Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/ifB7bI8Nz6a1wo-Om4qJOLNZOqU.roa
File: ifB7bI8Nz6a1wo-Om4qJOLNZOqU.roa (raw, json)
Hash identifier: G4ZTdZq0UWN0ZVqhuNwvAXhge2Xq79dXIWiLnGu1ENA=
Subject key identifier: 89:F0:7B:6C:8F:0D:CF:A6:B5:C2:8F:8E:9B:8A:89:38:B3:59:3A:A5
Certificate issuer: /CN=ae682c4f0a2940eea872542a6215e354991deb4b
Certificate serial: 0194221F64A7536F114A6B84666A5D96E327
Authority key identifier: AE:68:2C:4F:0A:29:40:EE:A8:72:54:2A:62:15:E3:54:99:1D:EB:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rmgsTwopQO6oclQqYhXjVJkd60s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/ifB7bI8Nz6a1wo-Om4qJOLNZOqU.roa
Signing time: Wed 01 Jan 2025 13:47:50 +0000
ROA not before: Wed 01 Jan 2025 13:47:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60156
IP address blocks: 185.47.76.0/22 maxlen: 22
2a04:ad40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/rmgsTwopQO6oclQqYhXjVJkd60s.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/rmgsTwopQO6oclQqYhXjVJkd60s.mft
rsync://rpki.ripe.net/repository/DEFAULT/rmgsTwopQO6oclQqYhXjVJkd60s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:64:a7:53:6f:11:4a:6b:84:66:6a:5d:96:e3:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae682c4f0a2940eea872542a6215e354991deb4b
Validity
Not Before: Jan 1 13:47:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89f07b6c8f0dcfa6b5c28f8e9b8a8938b3593aa5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:16:46:6a:46:ac:74:7d:2e:98:cc:ff:d1:11:
b3:85:f0:c9:c4:9d:cb:97:45:99:14:69:fd:44:11:
8f:b6:f1:2e:ea:3b:f7:06:db:a6:da:e9:b9:2b:de:
04:5a:bc:eb:77:0a:cb:54:f4:55:28:90:c9:71:a8:
89:e3:cf:3e:3f:c7:94:80:e7:96:36:5b:93:44:04:
b8:24:5c:75:33:a5:a5:08:90:ab:9f:fa:a4:27:2d:
7f:82:e6:00:5d:02:3c:fd:94:76:8f:09:ae:31:eb:
f2:45:17:eb:35:3b:82:86:e0:d7:fe:e1:d9:67:c0:
94:3f:89:8c:99:11:14:38:07:fe:4b:b1:b9:e8:41:
59:5f:03:a0:9e:ca:7a:c9:1c:30:2d:98:08:33:13:
a0:85:3d:77:4b:aa:c9:ad:c5:fc:25:95:e6:aa:b1:
59:44:3c:50:3a:eb:68:9a:45:f2:86:ef:32:73:7f:
18:dd:ab:b9:57:f8:57:da:78:bc:3d:0d:2d:6a:08:
02:8e:52:5b:89:95:12:a5:22:8d:3d:64:e8:59:61:
e9:9c:cb:cb:d5:4d:73:6d:a1:a8:0a:47:92:d5:27:
1f:89:f9:cf:a8:6f:b2:b5:1f:94:0a:a5:c1:78:79:
48:92:80:d4:f8:60:8b:1c:39:4b:ba:65:db:29:bc:
0c:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:F0:7B:6C:8F:0D:CF:A6:B5:C2:8F:8E:9B:8A:89:38:B3:59:3A:A5
X509v3 Authority Key Identifier:
keyid:AE:68:2C:4F:0A:29:40:EE:A8:72:54:2A:62:15:E3:54:99:1D:EB:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmgsTwopQO6oclQqYhXjVJkd60s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/ifB7bI8Nz6a1wo-Om4qJOLNZOqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/rmgsTwopQO6oclQqYhXjVJkd60s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.47.76.0/22
IPv6:
2a04:ad40::/29
Signature Algorithm: sha256WithRSAEncryption
70:61:df:2f:0e:02:10:32:c9:c1:5e:2a:cf:75:8f:53:40:53:
04:b6:9f:48:66:b7:51:37:0a:ca:9c:d2:7f:15:0d:a9:50:ed:
de:79:e9:40:c3:67:8b:70:96:97:c9:ae:c2:b5:a6:ac:c4:e0:
a1:d7:2a:29:c1:5d:67:65:a7:bf:16:08:dd:8c:a8:ec:19:c3:
fa:ee:2e:95:48:1c:fa:5f:d9:74:56:2a:70:ac:a9:d6:e0:6c:
d1:2c:d0:5e:6b:cf:68:47:5c:b0:ee:e6:55:52:54:bb:5d:b3:
76:4a:f5:81:8e:80:5a:48:64:c8:01:fc:2f:f3:f3:3e:65:d0:
6d:01:44:8b:63:3c:0c:6c:fd:d0:5e:18:4d:c9:49:c6:d8:86:
91:9f:b3:8b:3c:53:1d:93:62:e4:5b:cf:ec:8c:5c:0f:d8:8b:
3b:06:ed:01:34:d6:11:9e:2f:0f:e3:96:e8:3c:7a:33:bc:9e:
72:6d:5a:1e:38:12:db:2f:9e:bd:7f:19:21:2a:c5:d8:15:58:
4c:ee:07:7d:ad:2f:42:06:59:c9:d0:86:a9:d5:01:09:4b:6c:
bc:b4:8c:92:8f:8f:17:3d:7a:c0:ac:7e:fb:a8:36:3a:9c:53:
02:61:bf:23:ce:cf:8c:0c:42:46:b4:92:36:f1:90:50:30:e0:
00:ae:f9:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH2SnU28RSmuEZmpdluMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNjgyYzRmMGEyOTQwZWVhODcyNTQyYTYyMTVlMzU0OTkx
ZGViNGIwHhcNMjUwMTAxMTM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWYwN2I2YzhmMGRjZmE2YjVjMjhmOGU5YjhhODkzOGIzNTkzYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxZGakasdH0umMz/0RGzhfDJxJ3L
l0WZFGn9RBGPtvEu6jv3Btum2um5K94EWrzrdwrLVPRVKJDJcaiJ488+P8eUgOeW
NluTRAS4JFx1M6WlCJCrn/qkJy1/guYAXQI8/ZR2jwmuMevyRRfrNTuChuDX/uHZ
Z8CUP4mMmREUOAf+S7G56EFZXwOgnsp6yRwwLZgIMxOghT13S6rJrcX8JZXmqrFZ
RDxQOutomkXyhu8yc38Y3au5V/hX2ni8PQ0taggCjlJbiZUSpSKNPWToWWHpnMvL
1U1zbaGoCkeS1ScfifnPqG+ytR+UCqXBeHlIkoDU+GCLHDlLumXbKbwMSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFInwe2yPDc+mtcKPjpuKiTizWTqlMB8GA1UdIwQY
MBaAFK5oLE8KKUDuqHJUKmIV41SZHetLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1nc1R3b3BRTzZvY2xRcVloWGpWSmtkNjBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jNjJjN2YtZjQ2Mi00MzQ4LWIwNjgt
ZjA0OWM2NmVmODExLzEvaWZCN2JJOE56NmExd28tT200cUpPTE5aT3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jNjJjN2YtZjQ2Mi00MzQ4LWIwNjgtZjA0OWM2NmVmODEx
LzEvcm1nc1R3b3BRTzZvY2xRcVloWGpWSmtkNjBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS9MMA0E
AgACMAcDBQMqBK1AMA0GCSqGSIb3DQEBCwUAA4IBAQBwYd8vDgIQMsnBXirPdY9T
QFMEtp9IZrdRNwrKnNJ/FQ2pUO3eeelAw2eLcJaXya7CtaasxOCh1yopwV1nZae/
FgjdjKjsGcP67i6VSBz6X9l0VipwrKnW4GzRLNBea89oR1yw7uZVUlS7XbN2SvWB
joBaSGTIAfwv8/M+ZdBtAUSLYzwMbP3QXhhNyUnG2IaRn7OLPFMdk2LkW8/sjFwP
2Is7Bu0BNNYRni8P45boPHozvJ5ybVoeOBLbL569fxkhKsXYFVhM7gd9rS9CBlnJ
0Iap1QEJS2y8tIySj48XPXrArH77qDY6nFMCYb8jzs+MDEJGtJI28ZBQMOAArvk9
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:57:28 2025 by rpki-client