Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/O5thYMVmpJ3Sgs_BXE5PaEigSOk.roa
File: O5thYMVmpJ3Sgs_BXE5PaEigSOk.roa (raw, json)
Hash identifier: upaY9WWmNmQeB5jWyWy7mR3YMpIDa7HH/h1Mb9kGxcQ=
Subject key identifier: 3B:9B:61:60:C5:66:A4:9D:D2:82:CF:C1:5C:4E:4F:68:48:A0:48:E9
Certificate issuer: /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial: 019427487D89B7B7DF7EDBCBA1BB6DF1DE9F
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/O5thYMVmpJ3Sgs_BXE5PaEigSOk.roa
Signing time: Thu 02 Jan 2025 13:50:49 +0000
ROA not before: Thu 02 Jan 2025 13:50:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 23422
IP address blocks: 45.10.21.0/24 maxlen: 24
152.89.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 22:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:7d:89:b7:b7:df:7e:db:cb:a1:bb:6d:f1:de:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Validity
Not Before: Jan 2 13:50:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b9b6160c566a49dd282cfc15c4e4f6848a048e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:4e:55:d6:d9:da:26:6b:ae:56:5e:80:6a:1f:
7a:34:e5:ba:7c:14:b4:de:9b:0a:a1:e2:1c:95:03:
f1:ee:1a:8d:f0:ec:23:5b:fa:55:c8:fc:19:d1:ff:
95:ff:31:32:ea:d0:9e:c9:1f:77:4d:ae:4c:60:49:
78:e0:6b:28:e6:65:df:35:af:f9:f0:53:e0:5e:47:
0a:1e:b6:dc:3e:2c:8a:aa:13:2b:16:e8:29:50:cc:
2a:b1:cf:37:50:e2:fe:88:b9:df:3b:21:c5:bf:02:
c8:c4:4a:65:9b:47:1f:d1:7d:63:19:d6:13:f9:df:
7d:11:80:fc:a8:2e:ca:12:29:0e:9e:db:eb:fd:1c:
8a:f9:9d:96:91:e1:3e:3f:d0:58:e6:2b:9d:39:a4:
b9:4f:a9:34:01:9e:b6:c6:ff:82:c3:55:a3:e9:ab:
c7:9b:4a:86:c1:40:cc:57:2a:3b:e6:a6:63:7e:72:
15:0e:b5:af:6a:b4:3e:81:b9:d7:04:f5:e3:a2:55:
ce:96:71:96:8f:2e:ed:9f:7b:9e:df:07:a1:c2:6c:
15:57:13:cf:8b:77:2a:d6:4a:6e:3d:cd:5a:ca:c1:
d1:65:65:00:1b:04:22:90:9a:fe:a4:39:96:90:e7:
22:70:35:ea:89:f8:1e:91:fd:2a:11:a1:67:0d:df:
11:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:9B:61:60:C5:66:A4:9D:D2:82:CF:C1:5C:4E:4F:68:48:A0:48:E9
X509v3 Authority Key Identifier:
keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/O5thYMVmpJ3Sgs_BXE5PaEigSOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.21.0/24
152.89.252.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:37:c9:20:21:65:47:5b:8e:b8:ff:00:74:86:73:ba:9c:12:
86:e8:a2:a3:08:a8:33:72:d7:92:26:bb:e1:ed:8c:14:f4:42:
b9:d7:6b:55:e0:21:1c:7f:2b:c2:f6:97:a9:0b:72:a4:cc:26:
d2:ba:4d:be:97:f9:a6:34:32:e4:d2:c8:3a:d9:ab:a2:a1:70:
d7:e3:d1:d2:6b:10:4c:a5:e2:c1:2e:00:59:4f:80:f7:80:c2:
11:07:75:a5:3c:ce:28:3b:05:de:99:f0:fb:9f:2c:e8:64:ad:
3a:49:27:b7:fa:9c:aa:b0:34:02:b5:f5:de:8b:bd:28:18:b1:
17:37:aa:41:3e:9a:5c:a7:7c:11:5e:3b:f3:29:58:44:7f:f4:
4e:9f:89:b4:09:40:67:f2:a7:e5:81:f5:7e:6f:a8:e0:c1:61:
cc:77:ab:b0:49:cc:b6:6b:55:d7:bf:74:2d:2f:7b:b5:7f:e1:
08:c4:10:c7:30:3e:c1:18:a0:71:b4:63:c1:b3:90:b4:02:85:
0f:a6:d5:07:29:8b:4d:79:2e:f4:e0:aa:8e:6b:f2:4b:37:6d:
f5:fe:75:4f:88:e0:75:0d:0d:60:b6:b0:21:e6:92:ca:89:df:
93:17:4b:24:d4:8a:8a:6e:82:d0:c6:0e:d4:d8:03:92:44:3b:
f8:2b:f8:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSH2Jt7ffftvLobtt8d6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjliNjE2MGM1NjZhNDlkZDI4MmNmYzE1YzRlNGY2ODQ4YTA0OGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApk5V1tnaJmuuVl6Aah96NOW6fBS0
3psKoeIclQPx7hqN8OwjW/pVyPwZ0f+V/zEy6tCeyR93Ta5MYEl44Gso5mXfNa/5
8FPgXkcKHrbcPiyKqhMrFugpUMwqsc83UOL+iLnfOyHFvwLIxEplm0cf0X1jGdYT
+d99EYD8qC7KEikOntvr/RyK+Z2WkeE+P9BY5iudOaS5T6k0AZ62xv+Cw1Wj6avH
m0qGwUDMVyo75qZjfnIVDrWvarQ+gbnXBPXjolXOlnGWjy7tn3ue3wehwmwVVxPP
i3cq1kpuPc1aysHRZWUAGwQikJr+pDmWkOcicDXqifgekf0qEaFnDd8RawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDubYWDFZqSd0oLPwVxOT2hIoEjpMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvTzV0aFlNVm1wSjNTZ3NfQlhFNVBhRWlnU09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQoVAwQA
mFn8MA0GCSqGSIb3DQEBCwUAA4IBAQA9N8kgIWVHW464/wB0hnO6nBKG6KKjCKgz
cteSJrvh7YwU9EK512tV4CEcfyvC9pepC3KkzCbSuk2+l/mmNDLk0sg62auioXDX
49HSaxBMpeLBLgBZT4D3gMIRB3WlPM4oOwXemfD7nyzoZK06SSe3+pyqsDQCtfXe
i70oGLEXN6pBPppcp3wRXjvzKVhEf/ROn4m0CUBn8qflgfV+b6jgwWHMd6uwScy2
a1XXv3QtL3u1f+EIxBDHMD7BGKBxtGPBs5C0AoUPptUHKYtNeS704KqOa/JLN231
/nVPiOB1DQ1gtrAh5pLKid+TF0sk1IqKboLQxg7U2AOSRDv4K/hW
-----END CERTIFICATE-----
Generated at Sun Apr 6 03:52:39 2025 by rpki-client