Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/efb2d1-c5cb-4143-aa88-610072d80115/1/y8OPBhGIRdnRfns2wStFC7bDr4o.roa
File: y8OPBhGIRdnRfns2wStFC7bDr4o.roa (raw, json)
Hash identifier: J10wvmClCuf9chJ2RyDKTPdaCtqaxXBdRLqjfTXblX8=
Subject key identifier: CB:C3:8F:06:11:88:45:D9:D1:7E:7B:36:C1:2B:45:0B:B6:C3:AF:8A
Certificate issuer: /CN=5be8fe8827bdc609355509e0c9e80eab21f9cdc3
Certificate serial: 01946F665B84A39C0F63FC62037799FB5B79
Authority key identifier: 5B:E8:FE:88:27:BD:C6:09:35:55:09:E0:C9:E8:0E:AB:21:F9:CD:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W-j-iCe9xgk1VQngyegOqyH5zcM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/31/efb2d1-c5cb-4143-aa88-610072d80115/1/y8OPBhGIRdnRfns2wStFC7bDr4o.roa
Signing time: Thu 16 Jan 2025 13:56:06 +0000
ROA not before: Thu 16 Jan 2025 13:56:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6802
IP address blocks: 194.141.0.0/16 maxlen: 16
194.141.0.0/24 maxlen: 24
194.141.1.0/24 maxlen: 24
194.141.2.0/24 maxlen: 24
194.141.3.0/24 maxlen: 24
194.141.4.0/24 maxlen: 24
194.141.5.0/24 maxlen: 24
194.141.6.0/24 maxlen: 24
194.141.8.0/24 maxlen: 24
194.141.9.0/24 maxlen: 24
194.141.12.0/24 maxlen: 24
194.141.15.0/24 maxlen: 24
194.141.16.0/22 maxlen: 22
194.141.22.0/24 maxlen: 24
194.141.24.0/21 maxlen: 21
194.141.32.0/22 maxlen: 22
194.141.37.0/24 maxlen: 24
194.141.38.0/23 maxlen: 23
194.141.40.0/24 maxlen: 24
194.141.41.0/24 maxlen: 24
194.141.43.0/24 maxlen: 24
194.141.44.0/23 maxlen: 23
194.141.47.0/24 maxlen: 24
194.141.51.0/24 maxlen: 24
194.141.52.0/22 maxlen: 22
194.141.56.0/23 maxlen: 23
194.141.64.0/23 maxlen: 23
194.141.66.0/24 maxlen: 24
194.141.67.0/24 maxlen: 24
194.141.68.0/24 maxlen: 24
194.141.69.0/24 maxlen: 24
194.141.72.0/22 maxlen: 22
194.141.78.0/24 maxlen: 24
194.141.79.0/24 maxlen: 24
194.141.84.0/24 maxlen: 24
194.141.86.0/24 maxlen: 24
194.141.88.0/21 maxlen: 21
194.141.104.0/21 maxlen: 21
194.141.112.0/24 maxlen: 24
194.141.113.0/24 maxlen: 24
194.141.116.0/22 maxlen: 22
194.141.116.0/23 maxlen: 23
194.141.118.0/24 maxlen: 24
194.141.119.0/24 maxlen: 24
194.141.221.0/24 maxlen: 24
194.141.222.0/24 maxlen: 24
194.141.225.0/24 maxlen: 24
194.141.226.0/24 maxlen: 24
194.141.227.0/24 maxlen: 24
194.141.228.0/22 maxlen: 22
194.141.232.0/21 maxlen: 21
194.141.240.0/24 maxlen: 24
194.141.241.0/24 maxlen: 24
194.141.242.0/24 maxlen: 24
194.141.243.0/24 maxlen: 24
194.141.245.0/24 maxlen: 24
2001:4b58::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/31/efb2d1-c5cb-4143-aa88-610072d80115/1/W-j-iCe9xgk1VQngyegOqyH5zcM.crl
rsync://rpki.ripe.net/repository/DEFAULT/31/efb2d1-c5cb-4143-aa88-610072d80115/1/W-j-iCe9xgk1VQngyegOqyH5zcM.mft
rsync://rpki.ripe.net/repository/DEFAULT/W-j-iCe9xgk1VQngyegOqyH5zcM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6f:66:5b:84:a3:9c:0f:63:fc:62:03:77:99:fb:5b:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5be8fe8827bdc609355509e0c9e80eab21f9cdc3
Validity
Not Before: Jan 16 13:56:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cbc38f06118845d9d17e7b36c12b450bb6c3af8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c0:ad:68:39:00:ec:22:4e:11:7b:2b:69:d8:
6c:ef:64:02:27:5f:a5:8e:88:3a:04:1d:32:61:2e:
84:3f:12:fb:49:8e:38:44:00:19:e1:0b:e1:8d:b7:
8c:ce:6f:3b:0a:3a:da:23:41:35:8e:64:68:66:2f:
23:8b:f3:51:b4:57:49:24:76:d6:3d:d6:52:6b:22:
2b:8f:6c:e0:4f:2e:34:d6:2e:3d:65:d8:f7:97:31:
57:89:d2:38:78:96:7e:2f:6e:4d:31:65:6c:03:c4:
44:1a:cf:6b:ef:06:04:ea:f6:01:91:3c:cd:89:fe:
5c:15:c6:84:79:bf:8d:79:5a:60:1d:64:45:74:ed:
f0:75:f6:49:1a:75:a8:96:b0:16:bc:ab:4d:3d:6a:
71:dd:b6:a4:fa:37:63:8f:0e:54:c0:21:aa:ba:72:
01:5d:2f:96:96:9a:f5:da:be:6a:f5:c8:68:8f:7d:
63:90:14:80:55:2e:3a:9e:d2:26:02:b4:51:9a:49:
b2:49:67:9e:a5:b9:83:a6:ff:96:77:f3:80:2a:37:
92:fa:d9:9e:1d:7c:54:0f:a3:9e:d0:97:77:2a:6a:
8f:27:be:ca:97:de:c0:f2:d0:1e:d2:91:99:a5:f7:
fb:e6:64:df:ab:b2:91:98:fe:78:65:bd:c9:44:03:
96:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:C3:8F:06:11:88:45:D9:D1:7E:7B:36:C1:2B:45:0B:B6:C3:AF:8A
X509v3 Authority Key Identifier:
keyid:5B:E8:FE:88:27:BD:C6:09:35:55:09:E0:C9:E8:0E:AB:21:F9:CD:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-j-iCe9xgk1VQngyegOqyH5zcM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/efb2d1-c5cb-4143-aa88-610072d80115/1/y8OPBhGIRdnRfns2wStFC7bDr4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/31/efb2d1-c5cb-4143-aa88-610072d80115/1/W-j-iCe9xgk1VQngyegOqyH5zcM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.141.0.0/16
IPv6:
2001:4b58::/32
Signature Algorithm: sha256WithRSAEncryption
66:3e:7b:2e:53:f1:fe:dd:89:96:03:28:b8:22:f1:07:ea:b9:
8c:39:ef:2e:9a:d1:b8:bc:af:ed:90:7e:a4:9d:68:5f:73:e0:
9d:ac:c7:7d:53:9a:16:8f:28:12:29:8c:ae:ea:d1:15:0c:6a:
02:2c:7f:4d:c2:81:d4:5b:2f:eb:99:27:4a:71:82:4c:d7:c1:
9c:0a:0e:47:6d:67:81:ae:cb:f8:0a:0c:18:ce:b9:bd:c8:f2:
57:4d:dc:28:ae:31:6d:d7:62:5b:bd:1b:26:69:95:d8:c3:8a:
01:f7:06:6b:d2:48:d4:65:9f:19:63:25:2a:74:dd:dd:fb:d3:
c8:c6:a1:15:fc:85:83:dc:1e:b2:3d:2a:e1:6b:fc:92:e2:fd:
2f:73:f5:7a:94:2e:c3:8d:e8:d3:83:57:73:a0:b7:d6:3b:3d:
72:8d:a4:24:2f:a4:64:a5:8d:26:e8:d7:39:55:fc:a3:d0:ca:
b9:2a:92:c8:0e:98:06:3e:04:68:bb:56:7f:aa:04:16:5d:6d:
6c:4e:9e:f6:f3:fa:e8:de:0c:53:6a:5c:f4:be:8f:48:01:7a:
55:5c:53:b6:25:3a:e9:42:2b:a6:e1:d7:7d:84:8b:4f:fb:a9:
14:d2:b6:e0:19:1d:d0:78:a6:e6:94:03:ac:0b:b3:c0:b2:0a:
6b:e6:e1:b0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZRvZluEo5wPY/xiA3eZ+1t5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZThmZTg4MjdiZGM2MDkzNTU1MDllMGM5ZTgwZWFiMjFm
OWNkYzMwHhcNMjUwMTE2MTM1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmMzOGYwNjExODg0NWQ5ZDE3ZTdiMzZjMTJiNDUwYmI2YzNhZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8CtaDkA7CJOEXsradhs72QCJ1+l
jog6BB0yYS6EPxL7SY44RAAZ4QvhjbeMzm87CjraI0E1jmRoZi8ji/NRtFdJJHbW
PdZSayIrj2zgTy401i49Zdj3lzFXidI4eJZ+L25NMWVsA8REGs9r7wYE6vYBkTzN
if5cFcaEeb+NeVpgHWRFdO3wdfZJGnWolrAWvKtNPWpx3bak+jdjjw5UwCGqunIB
XS+Wlpr12r5q9choj31jkBSAVS46ntImArRRmkmySWeepbmDpv+Wd/OAKjeS+tme
HXxUD6Oe0Jd3KmqPJ77Kl97A8tAe0pGZpff75mTfq7KRmP54Zb3JRAOWawIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMvDjwYRiEXZ0X57NsErRQu2w6+KMB8GA1UdIwQY
MBaAFFvo/ognvcYJNVUJ4MnoDqsh+c3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1qLWlDZTl4Z2sxVlFuZ3llZ09xeUg1emNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9lZmIyZDEtYzVjYi00MTQzLWFhODgt
NjEwMDcyZDgwMTE1LzEveThPUEJoR0lSZG5SZm5zMndTdEZDN2JEcjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9lZmIyZDEtYzVjYi00MTQzLWFhODgtNjEwMDcyZDgwMTE1
LzEvVy1qLWlDZTl4Z2sxVlFuZ3llZ09xeUg1emNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAwo0wDQQC
AAIwBwMFACABS1gwDQYJKoZIhvcNAQELBQADggEBAGY+ey5T8f7diZYDKLgi8Qfq
uYw57y6a0bi8r+2QfqSdaF9z4J2sx31TmhaPKBIpjK7q0RUMagIsf03CgdRbL+uZ
J0pxgkzXwZwKDkdtZ4Guy/gKDBjOub3I8ldN3CiuMW3XYlu9GyZpldjDigH3BmvS
SNRlnxljJSp03d3708jGoRX8hYPcHrI9KuFr/JLi/S9z9XqULsON6NODV3Ogt9Y7
PXKNpCQvpGSljSbo1zlV/KPQyrkqksgOmAY+BGi7Vn+qBBZdbWxOnvbz+ujeDFNq
XPS+j0gBelVcU7YlOulCK6bh132Ei0/7qRTStuAZHdB4puaUA6wLs8CyCmvm4bA=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:57:13 2025 by rpki-client