Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/1Xqi7Z1GlyKJmmpJLPuLaaDGlwA.roa
File: 1Xqi7Z1GlyKJmmpJLPuLaaDGlwA.roa (raw, json)
Hash identifier: R1V6MsHqSpwWAHrp5zkXdM7XbLDDs5vw6HyT3BRV75o=
Subject key identifier: D5:7A:A2:ED:9D:46:97:22:89:9A:6A:49:2C:FB:8B:69:A0:C6:97:00
Certificate issuer: /CN=3dfa29368c8be69c8edd5aa193557fcba2a57ec8
Certificate serial: 019421B1B3CAB82945C0DE640ED4F6EE803F
Authority key identifier: 3D:FA:29:36:8C:8B:E6:9C:8E:DD:5A:A1:93:55:7F:CB:A2:A5:7E:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PfopNoyL5pyO3Vqhk1V_y6Klfsg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/1Xqi7Z1GlyKJmmpJLPuLaaDGlwA.roa
Signing time: Wed 01 Jan 2025 11:48:01 +0000
ROA not before: Wed 01 Jan 2025 11:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206276
IP address blocks: 45.8.12.0/22 maxlen: 22
45.141.240.0/22 maxlen: 22
78.142.212.0/22 maxlen: 22
185.179.184.0/22 maxlen: 22
185.190.100.0/22 maxlen: 22
193.38.224.0/22 maxlen: 22
194.49.56.0/22 maxlen: 22
212.63.112.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/PfopNoyL5pyO3Vqhk1V_y6Klfsg.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/PfopNoyL5pyO3Vqhk1V_y6Klfsg.mft
rsync://rpki.ripe.net/repository/DEFAULT/PfopNoyL5pyO3Vqhk1V_y6Klfsg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:b3:ca:b8:29:45:c0:de:64:0e:d4:f6:ee:80:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3dfa29368c8be69c8edd5aa193557fcba2a57ec8
Validity
Not Before: Jan 1 11:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d57aa2ed9d469722899a6a492cfb8b69a0c69700
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:8b:a8:be:30:85:48:ef:cf:86:13:d6:df:dc:
2d:c9:c3:2c:b1:8d:ac:30:61:02:7c:98:f8:20:74:
d3:6b:7f:77:9d:60:c4:49:c9:43:26:49:a5:d0:14:
0f:df:43:e5:30:6f:1d:fa:35:e1:ef:d9:21:e3:c0:
7d:b2:43:f6:1c:a2:48:2a:9a:a5:22:5c:5a:aa:b0:
e0:a2:a3:f6:b0:87:a9:e7:d1:64:99:59:63:17:db:
da:08:59:a4:89:3b:13:ad:75:7e:a7:a6:aa:9c:a1:
2c:e5:82:66:d1:65:41:06:52:3d:61:cf:d5:dc:49:
9e:39:85:18:dd:a7:44:79:78:1b:d8:ec:a4:95:00:
b5:24:0a:7c:8b:40:2e:c3:02:8b:48:da:bc:00:8a:
2d:35:8b:b5:a2:e7:e4:72:b3:d5:9b:58:28:9d:e9:
6d:8e:d3:d9:d6:61:80:00:c4:c6:9a:a4:3e:74:43:
d2:9c:f1:c2:c4:73:4c:fe:34:c9:c5:01:f4:15:23:
e4:ae:1e:3b:36:e5:c2:5b:ae:d6:ab:52:f6:fe:e3:
e6:48:23:95:18:21:bf:42:0e:95:38:b2:7d:53:82:
de:32:8a:ee:ee:07:a8:dd:8e:90:71:ae:5a:4a:17:
2b:ed:9a:51:1d:e7:86:b1:b7:c9:34:fd:0b:ff:8b:
0b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:7A:A2:ED:9D:46:97:22:89:9A:6A:49:2C:FB:8B:69:A0:C6:97:00
X509v3 Authority Key Identifier:
keyid:3D:FA:29:36:8C:8B:E6:9C:8E:DD:5A:A1:93:55:7F:CB:A2:A5:7E:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfopNoyL5pyO3Vqhk1V_y6Klfsg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/1Xqi7Z1GlyKJmmpJLPuLaaDGlwA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/2d4f7f-16e7-4fe6-a189-bd58d0021a09/1/PfopNoyL5pyO3Vqhk1V_y6Klfsg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.12.0/22
45.141.240.0/22
78.142.212.0/22
185.179.184.0/22
185.190.100.0/22
193.38.224.0/22
194.49.56.0/22
212.63.112.0/22
Signature Algorithm: sha256WithRSAEncryption
6e:75:58:9e:10:6a:b1:78:84:b0:e8:81:a0:c1:08:9f:9c:85:
c4:c3:e2:0a:55:fa:74:32:8b:9d:9d:16:57:1d:a4:d6:0a:89:
9a:f6:e6:e3:18:76:7b:78:58:c9:f5:02:e6:e2:35:5d:85:30:
f5:7a:0d:81:cc:e8:63:8d:3d:8f:25:7d:37:56:39:47:8d:d9:
66:0a:99:a9:0d:30:71:42:4f:7d:e3:65:f4:46:80:24:68:e1:
9b:8a:b1:10:dc:bd:7c:34:84:80:ca:f0:f4:0b:64:48:86:37:
64:28:0e:94:92:5f:ce:2b:ce:17:82:eb:1c:c9:df:f8:81:dd:
3c:7f:07:99:82:08:25:c2:5a:88:c3:35:67:67:ce:8f:ff:22:
56:da:33:25:12:15:a5:7d:4f:f9:34:25:f0:a4:c0:9b:d9:e4:
e5:80:ca:1c:6c:41:ac:b7:07:a5:fc:ab:27:ce:ef:2c:53:78:
7a:67:a9:53:8d:1e:7e:2d:f2:a5:e6:5b:6d:6e:63:62:c6:e9:
54:21:2c:02:c0:59:5d:03:46:35:06:c9:ff:cb:5f:dd:b4:2d:
3e:e3:73:e0:48:51:81:0f:46:66:58:be:65:e4:1b:81:9f:bd:
53:07:f4:06:20:2a:ed:d6:4f:e1:26:09:4d:ef:1e:56:ba:56:
be:ea:97:1b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQhsbPKuClFwN5kDtT27oA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZmEyOTM2OGM4YmU2OWM4ZWRkNWFhMTkzNTU3ZmNiYTJh
NTdlYzgwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTdhYTJlZDlkNDY5NzIyODk5YTZhNDkyY2ZiOGI2OWEwYzY5NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8IuovjCFSO/PhhPW39wtycMssY2s
MGECfJj4IHTTa393nWDESclDJkml0BQP30PlMG8d+jXh79kh48B9skP2HKJIKpql
IlxaqrDgoqP2sIep59FkmVljF9vaCFmkiTsTrXV+p6aqnKEs5YJm0WVBBlI9Yc/V
3EmeOYUY3adEeXgb2OyklQC1JAp8i0AuwwKLSNq8AIotNYu1oufkcrPVm1gonelt
jtPZ1mGAAMTGmqQ+dEPSnPHCxHNM/jTJxQH0FSPkrh47NuXCW67Wq1L2/uPmSCOV
GCG/Qg6VOLJ9U4LeMoru7geo3Y6Qca5aShcr7ZpRHeeGsbfJNP0L/4sLdwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNV6ou2dRpciiZpqSSz7i2mgxpcAMB8GA1UdIwQY
MBaAFD36KTaMi+acjt1aoZNVf8uipX7IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZvcE5veUw1cHlPM1ZxaGsxVl95NktsZnNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yZDRmN2YtMTZlNy00ZmU2LWExODkt
YmQ1OGQwMDIxYTA5LzEvMVhxaTdaMUdseUtKbW1wSkxQdUxhYURHbHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yZDRmN2YtMTZlNy00ZmU2LWExODktYmQ1OGQwMDIxYTA5
LzEvUGZvcE5veUw1cHlPM1ZxaGsxVl95NktsZnNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLQgMAwQC
LY3wAwQCTo7UAwQCubO4AwQCub5kAwQCwSbgAwQCwjE4AwQC1D9wMA0GCSqGSIb3
DQEBCwUAA4IBAQBudVieEGqxeISw6IGgwQifnIXEw+IKVfp0MoudnRZXHaTWComa
9ubjGHZ7eFjJ9QLm4jVdhTD1eg2BzOhjjT2PJX03VjlHjdlmCpmpDTBxQk9942X0
RoAkaOGbirEQ3L18NISAyvD0C2RIhjdkKA6Ukl/OK84Xguscyd/4gd08fweZgggl
wlqIwzVnZ86P/yJW2jMlEhWlfU/5NCXwpMCb2eTlgMocbEGstwel/Ksnzu8sU3h6
Z6lTjR5+LfKl5lttbmNixulUISwCwFldA0Y1Bsn/y1/dtC0+43PgSFGBD0ZmWL5l
5BuBn71TB/QGICrt1k/hJglN7x5Wula+6pcb
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:45:27 2025 by rpki-client