Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/SxZgVrwPLVPP4WGPTdjXBtfYn3Q.roa
File: SxZgVrwPLVPP4WGPTdjXBtfYn3Q.roa (raw, json)
Hash identifier: 9Bx1C/yxfuIhMgrsaUbOEmokYJ4V0JW++hHPNuP4D3M=
Subject key identifier: 4B:16:60:56:BC:0F:2D:53:CF:E1:61:8F:4D:D8:D7:06:D7:D8:9F:74
Certificate issuer: /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial: 019427484804A7726C453CE15F762BCBCD8F
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/SxZgVrwPLVPP4WGPTdjXBtfYn3Q.roa
Signing time: Thu 02 Jan 2025 13:50:35 +0000
ROA not before: Thu 02 Jan 2025 13:50:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31251
IP address blocks: 85.203.0.0/22 maxlen: 22
85.203.0.0/24 maxlen: 24
85.203.2.0/24 maxlen: 24
85.203.3.0/24 maxlen: 24
85.203.5.0/24 maxlen: 24
85.203.6.0/24 maxlen: 24
85.203.11.0/24 maxlen: 24
85.203.12.0/24 maxlen: 24
2a02:a10::/29 maxlen: 29
2a03:60c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 05:00:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:48:04:a7:72:6c:45:3c:e1:5f:76:2b:cb:cd:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Validity
Not Before: Jan 2 13:50:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b166056bc0f2d53cfe1618f4dd8d706d7d89f74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:00:44:8e:00:a6:a9:33:b1:26:c8:4f:4d:90:
a7:a4:b6:50:d2:89:a1:d7:0d:78:45:12:ec:59:3f:
0e:fb:ee:1a:f0:96:c8:1d:2f:22:7c:95:cf:99:67:
ed:28:69:c2:f0:c6:d4:50:0f:6f:47:be:14:3d:13:
1e:c4:a5:79:b9:e6:62:2f:db:8c:be:53:26:23:82:
f3:2e:0a:97:31:7b:f9:75:08:75:8e:e5:45:18:5c:
84:88:27:7b:d3:24:0a:7a:33:e3:f7:c6:d0:23:d1:
02:6f:cf:15:6a:23:4b:86:76:cb:79:40:5e:9c:02:
1e:b8:c6:1e:61:3b:3f:85:e2:2e:ab:4c:ce:59:d4:
33:ec:46:17:b4:28:8a:d2:3f:4f:66:98:7c:0a:bb:
95:43:66:d0:97:6e:e8:39:08:b5:38:72:21:96:04:
2c:3b:67:49:02:59:a3:54:a8:9c:4a:f4:67:8e:5f:
1a:8c:ae:92:8c:41:36:6d:a8:e3:9a:19:a9:49:89:
84:07:92:47:a2:16:29:c9:f2:67:a2:f5:f0:c4:66:
4d:4b:4c:4b:f4:b7:dc:23:c5:67:e6:7c:d4:e4:b5:
d0:d1:ac:8e:be:2a:96:60:d6:a8:75:2a:1d:72:9d:
ca:28:95:67:08:e8:2b:9d:76:d6:2a:d4:bc:9c:70:
ff:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:16:60:56:BC:0F:2D:53:CF:E1:61:8F:4D:D8:D7:06:D7:D8:9F:74
X509v3 Authority Key Identifier:
keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/SxZgVrwPLVPP4WGPTdjXBtfYn3Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.203.0.0/22
85.203.5.0-85.203.6.255
85.203.11.0-85.203.12.255
IPv6:
2a02:a10::/29
2a03:60c0::/29
Signature Algorithm: sha256WithRSAEncryption
3b:7e:d6:83:f1:d6:31:fc:90:55:d2:db:1c:c5:2c:29:03:a2:
ec:7b:40:04:96:39:de:cb:0a:4b:c4:6b:8e:96:9a:11:21:4c:
df:84:ba:b1:b1:15:90:46:8b:2f:00:91:91:65:9f:61:21:76:
e2:52:cf:c1:57:0c:9f:77:c1:d7:6e:dd:50:c3:1e:f2:d4:b8:
fa:2e:f8:a3:29:0d:cd:4b:06:6d:ed:b9:ea:72:7b:ad:9b:57:
2d:8f:ec:c2:a4:15:db:48:02:7d:22:16:47:c5:99:24:21:10:
66:0f:67:bc:cc:f2:ce:25:1b:8b:29:5c:52:3f:ef:cb:2f:d2:
14:be:fc:0a:15:7d:02:a9:53:78:99:b7:37:30:44:3e:af:49:
62:d3:7f:79:74:95:43:6d:6c:06:9f:e4:78:3f:42:be:aa:74:
58:8a:7c:72:49:50:6a:a8:77:01:d9:c5:89:b1:fe:d6:16:7a:
35:21:db:e4:57:d2:1a:3d:d2:d7:53:61:3c:77:d6:c0:d6:43:
54:fb:d5:07:9d:5d:03:55:49:92:b3:98:0c:0f:ef:6a:23:e0:
83:ee:93:53:7b:10:9b:4f:7d:9b:c3:f8:5a:c6:c0:e5:57:83:
73:ad:69:ec:5a:d6:8a:e6:53:17:02:d4:a6:2f:3c:0c:a9:37:
1f:4b:05:1c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQnSEgEp3JsRTzhX3Yry82PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE2NjA1NmJjMGYyZDUzY2ZlMTYxOGY0ZGQ4ZDcwNmQ3ZDg5Zjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwBEjgCmqTOxJshPTZCnpLZQ0omh
1w14RRLsWT8O++4a8JbIHS8ifJXPmWftKGnC8MbUUA9vR74UPRMexKV5ueZiL9uM
vlMmI4LzLgqXMXv5dQh1juVFGFyEiCd70yQKejPj98bQI9ECb88VaiNLhnbLeUBe
nAIeuMYeYTs/heIuq0zOWdQz7EYXtCiK0j9PZph8CruVQ2bQl27oOQi1OHIhlgQs
O2dJAlmjVKicSvRnjl8ajK6SjEE2bajjmhmpSYmEB5JHohYpyfJnovXwxGZNS0xL
9LfcI8Vn5nzU5LXQ0ayOviqWYNaodSodcp3KKJVnCOgrnXbWKtS8nHD/bQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEsWYFa8Dy1Tz+Fhj03Y1wbX2J90MB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvU3haZ1Zyd1BMVlBQNFdHUFRkalhCdGZZbjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAoBAIAATAiAwQCVcsAMAwD
BABVywUDBABVywYwDAMEAFXLCwMEAFXLDDAUBAIAAjAOAwUDKgIKEAMFAyoDYMAw
DQYJKoZIhvcNAQELBQADggEBADt+1oPx1jH8kFXS2xzFLCkDoux7QASWOd7LCkvE
a46WmhEhTN+EurGxFZBGiy8AkZFln2EhduJSz8FXDJ93wddu3VDDHvLUuPou+KMp
Dc1LBm3tuepye62bVy2P7MKkFdtIAn0iFkfFmSQhEGYPZ7zM8s4lG4spXFI/78sv
0hS+/AoVfQKpU3iZtzcwRD6vSWLTf3l0lUNtbAaf5Hg/Qr6qdFiKfHJJUGqodwHZ
xYmx/tYWejUh2+RX0ho90tdTYTx31sDWQ1T71QedXQNVSZKzmAwP72oj4IPuk1N7
EJtPfZvD+FrGwOVXg3Otaexa1ormUxcC1KYvPAypNx9LBRw=
-----END CERTIFICATE-----
Generated at Wed Feb 5 13:58:59 2025 by rpki-client