Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/st8xnj4jJi6Xuwa7MiNbU3-F0wo.roa
File: st8xnj4jJi6Xuwa7MiNbU3-F0wo.roa (raw, json)
Hash identifier: H2Z+tAqzPpLr9TIzWhq27NXaGhJV330iUQnoQkRKlKo=
Subject key identifier: B2:DF:31:9E:3E:23:26:2E:97:BB:06:BB:32:23:5B:53:7F:85:D3:0A
Certificate issuer: /CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Certificate serial: 019420D5B9B1DC313981F5EE480D71981655
Authority key identifier: 2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/st8xnj4jJi6Xuwa7MiNbU3-F0wo.roa
Signing time: Wed 01 Jan 2025 07:47:45 +0000
ROA not before: Wed 01 Jan 2025 07:47:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8814
IP address blocks: 194.135.152.0/24 maxlen: 24
194.135.153.0/24 maxlen: 24
194.135.154.0/24 maxlen: 24
194.135.155.0/24 maxlen: 24
194.135.156.0/24 maxlen: 24
194.135.157.0/24 maxlen: 24
194.135.158.0/24 maxlen: 24
194.135.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.mft
rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 19:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:b9:b1:dc:31:39:81:f5:ee:48:0d:71:98:16:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Validity
Not Before: Jan 1 07:47:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b2df319e3e23262e97bb06bb32235b537f85d30a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:9d:fd:42:ba:9c:af:8a:2c:d9:f1:b8:f2:7a:
5d:c0:26:b4:d7:fd:35:66:87:7a:8f:e3:fa:9f:27:
01:50:13:ad:b7:87:a1:8c:5d:c0:4e:8f:f7:7a:05:
a3:54:fa:fd:62:dd:15:2b:36:bc:47:06:d9:3c:05:
cf:26:d4:45:1f:ce:26:41:79:5a:e8:f8:25:5f:0f:
38:eb:7f:5e:96:e2:2f:69:25:8f:38:eb:6b:a5:de:
43:ed:56:4d:dc:74:6b:fd:0f:b0:8c:7a:c1:e1:65:
1b:72:a0:06:81:f4:ef:44:6e:3c:56:4c:f4:6f:2c:
88:73:00:ca:64:3c:63:4f:bd:e5:55:48:af:b0:57:
54:70:f7:b6:a9:6f:70:4e:09:85:b3:2d:ce:af:e7:
0e:09:ea:28:fe:90:4d:77:ea:a6:f7:e9:b6:f0:93:
83:e2:bd:15:19:00:6f:58:00:26:92:49:17:cf:4e:
19:2f:5f:6c:15:4a:8e:b7:5c:2e:2e:07:a0:f4:13:
b1:a0:61:4f:01:97:68:55:2d:47:75:7c:09:04:4e:
a5:aa:de:04:10:f6:a1:20:c2:4c:96:7e:72:5a:63:
4b:2f:de:d2:b6:78:77:9c:b4:b3:d3:0b:e5:00:ee:
b5:79:d7:07:31:a2:91:7b:db:75:2a:b7:37:ce:5d:
fd:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:DF:31:9E:3E:23:26:2E:97:BB:06:BB:32:23:5B:53:7F:85:D3:0A
X509v3 Authority Key Identifier:
keyid:2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/st8xnj4jJi6Xuwa7MiNbU3-F0wo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.135.152.0/21
Signature Algorithm: sha256WithRSAEncryption
32:4a:da:1e:75:05:2f:74:81:bf:b2:b9:2f:39:bb:8c:0f:e9:
fc:cd:30:2a:d8:83:d7:8d:0f:34:a9:1a:ec:07:6c:dc:09:c3:
39:ff:74:a9:bc:3e:58:6a:ac:f0:65:e6:87:58:63:3c:6f:13:
20:15:14:14:00:52:09:7d:5e:29:e9:af:7a:7a:da:6b:00:b7:
1b:29:e1:09:64:1c:4a:a4:f8:65:f4:c4:1d:38:59:8a:19:1a:
99:64:99:22:34:af:e3:79:e1:19:9f:dd:e1:3a:d5:8d:dc:49:
ec:d2:53:75:c3:74:06:44:7c:b5:6e:42:d5:bf:1f:0a:15:79:
d5:4f:a1:d8:ef:d5:bd:ef:64:f4:ef:b6:ce:0e:a5:ea:db:07:
37:89:29:3e:14:3f:81:4e:11:27:67:27:44:47:83:87:4b:ac:
ec:4c:24:3b:20:ea:9b:2f:02:4a:1e:8e:88:11:8c:da:e8:75:
09:58:ed:d1:a9:24:2a:da:fc:a8:13:3b:c2:af:7b:e4:42:8f:
75:72:e6:63:04:54:9d:c6:47:53:75:10:8d:47:2f:85:36:e6:
02:85:4c:c1:93:4a:48:7d:53:bd:4d:c8:bd:75:62:e0:4b:0b:
a1:15:1d:86:ef:ea:42:b9:b2:f9:74:2e:bd:bd:88:93:02:a0:
39:fd:52:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bmx3DE5gfXuSA1xmBZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGJlMjI2MjMwZDQwOTljZWVhMGE0YTZjZjRlZDhiOTAy
MDEzNTAwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmRmMzE5ZTNlMjMyNjJlOTdiYjA2YmIzMjIzNWI1MzdmODVkMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyp39Qrqcr4os2fG48npdwCa01/01
Zod6j+P6nycBUBOtt4ehjF3ATo/3egWjVPr9Yt0VKza8RwbZPAXPJtRFH84mQXla
6PglXw84639eluIvaSWPOOtrpd5D7VZN3HRr/Q+wjHrB4WUbcqAGgfTvRG48Vkz0
byyIcwDKZDxjT73lVUivsFdUcPe2qW9wTgmFsy3Or+cOCeoo/pBNd+qm9+m28JOD
4r0VGQBvWAAmkkkXz04ZL19sFUqOt1wuLgeg9BOxoGFPAZdoVS1HdXwJBE6lqt4E
EPahIMJMln5yWmNLL97Stnh3nLSz0wvlAO61edcHMaKRe9t1Krc3zl394wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLfMZ4+IyYul7sGuzIjW1N/hdMKMB8GA1UdIwQY
MBaAFCsL4iYjDUCZzuoKSmz07YuQIBNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTct
ODFmNTY2MTg1YjA2LzEvc3Q4eG5qNGpKaTZYdXdhN01pTmJVMy1GMHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTctODFmNTY2MTg1YjA2
LzEvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwoeYMA0G
CSqGSIb3DQEBCwUAA4IBAQAyStoedQUvdIG/srkvObuMD+n8zTAq2IPXjQ80qRrs
B2zcCcM5/3SpvD5YaqzwZeaHWGM8bxMgFRQUAFIJfV4p6a96etprALcbKeEJZBxK
pPhl9MQdOFmKGRqZZJkiNK/jeeEZn93hOtWN3Ens0lN1w3QGRHy1bkLVvx8KFXnV
T6HY79W972T077bODqXq2wc3iSk+FD+BThEnZydER4OHS6zsTCQ7IOqbLwJKHo6I
EYza6HUJWO3RqSQq2vyoEzvCr3vkQo91cuZjBFSdxkdTdRCNRy+FNuYChUzBk0pI
fVO9Tci9dWLgSwuhFR2G7+pCubL5dC69vYiTAqA5/VJM
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:33:43 2025 by rpki-client