Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/dac70f-f172-44ce-9be5-5af89e6cd055/1/HZBz5MrqBdAGlLzttgW8k7z_g5Y.roa
File: HZBz5MrqBdAGlLzttgW8k7z_g5Y.roa (raw, json)
Hash identifier: vKALeCSvoIMsQY1cUM7A8I/fEETWOT998Li6zTAWX7w=
Subject key identifier: 1D:90:73:E4:CA:EA:05:D0:06:94:BC:ED:B6:05:BC:93:BC:FF:83:96
Certificate issuer: /CN=5ad9f5beb6933484541ce56282c989ed6e8bdba3
Certificate serial: 019423D700CA4DF7D9DACB3EA89C076BB085
Authority key identifier: 5A:D9:F5:BE:B6:93:34:84:54:1C:E5:62:82:C9:89:ED:6E:8B:DB:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Wtn1vraTNIRUHOVigsmJ7W6L26M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/dac70f-f172-44ce-9be5-5af89e6cd055/1/HZBz5MrqBdAGlLzttgW8k7z_g5Y.roa
Signing time: Wed 01 Jan 2025 21:48:00 +0000
ROA not before: Wed 01 Jan 2025 21:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39217
IP address blocks: 185.53.148.0/22 maxlen: 22
185.53.148.0/24 maxlen: 24
185.132.168.0/22 maxlen: 22
185.173.244.0/22 maxlen: 22
194.79.56.0/22 maxlen: 22
2a00:4760::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/dac70f-f172-44ce-9be5-5af89e6cd055/1/Wtn1vraTNIRUHOVigsmJ7W6L26M.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/dac70f-f172-44ce-9be5-5af89e6cd055/1/Wtn1vraTNIRUHOVigsmJ7W6L26M.mft
rsync://rpki.ripe.net/repository/DEFAULT/Wtn1vraTNIRUHOVigsmJ7W6L26M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 11:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:00:ca:4d:f7:d9:da:cb:3e:a8:9c:07:6b:b0:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ad9f5beb6933484541ce56282c989ed6e8bdba3
Validity
Not Before: Jan 1 21:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1d9073e4caea05d00694bcedb605bc93bcff8396
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b6:d3:90:f3:79:51:5b:dd:2c:87:7e:f5:9b:
6c:1f:ba:17:0d:3a:a4:3a:35:68:02:75:11:5c:fb:
94:b5:99:68:0a:29:18:39:b8:15:56:3a:b2:d3:c4:
88:70:8e:df:ff:7c:29:13:67:44:9b:31:bc:9a:e0:
e8:1d:99:2a:94:ac:de:15:82:20:eb:09:dc:5b:2e:
66:7b:32:51:8b:89:93:c8:9c:3b:6b:40:9b:2f:02:
73:19:69:97:af:48:c2:08:1b:8e:7c:dd:da:dc:80:
de:1e:d3:ff:d7:0b:25:d0:0c:fe:82:ae:28:c5:eb:
3a:ca:be:ed:f7:87:2d:3a:4e:73:1e:4a:97:f2:6e:
8c:ee:10:2d:c9:22:f6:04:38:26:a0:21:37:f2:71:
c4:15:fd:a9:0b:fc:3d:d3:d3:e0:b1:6b:1d:1c:67:
0c:ae:c4:17:00:6f:cd:19:ca:87:56:dc:41:3b:dd:
79:4c:04:7c:2a:05:34:11:d4:43:f5:b1:56:54:51:
3d:5f:2d:d0:d1:71:11:2e:41:f2:39:4f:44:90:55:
33:a8:21:25:40:1a:27:56:19:58:e1:00:fe:2e:76:
49:2a:00:0d:bf:d7:fa:db:ba:d8:25:55:b9:43:a8:
97:e8:41:d7:6d:58:fc:b0:5e:ee:2f:b8:ed:17:c0:
49:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:90:73:E4:CA:EA:05:D0:06:94:BC:ED:B6:05:BC:93:BC:FF:83:96
X509v3 Authority Key Identifier:
keyid:5A:D9:F5:BE:B6:93:34:84:54:1C:E5:62:82:C9:89:ED:6E:8B:DB:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wtn1vraTNIRUHOVigsmJ7W6L26M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dac70f-f172-44ce-9be5-5af89e6cd055/1/HZBz5MrqBdAGlLzttgW8k7z_g5Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dac70f-f172-44ce-9be5-5af89e6cd055/1/Wtn1vraTNIRUHOVigsmJ7W6L26M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.53.148.0/22
185.132.168.0/22
185.173.244.0/22
194.79.56.0/22
IPv6:
2a00:4760::/32
Signature Algorithm: sha256WithRSAEncryption
04:2c:cd:c0:e0:6e:76:9b:3c:a7:5d:d8:80:cc:b2:cb:75:dc:
80:a3:99:1d:ca:50:1e:20:ac:8d:7b:f6:8d:3f:5e:cc:5a:a6:
65:1b:9b:a8:54:9d:8d:91:a9:b8:2d:0d:5e:25:e9:ba:36:95:
50:2c:04:9d:6f:42:87:89:60:ed:99:62:f9:d7:55:06:1f:c4:
c5:4b:01:04:9e:f6:2a:b1:a9:39:4d:53:e2:53:45:54:4c:b2:
75:64:26:ea:8d:12:6e:4f:e2:59:eb:34:cc:56:fe:46:b2:46:
b2:70:8a:54:d9:18:6e:b0:31:67:e8:2f:86:b0:b1:a9:6d:f7:
38:67:a2:17:1f:a0:a0:2e:3b:c9:0b:c8:72:1e:74:a2:7e:5a:
a6:ae:a4:e3:69:4b:74:a5:1f:13:93:46:76:47:63:de:1d:b6:
69:56:7c:37:e2:91:7e:55:9f:25:13:bd:99:02:c3:d0:89:9f:
ab:68:52:f5:cb:2c:d2:92:3c:09:0e:54:2b:2b:04:16:1a:6f:
97:0e:e9:ca:c4:54:5d:25:d7:34:d8:8d:2d:20:e3:a9:d0:d9:
26:cc:07:e5:e9:f7:84:3b:f3:9d:2e:ec:30:fa:b0:12:2c:5a:
68:03:91:e2:01:5b:45:e2:b7:54:7c:d7:68:d3:15:7c:83:bc:
d4:bb:b9:ab
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQj1wDKTffZ2ss+qJwHa7CFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDlmNWJlYjY5MzM0ODQ1NDFjZTU2MjgyYzk4OWVkNmU4
YmRiYTMwHhcNMjUwMTAxMjE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDkwNzNlNGNhZWEwNWQwMDY5NGJjZWRiNjA1YmM5M2JjZmY4Mzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbbTkPN5UVvdLId+9ZtsH7oXDTqk
OjVoAnURXPuUtZloCikYObgVVjqy08SIcI7f/3wpE2dEmzG8muDoHZkqlKzeFYIg
6wncWy5mezJRi4mTyJw7a0CbLwJzGWmXr0jCCBuOfN3a3IDeHtP/1wsl0Az+gq4o
xes6yr7t94ctOk5zHkqX8m6M7hAtySL2BDgmoCE38nHEFf2pC/w909PgsWsdHGcM
rsQXAG/NGcqHVtxBO915TAR8KgU0EdRD9bFWVFE9Xy3Q0XERLkHyOU9EkFUzqCEl
QBonVhlY4QD+LnZJKgANv9f627rYJVW5Q6iX6EHXbVj8sF7uL7jtF8BJZwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFB2Qc+TK6gXQBpS87bYFvJO8/4OWMB8GA1UdIwQY
MBaAFFrZ9b62kzSEVBzlYoLJie1ui9ujMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RuMXZyYVROSVJVSE9WaWdzbUo3VzZMMjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kYWM3MGYtZjE3Mi00NGNlLTliZTUt
NWFmODllNmNkMDU1LzEvSFpCejVNcnFCZEFHbEx6dHRnVzhrN3pfZzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kYWM3MGYtZjE3Mi00NGNlLTliZTUtNWFmODllNmNkMDU1
LzEvV3RuMXZyYVROSVJVSE9WaWdzbUo3VzZMMjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuTWUAwQC
uYSoAwQCua30AwQCwk84MA0EAgACMAcDBQAqAEdgMA0GCSqGSIb3DQEBCwUAA4IB
AQAELM3A4G52mzynXdiAzLLLddyAo5kdylAeIKyNe/aNP17MWqZlG5uoVJ2Nkam4
LQ1eJem6NpVQLASdb0KHiWDtmWL511UGH8TFSwEEnvYqsak5TVPiU0VUTLJ1ZCbq
jRJuT+JZ6zTMVv5GskaycIpU2RhusDFn6C+GsLGpbfc4Z6IXH6CgLjvJC8hyHnSi
flqmrqTjaUt0pR8Tk0Z2R2PeHbZpVnw34pF+VZ8lE72ZAsPQiZ+raFL1yyzSkjwJ
DlQrKwQWGm+XDunKxFRdJdc02I0tIOOp0NkmzAfl6feEO/OdLuww+rASLFpoA5Hi
AVtF4rdUfNdo0xV8g7zUu7mr
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:50:39 2025 by rpki-client