Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/l_Zl6Bdklv_5gQIP2-GoHw2h630.roa
File: l_Zl6Bdklv_5gQIP2-GoHw2h630.roa (raw, json)
Hash identifier: 758J6t2HjKBISKYrQMpMuTTyf2sp8gnP+Us0wkwf5Ko=
Subject key identifier: 97:F6:65:E8:17:64:96:FF:F9:81:02:0F:DB:E1:A8:1F:0D:A1:EB:7D
Certificate issuer: /CN=34bca94f6b61e10100dc3a7186ffa3f9b00c69dd
Certificate serial: 0194228E251519645EC146829154F0286B32
Authority key identifier: 34:BC:A9:4F:6B:61:E1:01:00:DC:3A:71:86:FF:A3:F9:B0:0C:69:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/l_Zl6Bdklv_5gQIP2-GoHw2h630.roa
Signing time: Wed 01 Jan 2025 15:48:48 +0000
ROA not before: Wed 01 Jan 2025 15:48:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207446
IP address blocks: 185.143.20.0/22 maxlen: 24
185.143.20.0/24 maxlen: 24
185.143.21.0/24 maxlen: 24
185.143.22.0/24 maxlen: 24
185.143.23.0/24 maxlen: 24
2a07:1e01::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.mft
rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 18:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:25:15:19:64:5e:c1:46:82:91:54:f0:28:6b:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34bca94f6b61e10100dc3a7186ffa3f9b00c69dd
Validity
Not Before: Jan 1 15:48:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=97f665e8176496fff981020fdbe1a81f0da1eb7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:99:83:ab:6d:97:64:86:15:78:9c:f7:21:66:
a1:0b:54:fe:72:5e:46:d0:09:b2:76:cb:e7:a7:10:
62:98:d7:94:83:90:49:8a:43:5c:07:7a:47:04:a9:
04:a7:cb:3f:c6:14:58:6d:f8:d2:a1:72:9d:9c:bc:
0e:fd:00:24:b1:c9:2f:25:e5:92:bd:8d:95:88:27:
7f:72:74:50:5f:7a:d0:de:36:ca:b3:f9:70:a8:16:
f9:bd:d5:10:eb:58:a7:9c:2f:f8:b8:d9:88:ee:5d:
7a:b1:79:36:87:f6:1a:aa:eb:b6:95:00:49:79:48:
b4:ea:59:56:82:25:90:91:43:34:4e:ca:d1:b7:94:
1e:bc:a2:0c:4d:ea:02:1b:91:b8:84:dd:cb:69:2f:
9f:d1:fc:ee:ec:c6:68:5d:b0:8e:16:62:e3:5f:be:
27:c6:55:2e:f1:45:e3:5e:b5:f6:58:24:f3:d5:54:
ff:a6:f1:29:b9:91:f7:ad:b7:e8:05:fc:74:35:2c:
38:3e:c9:11:8b:f4:a9:25:e2:14:4e:7c:f0:ab:e0:
a8:49:03:e5:09:9d:31:24:b2:c0:58:d6:cb:f0:b6:
8e:c9:ca:75:ca:96:22:41:39:1e:90:22:af:ce:9f:
03:5f:5a:2f:49:8f:89:f5:94:3b:35:51:51:39:93:
c4:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:F6:65:E8:17:64:96:FF:F9:81:02:0F:DB:E1:A8:1F:0D:A1:EB:7D
X509v3 Authority Key Identifier:
keyid:34:BC:A9:4F:6B:61:E1:01:00:DC:3A:71:86:FF:A3:F9:B0:0C:69:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/l_Zl6Bdklv_5gQIP2-GoHw2h630.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.143.20.0/22
IPv6:
2a07:1e01::/32
Signature Algorithm: sha256WithRSAEncryption
ac:77:9a:80:53:22:28:84:1d:79:96:5f:51:e0:f5:47:a6:f5:
a2:f7:d1:5e:94:2f:5c:2d:2d:13:60:aa:aa:5c:6a:23:57:6e:
b2:44:5c:2c:4e:3e:1c:ef:9c:5c:77:74:5e:32:74:dd:88:d3:
58:b2:96:af:fa:c6:8a:0a:07:83:3d:93:13:0e:49:26:c0:5f:
18:29:c5:7b:bc:bb:66:41:7b:c3:25:7f:9e:28:49:f1:68:a1:
03:8b:3a:1f:53:96:67:b7:f4:e2:d2:42:05:2e:45:6d:c0:e5:
03:e9:82:a0:d8:42:20:b4:37:8e:e4:90:3f:3c:60:73:1e:d2:
c9:6c:1a:6e:38:51:40:a3:33:b9:70:fe:5e:7a:f1:23:86:6d:
9a:dd:e9:39:b3:91:60:b0:49:3a:36:07:2c:61:30:0f:d0:8b:
9e:5d:0b:b7:ae:2b:f5:54:6a:7b:6a:33:a3:20:dc:4f:07:1e:
08:4f:36:f7:78:f3:1d:30:af:27:89:4a:5d:c1:82:ea:80:11:
42:9d:2f:7e:8e:63:23:07:01:3d:a9:5f:5b:91:d7:fc:5a:d9:
e2:f2:d3:d6:db:f9:dd:99:d0:a0:ca:ad:58:cc:e9:e7:4c:d3:
4c:8a:69:7c:7d:ab:f9:ed:34:f8:26:86:e7:04:9b:0a:86:ab:
3b:d6:0b:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijiUVGWRewUaCkVTwKGsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YmNhOTRmNmI2MWUxMDEwMGRjM2E3MTg2ZmZhM2Y5YjAw
YzY5ZGQwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Y2NjVlODE3NjQ5NmZmZjk4MTAyMGZkYmUxYTgxZjBkYTFlYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZmDq22XZIYVeJz3IWahC1T+cl5G
0AmydsvnpxBimNeUg5BJikNcB3pHBKkEp8s/xhRYbfjSoXKdnLwO/QAksckvJeWS
vY2ViCd/cnRQX3rQ3jbKs/lwqBb5vdUQ61innC/4uNmI7l16sXk2h/Yaquu2lQBJ
eUi06llWgiWQkUM0TsrRt5QevKIMTeoCG5G4hN3LaS+f0fzu7MZoXbCOFmLjX74n
xlUu8UXjXrX2WCTz1VT/pvEpuZH3rbfoBfx0NSw4PskRi/SpJeIUTnzwq+CoSQPl
CZ0xJLLAWNbL8LaOycp1ypYiQTkekCKvzp8DX1ovSY+J9ZQ7NVFROZPEqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJf2ZegXZJb/+YECD9vhqB8Noet9MB8GA1UdIwQY
MBaAFDS8qU9rYeEBANw6cYb/o/mwDGndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkx5cFQydGg0UUVBM0RweGh2LWotYkFNYWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mNGVhNTktMTgxMC00MjEwLTk4ZjMt
NzA5ZjAzNjI0ZTdlLzEvbF9abDZCZGtsdl81Z1FJUDItR29IdzJoNjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mNGVhNTktMTgxMC00MjEwLTk4ZjMtNzA5ZjAzNjI0ZTdl
LzEvTkx5cFQydGg0UUVBM0RweGh2LWotYkFNYWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY8UMA0E
AgACMAcDBQAqBx4BMA0GCSqGSIb3DQEBCwUAA4IBAQCsd5qAUyIohB15ll9R4PVH
pvWi99FelC9cLS0TYKqqXGojV26yRFwsTj4c75xcd3ReMnTdiNNYspav+saKCgeD
PZMTDkkmwF8YKcV7vLtmQXvDJX+eKEnxaKEDizofU5Znt/Ti0kIFLkVtwOUD6YKg
2EIgtDeO5JA/PGBzHtLJbBpuOFFAozO5cP5eevEjhm2a3ek5s5FgsEk6NgcsYTAP
0IueXQu3riv1VGp7ajOjINxPBx4ITzb3ePMdMK8niUpdwYLqgBFCnS9+jmMjBwE9
qV9bkdf8Wtni8tPW2/ndmdCgyq1YzOnnTNNMiml8fav57TT4JobnBJsKhqs71gtF
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:55:15 2025 by rpki-client