Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/yUsdU2ULQpT4CaBLrnJG--v6B4k.roa
File: yUsdU2ULQpT4CaBLrnJG--v6B4k.roa (raw, json)
Hash identifier: nFPDGUe2wiSsXpmHy1xpSDCHB5E3thvkbalz4PA2+qg=
Subject key identifier: C9:4B:1D:53:65:0B:42:94:F8:09:A0:4B:AE:72:46:FB:EB:FA:07:89
Certificate issuer: /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial: 019426D9C497A087AD20C4F050EB256CEAED
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/yUsdU2ULQpT4CaBLrnJG--v6B4k.roa
Signing time: Thu 02 Jan 2025 11:49:53 +0000
ROA not before: Thu 02 Jan 2025 11:49:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6810
IP address blocks: 31.168.36.0/23 maxlen: 24
79.177.128.0/18 maxlen: 24
79.181.128.0/18 maxlen: 24
85.130.128.0/18 maxlen: 24
85.130.192.0/18 maxlen: 24
85.130.192.0/19 maxlen: 24
109.67.128.0/18 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:c4:97:a0:87:ad:20:c4:f0:50:eb:25:6c:ea:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Validity
Not Before: Jan 2 11:49:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c94b1d53650b4294f809a04bae7246fbebfa0789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:c5:7a:ee:28:34:c6:41:9d:ff:f4:a6:e5:7c:
6f:82:61:c9:fc:87:44:b8:6b:a2:a9:85:47:79:aa:
7a:e1:98:d8:50:b5:72:b0:a3:1e:57:2d:cd:23:58:
23:60:0d:35:92:94:4e:74:a0:73:71:65:a9:15:63:
25:c6:e9:42:38:ca:d4:65:bb:a3:b0:10:79:fd:23:
fa:fc:4e:62:22:c5:59:d5:0b:35:97:b0:99:a6:a8:
4a:9c:4b:59:8c:aa:bc:cd:41:ec:ca:87:24:f2:41:
65:41:27:62:3c:be:cd:ac:79:35:20:cb:ac:0c:e0:
f4:51:ba:12:62:01:e6:16:b9:c6:fc:75:3a:40:6f:
96:03:c4:7c:1d:55:cb:1a:74:c0:e0:73:4a:fd:3a:
ef:3e:08:3a:fa:56:ca:a1:2e:92:47:23:1b:2d:a8:
18:5e:55:09:37:f3:71:9f:9d:7b:4b:3d:50:ea:73:
ac:83:9c:02:59:19:f3:48:7b:84:de:ad:d1:12:5b:
7b:d8:0c:72:c8:a2:93:f1:9e:fe:fc:83:08:ac:9c:
ae:a7:96:84:55:fb:6f:d9:7c:2b:19:80:50:61:2b:
d8:e9:76:1e:a6:1c:45:5d:f9:91:17:98:4b:54:c0:
7f:80:b4:85:3e:0a:41:52:75:58:ed:ed:18:2c:66:
58:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:4B:1D:53:65:0B:42:94:F8:09:A0:4B:AE:72:46:FB:EB:FA:07:89
X509v3 Authority Key Identifier:
keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/yUsdU2ULQpT4CaBLrnJG--v6B4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.168.36.0/23
79.177.128.0/18
79.181.128.0/18
85.130.128.0/17
109.67.128.0/18
Signature Algorithm: sha256WithRSAEncryption
1e:29:fa:94:68:ce:b9:ed:ba:65:36:aa:76:6b:d2:80:09:92:
e3:9c:f2:3a:4f:be:09:50:18:89:10:1d:16:7f:6f:9b:8d:7e:
96:f8:94:f6:94:81:89:2c:60:f3:aa:ba:f8:94:be:23:bc:e5:
b0:60:ed:8c:24:eb:d0:a7:1f:e4:4a:98:97:32:c6:61:5b:2b:
7e:c8:e7:a8:bd:9b:da:51:f3:44:b2:27:c5:c7:7b:41:e6:0e:
a6:b8:57:7e:87:9e:68:0d:ca:fc:b5:94:7c:bb:7d:6e:86:c9:
23:52:35:2c:20:95:8f:e1:18:1a:5c:44:41:8f:ea:ff:dd:a4:
1c:3a:91:85:ae:69:31:d3:e9:b8:dd:b2:0c:d8:d5:4c:27:b8:
5f:84:54:d8:30:fe:f3:f8:93:f1:78:78:48:49:d9:18:25:6d:
99:b4:09:cc:07:da:68:ce:81:a2:d1:60:bd:58:4f:59:a2:45:
79:dc:10:42:32:52:0f:32:6b:9f:84:2d:81:f3:c7:bc:5e:78:
9c:f6:65:16:07:30:a0:25:76:72:a6:0c:02:96:01:dc:2a:51:
83:37:4e:af:5c:e3:e7:2a:20:72:5b:cf:ec:f9:c5:f1:7c:bb:
01:00:37:16:bc:69:fc:db:a4:b4:f6:b7:84:06:46:8a:37:ff:
d9:8f:93:36
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQm2cSXoIetIMTwUOslbOrtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjUwMTAyMTE0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRiMWQ1MzY1MGI0Mjk0ZjgwOWEwNGJhZTcyNDZmYmViZmEwNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8V67ig0xkGd//Sm5XxvgmHJ/IdE
uGuiqYVHeap64ZjYULVysKMeVy3NI1gjYA01kpROdKBzcWWpFWMlxulCOMrUZbuj
sBB5/SP6/E5iIsVZ1Qs1l7CZpqhKnEtZjKq8zUHsyock8kFlQSdiPL7NrHk1IMus
DOD0UboSYgHmFrnG/HU6QG+WA8R8HVXLGnTA4HNK/TrvPgg6+lbKoS6SRyMbLagY
XlUJN/Nxn517Sz1Q6nOsg5wCWRnzSHuE3q3RElt72AxyyKKT8Z7+/IMIrJyup5aE
Vftv2XwrGYBQYSvY6XYephxFXfmRF5hLVMB/gLSFPgpBUnVY7e0YLGZYLwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMlLHVNlC0KU+AmgS65yRvvr+geJMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEveVVzZFUyVUxRcFQ0Q2FCTHJuSkctLXY2QjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBH6gkAwQG
T7GAAwQGT7WAAwQHVYKAAwQGbUOAMA0GCSqGSIb3DQEBCwUAA4IBAQAeKfqUaM65
7bplNqp2a9KACZLjnPI6T74JUBiJEB0Wf2+bjX6W+JT2lIGJLGDzqrr4lL4jvOWw
YO2MJOvQpx/kSpiXMsZhWyt+yOeovZvaUfNEsifFx3tB5g6muFd+h55oDcr8tZR8
u31uhskjUjUsIJWP4RgaXERBj+r/3aQcOpGFrmkx0+m43bIM2NVMJ7hfhFTYMP7z
+JPxeHhISdkYJW2ZtAnMB9pozoGi0WC9WE9ZokV53BBCMlIPMmufhC2B88e8Xnic
9mUWBzCgJXZypgwClgHcKlGDN06vXOPnKiByW8/s+cXxfLsBADcWvGn826S09reE
BkaKN//Zj5M2
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:39:23 2025 by rpki-client