Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/IOmKwvAlqovOqDg8R3XEjQKQn3k.roa
File: IOmKwvAlqovOqDg8R3XEjQKQn3k.roa (raw, json)
Hash identifier: /PNQa25f3KzGjHOJXgALCT84CCr36de+6y0mC+W9C/U=
Subject key identifier: 20:E9:8A:C2:F0:25:AA:8B:CE:A8:38:3C:47:75:C4:8D:02:90:9F:79
Certificate issuer: /CN=834d966d00afbc39b5958bc1a6ed5793ffc0c54d
Certificate serial: 019424B3D0905A3F164F68D94890C8932AE8
Authority key identifier: 83:4D:96:6D:00:AF:BC:39:B5:95:8B:C1:A6:ED:57:93:FF:C0:C5:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g02WbQCvvDm1lYvBpu1Xk__AxU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/IOmKwvAlqovOqDg8R3XEjQKQn3k.roa
Signing time: Thu 02 Jan 2025 01:49:11 +0000
ROA not before: Thu 02 Jan 2025 01:49:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61408
IP address blocks: 5.56.0.0/21 maxlen: 21
5.56.0.0/22 maxlen: 22
5.56.0.0/23 maxlen: 23
5.56.0.0/24 maxlen: 24
5.56.1.0/24 maxlen: 24
5.56.2.0/23 maxlen: 23
5.56.2.0/24 maxlen: 24
5.56.3.0/24 maxlen: 24
5.56.4.0/22 maxlen: 22
5.56.4.0/23 maxlen: 23
5.56.4.0/24 maxlen: 24
5.56.5.0/24 maxlen: 24
5.56.6.0/23 maxlen: 23
5.56.6.0/24 maxlen: 24
5.56.7.0/24 maxlen: 24
185.35.188.0/22 maxlen: 22
185.35.188.0/23 maxlen: 23
185.35.188.0/24 maxlen: 24
185.35.189.0/24 maxlen: 24
185.35.190.0/23 maxlen: 23
185.35.190.0/24 maxlen: 24
185.35.191.0/24 maxlen: 24
2a03:30c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/g02WbQCvvDm1lYvBpu1Xk__AxU0.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/g02WbQCvvDm1lYvBpu1Xk__AxU0.mft
rsync://rpki.ripe.net/repository/DEFAULT/g02WbQCvvDm1lYvBpu1Xk__AxU0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 13:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:d0:90:5a:3f:16:4f:68:d9:48:90:c8:93:2a:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=834d966d00afbc39b5958bc1a6ed5793ffc0c54d
Validity
Not Before: Jan 2 01:49:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20e98ac2f025aa8bcea8383c4775c48d02909f79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:fd:a7:c9:76:0e:a6:9a:09:41:f4:b0:2d:7b:
d4:d1:48:6e:ac:15:2f:ec:58:d2:17:ea:c9:23:42:
bf:58:cd:1c:1a:d5:a4:8c:ea:09:2d:ac:1e:a9:72:
74:73:51:59:db:88:36:c7:b4:54:80:7e:b9:e8:31:
95:96:53:8e:4e:d2:c4:d6:b6:24:ae:2a:58:53:d8:
3e:89:1d:9e:07:21:72:11:93:00:7d:cc:5e:92:25:
9d:d0:20:3e:21:1b:e6:8c:80:b4:ea:86:d5:2c:71:
42:7c:21:de:16:6d:3b:6b:8e:5d:c7:92:2e:a9:46:
84:3d:de:b8:61:31:40:4f:ae:76:3d:fe:de:6d:7b:
15:d8:a4:57:c7:1b:65:21:da:33:4c:9c:77:6b:60:
64:e4:0f:8c:ff:3d:89:76:c9:b4:c2:4b:e3:c7:98:
c1:3e:88:ac:58:b3:b9:52:d0:47:ac:86:b7:01:42:
cf:fc:90:67:0c:6a:45:a6:03:34:d1:81:93:9e:34:
10:f7:78:de:59:e4:65:3d:7f:10:8e:bf:c9:72:d9:
20:43:49:ec:8b:cb:65:31:54:0e:0a:4c:43:14:68:
de:d8:1c:f5:45:10:06:a8:19:1e:eb:15:41:c1:0e:
59:35:3a:02:81:26:2e:d4:d3:3e:c0:46:8c:f4:83:
ce:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:E9:8A:C2:F0:25:AA:8B:CE:A8:38:3C:47:75:C4:8D:02:90:9F:79
X509v3 Authority Key Identifier:
keyid:83:4D:96:6D:00:AF:BC:39:B5:95:8B:C1:A6:ED:57:93:FF:C0:C5:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g02WbQCvvDm1lYvBpu1Xk__AxU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/IOmKwvAlqovOqDg8R3XEjQKQn3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8830a4-6c83-4338-bafd-b5d1e902310a/1/g02WbQCvvDm1lYvBpu1Xk__AxU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.56.0.0/21
185.35.188.0/22
IPv6:
2a03:30c0::/32
Signature Algorithm: sha256WithRSAEncryption
58:9f:98:d8:88:e5:13:ed:16:ab:91:89:42:ce:69:3b:62:d4:
ce:e1:3f:15:cb:8c:a9:3a:c7:7e:51:00:cc:7c:d5:81:67:2d:
22:85:0d:d4:10:30:c8:c9:15:f2:c5:06:33:64:28:c8:bf:14:
3f:02:55:e5:49:1d:5a:6c:7a:94:44:66:b8:7c:7e:ba:6f:0f:
33:fc:7c:7d:64:76:28:10:59:a2:ef:07:95:1b:8e:26:f2:ee:
8a:6d:2f:f1:b8:ca:df:06:c9:24:93:c3:d9:2b:cb:5f:61:2a:
fd:d7:7b:29:93:c1:06:b1:29:53:43:cd:b5:34:57:5c:ef:bf:
32:7c:31:a4:81:08:e8:f7:dc:fd:b7:87:28:6b:f1:2d:02:e7:
b0:99:ce:e7:e6:7e:17:88:b8:53:df:95:72:6b:bc:71:37:8c:
bb:9e:bd:a3:ba:1f:ca:e7:1b:cd:77:83:e3:e8:66:e1:f6:7e:
85:e1:4d:fe:20:41:a4:aa:9b:c3:71:a9:6c:06:95:68:9c:b0:
6a:02:55:6c:5c:29:11:26:9b:67:d4:24:f9:86:39:55:b1:dc:
d9:5c:d2:6d:d9:79:b3:f8:84:2f:f0:04:cc:88:12:0b:0a:77:
cd:ee:c2:cf:99:b8:f4:93:4f:43:e6:5e:0b:ca:a0:56:23:45:
0c:1a:c9:19
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks9CQWj8WT2jZSJDIkyroMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNGQ5NjZkMDBhZmJjMzliNTk1OGJjMWE2ZWQ1NzkzZmZj
MGM1NGQwHhcNMjUwMTAyMDE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGU5OGFjMmYwMjVhYThiY2VhODM4M2M0Nzc1YzQ4ZDAyOTA5Zjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf2nyXYOppoJQfSwLXvU0UhurBUv
7FjSF+rJI0K/WM0cGtWkjOoJLaweqXJ0c1FZ24g2x7RUgH656DGVllOOTtLE1rYk
ripYU9g+iR2eByFyEZMAfcxekiWd0CA+IRvmjIC06obVLHFCfCHeFm07a45dx5Iu
qUaEPd64YTFAT652Pf7ebXsV2KRXxxtlIdozTJx3a2Bk5A+M/z2Jdsm0wkvjx5jB
PoisWLO5UtBHrIa3AULP/JBnDGpFpgM00YGTnjQQ93jeWeRlPX8Qjr/JctkgQ0ns
i8tlMVQOCkxDFGje2Bz1RRAGqBke6xVBwQ5ZNToCgSYu1NM+wEaM9IPOZQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCDpisLwJaqLzqg4PEd1xI0CkJ95MB8GA1UdIwQY
MBaAFINNlm0Ar7w5tZWLwabtV5P/wMVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzAyV2JRQ3Z2RG0xbFl2QnB1MVhrX19BeFUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84ODMwYTQtNmM4My00MzM4LWJhZmQt
YjVkMWU5MDIzMTBhLzEvSU9tS3d2QWxxb3ZPcURnOFIzWEVqUUtRbjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84ODMwYTQtNmM4My00MzM4LWJhZmQtYjVkMWU5MDIzMTBh
LzEvZzAyV2JRQ3Z2RG0xbFl2QnB1MVhrX19BeFUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBTgAAwQC
uSO8MA0EAgACMAcDBQAqAzDAMA0GCSqGSIb3DQEBCwUAA4IBAQBYn5jYiOUT7Rar
kYlCzmk7YtTO4T8Vy4ypOsd+UQDMfNWBZy0ihQ3UEDDIyRXyxQYzZCjIvxQ/AlXl
SR1abHqURGa4fH66bw8z/Hx9ZHYoEFmi7weVG44m8u6KbS/xuMrfBskkk8PZK8tf
YSr913spk8EGsSlTQ821NFdc778yfDGkgQjo99z9t4coa/EtAuewmc7n5n4XiLhT
35Vya7xxN4y7nr2juh/K5xvNd4Pj6Gbh9n6F4U3+IEGkqpvDcalsBpVonLBqAlVs
XCkRJptn1CT5hjlVsdzZXNJt2Xmz+IQv8ATMiBILCnfN7sLPmbj0k09D5l4LyqBW
I0UMGskZ
-----END CERTIFICATE-----
Generated at Sun Apr 6 21:33:46 2025 by rpki-client