Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/582b7f-60c3-411a-9625-32da1db4b203/1/BIAxUnW_hCjMRjCzGvcDZv9IbZI.roa
File: BIAxUnW_hCjMRjCzGvcDZv9IbZI.roa (raw, json)
Hash identifier: lpTkJGPX7x3xgf0arKc8U2BOXhSzOpi1sRj7xRP++p4=
Subject key identifier: 04:80:31:52:75:BF:84:28:CC:46:30:B3:1A:F7:03:66:FF:48:6D:92
Certificate issuer: /CN=c70dbf555870b556acfab428c74eacee56f7b222
Certificate serial: 0194236A36F6DD84EEF520D2FA1B2383AC2A
Authority key identifier: C7:0D:BF:55:58:70:B5:56:AC:FA:B4:28:C7:4E:AC:EE:56:F7:B2:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xw2_VVhwtVas-rQox06s7lb3siI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/582b7f-60c3-411a-9625-32da1db4b203/1/BIAxUnW_hCjMRjCzGvcDZv9IbZI.roa
Signing time: Wed 01 Jan 2025 19:49:10 +0000
ROA not before: Wed 01 Jan 2025 19:49:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202096
IP address blocks: 185.53.136.0/22 maxlen: 22
185.53.136.0/23 maxlen: 23
185.53.138.0/23 maxlen: 23
2a02:2d20::/32 maxlen: 32
2a02:2d20::/48 maxlen: 48
2a02:2d20:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/582b7f-60c3-411a-9625-32da1db4b203/1/xw2_VVhwtVas-rQox06s7lb3siI.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/582b7f-60c3-411a-9625-32da1db4b203/1/xw2_VVhwtVas-rQox06s7lb3siI.mft
rsync://rpki.ripe.net/repository/DEFAULT/xw2_VVhwtVas-rQox06s7lb3siI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 22:01:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:36:f6:dd:84:ee:f5:20:d2:fa:1b:23:83:ac:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c70dbf555870b556acfab428c74eacee56f7b222
Validity
Not Before: Jan 1 19:49:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0480315275bf8428cc4630b31af70366ff486d92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:a9:e0:dc:ec:00:69:d2:af:34:f6:62:3a:56:
8b:a4:62:23:2b:98:62:19:e1:6b:4d:e0:1b:bf:cf:
56:e3:ee:47:f2:a5:f4:1d:22:2c:bf:14:6b:a7:73:
40:7d:80:06:16:56:66:f5:fc:e5:87:2f:90:83:32:
10:b1:00:88:ba:00:93:d1:98:6d:d3:67:79:84:c1:
74:c6:cf:9c:aa:1c:6f:45:21:5e:08:a5:e8:1d:25:
c3:5e:66:3f:c9:f3:43:8a:94:a4:c9:45:a9:6b:3c:
70:81:44:ac:47:06:65:be:36:4d:e2:60:ff:ba:6d:
2d:9f:53:a0:d2:08:75:d5:04:f0:e0:b4:36:12:ea:
48:c2:3c:f0:b4:70:7a:9f:9d:81:7b:d7:5d:07:f6:
0f:62:91:f5:8c:f3:63:32:6c:3c:51:06:d6:3c:73:
81:25:2e:18:4b:cf:51:2a:99:76:1f:6f:01:50:25:
4b:86:20:47:14:64:d3:c0:72:2b:95:78:f8:76:1b:
c2:1e:c5:21:e9:ea:c8:e5:34:71:a1:7e:aa:3d:28:
58:4b:96:38:a5:c3:d5:84:3d:2e:f4:a7:37:05:f1:
8a:0a:08:16:b6:25:94:8c:4b:d5:f6:ba:17:2f:b6:
70:3e:57:95:bc:4a:13:2f:45:ca:c3:40:cb:f9:c2:
64:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:80:31:52:75:BF:84:28:CC:46:30:B3:1A:F7:03:66:FF:48:6D:92
X509v3 Authority Key Identifier:
keyid:C7:0D:BF:55:58:70:B5:56:AC:FA:B4:28:C7:4E:AC:EE:56:F7:B2:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xw2_VVhwtVas-rQox06s7lb3siI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/582b7f-60c3-411a-9625-32da1db4b203/1/BIAxUnW_hCjMRjCzGvcDZv9IbZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/582b7f-60c3-411a-9625-32da1db4b203/1/xw2_VVhwtVas-rQox06s7lb3siI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.53.136.0/22
IPv6:
2a02:2d20::/32
Signature Algorithm: sha256WithRSAEncryption
05:06:45:d4:db:1e:5c:4f:da:73:1c:61:e8:7f:d1:c0:31:12:
70:27:5e:d2:c9:1a:74:72:db:51:ba:e9:25:e9:d6:66:df:eb:
b9:b0:0b:36:8e:72:e1:20:65:42:c1:81:01:2d:b4:d1:17:0c:
3b:5d:ff:a7:b0:cd:96:cd:74:b4:3c:3a:25:75:77:88:fa:8f:
66:46:12:6e:e4:c7:bb:c9:11:b6:98:0b:f1:fe:97:57:64:7b:
97:e8:bb:b4:af:eb:99:5d:b3:12:83:37:4a:6c:1a:27:74:25:
c0:c1:fc:69:2b:08:f9:40:33:0a:bf:9c:2d:e1:cc:5b:23:77:
37:1e:79:0d:82:d2:8f:80:e7:8c:f8:c9:ad:2a:1f:bb:73:ca:
2d:1e:ae:6a:a3:bb:be:79:5e:d5:0e:49:33:f7:e8:08:69:43:
77:fb:22:fe:14:aa:b5:e5:6d:04:96:e8:9f:f3:bd:96:fc:f0:
31:63:15:a5:db:51:61:bb:bc:ae:9d:56:58:b7:23:01:a9:3d:
69:cc:e2:c1:51:66:b7:83:c8:20:86:b5:6b:41:10:4a:1a:ee:
37:cb:75:f2:14:e2:62:ac:3d:6b:48:7e:6f:65:42:ad:94:d3:
e0:7c:c9:4c:f3:b4:c0:78:31:92:0e:a1:77:04:95:e0:da:02:
b1:de:ca:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjajb23YTu9SDS+hsjg6wqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MGRiZjU1NTg3MGI1NTZhY2ZhYjQyOGM3NGVhY2VlNTZm
N2IyMjIwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDgwMzE1Mjc1YmY4NDI4Y2M0NjMwYjMxYWY3MDM2NmZmNDg2ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ang3OwAadKvNPZiOlaLpGIjK5hi
GeFrTeAbv89W4+5H8qX0HSIsvxRrp3NAfYAGFlZm9fzlhy+QgzIQsQCIugCT0Zht
02d5hMF0xs+cqhxvRSFeCKXoHSXDXmY/yfNDipSkyUWpazxwgUSsRwZlvjZN4mD/
um0tn1Og0gh11QTw4LQ2EupIwjzwtHB6n52Be9ddB/YPYpH1jPNjMmw8UQbWPHOB
JS4YS89RKpl2H28BUCVLhiBHFGTTwHIrlXj4dhvCHsUh6erI5TRxoX6qPShYS5Y4
pcPVhD0u9Kc3BfGKCggWtiWUjEvV9roXL7ZwPleVvEoTL0XKw0DL+cJk9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFASAMVJ1v4QozEYwsxr3A2b/SG2SMB8GA1UdIwQY
MBaAFMcNv1VYcLVWrPq0KMdOrO5W97IiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHcyX1ZWaHd0VmFzLXJRb3gwNnM3bGIzc2lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ODJiN2YtNjBjMy00MTFhLTk2MjUt
MzJkYTFkYjRiMjAzLzEvQklBeFVuV19oQ2pNUmpDekd2Y0RadjlJYlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ODJiN2YtNjBjMy00MTFhLTk2MjUtMzJkYTFkYjRiMjAz
LzEveHcyX1ZWaHd0VmFzLXJRb3gwNnM3bGIzc2lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTWIMA0E
AgACMAcDBQAqAi0gMA0GCSqGSIb3DQEBCwUAA4IBAQAFBkXU2x5cT9pzHGHof9HA
MRJwJ17SyRp0cttRuukl6dZm3+u5sAs2jnLhIGVCwYEBLbTRFww7Xf+nsM2WzXS0
PDoldXeI+o9mRhJu5Me7yRG2mAvx/pdXZHuX6Lu0r+uZXbMSgzdKbBondCXAwfxp
Kwj5QDMKv5wt4cxbI3c3HnkNgtKPgOeM+MmtKh+7c8otHq5qo7u+eV7VDkkz9+gI
aUN3+yL+FKq15W0Eluif872W/PAxYxWl21Fhu7yunVZYtyMBqT1pzOLBUWa3g8gg
hrVrQRBKGu43y3XyFOJirD1rSH5vZUKtlNPgfMlM87TAeDGSDqF3BJXg2gKx3so2
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:19:23 2025 by rpki-client