Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Axq7-pao9bD8_3H2zYx38U0EwHg.roa
File: Axq7-pao9bD8_3H2zYx38U0EwHg.roa (raw, json)
Hash identifier: NkhFLsCedjEMzwHFCvFLRiEUZ1JMaMmDgw9FQVqKo6I=
Subject key identifier: 03:1A:BB:FA:96:A8:F5:B0:FC:FF:71:F6:CD:8C:77:F1:4D:04:C0:78
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 0194228D98FA2A93ABF0857FBDD584D8313A
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Axq7-pao9bD8_3H2zYx38U0EwHg.roa
Signing time: Wed 01 Jan 2025 15:48:12 +0000
ROA not before: Wed 01 Jan 2025 15:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49849
IP address blocks: 77.77.128.0/21 maxlen: 24
87.119.108.0/22 maxlen: 24
87.119.112.0/21 maxlen: 21
87.119.112.0/24 maxlen: 24
87.119.113.0/24 maxlen: 24
87.119.114.0/24 maxlen: 24
87.119.115.0/24 maxlen: 24
87.119.116.0/24 maxlen: 24
87.119.117.0/24 maxlen: 24
87.119.118.0/24 maxlen: 24
87.119.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:98:fa:2a:93:ab:f0:85:7f:bd:d5:84:d8:31:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Jan 1 15:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=031abbfa96a8f5b0fcff71f6cd8c77f14d04c078
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:0e:a0:e0:e3:63:aa:0f:e3:57:d0:f1:60:a1:
8c:04:9f:fc:33:54:94:96:6d:80:ba:14:fe:1b:57:
09:3f:12:56:ea:87:3d:e6:69:c6:d7:c3:9e:6e:50:
05:b4:c1:1a:45:66:4a:f9:58:09:bf:87:31:8f:c2:
4c:40:78:a2:90:db:70:5d:0c:d2:26:25:5e:b0:77:
da:b0:d4:6b:0e:63:50:38:5b:71:58:9d:29:41:66:
70:8a:cb:42:67:03:3d:e3:d9:a9:fe:40:45:b5:5b:
f2:0f:cf:ac:8e:4a:e8:4b:c5:e2:89:d6:9e:38:94:
f0:af:f5:12:47:41:e2:58:ab:8d:70:03:c8:bc:40:
48:6c:3a:18:cb:26:3e:e5:74:b4:c6:1d:97:d8:04:
e4:a4:ed:66:b5:d3:18:41:07:46:9d:fc:c2:e1:6a:
97:eb:ea:b1:bf:d2:5e:f7:d3:58:1c:33:fc:67:e3:
4e:05:32:cf:6c:23:58:1c:64:a3:61:66:75:10:e9:
04:03:2c:d6:b4:cb:e9:4c:dc:c4:ec:0e:23:44:f6:
7a:d0:7c:ab:82:c4:f4:bd:31:f5:0e:50:ad:96:54:
55:0a:36:ef:8f:8d:7c:e3:b0:cf:70:77:76:c1:15:
2d:2b:40:74:7f:83:e5:b1:7a:1b:1a:a3:be:f4:7b:
40:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:1A:BB:FA:96:A8:F5:B0:FC:FF:71:F6:CD:8C:77:F1:4D:04:C0:78
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Axq7-pao9bD8_3H2zYx38U0EwHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.77.128.0/21
87.119.108.0-87.119.119.255
Signature Algorithm: sha256WithRSAEncryption
0b:44:91:6b:5f:d9:4f:4c:2d:68:44:0e:2d:15:06:d5:ae:37:
61:14:53:99:04:a3:1b:99:20:22:17:84:09:e5:e4:55:34:d1:
2f:43:0d:22:d9:c6:fb:94:74:50:c9:88:88:86:30:3a:8a:ed:
1c:c7:57:e4:df:8b:56:d4:21:0c:3d:a8:8e:70:23:df:af:1b:
0b:df:4a:06:e6:9f:95:5e:d5:1d:0b:39:f3:ee:b6:19:4a:4f:
1f:f9:51:07:dd:18:6e:1f:5e:c5:6d:24:db:5b:cb:e4:fc:f2:
4d:3f:dd:40:b9:b9:24:3a:68:ec:74:21:89:51:7c:a9:4f:5b:
31:4b:1c:c4:e0:40:fa:ec:e5:ee:69:18:d5:84:22:5d:00:fa:
f7:81:92:b2:b5:24:52:5e:e7:0a:a7:fa:2c:63:62:0a:82:ac:
7c:01:2d:8f:c4:9f:5e:a6:c7:16:b3:f1:36:ee:79:fc:4e:84:
ca:ca:94:2c:68:7e:e5:06:a7:bf:19:42:8e:e4:81:3c:86:b8:
29:1b:70:b4:fa:79:5c:29:d3:4e:48:b4:eb:9f:4c:f5:c7:45:
64:10:2b:23:57:a4:81:d8:9d:76:88:5e:8d:29:2f:d6:71:75:
18:04:3b:21:c8:6e:8e:9e:3a:3e:f5:be:21:0b:52:52:04:08:
b7:eb:cb:a0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQijZj6KpOr8IV/vdWE2DE6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFhYmJmYTk2YThmNWIwZmNmZjcxZjZjZDhjNzdmMTRkMDRjMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ6g4ONjqg/jV9DxYKGMBJ/8M1SU
lm2AuhT+G1cJPxJW6oc95mnG18OeblAFtMEaRWZK+VgJv4cxj8JMQHiikNtwXQzS
JiVesHfasNRrDmNQOFtxWJ0pQWZwistCZwM949mp/kBFtVvyD8+sjkroS8Xiidae
OJTwr/USR0HiWKuNcAPIvEBIbDoYyyY+5XS0xh2X2ATkpO1mtdMYQQdGnfzC4WqX
6+qxv9Je99NYHDP8Z+NOBTLPbCNYHGSjYWZ1EOkEAyzWtMvpTNzE7A4jRPZ60Hyr
gsT0vTH1DlCtllRVCjbvj41847DPcHd2wRUtK0B0f4PlsXobGqO+9HtAZQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAMau/qWqPWw/P9x9s2Md/FNBMB4MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQXhxNy1wYW85YkQ4XzNIMnpZeDM4VTBFd0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDTU2AMAwD
BAJXd2wDBANXd3AwDQYJKoZIhvcNAQELBQADggEBAAtEkWtf2U9MLWhEDi0VBtWu
N2EUU5kEoxuZICIXhAnl5FU00S9DDSLZxvuUdFDJiIiGMDqK7RzHV+Tfi1bUIQw9
qI5wI9+vGwvfSgbmn5Ve1R0LOfPuthlKTx/5UQfdGG4fXsVtJNtby+T88k0/3UC5
uSQ6aOx0IYlRfKlPWzFLHMTgQPrs5e5pGNWEIl0A+veBkrK1JFJe5wqn+ixjYgqC
rHwBLY/En16mxxaz8TbuefxOhMrKlCxofuUGp78ZQo7kgTyGuCkbcLT6eVwp005I
tOufTPXHRWQQKyNXpIHYnXaIXo0pL9ZxdRgEOyHIbo6eOj71viELUlIECLfry6A=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:20:01 2025 by rpki-client