Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/JBBfWvBvIPbMFEPW3wW2A3eZfMw.roa
File: JBBfWvBvIPbMFEPW3wW2A3eZfMw.roa (raw, json)
Hash identifier: HPVfysoAPIIkBoYBVqV/VP2S0bfAf3Hk6zV6kpgHup8=
Subject key identifier: 24:10:5F:5A:F0:6F:20:F6:CC:14:43:D6:DF:05:B6:03:77:99:7C:CC
Certificate issuer: /CN=89af8769339703da3b0cb5e831023d3bf63f022e
Certificate serial: 01942067B92381525DFEF9A24F09A59DDC8F
Authority key identifier: 89:AF:87:69:33:97:03:DA:3B:0C:B5:E8:31:02:3D:3B:F6:3F:02:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/JBBfWvBvIPbMFEPW3wW2A3eZfMw.roa
Signing time: Wed 01 Jan 2025 05:47:36 +0000
ROA not before: Wed 01 Jan 2025 05:47:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50661
IP address blocks: 109.197.96.0/21 maxlen: 22
109.207.144.0/20 maxlen: 21
185.167.32.0/22 maxlen: 23
192.166.32.0/22 maxlen: 22
195.191.180.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.mft
rsync://rpki.ripe.net/repository/DEFAULT/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Apr 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:b9:23:81:52:5d:fe:f9:a2:4f:09:a5:9d:dc:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89af8769339703da3b0cb5e831023d3bf63f022e
Validity
Not Before: Jan 1 05:47:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=24105f5af06f20f6cc1443d6df05b60377997ccc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a2:f8:65:a8:68:c7:b6:85:13:bb:5d:84:c9:
1e:6f:5e:b6:fd:03:be:96:67:65:30:36:d9:7c:0f:
3c:dc:50:10:74:6e:79:50:4c:12:80:f3:79:ca:ea:
34:cd:e8:c5:9f:b8:6b:0b:10:7e:99:e6:85:34:1a:
30:69:12:33:30:60:cc:32:a4:d9:33:93:f5:09:9a:
3e:41:0f:42:d3:3b:62:80:60:4f:b1:36:6e:d4:c8:
6a:e1:f8:90:96:df:77:49:cc:49:0f:71:95:f4:70:
43:c8:53:48:34:f9:27:47:48:8a:bd:7b:2b:c6:bd:
9b:78:bf:5d:2d:65:b0:ad:80:12:56:71:74:2d:77:
8a:80:0d:71:e9:11:33:75:9a:27:5c:0d:2f:31:d6:
04:33:1e:55:3b:dc:74:a9:12:77:e4:dd:75:a5:f7:
12:a2:a6:ac:72:da:ff:20:e2:a9:a2:19:bf:c0:2d:
19:99:b5:5b:e1:46:64:a1:17:89:13:12:76:61:f5:
eb:46:77:16:7a:30:f5:87:61:18:9d:d6:ba:c5:03:
d6:4a:9e:1c:ae:07:29:0a:a2:2b:ed:c6:4c:34:67:
76:de:53:d5:52:d3:ad:54:c4:98:77:2e:48:77:ad:
29:c4:1a:08:df:aa:2c:fe:d6:5e:95:14:62:84:b6:
0a:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:10:5F:5A:F0:6F:20:F6:CC:14:43:D6:DF:05:B6:03:77:99:7C:CC
X509v3 Authority Key Identifier:
keyid:89:AF:87:69:33:97:03:DA:3B:0C:B5:E8:31:02:3D:3B:F6:3F:02:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/JBBfWvBvIPbMFEPW3wW2A3eZfMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.197.96.0/21
109.207.144.0/20
185.167.32.0/22
192.166.32.0/22
195.191.180.0/23
Signature Algorithm: sha256WithRSAEncryption
26:4b:99:4d:f9:ed:8e:16:68:82:c8:63:9e:55:3f:06:6d:ae:
db:07:e5:bf:8d:f0:5a:9c:83:78:13:c6:23:cc:d9:88:06:f5:
ca:a4:d7:54:0b:3e:eb:31:91:e9:67:7a:1a:d3:47:86:45:87:
ee:c1:60:88:bc:c1:30:55:2b:8d:42:02:3c:cd:cd:15:ae:20:
17:45:e2:16:d9:ab:4d:f5:d0:7b:4c:04:23:26:f5:9f:3c:f4:
5a:67:52:2d:b0:a8:d3:cb:b9:15:84:66:e7:e4:18:98:d4:bb:
ea:c1:dc:f8:5d:cd:5d:24:1f:f6:bb:f3:84:a7:46:a6:92:cc:
03:62:08:f9:d1:62:41:f3:09:7c:28:1c:32:08:95:9d:80:06:
22:5a:33:97:de:6f:f8:c4:29:7c:94:93:62:4a:a4:78:aa:15:
8e:29:f9:4f:a1:29:fe:99:e2:f4:f6:71:bd:14:13:a4:97:38:
a8:9a:46:5b:c7:76:33:79:26:50:2e:ee:43:25:74:28:47:7d:
f7:6e:72:08:39:37:71:ef:c9:59:37:d5:4b:59:4d:67:98:d1:
ee:d3:09:7a:5d:9b:6a:f5:f8:83:9b:13:6b:e8:e9:5f:eb:31:
14:6e:c6:cd:d0:a7:d3:dd:05:5b:b8:14:6f:2a:a2:33:c4:7d:
d4:8e:d4:be
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQgZ7kjgVJd/vmiTwmlndyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWY4NzY5MzM5NzAzZGEzYjBjYjVlODMxMDIzZDNiZjYz
ZjAyMmUwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDEwNWY1YWYwNmYyMGY2Y2MxNDQzZDZkZjA1YjYwMzc3OTk3Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaL4Zahox7aFE7tdhMkeb162/QO+
lmdlMDbZfA883FAQdG55UEwSgPN5yuo0zejFn7hrCxB+meaFNBowaRIzMGDMMqTZ
M5P1CZo+QQ9C0ztigGBPsTZu1Mhq4fiQlt93ScxJD3GV9HBDyFNINPknR0iKvXsr
xr2beL9dLWWwrYASVnF0LXeKgA1x6REzdZonXA0vMdYEMx5VO9x0qRJ35N11pfcS
oqasctr/IOKpohm/wC0ZmbVb4UZkoReJExJ2YfXrRncWejD1h2EYnda6xQPWSp4c
rgcpCqIr7cZMNGd23lPVUtOtVMSYdy5Id60pxBoI36os/tZelRRihLYKwwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCQQX1rwbyD2zBRD1t8FtgN3mXzMMB8GA1UdIwQY
MBaAFImvh2kzlwPaOwy16DECPTv2PwIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWEtSGFUT1hBOW83RExYb01RSTlPX1lfQWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81ZTgyZDYtYzYxMS00MGFkLTk1OGUt
MzAxZTQ2NTRkZGY2LzEvSkJCZld2QnZJUGJNRkVQVzN3VzJBM2VaZk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81ZTgyZDYtYzYxMS00MGFkLTk1OGUtMzAxZTQ2NTRkZGY2
LzEvaWEtSGFUT1hBOW83RExYb01RSTlPX1lfQWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDbcVgAwQE
bc+QAwQCuacgAwQCwKYgAwQBw7+0MA0GCSqGSIb3DQEBCwUAA4IBAQAmS5lN+e2O
FmiCyGOeVT8Gba7bB+W/jfBanIN4E8YjzNmIBvXKpNdUCz7rMZHpZ3oa00eGRYfu
wWCIvMEwVSuNQgI8zc0VriAXReIW2atN9dB7TAQjJvWfPPRaZ1ItsKjTy7kVhGbn
5BiY1Lvqwdz4Xc1dJB/2u/OEp0amkswDYgj50WJB8wl8KBwyCJWdgAYiWjOX3m/4
xCl8lJNiSqR4qhWOKflPoSn+meL09nG9FBOklziomkZbx3YzeSZQLu5DJXQoR333
bnIIOTdx78lZN9VLWU1nmNHu0wl6XZtq9fiDmxNr6Olf6zEUbsbN0KfT3QVbuBRv
KqIzxH3UjtS+
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:03:18 2025 by rpki-client