5NjAyMjA2ZDk2YmYx
ZGFjODIwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDA2ZWE0Nzc5MDZlY2JhMjI2NTdjNDVkNTQ0M2YyZGZiNTNlYzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul/VHUUOLej6RCRJjgtHfqPRVi0L
hoTBjP3V6sMrrIMKxWvH7cOsLJaQukKvT4pjgxXg7+zwnnNderwK5aOiqEoH2DP/
LiWpzfWrbcYzOQlWNegxadTUmUN5+kESok+s9VDP/PScderD2OsfizgFawPZ/2OC
Nw1DtSG2Q/rCZ5t9k7N+4l6vWBN5W+pq4Fi28ZIZeTzwu9McPI0V3/3azGyyPM9R
9kNvwSqdoYkgSv2l43NgmwgJg94ALKrukkX23NumjyV7bC+NClkJtGh+hkx2c2uU
PZ/Q1ewj45wWBBej7NbYzkpyaG1rpG7EGLl+qPdwDe4IMzlnoWIfV/i7swIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKAG6kd5Buy6ImV8RdVEPy37U+wUMB8GA1UdIwQY
MBaAFPcdSkN03yIqwyNblgIgbZa/HayCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXgxS1EzVGZJaXJESTF1V0FpQnRscjhkcklJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NzM5ZGMtMTEzMi00ODM3LTliODUt
ZTlhYzJiMDAzMTZhLzEvb0FicVIza0c3TG9pWlh4RjFVUV9MZnRUN0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NzM5ZGMtMTEzMi00ODM3LTliODUtZTlhYzJiMDAzMTZh
LzEvOXgxS1EzVGZJaXJESTF1V0FpQnRscjhkcklJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQFUO4gAwQE
VCYgAwQGVbzAAwQDWciAAwQAwjKlAwQBw72eMA0GCSqGSIb3DQEBCwUAA4IBAQBC
7Z818y07qAGhx75wrHv0wZumYRTEz85lpLDZBS1cKMLEFyXYCOG83R8V/U7yj9D9
7k/erjaBBj6n3SNWgbA72r4B63UxiudKsZse2CU6mT0dqYIwwKwooiJVPWlTmeTQ
4+xTK1D4HhUM/HmCVvnXQpjmBuloCrsuuw3vY5vw6zyyrl9kn6PDgNY7fFBWi7IQ
UIlMFUfA0RkwhP4QOjqnZ+WKgifhFVZQw5YyXHyWt9CChRLF5Sossl8wNq+GShC/
TSiaA7m4rZjpYq9hRTsklRNGFG/mZ0rKmxVZw9SMaKczULCNvvqJR9wPKnu5iYOL
SGot1/mbW4KCgRlXucfT
-----END CERTIFICATE-----
Generated at Sat Apr 5 09:03:38 2025 by rpki-client