Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/f40387-2d84-4062-bec6-da513cc69839/1/O1jkn25qs1-TFBQOkUuo7PUo1bk.roa
File: O1jkn25qs1-TFBQOkUuo7PUo1bk.roa (raw, json)
Hash identifier: G22nJhAbgQNfU91NNPvYIMRUfjCUOYeEUbZcxQsmP2o=
Subject key identifier: 3B:58:E4:9F:6E:6A:B3:5F:93:14:14:0E:91:4B:A8:EC:F5:28:D5:B9
Certificate issuer: /CN=a2e3c4ec7b36112fce521f5bef2873c7b4cc88d1
Certificate serial: 019427B49BC6AA2E643314B5A3F21CA413D2
Authority key identifier: A2:E3:C4:EC:7B:36:11:2F:CE:52:1F:5B:EF:28:73:C7:B4:CC:88:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ouPE7Hs2ES_OUh9b7yhzx7TMiNE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/f40387-2d84-4062-bec6-da513cc69839/1/O1jkn25qs1-TFBQOkUuo7PUo1bk.roa
Signing time: Thu 02 Jan 2025 15:48:55 +0000
ROA not before: Thu 02 Jan 2025 15:48:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200750
IP address blocks: 91.227.63.0/24 maxlen: 24
91.227.64.0/22 maxlen: 22
194.180.108.0/23 maxlen: 23
194.180.170.0/23 maxlen: 23
2a0f:4640::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/f40387-2d84-4062-bec6-da513cc69839/1/ouPE7Hs2ES_OUh9b7yhzx7TMiNE.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/f40387-2d84-4062-bec6-da513cc69839/1/ouPE7Hs2ES_OUh9b7yhzx7TMiNE.mft
rsync://rpki.ripe.net/repository/DEFAULT/ouPE7Hs2ES_OUh9b7yhzx7TMiNE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b4:9b:c6:aa:2e:64:33:14:b5:a3:f2:1c:a4:13:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a2e3c4ec7b36112fce521f5bef2873c7b4cc88d1
Validity
Not Before: Jan 2 15:48:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b58e49f6e6ab35f9314140e914ba8ecf528d5b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:5e:ad:b0:3e:88:f9:ae:59:e4:4d:56:fc:4d:
ae:61:64:00:6a:82:4c:3d:b8:5a:80:6b:a3:c1:53:
2d:e2:e1:f6:e0:78:f9:68:93:2f:ec:8f:d7:1a:fe:
cb:d1:97:98:30:dc:15:b3:69:cc:45:f2:44:9e:da:
c8:46:46:21:77:fd:17:48:75:6d:cc:d3:ed:b8:4a:
d1:dd:21:77:46:f3:b7:54:71:04:fd:b9:f7:23:5f:
bf:d7:a8:1d:34:df:39:e6:dd:b0:b4:01:f0:f7:92:
1e:58:e0:13:b9:0d:fc:d8:a2:2a:0b:28:64:de:64:
1e:9d:3c:b3:5d:27:1c:34:bf:da:b0:aa:b9:47:31:
15:32:38:aa:27:52:e7:11:8d:ff:fd:fb:3f:e4:1a:
72:41:e8:1f:08:5e:fc:9a:4d:46:01:34:5a:2f:c2:
b8:b4:58:c6:c9:7e:ad:bb:eb:f6:23:03:da:04:98:
54:e7:78:63:b9:05:61:8b:4a:76:ed:fb:3d:d6:00:
f5:70:79:d2:de:a2:3f:37:11:e9:d9:9a:a6:7f:88:
23:e5:11:75:e0:d6:89:aa:f8:8d:bc:27:26:cb:80:
f2:e1:03:86:80:d7:dc:ae:7f:d8:4e:59:01:a9:57:
41:ce:9d:cb:53:18:08:6a:0d:17:e3:46:72:50:ff:
07:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:58:E4:9F:6E:6A:B3:5F:93:14:14:0E:91:4B:A8:EC:F5:28:D5:B9
X509v3 Authority Key Identifier:
keyid:A2:E3:C4:EC:7B:36:11:2F:CE:52:1F:5B:EF:28:73:C7:B4:CC:88:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ouPE7Hs2ES_OUh9b7yhzx7TMiNE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f40387-2d84-4062-bec6-da513cc69839/1/O1jkn25qs1-TFBQOkUuo7PUo1bk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f40387-2d84-4062-bec6-da513cc69839/1/ouPE7Hs2ES_OUh9b7yhzx7TMiNE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.227.63.0-91.227.67.255
194.180.108.0/23
194.180.170.0/23
IPv6:
2a0f:4640::/29
Signature Algorithm: sha256WithRSAEncryption
86:88:95:87:58:aa:f0:35:d8:7f:fe:3a:69:39:c6:33:a3:0f:
44:97:13:cb:27:23:d2:fd:1a:f0:38:73:91:81:01:b2:b8:5e:
53:ca:f3:cf:ca:b7:96:09:d4:e6:31:2d:92:74:ee:d5:3c:a1:
ba:06:1b:52:0f:f5:f6:06:71:f2:fb:94:80:5a:c7:bd:64:bb:
f0:9a:9f:53:32:bc:39:ee:e0:dd:14:25:c5:5d:85:88:15:47:
70:d2:70:ed:9e:49:98:5e:c4:98:aa:26:64:20:88:65:5e:65:
24:f5:8a:71:13:cf:d8:99:d7:f1:05:2e:30:d6:7e:a9:76:f2:
7c:63:da:64:51:5b:46:a7:65:6f:5b:83:66:1d:e0:bf:9e:cf:
e9:1f:9f:ae:bc:dd:b0:dc:47:6b:a6:47:6a:b6:5e:cd:24:f8:
93:fd:3a:1f:62:86:39:52:b9:7c:5c:ca:ad:1f:fa:21:e4:fa:
a2:af:d9:31:6a:38:b8:91:d7:57:ec:55:fc:93:af:b7:3b:43:
d1:9f:2d:7c:f6:a8:e0:04:6b:58:89:ec:a9:5d:d3:74:3d:cd:
00:de:06:a9:46:f2:8f:ba:cc:93:d9:49:9b:a2:25:4c:13:3b:
19:72:fb:ba:b2:66:b6:6e:50:9e:06:62:fd:20:02:f4:ac:71:
d6:40:4a:a6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZQntJvGqi5kMxS1o/IcpBPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZTNjNGVjN2IzNjExMmZjZTUyMWY1YmVmMjg3M2M3YjRj
Yzg4ZDEwHhcNMjUwMTAyMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjU4ZTQ5ZjZlNmFiMzVmOTMxNDE0MGU5MTRiYThlY2Y1MjhkNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl6tsD6I+a5Z5E1W/E2uYWQAaoJM
PbhagGujwVMt4uH24Hj5aJMv7I/XGv7L0ZeYMNwVs2nMRfJEntrIRkYhd/0XSHVt
zNPtuErR3SF3RvO3VHEE/bn3I1+/16gdNN855t2wtAHw95IeWOATuQ382KIqCyhk
3mQenTyzXSccNL/asKq5RzEVMjiqJ1LnEY3//fs/5BpyQegfCF78mk1GATRaL8K4
tFjGyX6tu+v2IwPaBJhU53hjuQVhi0p27fs91gD1cHnS3qI/NxHp2Zqmf4gj5RF1
4NaJqviNvCcmy4Dy4QOGgNfcrn/YTlkBqVdBzp3LUxgIag0X40ZyUP8HpwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFDtY5J9uarNfkxQUDpFLqOz1KNW5MB8GA1UdIwQY
MBaAFKLjxOx7NhEvzlIfW+8oc8e0zIjRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3VQRTdIczJFU19PVWg5Yjd5aHp4N1RNaU5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9mNDAzODctMmQ4NC00MDYyLWJlYzYt
ZGE1MTNjYzY5ODM5LzEvTzFqa24yNXFzMS1URkJRT2tVdW83UFVvMWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9mNDAzODctMmQ4NC00MDYyLWJlYzYtZGE1MTNjYzY5ODM5
LzEvb3VQRTdIczJFU19PVWg5Yjd5aHp4N1RNaU5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBABb4z8D
BAJb40ADBAHCtGwDBAHCtKowDQQCAAIwBwMFAyoPRkAwDQYJKoZIhvcNAQELBQAD
ggEBAIaIlYdYqvA12H/+Omk5xjOjD0SXE8snI9L9GvA4c5GBAbK4XlPK88/Kt5YJ
1OYxLZJ07tU8oboGG1IP9fYGcfL7lIBax71ku/Can1MyvDnu4N0UJcVdhYgVR3DS
cO2eSZhexJiqJmQgiGVeZST1inETz9iZ1/EFLjDWfql28nxj2mRRW0anZW9bg2Yd
4L+ez+kfn6683bDcR2umR2q2Xs0k+JP9Oh9ihjlSuXxcyq0f+iHk+qKv2TFqOLiR
11fsVfyTr7c7Q9GfLXz2qOAEa1iJ7Kld03Q9zQDeBqlG8o+6zJPZSZuiJUwTOxly
+7qyZrZuUJ4GYv0gAvSscdZASqY=
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:54:36 2025 by rpki-client