Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/L5MQK89fxZaRwM_CqURZbBomtGM.roa
File: L5MQK89fxZaRwM_CqURZbBomtGM.roa (raw, json)
Hash identifier: dfoa3Oa+GHxXVfHS0ZcfFlTwLP7no4RhSrEEs8sBD0U=
Subject key identifier: 2F:93:10:2B:CF:5F:C5:96:91:C0:CF:C2:A9:44:59:6C:1A:26:B4:63
Certificate issuer: /CN=36cb16e44cfbf07e97f6f5e44ae718aa50d05291
Certificate serial: 019420D6473391EC6C3BDD5080EDF66AD6A3
Authority key identifier: 36:CB:16:E4:4C:FB:F0:7E:97:F6:F5:E4:4A:E7:18:AA:50:D0:52:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NssW5Ez78H6X9vXkSucYqlDQUpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/L5MQK89fxZaRwM_CqURZbBomtGM.roa
Signing time: Wed 01 Jan 2025 07:48:21 +0000
ROA not before: Wed 01 Jan 2025 07:48:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56334
IP address blocks: 185.136.20.0/24 maxlen: 24
185.136.21.0/24 maxlen: 24
185.136.22.0/24 maxlen: 24
2a06:f800::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/NssW5Ez78H6X9vXkSucYqlDQUpE.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/NssW5Ez78H6X9vXkSucYqlDQUpE.mft
rsync://rpki.ripe.net/repository/DEFAULT/NssW5Ez78H6X9vXkSucYqlDQUpE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:47:33:91:ec:6c:3b:dd:50:80:ed:f6:6a:d6:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36cb16e44cfbf07e97f6f5e44ae718aa50d05291
Validity
Not Before: Jan 1 07:48:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f93102bcf5fc59691c0cfc2a944596c1a26b463
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:a6:db:41:e4:c9:0b:91:ff:6a:e7:c0:89:53:
ff:87:5b:0e:dd:c5:2f:05:7b:ff:7c:6e:76:65:3f:
ce:79:2d:65:35:1c:81:6f:80:4f:69:89:83:ec:de:
27:d5:2c:95:8b:bd:3a:2b:30:4d:16:db:30:52:07:
c5:c3:16:bc:49:3c:60:bd:be:02:c6:09:af:26:08:
d6:28:5f:5c:14:73:44:33:bc:b4:19:cb:ac:5c:66:
92:05:10:c2:af:3e:c1:9a:90:90:e5:55:0a:99:7e:
c6:53:8d:63:7a:e5:69:6a:47:38:e6:68:84:6d:d9:
42:ba:b0:89:f5:53:96:4c:da:ae:df:f9:f2:66:35:
80:7f:0a:23:89:8e:b8:bc:93:20:d7:d6:8b:f5:02:
53:2f:e8:34:1b:1b:9d:c1:4d:14:10:08:4e:6a:ff:
fd:3b:f8:c9:49:66:97:08:e4:fc:7e:4d:0e:65:90:
53:00:6e:b9:26:76:ee:30:ad:1e:36:59:5d:fa:2c:
8d:53:65:ce:7f:fb:76:b3:c9:bd:fe:73:4c:b2:c2:
78:a7:7a:47:9c:ac:e4:3c:da:ba:f6:2e:35:87:57:
8a:9b:c3:2d:55:74:44:52:03:1b:f4:1d:a7:91:b6:
a0:18:86:5d:cb:6e:b7:91:a4:dc:ed:71:39:19:70:
50:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:93:10:2B:CF:5F:C5:96:91:C0:CF:C2:A9:44:59:6C:1A:26:B4:63
X509v3 Authority Key Identifier:
keyid:36:CB:16:E4:4C:FB:F0:7E:97:F6:F5:E4:4A:E7:18:AA:50:D0:52:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NssW5Ez78H6X9vXkSucYqlDQUpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/L5MQK89fxZaRwM_CqURZbBomtGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c8043e-ea95-4851-a2fb-10cbc597a71a/1/NssW5Ez78H6X9vXkSucYqlDQUpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.20.0-185.136.22.255
IPv6:
2a06:f800::/29
Signature Algorithm: sha256WithRSAEncryption
9c:be:4f:aa:45:e9:9f:00:b9:37:a4:fa:fa:1f:95:c6:6c:34:
a5:a8:bd:b9:25:c6:e9:8c:5b:d8:b8:1b:7b:39:ba:d7:ea:f0:
d0:89:3b:32:a5:9a:9f:57:78:ca:ca:91:46:8e:c3:82:f5:b0:
d6:50:45:61:4b:17:b7:e8:41:0a:8a:d5:6f:49:63:8a:89:f5:
db:ad:a8:f6:61:90:e0:76:aa:94:65:a3:f2:52:3c:6d:4a:31:
34:e9:ce:26:90:81:5b:de:51:d0:ab:50:f3:a8:74:d4:52:fa:
8f:34:65:55:52:fb:2d:50:99:ba:17:a6:8e:2c:2d:52:69:b0:
fa:42:38:38:93:b6:db:ae:5a:73:a1:1b:84:23:27:66:a3:64:
6f:82:3c:9d:97:00:1a:24:12:3f:43:6d:46:c9:64:a3:5d:44:
3a:68:01:b8:02:1c:ca:41:14:7a:65:45:e2:11:83:d9:12:b3:
99:eb:99:fe:43:0e:35:08:f1:90:f4:ba:10:a8:0d:af:42:9b:
07:29:a4:26:a0:f8:a5:14:4c:d0:b3:be:a4:cd:a1:06:24:e8:
17:86:e1:4c:33:93:bc:ef:a6:d3:25:83:ef:0d:5d:40:dd:18:
f6:a7:f3:c1:a5:cf:c1:28:ba:dc:a4:57:86:d4:4d:a4:4f:16:
58:48:b4:a7
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQg1kczkexsO91QgO32atajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Y2IxNmU0NGNmYmYwN2U5N2Y2ZjVlNDRhZTcxOGFhNTBk
MDUyOTEwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjkzMTAyYmNmNWZjNTk2OTFjMGNmYzJhOTQ0NTk2YzFhMjZiNDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA66bbQeTJC5H/aufAiVP/h1sO3cUv
BXv/fG52ZT/OeS1lNRyBb4BPaYmD7N4n1SyVi706KzBNFtswUgfFwxa8STxgvb4C
xgmvJgjWKF9cFHNEM7y0GcusXGaSBRDCrz7BmpCQ5VUKmX7GU41jeuVpakc45miE
bdlCurCJ9VOWTNqu3/nyZjWAfwojiY64vJMg19aL9QJTL+g0GxudwU0UEAhOav/9
O/jJSWaXCOT8fk0OZZBTAG65JnbuMK0eNlld+iyNU2XOf/t2s8m9/nNMssJ4p3pH
nKzkPNq69i41h1eKm8MtVXREUgMb9B2nkbagGIZdy263kaTc7XE5GXBQawIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC+TECvPX8WWkcDPwqlEWWwaJrRjMB8GA1UdIwQY
MBaAFDbLFuRM+/B+l/b15ErnGKpQ0FKRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNzVzVFejc4SDZYOXZYa1N1Y1lxbERRVXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jODA0M2UtZWE5NS00ODUxLWEyZmIt
MTBjYmM1OTdhNzFhLzEvTDVNUUs4OWZ4WmFSd01fQ3FVUlpiQm9tdEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jODA0M2UtZWE5NS00ODUxLWEyZmItMTBjYmM1OTdhNzFh
LzEvTnNzVzVFejc4SDZYOXZYa1N1Y1lxbERRVXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5iBQD
BAC5iBYwDQQCAAIwBwMFAyoG+AAwDQYJKoZIhvcNAQELBQADggEBAJy+T6pF6Z8A
uTek+voflcZsNKWovbklxumMW9i4G3s5utfq8NCJOzKlmp9XeMrKkUaOw4L1sNZQ
RWFLF7foQQqK1W9JY4qJ9dutqPZhkOB2qpRlo/JSPG1KMTTpziaQgVveUdCrUPOo
dNRS+o80ZVVS+y1QmboXpo4sLVJpsPpCODiTttuuWnOhG4QjJ2ajZG+CPJ2XABok
Ej9DbUbJZKNdRDpoAbgCHMpBFHplReIRg9kSs5nrmf5DDjUI8ZD0uhCoDa9Cmwcp
pCag+KUUTNCzvqTNoQYk6BeG4Uwzk7zvptMlg+8NXUDdGPan88Glz8EoutykV4bU
TaRPFlhItKc=
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:49:39 2025 by rpki-client