Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/P7tcMbdP2x9DJkbSuUwIb9G9x9o.roa
File: P7tcMbdP2x9DJkbSuUwIb9G9x9o.roa (raw, json)
Hash identifier: QjQA68r89i9yJT2InLr4ogmEqW/3iVwOl7YPH7/R1Mo=
Subject key identifier: 3F:BB:5C:31:B7:4F:DB:1F:43:26:46:D2:B9:4C:08:6F:D1:BD:C7:DA
Certificate issuer: /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial: 01942747E0718DEE80F3053F4B9F1761C49D
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/P7tcMbdP2x9DJkbSuUwIb9G9x9o.roa
Signing time: Thu 02 Jan 2025 13:50:09 +0000
ROA not before: Thu 02 Jan 2025 13:50:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202297
IP address blocks: 45.139.224.0/22 maxlen: 24
2001:678:aa4::/48 maxlen: 48
2001:678:aa8::/48 maxlen: 48
2a04:ff00::/29 maxlen: 29
2a04:ff07::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 13:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:e0:71:8d:ee:80:f3:05:3f:4b:9f:17:61:c4:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Validity
Not Before: Jan 2 13:50:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3fbb5c31b74fdb1f432646d2b94c086fd1bdc7da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:10:9d:ab:e8:62:17:bd:03:21:da:62:50:ea:
c0:7c:58:32:d8:8a:63:2d:ed:0f:7a:5b:b8:5d:ba:
11:3f:80:e3:c5:55:9e:7e:4b:01:6a:42:dc:85:f0:
90:ea:fd:c8:b7:06:9e:6a:92:42:ef:52:e6:88:b5:
a6:d7:f8:81:7e:d3:82:2e:3c:da:d3:9b:de:43:33:
b5:b1:fc:79:b1:89:5b:84:9c:a8:9d:9e:5c:c3:28:
9b:20:23:a1:94:bf:07:76:b7:61:8d:31:27:42:49:
80:03:c8:90:f2:06:be:85:06:7a:45:03:09:08:82:
fb:5c:0f:ca:52:a9:e3:f0:61:a9:bf:f6:91:c2:19:
41:f7:8f:f1:2d:59:2c:c5:a8:39:32:96:4f:32:d5:
c3:02:40:aa:99:58:42:29:95:77:24:9e:fc:6c:87:
25:7d:41:e2:4b:d7:00:d3:68:06:95:33:26:56:2d:
33:97:80:f6:c4:ed:43:a4:e2:37:9f:c0:fa:f8:ff:
09:23:f8:03:e1:be:96:84:1a:e8:57:68:a5:bf:ed:
8c:cd:7c:8f:fe:c5:38:86:9a:82:e3:fd:7f:dd:74:
95:ec:60:c2:b7:4d:cb:2b:b7:3f:78:38:88:e9:79:
b6:ee:2f:f0:22:25:df:92:1b:07:e0:51:99:c0:2a:
ff:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:BB:5C:31:B7:4F:DB:1F:43:26:46:D2:B9:4C:08:6F:D1:BD:C7:DA
X509v3 Authority Key Identifier:
keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/P7tcMbdP2x9DJkbSuUwIb9G9x9o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.224.0/22
IPv6:
2001:678:aa4::/48
2001:678:aa8::/48
2a04:ff00::/29
Signature Algorithm: sha256WithRSAEncryption
7d:0c:ad:16:36:be:e8:9b:6d:eb:1d:5e:4a:e1:5b:89:ff:dc:
19:f8:c4:02:41:c7:5d:3a:49:ea:37:41:34:89:73:3a:d6:bf:
ef:7d:3a:1b:98:84:be:f9:c1:b9:b9:b5:34:bf:12:39:7a:f5:
ef:4c:11:dd:00:72:da:f7:26:90:2e:47:fc:74:25:02:ac:97:
0b:36:d0:d5:5e:88:d9:27:6b:db:52:59:d6:46:d7:04:ab:e7:
40:8b:d6:e5:81:da:d0:b5:af:ec:32:47:78:94:04:f5:0e:b5:
39:f3:00:6c:bc:7b:57:87:e4:56:48:ea:c4:1a:14:7d:85:58:
ec:65:39:1d:d7:29:2f:97:09:d6:d3:4b:cd:4a:62:2b:1f:0c:
d9:ba:14:21:ee:d8:57:17:22:0d:2f:6d:8b:60:02:36:c1:f0:
3a:e5:81:d6:d1:9d:cc:e9:29:8a:ef:71:30:cf:d8:92:02:dc:
aa:f2:30:f0:62:b2:3e:a5:8b:52:43:af:44:10:3e:57:e6:ce:
7f:e8:84:45:aa:67:f9:b8:8c:6c:d1:7e:a0:85:03:e6:5a:33:
ca:e7:d7:db:5f:f7:a1:03:f3:28:2c:10:11:d6:1c:86:6d:d7:
79:37:43:db:cc:f3:99:47:a7:61:f0:64:72:8b:dd:3f:f2:67:
ec:2e:8c:f2
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQnR+Bxje6A8wU/S58XYcSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJiNWMzMWI3NGZkYjFmNDMyNjQ2ZDJiOTRjMDg2ZmQxYmRjN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xCdq+hiF70DIdpiUOrAfFgy2Ipj
Le0Pelu4XboRP4DjxVWefksBakLchfCQ6v3ItwaeapJC71LmiLWm1/iBftOCLjza
05veQzO1sfx5sYlbhJyonZ5cwyibICOhlL8HdrdhjTEnQkmAA8iQ8ga+hQZ6RQMJ
CIL7XA/KUqnj8GGpv/aRwhlB94/xLVksxag5MpZPMtXDAkCqmVhCKZV3JJ78bIcl
fUHiS9cA02gGlTMmVi0zl4D2xO1DpOI3n8D6+P8JI/gD4b6WhBroV2ilv+2MzXyP
/sU4hpqC4/1/3XSV7GDCt03LK7c/eDiI6Xm27i/wIiXfkhsH4FGZwCr/HwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFD+7XDG3T9sfQyZG0rlMCG/RvcfaMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvUDd0Y01iZFAyeDlESmtiU3VVd0liOUc5eDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAMBAIAATAGAwQCLYvgMB8E
AgACMBkDBwAgAQZ4CqQDBwAgAQZ4CqgDBQMqBP8AMA0GCSqGSIb3DQEBCwUAA4IB
AQB9DK0WNr7om23rHV5K4VuJ/9wZ+MQCQcddOknqN0E0iXM61r/vfTobmIS++cG5
ubU0vxI5evXvTBHdAHLa9yaQLkf8dCUCrJcLNtDVXojZJ2vbUlnWRtcEq+dAi9bl
gdrQta/sMkd4lAT1DrU58wBsvHtXh+RWSOrEGhR9hVjsZTkd1ykvlwnW00vNSmIr
HwzZuhQh7thXFyINL22LYAI2wfA65YHW0Z3M6SmK73Ewz9iSAtyq8jDwYrI+pYtS
Q69EED5X5s5/6IRFqmf5uIxs0X6ghQPmWjPK59fbX/ehA/MoLBAR1hyGbdd5N0Pb
zPOZR6dh8GRyi90/8mfsLozy
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:04:16 2025 by rpki-client