Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HKyKcuG2QNZXVCZbzlsSYd8S3kw.roa
File: HKyKcuG2QNZXVCZbzlsSYd8S3kw.roa (raw, json)
Hash identifier: WsComY/xpr7CRKjl1OS19nvkdUYgY57xLKmt+FoyLxs=
Subject key identifier: 1C:AC:8A:72:E1:B6:40:D6:57:54:26:5B:CE:5B:12:61:DF:12:DE:4C
Certificate issuer: /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial: 019420686C6C4E7BBD9F14A0AB1633DAE1C5
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HKyKcuG2QNZXVCZbzlsSYd8S3kw.roa
Signing time: Wed 01 Jan 2025 05:48:21 +0000
ROA not before: Wed 01 Jan 2025 05:48:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207021
IP address blocks: 193.46.128.0/24 maxlen: 24
193.46.129.0/24 maxlen: 24
193.46.130.0/24 maxlen: 24
193.46.131.0/24 maxlen: 24
193.46.132.0/24 maxlen: 24
193.46.133.0/24 maxlen: 24
193.46.134.0/24 maxlen: 24
193.46.135.0/24 maxlen: 24
194.0.24.0/24 maxlen: 24
194.0.25.0/24 maxlen: 24
194.0.26.0/24 maxlen: 24
2001:678:20::/48 maxlen: 48
2001:678:24::/48 maxlen: 48
2001:67c:1bc::/48 maxlen: 48
2a02:850:ffe0::/48 maxlen: 48
2a02:850:ffe1::/48 maxlen: 48
2a02:850:ffe2::/48 maxlen: 48
2a02:850:ffe3::/48 maxlen: 48
2a02:850:ffe4::/48 maxlen: 48
2a02:850:ffe5::/48 maxlen: 48
2a02:850:ffe6::/48 maxlen: 48
2a02:850:ffe7::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:6c:6c:4e:7b:bd:9f:14:a0:ab:16:33:da:e1:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Validity
Not Before: Jan 1 05:48:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1cac8a72e1b640d65754265bce5b1261df12de4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:72:b6:73:2a:75:70:8a:2e:60:af:01:28:6e:
30:4a:91:34:b5:c3:60:fa:b7:11:8a:9e:49:67:40:
23:d4:85:d5:16:66:81:82:36:fd:51:89:b4:6d:b2:
a4:31:ad:3a:00:8f:62:ab:b8:77:d4:a8:27:e2:de:
1c:4f:24:1f:60:00:3e:26:92:95:a6:8f:1c:e5:8a:
4b:12:f9:d1:c4:42:bb:c5:d0:43:2b:a7:59:ea:ab:
00:30:c7:3d:2b:78:c4:b1:be:87:91:83:86:8e:71:
04:c0:15:c6:7b:84:31:a2:d6:36:16:55:0b:78:7d:
dc:fe:44:9c:ac:e6:9e:ca:50:35:6a:c7:60:09:7e:
15:f0:2f:fb:5a:59:0e:17:a3:25:a9:95:a8:5a:83:
d6:2d:c9:98:a4:8a:31:cf:4a:14:a4:c0:4c:92:14:
fe:0c:09:78:5f:78:bb:37:b8:79:28:08:2b:3e:a8:
3e:b8:57:5f:76:cd:57:f1:54:90:b0:95:03:e4:a5:
6b:77:1c:ee:59:7c:ca:a7:08:ee:bc:4b:b9:75:67:
b8:3d:dd:3f:a1:e7:46:f1:f7:bf:b8:54:6a:0f:71:
66:63:e7:2c:dd:6c:b7:73:48:69:25:39:9a:b1:f0:
b7:70:ee:95:57:6b:42:48:10:91:eb:61:64:f4:5f:
74:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:AC:8A:72:E1:B6:40:D6:57:54:26:5B:CE:5B:12:61:DF:12:DE:4C
X509v3 Authority Key Identifier:
keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HKyKcuG2QNZXVCZbzlsSYd8S3kw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.46.128.0/21
194.0.24.0-194.0.26.255
IPv6:
2001:678:20::/48
2001:678:24::/48
2001:67c:1bc::/48
2a02:850:ffe0::/45
Signature Algorithm: sha256WithRSAEncryption
0b:ef:db:67:17:07:aa:85:d9:0c:81:37:4c:d7:30:6a:a6:51:
d3:94:25:c0:fc:d1:00:4a:57:b1:e3:9c:67:a5:4b:fb:c5:7c:
c3:3b:14:34:47:e8:47:a0:86:93:2b:97:3d:73:ca:5e:b4:4e:
e4:6b:ec:9f:d2:14:a7:81:a7:bc:f2:19:e9:dc:f2:51:66:45:
97:35:75:68:27:e5:24:75:b8:68:1c:a1:7d:a9:29:01:90:52:
9f:21:f9:43:b7:9a:db:15:41:a5:be:af:53:65:5f:d4:33:58:
d6:a1:5d:e3:39:f6:22:31:4a:f0:93:1f:31:3d:07:5b:17:48:
79:8d:44:72:bd:c6:4e:bc:b9:20:e9:48:60:a3:78:73:9a:3c:
b6:88:22:ba:b2:86:52:89:b1:d8:64:f9:6a:2b:65:30:e6:32:
d2:c7:ec:a7:57:45:00:c1:79:e9:4b:d0:e6:96:04:6f:58:ed:
ab:f3:04:b0:e4:91:e4:68:72:f1:5c:a1:b4:3a:a7:93:c4:dc:
f9:4c:44:4c:75:53:80:b3:8f:81:ae:31:2c:dd:81:b8:f7:78:
a5:9b:75:ff:45:97:a5:be:49:b2:47:c2:9e:19:27:33:cf:04:
75:2b:62:4a:a4:1b:71:a0:14:bd:80:9b:44:14:09:e5:cb:33:
e9:2a:9f:fd
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQgaGxsTnu9nxSgqxYz2uHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FjOGE3MmUxYjY0MGQ2NTc1NDI2NWJjZTViMTI2MWRmMTJkZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXK2cyp1cIouYK8BKG4wSpE0tcNg
+rcRip5JZ0Aj1IXVFmaBgjb9UYm0bbKkMa06AI9iq7h31Kgn4t4cTyQfYAA+JpKV
po8c5YpLEvnRxEK7xdBDK6dZ6qsAMMc9K3jEsb6HkYOGjnEEwBXGe4QxotY2FlUL
eH3c/kScrOaeylA1asdgCX4V8C/7WlkOF6MlqZWoWoPWLcmYpIoxz0oUpMBMkhT+
DAl4X3i7N7h5KAgrPqg+uFdfds1X8VSQsJUD5KVrdxzuWXzKpwjuvEu5dWe4Pd0/
oedG8fe/uFRqD3FmY+cs3Wy3c0hpJTmasfC3cO6VV2tCSBCR62Fk9F90LQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFBysinLhtkDWV1QmW85bEmHfEt5MMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvSEt5S2N1RzJRTlpYVkNaYnpsc1NZZDhTM2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAaBAIAATAUAwQDwS6AMAwD
BAPCABgDBADCABowKgQCAAIwJAMHACABBngAIAMHACABBngAJAMHACABBnwBvAMH
AyoCCFD/4DANBgkqhkiG9w0BAQsFAAOCAQEAC+/bZxcHqoXZDIE3TNcwaqZR05Ql
wPzRAEpXseOcZ6VL+8V8wzsUNEfoR6CGkyuXPXPKXrRO5Gvsn9IUp4GnvPIZ6dzy
UWZFlzV1aCflJHW4aByhfakpAZBSnyH5Q7ea2xVBpb6vU2Vf1DNY1qFd4zn2IjFK
8JMfMT0HWxdIeY1Ecr3GTry5IOlIYKN4c5o8togiurKGUomx2GT5aitlMOYy0sfs
p1dFAMF56UvQ5pYEb1jtq/MEsOSR5Ghy8VyhtDqnk8Tc+UxETHVTgLOPga4xLN2B
uPd4pZt1/0WXpb5JskfCnhknM88EdStiSqQbcaAUvYCbRBQJ5csz6Sqf/Q==
-----END CERTIFICATE-----
Generated at Fri Apr 18 15:09:41 2025 by rpki-client