Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/wOcuTBMxNd4VNkifbjkEPq5QBRM.roa
File: wOcuTBMxNd4VNkifbjkEPq5QBRM.roa (raw, json)
Hash identifier: jOCaPE7vIzLxLDz75Ne5jz/kVuSxy/EH3LkXhZB0gk8=
Subject key identifier: C0:E7:2E:4C:13:31:35:DE:15:36:48:9F:6E:39:04:3E:AE:50:05:13
Certificate issuer: /CN=f5e8e36be1dba073590382bb1ffff317653900d1
Certificate serial: 0194236A11CC66C2238ED83B11C96AE9F1C2
Authority key identifier: F5:E8:E3:6B:E1:DB:A0:73:59:03:82:BB:1F:FF:F3:17:65:39:00:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/wOcuTBMxNd4VNkifbjkEPq5QBRM.roa
Signing time: Wed 01 Jan 2025 19:49:01 +0000
ROA not before: Wed 01 Jan 2025 19:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200003
IP address blocks: 185.39.104.0/22 maxlen: 22
185.39.104.0/24 maxlen: 24
185.39.105.0/24 maxlen: 24
185.39.106.0/24 maxlen: 24
185.39.107.0/24 maxlen: 24
2a04:7b40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.crl
rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.mft
rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 22:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:11:cc:66:c2:23:8e:d8:3b:11:c9:6a:e9:f1:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5e8e36be1dba073590382bb1ffff317653900d1
Validity
Not Before: Jan 1 19:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c0e72e4c133135de1536489f6e39043eae500513
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:df:5f:97:52:10:86:b0:18:d8:00:54:1d:f4:
57:8f:39:a3:dd:62:b1:6a:bf:5a:37:36:65:86:94:
5b:ef:41:9d:a4:45:8e:f0:ea:88:14:35:5b:bc:f7:
36:a6:99:c3:ca:2b:07:c0:23:5c:c9:30:50:2c:6b:
89:27:e2:32:d1:da:7f:32:b7:5e:66:7e:07:3a:e1:
4d:1d:64:5a:dc:76:8f:fe:06:ab:00:d1:3e:26:92:
41:43:e6:cd:18:7d:be:33:ea:3d:9d:d0:2a:f9:83:
37:1c:82:6f:81:bc:9c:94:13:6b:bd:de:91:37:0e:
63:39:4b:f0:2b:89:3b:c9:3e:84:08:d0:05:7f:fa:
f0:3b:d1:8b:54:1f:e3:f8:bd:a3:84:4a:60:4c:7b:
ee:9c:29:90:c0:2e:aa:5b:1b:2d:dc:1f:f7:de:c8:
38:56:63:93:cf:c0:3c:3b:b5:58:de:e7:3a:10:c2:
29:42:61:89:b2:89:f8:ca:92:5c:d6:a1:1f:63:1a:
b2:96:cd:9b:77:2a:f4:53:ef:c5:bd:ae:5c:31:8e:
49:c3:8c:ef:07:dc:69:dc:e2:92:eb:bb:8b:1b:d7:
88:58:53:a4:e6:82:09:75:ea:e7:55:0f:e6:d1:b7:
ba:d7:97:a1:b0:ce:5e:7c:e4:83:29:fb:95:02:8e:
51:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:E7:2E:4C:13:31:35:DE:15:36:48:9F:6E:39:04:3E:AE:50:05:13
X509v3 Authority Key Identifier:
keyid:F5:E8:E3:6B:E1:DB:A0:73:59:03:82:BB:1F:FF:F3:17:65:39:00:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/wOcuTBMxNd4VNkifbjkEPq5QBRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.39.104.0/22
IPv6:
2a04:7b40::/29
Signature Algorithm: sha256WithRSAEncryption
20:a7:15:ac:63:90:74:56:25:04:48:bc:eb:d2:27:81:68:25:
5d:5b:fd:5b:36:7b:08:68:e7:47:e2:7a:6e:18:ad:e0:17:7d:
eb:88:ea:40:bc:d8:81:35:88:87:df:c0:f2:19:93:4a:ee:7b:
3e:16:f6:03:96:5a:82:a6:6f:86:70:25:31:6c:74:82:1a:d5:
ea:6f:78:32:d2:63:9d:1e:e2:70:4b:33:9a:2f:45:64:11:77:
80:2f:f4:84:b4:8e:54:cd:30:2d:a5:3a:3b:9f:49:4b:41:48:
f7:b0:37:86:18:75:bc:35:9c:b9:e2:89:a6:6b:44:40:fa:9e:
36:6c:47:0f:87:95:48:a3:29:74:64:8c:8c:c9:e2:c8:c7:0c:
79:03:3c:89:9e:56:cc:bd:a3:08:3e:4d:f0:ff:7d:67:cd:48:
c5:2e:cd:71:8c:7b:54:40:15:e0:f3:96:f7:ce:64:d8:44:53:
d0:92:71:af:96:7b:ee:9c:f7:e2:a2:6f:8f:6c:a9:21:8e:53:
bc:c3:40:ca:ee:3c:28:f5:a5:38:62:39:5c:b2:dc:79:0d:9c:
10:58:ca:10:9e:e7:f7:2b:42:87:55:7f:f4:79:2e:75:56:28:
78:64:87:a9:aa:b7:d6:45:79:f0:4b:5f:fc:4d:69:69:36:0b:
d3:04:a9:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjahHMZsIjjtg7Eclq6fHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZThlMzZiZTFkYmEwNzM1OTAzODJiYjFmZmZmMzE3NjUz
OTAwZDEwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGU3MmU0YzEzMzEzNWRlMTUzNjQ4OWY2ZTM5MDQzZWFlNTAwNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt99fl1IQhrAY2ABUHfRXjzmj3WKx
ar9aNzZlhpRb70GdpEWO8OqIFDVbvPc2ppnDyisHwCNcyTBQLGuJJ+Iy0dp/Mrde
Zn4HOuFNHWRa3HaP/garANE+JpJBQ+bNGH2+M+o9ndAq+YM3HIJvgbyclBNrvd6R
Nw5jOUvwK4k7yT6ECNAFf/rwO9GLVB/j+L2jhEpgTHvunCmQwC6qWxst3B/33sg4
VmOTz8A8O7VY3uc6EMIpQmGJson4ypJc1qEfYxqyls2bdyr0U+/Fva5cMY5Jw4zv
B9xp3OKS67uLG9eIWFOk5oIJdernVQ/m0be615ehsM5efOSDKfuVAo5RrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMDnLkwTMTXeFTZIn245BD6uUAUTMB8GA1UdIwQY
MBaAFPXo42vh26BzWQOCux//8xdlOQDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWVqamEtSGJvSE5aQTRLN0hfX3pGMlU1QU5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xZWMxZDctYWNlZC00ZWFhLTk3OGMt
MmE5OTBmMjg1MGZiLzEvd09jdVRCTXhOZDRWTmtpZmJqa0VQcTVRQlJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xZWMxZDctYWNlZC00ZWFhLTk3OGMtMmE5OTBmMjg1MGZi
LzEvOWVqamEtSGJvSE5aQTRLN0hfX3pGMlU1QU5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSdoMA0E
AgACMAcDBQMqBHtAMA0GCSqGSIb3DQEBCwUAA4IBAQAgpxWsY5B0ViUESLzr0ieB
aCVdW/1bNnsIaOdH4npuGK3gF33riOpAvNiBNYiH38DyGZNK7ns+FvYDllqCpm+G
cCUxbHSCGtXqb3gy0mOdHuJwSzOaL0VkEXeAL/SEtI5UzTAtpTo7n0lLQUj3sDeG
GHW8NZy54omma0RA+p42bEcPh5VIoyl0ZIyMyeLIxwx5AzyJnlbMvaMIPk3w/31n
zUjFLs1xjHtUQBXg85b3zmTYRFPQknGvlnvunPfiom+PbKkhjlO8w0DK7jwo9aU4
Yjlcstx5DZwQWMoQnuf3K0KHVX/0eS51Vih4ZIepqrfWRXnwS1/8TWlpNgvTBKnn
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:58:00 2025 by rpki-client