Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/64d910-945c-42e8-bb44-62821c2c299f/1/P2VGtgj0Ve3JifdhxGXEPs8bYHw.roa
File: P2VGtgj0Ve3JifdhxGXEPs8bYHw.roa (raw, json)
Hash identifier: krJRUyY9FgbmyjCpGEy7bhvyTA1VoPtEkFekALAvh2k=
Subject key identifier: 3F:65:46:B6:08:F4:55:ED:C9:89:F7:61:C4:65:C4:3E:CF:1B:60:7C
Certificate issuer: /CN=0950228904b9dbeb4792a697727e36aafd84d2e9
Certificate serial: 0194206828616DCAF3A92601941525F94C15
Authority key identifier: 09:50:22:89:04:B9:DB:EB:47:92:A6:97:72:7E:36:AA:FD:84:D2:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CVAiiQS52-tHkqaXcn42qv2E0uk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/64d910-945c-42e8-bb44-62821c2c299f/1/P2VGtgj0Ve3JifdhxGXEPs8bYHw.roa
Signing time: Wed 01 Jan 2025 05:48:04 +0000
ROA not before: Wed 01 Jan 2025 05:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199008
IP address blocks: 176.122.48.0/24 maxlen: 24
176.122.49.0/24 maxlen: 24
176.122.50.0/24 maxlen: 24
176.122.51.0/24 maxlen: 24
176.122.52.0/22 maxlen: 22
176.122.55.0/24 maxlen: 24
176.122.56.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/64d910-945c-42e8-bb44-62821c2c299f/1/CVAiiQS52-tHkqaXcn42qv2E0uk.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/64d910-945c-42e8-bb44-62821c2c299f/1/CVAiiQS52-tHkqaXcn42qv2E0uk.mft
rsync://rpki.ripe.net/repository/DEFAULT/CVAiiQS52-tHkqaXcn42qv2E0uk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 04:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:28:61:6d:ca:f3:a9:26:01:94:15:25:f9:4c:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0950228904b9dbeb4792a697727e36aafd84d2e9
Validity
Not Before: Jan 1 05:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f6546b608f455edc989f761c465c43ecf1b607c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:2f:a2:ac:5f:95:60:a5:e8:72:89:75:9e:6b:
94:97:63:96:a5:0a:d5:98:a3:f7:4b:85:dd:b3:27:
ea:5f:e2:1e:2d:ec:68:e5:59:ef:99:2c:f4:ce:4e:
e0:91:c1:27:9f:28:a6:73:4a:37:65:2f:0a:f2:e7:
d3:21:9f:d7:f8:01:9f:82:ff:74:2b:0d:61:a6:e7:
2f:c7:04:41:51:ba:7c:c6:a5:3f:b5:a1:e7:36:28:
46:e1:c5:00:15:92:ae:47:81:17:cc:60:11:a1:2a:
16:13:25:ae:1e:70:cd:4d:17:c9:7c:b9:a9:d2:f2:
8f:d5:a8:71:02:fb:11:cc:3b:07:6e:30:a3:ef:c5:
0e:8d:00:a0:c9:ce:de:8e:7f:c1:bd:c1:33:ba:af:
32:86:44:6e:7a:a2:60:2e:16:f2:28:23:67:dd:83:
d5:a5:b9:8b:fd:46:55:c2:5b:c7:43:41:17:1b:a0:
c7:99:75:80:45:0b:e8:28:ce:00:ba:86:9f:51:ec:
7a:7f:eb:5a:26:22:cf:45:5f:96:cd:a4:45:ff:28:
c1:ba:b7:f2:92:6b:36:18:e6:09:b6:28:28:8f:27:
e1:0d:15:b0:51:a7:e9:51:6e:41:8a:c5:bf:d8:62:
b8:2d:9c:66:f0:91:14:93:76:0a:ed:7b:fe:c3:7f:
86:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:65:46:B6:08:F4:55:ED:C9:89:F7:61:C4:65:C4:3E:CF:1B:60:7C
X509v3 Authority Key Identifier:
keyid:09:50:22:89:04:B9:DB:EB:47:92:A6:97:72:7E:36:AA:FD:84:D2:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVAiiQS52-tHkqaXcn42qv2E0uk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/64d910-945c-42e8-bb44-62821c2c299f/1/P2VGtgj0Ve3JifdhxGXEPs8bYHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/64d910-945c-42e8-bb44-62821c2c299f/1/CVAiiQS52-tHkqaXcn42qv2E0uk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.122.48.0/20
Signature Algorithm: sha256WithRSAEncryption
2f:e4:c4:78:73:85:4b:0a:7d:77:22:4b:a6:df:63:08:f9:ee:
76:35:2b:ab:d2:23:7f:2f:36:dc:bf:60:ae:6d:38:2c:60:91:
ce:12:b1:9b:3e:54:76:c1:9d:fe:5a:0c:25:98:cc:38:87:ce:
e7:8f:c5:a5:dc:03:9d:d7:ac:0e:ba:03:bb:8a:2a:18:1e:2c:
4a:c1:21:93:a9:74:2a:82:24:48:8b:9a:45:55:f2:42:8a:ba:
c0:60:6d:28:b9:ff:11:96:8a:ee:0e:d0:89:01:bf:f9:55:d4:
cf:cd:96:45:4c:cc:a4:0c:dd:f7:39:26:7c:97:c6:ad:c7:7c:
fe:fd:7a:54:6f:74:b7:bc:da:68:a2:00:67:0a:a8:54:e5:a8:
cc:29:01:25:cb:16:c0:46:ce:29:cf:ab:01:6d:23:f3:90:45:
9f:b6:d4:8f:cd:39:17:25:03:90:5a:20:96:aa:35:9d:20:d4:
b6:7b:d7:f5:df:61:4d:97:47:c7:2b:0e:37:2e:ec:ef:e6:5a:
58:25:65:02:58:03:ae:e0:44:1a:0d:29:25:75:83:fa:f0:61:
dc:8e:d6:9e:11:0d:68:22:e3:aa:3f:da:50:af:e3:8c:02:9d:
de:c6:be:86:71:53:81:c2:14:66:64:24:3f:c3:2d:ee:26:e3:
bd:ea:83:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaChhbcrzqSYBlBUl+UwVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTAyMjg5MDRiOWRiZWI0NzkyYTY5NzcyN2UzNmFhZmQ4
NGQyZTkwHhcNMjUwMTAxMDU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjY1NDZiNjA4ZjQ1NWVkYzk4OWY3NjFjNDY1YzQzZWNmMWI2MDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7y+irF+VYKXocol1nmuUl2OWpQrV
mKP3S4XdsyfqX+IeLexo5VnvmSz0zk7gkcEnnyimc0o3ZS8K8ufTIZ/X+AGfgv90
Kw1hpucvxwRBUbp8xqU/taHnNihG4cUAFZKuR4EXzGARoSoWEyWuHnDNTRfJfLmp
0vKP1ahxAvsRzDsHbjCj78UOjQCgyc7ejn/BvcEzuq8yhkRueqJgLhbyKCNn3YPV
pbmL/UZVwlvHQ0EXG6DHmXWARQvoKM4AuoafUex6f+taJiLPRV+WzaRF/yjBurfy
kms2GOYJtigojyfhDRWwUafpUW5BisW/2GK4LZxm8JEUk3YK7Xv+w3+GYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9lRrYI9FXtyYn3YcRlxD7PG2B8MB8GA1UdIwQY
MBaAFAlQIokEudvrR5Kml3J+Nqr9hNLpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZBaWlRUzUyLXRIa3FhWGNuNDJxdjJFMHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS82NGQ5MTAtOTQ1Yy00MmU4LWJiNDQt
NjI4MjFjMmMyOTlmLzEvUDJWR3RnajBWZTNKaWZkaHhHWEVQczhiWUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS82NGQ5MTAtOTQ1Yy00MmU4LWJiNDQtNjI4MjFjMmMyOTlm
LzEvQ1ZBaWlRUzUyLXRIa3FhWGNuNDJxdjJFMHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsHowMA0G
CSqGSIb3DQEBCwUAA4IBAQAv5MR4c4VLCn13Ikum32MI+e52NSur0iN/Lzbcv2Cu
bTgsYJHOErGbPlR2wZ3+WgwlmMw4h87nj8Wl3AOd16wOugO7iioYHixKwSGTqXQq
giRIi5pFVfJCirrAYG0ouf8RloruDtCJAb/5VdTPzZZFTMykDN33OSZ8l8atx3z+
/XpUb3S3vNpoogBnCqhU5ajMKQElyxbARs4pz6sBbSPzkEWfttSPzTkXJQOQWiCW
qjWdINS2e9f132FNl0fHKw43Luzv5lpYJWUCWAOu4EQaDSkldYP68GHcjtaeEQ1o
IuOqP9pQr+OMAp3exr6GcVOBwhRmZCQ/wy3uJuO96oN2
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:31:30 2025 by rpki-client