Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/7VL3TCVUHIkzVI-u_BV2H3VUTW0.roa
File: 7VL3TCVUHIkzVI-u_BV2H3VUTW0.roa (raw, json)
Hash identifier: 5DAqYiaH4HvpC1IHfjR7Nmgzznm6FMPuOC84EeBazuE=
Subject key identifier: ED:52:F7:4C:25:54:1C:89:33:54:8F:AE:FC:15:76:1F:75:54:4D:6D
Certificate issuer: /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial: 019426815B0D60BA56F64BFADE413FCDFFD0
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/7VL3TCVUHIkzVI-u_BV2H3VUTW0.roa
Signing time: Thu 02 Jan 2025 10:13:19 +0000
ROA not before: Thu 02 Jan 2025 10:13:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12552
IP address blocks: 5.198.248.0/21 maxlen: 24
31.204.64.0/21 maxlen: 24
130.255.160.0/21 maxlen: 24
141.138.208.0/21 maxlen: 24
159.253.216.0/21 maxlen: 24
185.6.8.0/22 maxlen: 24
185.13.96.0/22 maxlen: 24
185.236.40.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:81:5b:0d:60:ba:56:f6:4b:fa:de:41:3f:cd:ff:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
Validity
Not Before: Jan 2 10:13:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ed52f74c25541c8933548faefc15761f75544d6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:f9:04:dd:0e:ab:c1:94:10:5d:3e:7e:f0:1e:
65:e1:87:4c:04:5a:ad:a4:bd:aa:0b:06:e2:8e:d9:
ce:7c:8e:44:d3:b5:fa:2d:38:45:70:e4:3c:b7:56:
63:c9:95:7a:39:1e:4b:2d:ae:92:88:e0:70:46:99:
c5:3c:a4:f7:4e:cc:7d:fc:b9:2b:df:e5:61:11:0b:
2f:d9:a4:50:c4:fb:c4:e6:68:ad:74:04:b0:82:f7:
45:11:62:97:f3:50:50:b3:16:84:4e:6a:41:43:0c:
b2:8a:83:d4:89:4a:98:db:a0:7e:d0:3a:58:41:95:
50:92:6e:46:cc:27:61:ac:19:20:77:29:38:a5:c4:
08:ac:20:25:59:0a:83:d4:a1:bd:97:af:5b:e0:80:
d6:d6:1c:7d:68:83:e6:7a:dd:70:30:d7:f6:fb:03:
da:5d:05:e8:08:4c:be:a0:f4:f6:b2:da:af:4b:48:
24:9d:3e:d1:38:ac:c4:b6:2e:e6:e6:54:24:b4:70:
20:5c:f9:0c:88:57:c7:5c:de:08:65:90:07:72:28:
7b:1d:90:38:6c:f2:88:b7:98:6d:2d:86:c8:db:76:
9d:50:17:78:6c:1b:22:95:76:b7:cc:e6:2a:17:88:
8a:38:e1:43:dd:58:97:b6:2a:dc:0b:1f:27:37:00:
6d:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:52:F7:4C:25:54:1C:89:33:54:8F:AE:FC:15:76:1F:75:54:4D:6D
X509v3 Authority Key Identifier:
keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/7VL3TCVUHIkzVI-u_BV2H3VUTW0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.198.248.0/21
31.204.64.0/21
130.255.160.0/21
141.138.208.0/21
159.253.216.0/21
185.6.8.0/22
185.13.96.0/22
185.236.40.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:04:83:db:db:1a:d0:b5:cc:b9:91:8e:2a:be:3c:15:2a:d5:
d2:65:dc:38:fd:bb:33:d6:26:e4:98:16:69:dc:f4:c3:5f:5a:
46:df:89:f5:de:a5:37:eb:fe:c7:07:48:e8:b8:8e:04:29:77:
28:b5:33:fa:fd:92:d4:f1:76:59:70:7a:fe:92:49:6c:15:fd:
6c:01:f6:5c:75:3c:8a:0d:bc:c8:13:4b:75:66:50:9e:19:39:
04:ae:80:7f:9c:6d:ea:65:c3:83:94:28:03:1e:3b:46:be:09:
47:86:0a:89:2e:d8:57:90:84:30:42:15:4e:b1:5e:09:e5:9e:
81:8d:1c:c6:06:db:66:88:93:41:7a:e6:10:be:8f:94:c7:4c:
1b:be:8d:41:7e:4a:0b:14:fd:fb:8d:ba:e8:23:9a:b5:65:63:
64:71:14:2a:e4:6e:14:0c:50:df:57:0d:52:d3:39:07:d0:07:
86:69:cd:d6:38:a9:78:8f:69:a1:cb:70:70:33:9f:b4:63:c5:
64:47:1f:6d:56:01:90:f8:79:58:ef:75:a8:ca:39:d2:a0:a3:
69:e9:d2:b6:a7:d4:4f:87:66:01:c4:db:01:9a:c6:ae:2e:56:
03:5a:26:54:a6:92:06:6d:8c:eb:fe:1f:83:7b:b7:7f:b6:2a:
e2:85:21:88
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQmgVsNYLpW9kv63kE/zf/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjUwMTAyMTAxMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDUyZjc0YzI1NTQxYzg5MzM1NDhmYWVmYzE1NzYxZjc1NTQ0ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfkE3Q6rwZQQXT5+8B5l4YdMBFqt
pL2qCwbijtnOfI5E07X6LThFcOQ8t1ZjyZV6OR5LLa6SiOBwRpnFPKT3Tsx9/Lkr
3+VhEQsv2aRQxPvE5mitdASwgvdFEWKX81BQsxaETmpBQwyyioPUiUqY26B+0DpY
QZVQkm5GzCdhrBkgdyk4pcQIrCAlWQqD1KG9l69b4IDW1hx9aIPmet1wMNf2+wPa
XQXoCEy+oPT2stqvS0gknT7ROKzEti7m5lQktHAgXPkMiFfHXN4IZZAHcih7HZA4
bPKIt5htLYbI23adUBd4bBsilXa3zOYqF4iKOOFD3ViXtircCx8nNwBtPwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFO1S90wlVByJM1SPrvwVdh91VE1tMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvN1ZMM1RDVlVISWt6VkktdV9CVjJIM1ZVVFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDBcb4AwQD
H8xAAwQDgv+gAwQDjYrQAwQDn/3YAwQCuQYIAwQCuQ1gAwQAuewoMA0GCSqGSIb3
DQEBCwUAA4IBAQC0BIPb2xrQtcy5kY4qvjwVKtXSZdw4/bsz1ibkmBZp3PTDX1pG
34n13qU36/7HB0jouI4EKXcotTP6/ZLU8XZZcHr+kklsFf1sAfZcdTyKDbzIE0t1
ZlCeGTkEroB/nG3qZcODlCgDHjtGvglHhgqJLthXkIQwQhVOsV4J5Z6BjRzGBttm
iJNBeuYQvo+Ux0wbvo1BfkoLFP37jbroI5q1ZWNkcRQq5G4UDFDfVw1S0zkH0AeG
ac3WOKl4j2mhy3BwM5+0Y8VkRx9tVgGQ+HlY73WoyjnSoKNp6dK2p9RPh2YBxNsB
msauLlYDWiZUppIGbYzr/h+De7d/tirihSGI
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:50:12 2025 by rpki-client