Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/645bb2-fc34-429b-a7f0-cf03fa4ca083/1/GWI9kIBnfoOZnDj32hv9bUtOynA.roa
File: GWI9kIBnfoOZnDj32hv9bUtOynA.roa (raw, json)
Hash identifier: c2UfLQdx04a/beHhDQErapqY073fDoBPTLRr0TnaQS4=
Subject key identifier: 19:62:3D:90:80:67:7E:83:99:9C:38:F7:DA:1B:FD:6D:4B:4E:CA:70
Certificate issuer: /CN=88a8d325f97b03713342682fc408d53368740e7d
Certificate serial: 019420684F1B903081DF53F7F8E13C4CA312
Authority key identifier: 88:A8:D3:25:F9:7B:03:71:33:42:68:2F:C4:08:D5:33:68:74:0E:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iKjTJfl7A3EzQmgvxAjVM2h0Dn0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/645bb2-fc34-429b-a7f0-cf03fa4ca083/1/GWI9kIBnfoOZnDj32hv9bUtOynA.roa
Signing time: Wed 01 Jan 2025 05:48:14 +0000
ROA not before: Wed 01 Jan 2025 05:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60895
IP address blocks: 185.23.112.0/22 maxlen: 22
185.23.112.0/23 maxlen: 23
185.23.112.0/24 maxlen: 24
185.23.113.0/24 maxlen: 24
185.23.114.0/23 maxlen: 23
185.23.114.0/24 maxlen: 24
185.23.115.0/24 maxlen: 24
2a00:6d20::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/17/645bb2-fc34-429b-a7f0-cf03fa4ca083/1/iKjTJfl7A3EzQmgvxAjVM2h0Dn0.crl
rsync://rpki.ripe.net/repository/DEFAULT/17/645bb2-fc34-429b-a7f0-cf03fa4ca083/1/iKjTJfl7A3EzQmgvxAjVM2h0Dn0.mft
rsync://rpki.ripe.net/repository/DEFAULT/iKjTJfl7A3EzQmgvxAjVM2h0Dn0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:4f:1b:90:30:81:df:53:f7:f8:e1:3c:4c:a3:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88a8d325f97b03713342682fc408d53368740e7d
Validity
Not Before: Jan 1 05:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=19623d9080677e83999c38f7da1bfd6d4b4eca70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ae:53:00:77:0f:a5:5f:05:bb:03:ff:ed:79:
5a:6e:7c:27:df:36:eb:41:30:91:87:7f:1f:5f:73:
7d:27:a1:3e:05:d3:23:18:b7:4f:24:a5:1e:02:6f:
70:3f:8d:70:53:f4:e4:e9:3b:3c:08:62:0c:da:cd:
d9:1f:aa:1c:fe:b5:f1:89:1a:5d:06:ad:4e:d0:60:
0f:96:0f:3d:d2:67:cd:be:cb:e8:3c:ea:ad:8d:5c:
58:84:77:8f:07:cb:60:15:27:2c:81:30:e8:d0:d9:
85:b5:44:20:89:a2:03:08:90:53:28:52:3b:0f:2c:
1d:e1:10:5e:41:96:43:ae:49:12:65:1a:16:48:5d:
d0:a2:17:ec:ab:c1:92:32:8b:c7:1e:a6:72:eb:f9:
76:b0:54:e4:c3:e8:33:34:a7:71:e3:4e:0e:18:11:
dc:2e:e6:f2:67:b8:e6:02:b3:71:de:e1:04:2b:8d:
29:9c:ef:77:b6:a4:c9:e0:0d:dd:87:73:a3:ac:61:
08:24:91:10:ff:bf:93:b8:47:70:0a:2a:09:e9:cb:
d3:ca:7f:97:34:8d:4f:94:33:b7:33:5a:59:b9:80:
b4:3b:08:b9:0e:b9:e3:a9:f9:07:a8:ec:01:d9:5d:
e8:eb:c4:1d:0d:e3:11:9b:8b:c5:4f:0b:67:8b:af:
76:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:62:3D:90:80:67:7E:83:99:9C:38:F7:DA:1B:FD:6D:4B:4E:CA:70
X509v3 Authority Key Identifier:
keyid:88:A8:D3:25:F9:7B:03:71:33:42:68:2F:C4:08:D5:33:68:74:0E:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKjTJfl7A3EzQmgvxAjVM2h0Dn0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/645bb2-fc34-429b-a7f0-cf03fa4ca083/1/GWI9kIBnfoOZnDj32hv9bUtOynA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/645bb2-fc34-429b-a7f0-cf03fa4ca083/1/iKjTJfl7A3EzQmgvxAjVM2h0Dn0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.23.112.0/22
IPv6:
2a00:6d20::/32
Signature Algorithm: sha256WithRSAEncryption
80:e6:38:63:35:10:d6:a7:30:56:6e:9c:60:b3:38:72:75:12:
ed:0e:22:75:02:6e:8b:49:09:e0:b0:4c:a0:72:1a:0e:93:2f:
2e:6c:fd:9d:ea:07:21:12:af:c6:40:96:ae:b7:0c:d1:bc:d3:
6e:0e:83:2a:f5:f8:5a:7b:07:7d:8c:b9:08:d7:90:88:9a:58:
59:cc:ee:8a:12:77:74:0e:e9:eb:00:d3:26:cb:b0:24:05:1d:
64:2e:d3:93:db:61:e2:79:f1:1f:ae:b2:38:35:7b:90:cc:b2:
72:e4:c5:20:59:26:7d:38:22:d9:49:16:17:59:ab:e1:8c:c8:
1c:ed:27:fa:7b:09:2a:cb:da:fd:2e:8a:a7:4f:46:ae:f4:5a:
52:3b:60:24:df:0e:7c:eb:d4:8b:ed:36:50:08:54:63:99:eb:
be:3c:ec:9a:75:cf:68:b6:c6:6b:d3:bc:67:7a:72:6c:bd:8d:
43:8d:99:ad:47:55:f6:15:33:5b:75:ef:f1:c8:80:82:59:78:
b8:8c:4c:dc:e7:8b:13:3e:54:62:e2:ad:02:75:43:30:20:0d:
59:7e:d3:27:90:78:68:62:62:5c:7b:ae:d0:83:52:f7:0b:67:
cf:c4:27:03:2c:f9:79:b3:d5:a3:e4:22:39:e6:9a:02:52:10:
7c:09:93:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaE8bkDCB31P3+OE8TKMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YThkMzI1Zjk3YjAzNzEzMzQyNjgyZmM0MDhkNTMzNjg3
NDBlN2QwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTYyM2Q5MDgwNjc3ZTgzOTk5YzM4ZjdkYTFiZmQ2ZDRiNGVjYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq5TAHcPpV8FuwP/7Xlabnwn3zbr
QTCRh38fX3N9J6E+BdMjGLdPJKUeAm9wP41wU/Tk6Ts8CGIM2s3ZH6oc/rXxiRpd
Bq1O0GAPlg890mfNvsvoPOqtjVxYhHePB8tgFScsgTDo0NmFtUQgiaIDCJBTKFI7
Dywd4RBeQZZDrkkSZRoWSF3Qohfsq8GSMovHHqZy6/l2sFTkw+gzNKdx404OGBHc
LubyZ7jmArNx3uEEK40pnO93tqTJ4A3dh3OjrGEIJJEQ/7+TuEdwCioJ6cvTyn+X
NI1PlDO3M1pZuYC0Owi5DrnjqfkHqOwB2V3o68QdDeMRm4vFTwtni6927QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBliPZCAZ36DmZw499ob/W1LTspwMB8GA1UdIwQY
MBaAFIio0yX5ewNxM0JoL8QI1TNodA59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtqVEpmbDdBM0V6UW1ndnhBalZNMmgwRG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy82NDViYjItZmMzNC00MjliLWE3ZjAt
Y2YwM2ZhNGNhMDgzLzEvR1dJOWtJQm5mb09abkRqMzJodjliVXRPeW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy82NDViYjItZmMzNC00MjliLWE3ZjAtY2YwM2ZhNGNhMDgz
LzEvaUtqVEpmbDdBM0V6UW1ndnhBalZNMmgwRG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRdwMA0E
AgACMAcDBQAqAG0gMA0GCSqGSIb3DQEBCwUAA4IBAQCA5jhjNRDWpzBWbpxgszhy
dRLtDiJ1Am6LSQngsEygchoOky8ubP2d6gchEq/GQJautwzRvNNuDoMq9fhaewd9
jLkI15CImlhZzO6KEnd0DunrANMmy7AkBR1kLtOT22HiefEfrrI4NXuQzLJy5MUg
WSZ9OCLZSRYXWavhjMgc7Sf6ewkqy9r9LoqnT0au9FpSO2Ak3w5869SL7TZQCFRj
meu+POyadc9otsZr07xnenJsvY1DjZmtR1X2FTNbde/xyICCWXi4jEzc54sTPlRi
4q0CdUMwIA1ZftMnkHhoYmJce67Qg1L3C2fPxCcDLPl5s9Wj5CI55poCUhB8CZMr
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:53:47 2025 by rpki-client