Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/ce876c-2c02-4775-8095-78d4a64d22d9/1/h73609pmEogi1mr5yal1sNR_aIM.roa
File: h73609pmEogi1mr5yal1sNR_aIM.roa (raw, json)
Hash identifier: xECkne1ZTJO+2XS9UZa/R12Y+brbcjW087xGv2+aPVU=
Subject key identifier: 87:BD:FA:D3:DA:66:12:88:22:D6:6A:F9:C9:A9:75:B0:D4:7F:68:83
Certificate issuer: /CN=4e2d20f2de4d57e1bc645cb6287ff810d0f5a4bf
Certificate serial: 019425FDCBC68FF5B0DA8E9C79F1F33CC5BC
Authority key identifier: 4E:2D:20:F2:DE:4D:57:E1:BC:64:5C:B6:28:7F:F8:10:D0:F5:A4:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ti0g8t5NV-G8ZFy2KH_4END1pL8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/ce876c-2c02-4775-8095-78d4a64d22d9/1/h73609pmEogi1mr5yal1sNR_aIM.roa
Signing time: Thu 02 Jan 2025 07:49:37 +0000
ROA not before: Thu 02 Jan 2025 07:49:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50676
IP address blocks: 192.162.40.0/22 maxlen: 24
192.162.40.0/24 maxlen: 24
192.162.41.0/24 maxlen: 24
192.162.42.0/24 maxlen: 24
192.162.43.0/24 maxlen: 24
195.191.82.0/23 maxlen: 24
195.191.82.0/24 maxlen: 24
195.191.83.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1f/ce876c-2c02-4775-8095-78d4a64d22d9/1/Ti0g8t5NV-G8ZFy2KH_4END1pL8.crl
rsync://rpki.ripe.net/repository/DEFAULT/1f/ce876c-2c02-4775-8095-78d4a64d22d9/1/Ti0g8t5NV-G8ZFy2KH_4END1pL8.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ti0g8t5NV-G8ZFy2KH_4END1pL8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:cb:c6:8f:f5:b0:da:8e:9c:79:f1:f3:3c:c5:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e2d20f2de4d57e1bc645cb6287ff810d0f5a4bf
Validity
Not Before: Jan 2 07:49:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87bdfad3da66128822d66af9c9a975b0d47f6883
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:a6:0f:0d:8e:88:54:98:cc:3b:a3:ea:ac:aa:
18:1b:41:09:ae:41:b6:e9:ab:a7:98:22:9e:6c:5d:
38:f9:3d:cb:4e:b3:15:0c:45:f8:1c:34:d6:3b:70:
c0:05:a9:e7:25:ae:5c:5c:17:89:75:dc:26:8b:0e:
1a:d0:1b:fc:1d:cb:9f:75:81:c5:b6:a6:13:93:5b:
59:7c:84:78:22:f0:d7:4d:3f:c4:fe:a7:2f:67:c4:
6e:0f:9d:3e:fc:cb:13:fd:e8:cd:5f:9c:e9:b4:4e:
99:f4:24:67:f7:c9:c9:6e:28:b0:ed:6a:b1:af:a8:
7d:23:8a:83:42:1c:14:8e:18:e5:5b:ec:8d:2f:ba:
46:85:67:10:f2:22:69:e4:8b:5f:10:b2:ee:92:01:
23:33:c0:89:70:62:14:06:84:90:87:a9:03:ab:6d:
f8:21:38:b2:5b:d3:0b:ae:a5:94:cd:13:2b:f3:ad:
a0:6d:07:b4:0d:82:01:38:a4:f0:c2:d1:25:79:2b:
b9:29:41:e2:bf:4b:81:97:f1:ec:5c:2a:62:bb:fb:
f3:32:3d:5f:b9:3e:4a:d7:80:b5:d0:d5:9b:b8:2d:
61:76:46:34:d1:04:20:47:b4:55:75:3b:b2:42:3b:
30:34:70:7d:af:30:0c:14:45:c3:d2:75:e6:1b:09:
da:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:BD:FA:D3:DA:66:12:88:22:D6:6A:F9:C9:A9:75:B0:D4:7F:68:83
X509v3 Authority Key Identifier:
keyid:4E:2D:20:F2:DE:4D:57:E1:BC:64:5C:B6:28:7F:F8:10:D0:F5:A4:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ti0g8t5NV-G8ZFy2KH_4END1pL8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/ce876c-2c02-4775-8095-78d4a64d22d9/1/h73609pmEogi1mr5yal1sNR_aIM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/ce876c-2c02-4775-8095-78d4a64d22d9/1/Ti0g8t5NV-G8ZFy2KH_4END1pL8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.162.40.0/22
195.191.82.0/23
Signature Algorithm: sha256WithRSAEncryption
95:b7:38:7e:92:e7:61:71:ed:05:fe:4c:f2:01:88:ca:1a:84:
01:7f:e0:d4:8c:b2:92:ce:5c:96:ce:4b:f7:cd:e7:6a:0c:30:
16:69:16:87:a8:62:9e:7d:6d:58:7e:b1:61:38:46:ae:83:8f:
75:ba:e7:9d:35:11:36:27:7b:16:09:a6:80:8b:88:ad:93:c6:
63:01:4f:9c:ea:dd:2c:f0:f6:d0:a9:a7:29:e1:07:11:9b:d6:
a6:e1:ec:fa:a1:06:db:d5:ed:ba:1e:70:7a:89:58:e8:54:d6:
05:fc:44:9d:3f:f4:e8:bb:08:90:1b:9f:9e:20:1c:0f:49:a9:
a4:cf:31:67:55:aa:cc:cb:fc:a5:b6:23:2c:12:cd:7a:71:88:
78:df:6b:f6:33:16:0e:72:ce:54:f1:75:6f:ff:0a:65:16:bb:
f7:f8:c4:a5:a3:0b:8b:5b:f9:c0:71:63:a2:1a:ea:ee:15:51:
98:a0:39:f4:72:09:82:ee:37:f4:e1:4d:84:00:f1:79:82:9f:
b0:13:be:6b:84:d0:8f:b7:cf:bf:cb:0c:bb:36:db:73:da:2c:
51:14:88:13:b4:ef:f0:27:2f:e4:98:d7:5f:48:59:8a:ad:00:
7d:13:2f:eb:ec:86:87:3b:7f:39:3f:37:9b:6b:20:40:bb:3f:
ff:b4:29:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/cvGj/Ww2o6cefHzPMW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMmQyMGYyZGU0ZDU3ZTFiYzY0NWNiNjI4N2ZmODEwZDBm
NWE0YmYwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2JkZmFkM2RhNjYxMjg4MjJkNjZhZjljOWE5NzViMGQ0N2Y2ODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaYPDY6IVJjMO6PqrKoYG0EJrkG2
6aunmCKebF04+T3LTrMVDEX4HDTWO3DABannJa5cXBeJddwmiw4a0Bv8HcufdYHF
tqYTk1tZfIR4IvDXTT/E/qcvZ8RuD50+/MsT/ejNX5zptE6Z9CRn98nJbiiw7Wqx
r6h9I4qDQhwUjhjlW+yNL7pGhWcQ8iJp5ItfELLukgEjM8CJcGIUBoSQh6kDq234
ITiyW9MLrqWUzRMr862gbQe0DYIBOKTwwtEleSu5KUHiv0uBl/HsXCpiu/vzMj1f
uT5K14C10NWbuC1hdkY00QQgR7RVdTuyQjswNHB9rzAMFEXD0nXmGwnaSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIe9+tPaZhKIItZq+cmpdbDUf2iDMB8GA1UdIwQY
MBaAFE4tIPLeTVfhvGRctih/+BDQ9aS/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGkwZzh0NU5WLUc4WkZ5MktIXzRFTkQxcEw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9jZTg3NmMtMmMwMi00Nzc1LTgwOTUt
NzhkNGE2NGQyMmQ5LzEvaDczNjA5cG1Fb2dpMW1yNXlhbDFzTlJfYUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9jZTg3NmMtMmMwMi00Nzc1LTgwOTUtNzhkNGE2NGQyMmQ5
LzEvVGkwZzh0NU5WLUc4WkZ5MktIXzRFTkQxcEw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwKIoAwQB
w79SMA0GCSqGSIb3DQEBCwUAA4IBAQCVtzh+kudhce0F/kzyAYjKGoQBf+DUjLKS
zlyWzkv3zedqDDAWaRaHqGKefW1YfrFhOEaug491uuedNRE2J3sWCaaAi4itk8Zj
AU+c6t0s8PbQqacp4QcRm9am4ez6oQbb1e26HnB6iVjoVNYF/ESdP/TouwiQG5+e
IBwPSamkzzFnVarMy/yltiMsEs16cYh432v2MxYOcs5U8XVv/wplFrv3+MSlowuL
W/nAcWOiGuruFVGYoDn0cgmC7jf04U2EAPF5gp+wE75rhNCPt8+/ywy7Nttz2ixR
FIgTtO/wJy/kmNdfSFmKrQB9Ey/r7IaHO385PzebayBAuz//tCni
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:18:27 2025 by rpki-client