Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Xh4ptPl3loyr5HsYAeq5bigmrnc.roa
File: Xh4ptPl3loyr5HsYAeq5bigmrnc.roa (raw, json)
Hash identifier: y+GdTxJAoh6FrrDJ6BHqIZq0hI9csiMuoRcI0N0qK/0=
Subject key identifier: 5E:1E:29:B4:F9:77:96:8C:AB:E4:7B:18:01:EA:B9:6E:28:26:AE:77
Certificate issuer: /CN=63926fcff81bb91a6a71ae5e8935ab4daae53744
Certificate serial: 01941FFA83F00F0D7E67D1E37801026E3E4A
Authority key identifier: 63:92:6F:CF:F8:1B:B9:1A:6A:71:AE:5E:89:35:AB:4D:AA:E5:37:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Xh4ptPl3loyr5HsYAeq5bigmrnc.roa
Signing time: Wed 01 Jan 2025 03:48:18 +0000
ROA not before: Wed 01 Jan 2025 03:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41853
IP address blocks: 91.102.152.0/21 maxlen: 24
91.102.154.0/24 maxlen: 24
91.102.155.0/24 maxlen: 24
91.102.158.0/24 maxlen: 24
93.189.40.0/21 maxlen: 24
2a00:5820::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:83:f0:0f:0d:7e:67:d1:e3:78:01:02:6e:3e:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63926fcff81bb91a6a71ae5e8935ab4daae53744
Validity
Not Before: Jan 1 03:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e1e29b4f977968cabe47b1801eab96e2826ae77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:0c:9d:ab:97:a5:04:19:82:03:f5:18:f2:10:
e7:7a:94:31:b8:5b:1c:55:46:69:42:ed:7d:b0:a5:
b4:90:e3:8d:3a:61:cb:03:ed:99:46:bc:fc:68:95:
cb:0b:1e:b1:5b:44:a1:4f:d9:9b:1f:2f:3c:51:d5:
45:50:5e:86:3e:fd:4e:87:5f:98:8f:1a:5e:d7:11:
63:32:f2:29:24:8e:22:93:cf:f5:80:5e:70:02:dd:
18:76:6c:ec:33:d6:a2:07:2e:7b:d7:0f:67:0d:ac:
c2:6e:f2:99:0c:38:32:26:9b:05:96:77:53:d9:3f:
67:2f:89:24:84:bf:16:f9:87:8d:db:00:5b:f3:74:
2e:1d:50:bb:6f:e5:74:59:44:74:98:c0:51:99:01:
90:64:07:74:2c:fe:07:fe:42:f1:7b:a6:dc:4f:a0:
e1:91:71:d4:41:d6:f9:48:98:2a:0e:36:7c:36:af:
4b:f0:70:22:84:68:b5:7c:76:e8:0f:c9:17:5b:a9:
30:5d:56:93:db:1e:18:70:25:36:2f:96:62:07:dc:
e0:e3:d3:1e:43:42:f2:a0:6a:c2:c9:51:bf:f2:e9:
9e:0d:d4:79:99:a2:e2:dc:95:05:5f:38:46:7f:42:
d1:a6:58:c2:ee:ae:2e:d0:4f:e8:5f:ff:38:a1:6a:
7f:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:1E:29:B4:F9:77:96:8C:AB:E4:7B:18:01:EA:B9:6E:28:26:AE:77
X509v3 Authority Key Identifier:
keyid:63:92:6F:CF:F8:1B:B9:1A:6A:71:AE:5E:89:35:AB:4D:AA:E5:37:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Xh4ptPl3loyr5HsYAeq5bigmrnc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.102.152.0/21
93.189.40.0/21
IPv6:
2a00:5820::/32
Signature Algorithm: sha256WithRSAEncryption
7e:f7:30:e9:e0:99:c1:6e:17:17:1d:83:ed:9a:3c:08:98:9b:
10:d9:a5:ba:65:40:10:0d:12:dc:91:b2:e5:ee:4e:e9:b4:82:
eb:e2:78:f0:c0:66:55:ab:59:0d:65:73:79:cc:fc:71:0d:84:
ed:d3:b7:81:88:27:e0:84:e6:e0:22:9f:3d:97:24:ab:6c:c1:
35:4d:c6:be:73:1e:cb:13:32:e0:57:32:07:69:eb:5f:36:a2:
40:2c:ff:9e:2c:d2:ee:5f:4f:dc:69:8a:2b:5f:66:96:dd:f5:
2c:cf:d6:03:21:e9:8c:77:11:09:75:3e:2a:ae:d2:bb:55:38:
5e:75:fa:8c:76:6f:9c:83:89:b1:e3:39:0a:1f:f6:96:73:4b:
b9:66:68:1c:03:4c:31:bb:92:53:79:48:c8:8a:b5:be:19:1e:
c2:1c:dd:97:f1:c4:40:f3:5a:3f:14:d2:41:b0:2d:ed:8e:14:
f5:ea:28:4a:90:0e:54:19:d2:ac:29:8c:91:23:c1:71:29:64:
94:8d:52:bf:43:d2:38:7f:bc:c4:60:28:71:66:42:41:e9:0d:
7c:18:86:1b:36:fc:f2:55:a1:13:4a:f1:2f:08:9d:7a:8c:1b:
04:0f:3e:77:4f:45:b9:b0:69:22:db:73:f3:c5:77:7c:14:8c:
7c:27:bd:5e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+oPwDw1+Z9HjeAECbj5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOTI2ZmNmZjgxYmI5MWE2YTcxYWU1ZTg5MzVhYjRkYWFl
NTM3NDQwHhcNMjUwMTAxMDM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTFlMjliNGY5Nzc5NjhjYWJlNDdiMTgwMWVhYjk2ZTI4MjZhZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgydq5elBBmCA/UY8hDnepQxuFsc
VUZpQu19sKW0kOONOmHLA+2ZRrz8aJXLCx6xW0ShT9mbHy88UdVFUF6GPv1Oh1+Y
jxpe1xFjMvIpJI4ik8/1gF5wAt0YdmzsM9aiBy571w9nDazCbvKZDDgyJpsFlndT
2T9nL4kkhL8W+YeN2wBb83QuHVC7b+V0WUR0mMBRmQGQZAd0LP4H/kLxe6bcT6Dh
kXHUQdb5SJgqDjZ8Nq9L8HAihGi1fHboD8kXW6kwXVaT2x4YcCU2L5ZiB9zg49Me
Q0LyoGrCyVG/8umeDdR5maLi3JUFXzhGf0LRpljC7q4u0E/oX/84oWp/awIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF4eKbT5d5aMq+R7GAHquW4oJq53MB8GA1UdIwQY
MBaAFGOSb8/4G7kaanGuXok1q02q5TdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTVKdnpfZ2J1UnBxY2E1ZWlUV3JUYXJsTjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9lMDRmYzQtMmM2ZS00YWY3LTkzOWUt
MDQ4MzkxZjhkYjljLzEvWGg0cHRQbDNsb3lyNUhzWUFlcTViaWdtcm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9lMDRmYzQtMmM2ZS00YWY3LTkzOWUtMDQ4MzkxZjhkYjlj
LzEvWTVKdnpfZ2J1UnBxY2E1ZWlUV3JUYXJsTjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDW2aYAwQD
Xb0oMA0EAgACMAcDBQAqAFggMA0GCSqGSIb3DQEBCwUAA4IBAQB+9zDp4JnBbhcX
HYPtmjwImJsQ2aW6ZUAQDRLckbLl7k7ptILr4njwwGZVq1kNZXN5zPxxDYTt07eB
iCfghObgIp89lySrbME1Tca+cx7LEzLgVzIHaetfNqJALP+eLNLuX0/caYorX2aW
3fUsz9YDIemMdxEJdT4qrtK7VThedfqMdm+cg4mx4zkKH/aWc0u5ZmgcA0wxu5JT
eUjIirW+GR7CHN2X8cRA81o/FNJBsC3tjhT16ihKkA5UGdKsKYyRI8FxKWSUjVK/
Q9I4f7zEYChxZkJB6Q18GIYbNvzyVaETSvEvCJ16jBsEDz53T0W5sGki23PzxXd8
FIx8J71e
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:37:47 2025 by rpki-client