Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/778af2-b2c0-4704-9fa2-2841013bccb4/1/ypWsWp3lqcgm3orp5hClVetL1gs.roa
File: ypWsWp3lqcgm3orp5hClVetL1gs.roa (raw, json)
Hash identifier: gAI+ZENNE355QZzW1lVcF9M6FT+OGK0PoiiTAc8yFHM=
Subject key identifier: CA:95:AC:5A:9D:E5:A9:C8:26:DE:8A:E9:E6:10:A5:55:EB:4B:D6:0B
Certificate issuer: /CN=4c2a3056e6259249f466f0055bb11b83a6a30a42
Certificate serial: 019426D86D21699DF446639FCB0C3F13FEE1
Authority key identifier: 4C:2A:30:56:E6:25:92:49:F4:66:F0:05:5B:B1:1B:83:A6:A3:0A:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TCowVuYlkkn0ZvAFW7Ebg6ajCkI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/778af2-b2c0-4704-9fa2-2841013bccb4/1/ypWsWp3lqcgm3orp5hClVetL1gs.roa
Signing time: Thu 02 Jan 2025 11:48:25 +0000
ROA not before: Thu 02 Jan 2025 11:48:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215383
IP address blocks: 92.114.1.0/24 maxlen: 24
93.117.64.0/24 maxlen: 24
93.118.44.0/24 maxlen: 24
188.241.70.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/778af2-b2c0-4704-9fa2-2841013bccb4/1/TCowVuYlkkn0ZvAFW7Ebg6ajCkI.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/778af2-b2c0-4704-9fa2-2841013bccb4/1/TCowVuYlkkn0ZvAFW7Ebg6ajCkI.mft
rsync://rpki.ripe.net/repository/DEFAULT/TCowVuYlkkn0ZvAFW7Ebg6ajCkI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d8:6d:21:69:9d:f4:46:63:9f:cb:0c:3f:13:fe:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4c2a3056e6259249f466f0055bb11b83a6a30a42
Validity
Not Before: Jan 2 11:48:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ca95ac5a9de5a9c826de8ae9e610a555eb4bd60b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:32:fc:12:df:45:2f:f7:80:c4:8f:5f:b8:96:
7a:d6:b9:74:2b:d8:8f:fb:9c:19:90:40:90:10:b5:
75:bd:b1:ae:d4:5f:4a:9c:ea:88:19:32:a8:2f:b4:
03:4f:22:4a:dd:d7:ff:cb:e1:1d:20:7f:b2:94:b9:
8a:4a:16:99:15:1a:e7:d9:3d:50:8d:40:66:b0:25:
d0:74:5f:11:a8:0d:5e:5d:7d:17:26:32:b0:0b:ba:
76:e4:ac:a1:6c:a9:e6:0b:35:eb:c6:40:ef:ea:8e:
d8:08:d3:53:4e:df:20:90:48:ce:ff:c7:d7:6c:c0:
a9:10:60:2f:7e:dc:17:c9:3c:0e:0c:b9:aa:47:79:
75:63:30:70:f9:ec:26:6c:1f:a9:dd:9f:36:a1:25:
58:5f:77:3a:f0:26:73:fe:50:73:94:6a:15:c9:7c:
d5:76:20:8c:1a:6e:96:fc:3c:5d:6e:eb:86:76:64:
14:a5:61:08:36:34:e7:21:92:65:91:c5:cf:ee:e9:
69:d0:7f:5b:b0:fd:22:17:bf:66:cf:41:5e:e0:7e:
86:4c:1b:e5:46:9f:d9:03:38:38:4a:fd:9c:10:b5:
2d:7d:61:e4:3f:12:cb:40:0a:20:a0:1b:2d:e6:75:
90:a0:ba:d4:b1:46:0e:20:70:ef:8a:51:9f:7e:b2:
51:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:95:AC:5A:9D:E5:A9:C8:26:DE:8A:E9:E6:10:A5:55:EB:4B:D6:0B
X509v3 Authority Key Identifier:
keyid:4C:2A:30:56:E6:25:92:49:F4:66:F0:05:5B:B1:1B:83:A6:A3:0A:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TCowVuYlkkn0ZvAFW7Ebg6ajCkI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/778af2-b2c0-4704-9fa2-2841013bccb4/1/ypWsWp3lqcgm3orp5hClVetL1gs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/778af2-b2c0-4704-9fa2-2841013bccb4/1/TCowVuYlkkn0ZvAFW7Ebg6ajCkI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.114.1.0/24
93.117.64.0/24
93.118.44.0/24
188.241.70.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:0e:dc:79:42:5a:e4:11:54:17:e8:f9:92:6e:4e:b4:46:b4:
01:da:f5:57:e3:35:dc:c9:f8:29:2c:e5:3c:b1:df:39:45:21:
9c:28:74:85:72:99:2b:47:a5:f7:9e:8e:4c:79:6e:29:f2:c6:
cc:d2:b3:e8:33:85:59:8d:6f:13:98:a7:a7:bf:8f:fa:39:6e:
b8:dd:3a:08:9d:57:c4:cb:1d:c5:cd:b5:e9:d2:a6:03:48:8b:
42:23:bd:a0:f8:f1:48:7e:a0:68:e0:4c:66:56:c4:dc:e7:8f:
be:93:a9:9b:79:b0:95:28:44:1a:03:00:8d:53:ab:a5:d6:5a:
71:3d:ed:d5:54:7e:9a:c1:f3:96:06:e6:a2:31:17:de:cd:cf:
7b:71:e4:65:ba:fd:82:c1:a1:c1:c2:29:56:c6:cb:5d:fc:01:
3c:cf:70:1a:ba:1c:c0:44:fb:4c:62:d2:1c:2d:0c:4f:73:ba:
99:63:14:da:0b:2e:74:ad:5d:db:4f:9e:ab:0a:32:43:19:02:
54:77:ca:13:f5:d6:3b:9d:7d:df:5e:e9:1c:e4:33:16:f2:63:
42:ef:c3:ba:0a:b8:9f:51:9f:41:42:29:64:74:5f:90:57:73:
29:f9:ca:a5:61:f3:f1:97:1d:a9:54:39:0e:83:5b:ae:bd:d6:
32:a2:aa:d4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQm2G0haZ30RmOfyww/E/7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMmEzMDU2ZTYyNTkyNDlmNDY2ZjAwNTViYjExYjgzYTZh
MzBhNDIwHhcNMjUwMTAyMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk1YWM1YTlkZTVhOWM4MjZkZThhZTllNjEwYTU1NWViNGJkNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujL8Et9FL/eAxI9fuJZ61rl0K9iP
+5wZkECQELV1vbGu1F9KnOqIGTKoL7QDTyJK3df/y+EdIH+ylLmKShaZFRrn2T1Q
jUBmsCXQdF8RqA1eXX0XJjKwC7p25KyhbKnmCzXrxkDv6o7YCNNTTt8gkEjO/8fX
bMCpEGAvftwXyTwODLmqR3l1YzBw+ewmbB+p3Z82oSVYX3c68CZz/lBzlGoVyXzV
diCMGm6W/DxdbuuGdmQUpWEINjTnIZJlkcXP7ulp0H9bsP0iF79mz0Fe4H6GTBvl
Rp/ZAzg4Sv2cELUtfWHkPxLLQAogoBst5nWQoLrUsUYOIHDvilGffrJRnQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMqVrFqd5anIJt6K6eYQpVXrS9YLMB8GA1UdIwQY
MBaAFEwqMFbmJZJJ9GbwBVuxG4OmowpCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVENvd1Z1WWxra24wWnZBRlc3RWJnNmFqQ2tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC83NzhhZjItYjJjMC00NzA0LTlmYTIt
Mjg0MTAxM2JjY2I0LzEveXBXc1dwM2xxY2dtM29ycDVoQ2xWZXRMMWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC83NzhhZjItYjJjMC00NzA0LTlmYTItMjg0MTAxM2JjY2I0
LzEvVENvd1Z1WWxra24wWnZBRlc3RWJnNmFqQ2tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAXHIBAwQA
XXVAAwQAXXYsAwQAvPFGMA0GCSqGSIb3DQEBCwUAA4IBAQA6Dtx5QlrkEVQX6PmS
bk60RrQB2vVX4zXcyfgpLOU8sd85RSGcKHSFcpkrR6X3no5MeW4p8sbM0rPoM4VZ
jW8TmKenv4/6OW643ToInVfEyx3FzbXp0qYDSItCI72g+PFIfqBo4ExmVsTc54++
k6mbebCVKEQaAwCNU6ul1lpxPe3VVH6awfOWBuaiMRfezc97ceRluv2CwaHBwilW
xstd/AE8z3AauhzARPtMYtIcLQxPc7qZYxTaCy50rV3bT56rCjJDGQJUd8oT9dY7
nX3fXukc5DMW8mNC78O6CrifUZ9BQilkdF+QV3Mp+cqlYfPxlx2pVDkOg1uuvdYy
oqrU
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:17:19 2025 by rpki-client