Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/GNoD4VldON0fRQOsfwgnZbDlm30.roa
File: GNoD4VldON0fRQOsfwgnZbDlm30.roa (raw, json)
Hash identifier: blIx8D3DZyU+DHXOsnwJBmGsut7rhQArkG8R7KyjOw4=
Subject key identifier: 18:DA:03:E1:59:5D:38:DD:1F:45:03:AC:7F:08:27:65:B0:E5:9B:7D
Certificate issuer: /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial: 01941F8C2286316CB124D5F89B0FDED1C5FC
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/GNoD4VldON0fRQOsfwgnZbDlm30.roa
Signing time: Wed 01 Jan 2025 01:47:45 +0000
ROA not before: Wed 01 Jan 2025 01:47:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5413
IP address blocks: 91.231.188.0/24 maxlen: 24
91.231.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 02:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:22:86:31:6c:b1:24:d5:f8:9b:0f:de:d1:c5:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Validity
Not Before: Jan 1 01:47:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=18da03e1595d38dd1f4503ac7f082765b0e59b7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:27:9b:68:11:80:af:a7:1d:8a:b6:f1:32:0b:
33:32:8c:30:f1:ed:a9:0f:c2:7a:9e:aa:4e:24:7e:
70:62:ce:86:2c:fe:bb:4b:75:dd:0a:ef:4a:c3:0d:
ed:da:91:a3:d2:74:d7:bf:4d:fe:64:7c:94:6c:aa:
45:74:7c:94:10:2c:83:b0:d6:b3:4e:2f:b3:f7:89:
db:71:1f:16:75:b8:68:a2:4b:d7:df:3b:6c:17:db:
b0:e4:94:51:81:a7:28:4c:69:89:71:d3:77:b4:ec:
2e:9d:82:da:cd:62:39:3c:c7:89:cf:15:7c:38:d2:
e7:91:04:f3:e6:f7:0c:bc:61:5d:c9:c7:8f:b0:c9:
19:a7:80:fb:1f:78:86:cd:04:c7:0d:79:15:8c:f1:
49:7b:c6:62:ad:cc:c6:bf:8a:be:1e:11:cd:81:63:
ea:83:10:6f:d1:da:68:29:59:ff:fd:06:c6:cd:38:
8b:e5:e3:e2:12:ec:6b:d3:1a:28:fb:89:42:3d:85:
12:5a:ba:31:b1:1b:b4:24:34:71:aa:bd:0d:01:cf:
bd:b4:14:54:a3:90:37:6e:30:dd:65:31:89:ee:e6:
c4:8e:c2:d8:1f:ab:58:af:ed:49:bf:5f:bb:7b:0b:
2a:b8:27:95:f9:d0:a2:b0:58:4d:e3:d5:6f:fb:01:
5e:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:DA:03:E1:59:5D:38:DD:1F:45:03:AC:7F:08:27:65:B0:E5:9B:7D
X509v3 Authority Key Identifier:
keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/GNoD4VldON0fRQOsfwgnZbDlm30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.188.0/24
91.231.191.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:a8:ad:ea:6b:49:a9:8f:72:11:56:41:46:26:c1:ee:7d:74:
91:d6:72:89:a6:b2:f6:86:22:be:d8:a9:26:83:aa:7d:6a:7d:
35:d6:16:29:e8:61:33:dd:32:fc:af:cf:f8:c1:f5:58:f0:13:
ac:99:8b:66:dd:de:53:e6:06:25:84:a7:b4:07:a2:7f:6e:ef:
c1:1a:30:78:83:86:e6:a0:9d:35:5a:4b:4b:d3:4d:52:e0:c1:
19:52:62:4b:14:6b:69:51:48:9d:4f:62:7e:71:d9:7a:d7:4f:
e3:9b:79:6b:69:4e:aa:39:73:7f:40:54:85:14:35:57:9b:92:
7a:40:3c:65:99:c2:c1:ba:bc:3c:fa:26:dd:fe:b9:dd:1e:57:
16:88:cd:7e:09:c9:8e:02:09:8e:36:d4:d7:6b:0e:c2:60:d9:
2d:87:b8:dd:01:f3:08:12:90:49:a4:79:1f:15:57:de:b3:5e:
fc:69:f6:fc:f0:b1:7f:5d:5f:af:81:bc:ac:44:15:2a:6f:00:
74:85:e6:21:5d:00:3c:bf:4e:b8:d6:49:2f:28:c2:a0:be:6b:
24:d5:b2:12:2c:44:c3:e1:2b:9c:81:13:d6:70:c5:3d:d8:e0:
fc:39:63:0d:f2:fc:4f:a2:9f:8d:55:df:81:c3:80:5c:c8:33:
6b:ee:d6:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjCKGMWyxJNX4mw/e0cX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRhMDNlMTU5NWQzOGRkMWY0NTAzYWM3ZjA4Mjc2NWIwZTU5YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyebaBGAr6cdirbxMgszMoww8e2p
D8J6nqpOJH5wYs6GLP67S3XdCu9Kww3t2pGj0nTXv03+ZHyUbKpFdHyUECyDsNaz
Ti+z94nbcR8WdbhookvX3ztsF9uw5JRRgacoTGmJcdN3tOwunYLazWI5PMeJzxV8
ONLnkQTz5vcMvGFdycePsMkZp4D7H3iGzQTHDXkVjPFJe8ZirczGv4q+HhHNgWPq
gxBv0dpoKVn//QbGzTiL5ePiEuxr0xoo+4lCPYUSWroxsRu0JDRxqr0NAc+9tBRU
o5A3bjDdZTGJ7ubEjsLYH6tYr+1Jv1+7ewsquCeV+dCisFhN49Vv+wFeWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBjaA+FZXTjdH0UDrH8IJ2Ww5Zt9MB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvR05vRDRWbGRPTjBmUlFPc2Z3Z25aYkRsbTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+e8AwQA
W+e/MA0GCSqGSIb3DQEBCwUAA4IBAQA8qK3qa0mpj3IRVkFGJsHufXSR1nKJprL2
hiK+2Kkmg6p9an011hYp6GEz3TL8r8/4wfVY8BOsmYtm3d5T5gYlhKe0B6J/bu/B
GjB4g4bmoJ01WktL001S4MEZUmJLFGtpUUidT2J+cdl610/jm3lraU6qOXN/QFSF
FDVXm5J6QDxlmcLBurw8+ibd/rndHlcWiM1+CcmOAgmONtTXaw7CYNkth7jdAfMI
EpBJpHkfFVfes178afb88LF/XV+vgbysRBUqbwB0heYhXQA8v0641kkvKMKgvmsk
1bISLETD4SucgRPWcMU92OD8OWMN8vxPop+NVd+Bw4BcyDNr7tZo
-----END CERTIFICATE-----
Generated at Fri Apr 11 11:57:26 2025 by rpki-client