Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/HIoC707cWv-kl8mp8yIuvONoh0w.roa
File: HIoC707cWv-kl8mp8yIuvONoh0w.roa (raw, json)
Hash identifier: EWzRp4vUO24ulN2ZRCrdnUVFpJrZ9XxymUQDpbogTtA=
Subject key identifier: 1C:8A:02:EF:4E:DC:5A:FF:A4:97:C9:A9:F3:22:2E:BC:E3:68:87:4C
Certificate issuer: /CN=34bca94f6b61e10100dc3a7186ffa3f9b00c69dd
Certificate serial: 0194228E24D3F6F545433D93A61B0D3BA202
Authority key identifier: 34:BC:A9:4F:6B:61:E1:01:00:DC:3A:71:86:FF:A3:F9:B0:0C:69:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/HIoC707cWv-kl8mp8yIuvONoh0w.roa
Signing time: Wed 01 Jan 2025 15:48:48 +0000
ROA not before: Wed 01 Jan 2025 15:48:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197686
IP address blocks: 31.31.216.0/21 maxlen: 24
31.31.216.0/24 maxlen: 24
31.31.217.0/24 maxlen: 24
31.31.218.0/24 maxlen: 24
31.31.219.0/24 maxlen: 24
31.31.220.0/24 maxlen: 24
31.31.221.0/24 maxlen: 24
31.31.222.0/24 maxlen: 24
31.31.223.0/24 maxlen: 24
2a07:1e00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.mft
rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 18:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:24:d3:f6:f5:45:43:3d:93:a6:1b:0d:3b:a2:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34bca94f6b61e10100dc3a7186ffa3f9b00c69dd
Validity
Not Before: Jan 1 15:48:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c8a02ef4edc5affa497c9a9f3222ebce368874c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:71:1b:d1:67:8c:eb:73:d8:b2:dc:73:ca:6b:
10:e7:ec:e9:11:ed:3a:a9:c0:9c:92:c3:35:31:90:
ab:27:e5:27:54:8f:eb:7f:24:aa:62:6b:e3:31:46:
d3:5b:5d:f7:a7:29:4a:0f:6b:6c:93:bd:1a:45:de:
1b:5f:39:f3:6e:2f:d0:3b:e8:25:92:4a:89:6e:aa:
2b:fd:ae:db:c0:58:9d:0a:35:ad:2a:f0:4a:aa:6d:
b0:4f:d5:37:6d:5f:6f:92:60:9c:fd:85:e5:5d:df:
58:8e:fd:0d:93:d5:36:ea:d7:ea:d0:35:f4:75:ac:
f1:5d:ed:8f:ce:7a:d1:0b:51:1b:c5:b4:b2:70:5b:
70:40:e1:71:ad:8f:4f:93:3a:e7:e0:81:d6:22:fb:
9e:a9:14:06:d3:6a:c8:57:07:fb:93:26:bb:72:90:
f7:94:24:19:ee:fd:dc:af:bc:10:8c:73:77:ed:2d:
aa:e6:58:03:de:a3:9e:6b:4d:e0:26:5b:70:f1:da:
06:25:e4:aa:49:33:63:67:66:be:17:64:f0:5f:52:
ec:7c:1c:21:10:44:fa:fe:cd:36:a8:57:79:da:51:
5c:d3:2f:6c:1c:ab:d0:74:1b:46:e5:20:4f:86:67:
af:ee:7c:df:43:e4:5f:83:05:76:9c:f0:b3:cd:bd:
84:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:8A:02:EF:4E:DC:5A:FF:A4:97:C9:A9:F3:22:2E:BC:E3:68:87:4C
X509v3 Authority Key Identifier:
keyid:34:BC:A9:4F:6B:61:E1:01:00:DC:3A:71:86:FF:A3:F9:B0:0C:69:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/HIoC707cWv-kl8mp8yIuvONoh0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.31.216.0/21
IPv6:
2a07:1e00::/32
Signature Algorithm: sha256WithRSAEncryption
b9:01:5d:f7:d3:ec:c4:44:9f:2a:c5:c5:06:bb:46:54:9d:92:
80:fc:e0:41:b1:dc:32:3b:4e:60:1c:d7:34:ad:ab:01:6b:64:
02:f2:64:24:59:49:29:66:23:04:5f:e1:9c:2a:ca:ae:52:c4:
8c:e7:16:58:74:5e:9a:03:64:3c:61:cd:e9:da:9f:41:17:b4:
8d:34:52:c6:0e:9e:29:70:3f:9b:15:99:c9:d5:4b:8a:9e:86:
15:e1:8a:c6:6c:b2:be:60:3c:4f:1b:c1:3e:42:ee:cb:31:a5:
63:b0:0a:52:f7:d3:79:23:84:64:45:eb:b9:f5:47:3c:35:6b:
6e:fe:18:e6:ac:43:4f:c0:9a:2e:cb:e8:88:4e:42:cb:d1:f5:
4a:6f:00:9c:cf:e9:66:62:8d:24:7e:75:5c:22:ff:97:68:bc:
dc:2b:27:3d:8d:22:ff:46:94:20:29:d1:f0:91:b4:9f:88:bd:
c1:4c:52:31:59:ca:34:2d:ad:67:df:9f:cc:a2:34:da:ca:ae:
5b:92:92:f6:44:2c:a2:4f:8e:cf:ec:48:44:1a:85:c5:02:3f:
a4:31:02:8f:61:bb:a5:16:40:86:32:d2:db:17:6a:1c:2d:7f:
32:92:88:f1:9e:55:55:30:02:72:5e:aa:a5:05:13:f6:43:2e:
9f:c6:6e:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijiTT9vVFQz2TphsNO6ICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YmNhOTRmNmI2MWUxMDEwMGRjM2E3MTg2ZmZhM2Y5YjAw
YzY5ZGQwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhhMDJlZjRlZGM1YWZmYTQ5N2M5YTlmMzIyMmViY2UzNjg4NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXEb0WeM63PYstxzymsQ5+zpEe06
qcCcksM1MZCrJ+UnVI/rfySqYmvjMUbTW133pylKD2tsk70aRd4bXznzbi/QO+gl
kkqJbqor/a7bwFidCjWtKvBKqm2wT9U3bV9vkmCc/YXlXd9Yjv0Nk9U26tfq0DX0
dazxXe2PznrRC1EbxbSycFtwQOFxrY9Pkzrn4IHWIvueqRQG02rIVwf7kya7cpD3
lCQZ7v3cr7wQjHN37S2q5lgD3qOea03gJltw8doGJeSqSTNjZ2a+F2TwX1LsfBwh
EET6/s02qFd52lFc0y9sHKvQdBtG5SBPhmev7nzfQ+RfgwV2nPCzzb2EFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFByKAu9O3Fr/pJfJqfMiLrzjaIdMMB8GA1UdIwQY
MBaAFDS8qU9rYeEBANw6cYb/o/mwDGndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkx5cFQydGg0UUVBM0RweGh2LWotYkFNYWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mNGVhNTktMTgxMC00MjEwLTk4ZjMt
NzA5ZjAzNjI0ZTdlLzEvSElvQzcwN2NXdi1rbDhtcDh5SXV2T05vaDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mNGVhNTktMTgxMC00MjEwLTk4ZjMtNzA5ZjAzNjI0ZTdl
LzEvTkx5cFQydGg0UUVBM0RweGh2LWotYkFNYWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDHx/YMA0E
AgACMAcDBQAqBx4AMA0GCSqGSIb3DQEBCwUAA4IBAQC5AV330+zERJ8qxcUGu0ZU
nZKA/OBBsdwyO05gHNc0rasBa2QC8mQkWUkpZiMEX+GcKsquUsSM5xZYdF6aA2Q8
Yc3p2p9BF7SNNFLGDp4pcD+bFZnJ1UuKnoYV4YrGbLK+YDxPG8E+Qu7LMaVjsApS
99N5I4RkReu59Uc8NWtu/hjmrENPwJouy+iITkLL0fVKbwCcz+lmYo0kfnVcIv+X
aLzcKyc9jSL/RpQgKdHwkbSfiL3BTFIxWco0La1n35/MojTayq5bkpL2RCyiT47P
7EhEGoXFAj+kMQKPYbulFkCGMtLbF2ocLX8ykojxnlVVMAJyXqqlBRP2Qy6fxm6V
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:55:43 2025 by rpki-client