Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/167903-f426-4bf0-9233-a9ac66be48f7/1/FMBsd665mkW877Lm7mjOcBolr5g.roa
File: FMBsd665mkW877Lm7mjOcBolr5g.roa (raw, json)
Hash identifier: 3614fl/uw1OiBqiLqW5MtPTJk1bhJcyOd8R/vQp2zPM=
Subject key identifier: 14:C0:6C:77:AE:B9:9A:45:BC:EF:B2:E6:EE:68:CE:70:1A:25:AF:98
Certificate issuer: /CN=4a4ad03a0f592bb9c97c3052a690125d846415a4
Certificate serial: 0194228DF742796A96640EFB239A0CDE0925
Authority key identifier: 4A:4A:D0:3A:0F:59:2B:B9:C9:7C:30:52:A6:90:12:5D:84:64:15:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SkrQOg9ZK7nJfDBSppASXYRkFaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/167903-f426-4bf0-9233-a9ac66be48f7/1/FMBsd665mkW877Lm7mjOcBolr5g.roa
Signing time: Wed 01 Jan 2025 15:48:36 +0000
ROA not before: Wed 01 Jan 2025 15:48:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58293
IP address blocks: 45.11.201.0/24 maxlen: 24
45.81.100.0/22 maxlen: 24
185.195.48.0/24 maxlen: 24
185.195.49.0/24 maxlen: 24
185.195.50.0/24 maxlen: 24
185.195.51.0/24 maxlen: 24
193.162.40.0/24 maxlen: 24
2a07:a5c0::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/167903-f426-4bf0-9233-a9ac66be48f7/1/SkrQOg9ZK7nJfDBSppASXYRkFaQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/167903-f426-4bf0-9233-a9ac66be48f7/1/SkrQOg9ZK7nJfDBSppASXYRkFaQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/SkrQOg9ZK7nJfDBSppASXYRkFaQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:f7:42:79:6a:96:64:0e:fb:23:9a:0c:de:09:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4a4ad03a0f592bb9c97c3052a690125d846415a4
Validity
Not Before: Jan 1 15:48:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=14c06c77aeb99a45bcefb2e6ee68ce701a25af98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:f5:af:15:a6:7a:55:c3:a0:83:b2:c6:e3:cf:
8a:ef:17:74:5b:69:e5:d3:97:aa:b1:c8:13:b3:b6:
49:a5:fa:c9:1d:a6:6f:c8:0d:88:64:eb:51:3e:02:
7f:3f:76:cc:37:85:41:d6:97:d0:d6:20:80:21:c8:
cf:b9:c2:2d:40:fe:ef:4a:f8:41:ff:df:a3:7a:88:
7d:6d:18:e8:42:10:f7:08:78:0b:20:d3:21:0b:09:
fc:6f:ad:62:c9:a5:a9:1f:c2:ae:47:2a:40:b7:28:
fa:04:74:01:ff:60:fc:e3:a1:ea:d4:b5:46:3f:74:
7a:eb:81:5f:4b:4a:f7:99:5a:b0:76:7e:e4:2d:2b:
8b:09:bf:38:a9:f4:c0:9c:41:11:1f:ae:bc:8d:82:
60:24:57:1a:6d:ea:ed:f1:37:c2:e4:d2:7a:16:ac:
cb:94:85:0e:75:f2:50:46:b7:b5:e8:0f:31:23:0c:
13:88:86:a4:ce:29:fd:41:58:26:30:45:55:ed:15:
aa:95:99:fb:39:1b:7b:50:51:81:7c:ce:8b:35:da:
bf:6f:5b:da:61:bb:4e:29:22:14:06:ec:a4:ae:5c:
a0:da:7a:8e:3f:ac:e0:99:cb:10:17:96:b8:b0:00:
2c:4b:58:cc:15:9b:ab:61:6a:bb:4b:b4:a3:8c:b3:
a9:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:C0:6C:77:AE:B9:9A:45:BC:EF:B2:E6:EE:68:CE:70:1A:25:AF:98
X509v3 Authority Key Identifier:
keyid:4A:4A:D0:3A:0F:59:2B:B9:C9:7C:30:52:A6:90:12:5D:84:64:15:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SkrQOg9ZK7nJfDBSppASXYRkFaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/167903-f426-4bf0-9233-a9ac66be48f7/1/FMBsd665mkW877Lm7mjOcBolr5g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/167903-f426-4bf0-9233-a9ac66be48f7/1/SkrQOg9ZK7nJfDBSppASXYRkFaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.201.0/24
45.81.100.0/22
185.195.48.0/22
193.162.40.0/24
IPv6:
2a07:a5c0::/36
Signature Algorithm: sha256WithRSAEncryption
3c:f7:0f:8d:79:13:f3:4c:79:71:8e:e2:8e:99:b0:c1:81:70:
cc:ad:6c:7e:b6:d7:32:ea:78:36:8c:bc:43:22:bf:8d:db:19:
01:32:e8:e4:ab:d5:aa:66:a7:39:05:cd:b3:81:a7:fc:b5:05:
83:13:3b:b6:e1:f5:4c:20:ca:73:3c:fe:c3:1a:ad:e7:1c:99:
c7:9f:e4:0d:e4:5f:1a:85:93:e9:e0:e9:e0:b9:5c:90:68:3c:
34:fa:8d:d9:bb:ca:90:ba:8c:83:50:31:d3:b2:6f:e1:53:0d:
a5:d3:e6:e2:2d:94:0d:ec:6f:48:c7:b0:0e:0d:df:43:f8:62:
3d:8a:b0:99:24:2a:4f:af:43:0d:8c:4b:54:b3:41:a2:9e:14:
f7:ec:68:64:ad:eb:2b:4b:bb:97:89:2e:a2:b5:a9:a4:bc:72:
dd:8a:85:e4:49:ca:34:e3:78:b9:c9:52:1b:6f:0d:86:22:06:
fe:09:b4:85:96:53:63:77:a0:49:5f:3a:cf:52:2b:b5:c4:06:
82:d6:82:29:ae:cf:2b:0c:09:a2:97:b3:f2:f1:46:ae:89:0c:
9a:7b:10:fe:fd:0e:93:73:7e:6f:34:86:cb:9c:c1:eb:c8:e1:
bb:2f:98:32:f0:99:3f:4e:ae:f1:db:2b:83:d4:7b:70:4d:39:
15:26:31:97
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQijfdCeWqWZA77I5oM3gklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNGFkMDNhMGY1OTJiYjljOTdjMzA1MmE2OTAxMjVkODQ2
NDE1YTQwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGMwNmM3N2FlYjk5YTQ1YmNlZmIyZTZlZTY4Y2U3MDFhMjVhZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPWvFaZ6VcOgg7LG48+K7xd0W2nl
05eqscgTs7ZJpfrJHaZvyA2IZOtRPgJ/P3bMN4VB1pfQ1iCAIcjPucItQP7vSvhB
/9+jeoh9bRjoQhD3CHgLINMhCwn8b61iyaWpH8KuRypAtyj6BHQB/2D846Hq1LVG
P3R664FfS0r3mVqwdn7kLSuLCb84qfTAnEERH668jYJgJFcabert8TfC5NJ6FqzL
lIUOdfJQRre16A8xIwwTiIakzin9QVgmMEVV7RWqlZn7ORt7UFGBfM6LNdq/b1va
YbtOKSIUBuykrlyg2nqOP6zgmcsQF5a4sAAsS1jMFZurYWq7S7SjjLOp6QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFBTAbHeuuZpFvO+y5u5oznAaJa+YMB8GA1UdIwQY
MBaAFEpK0DoPWSu5yXwwUqaQEl2EZBWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tyUU9nOVpLN25KZkRCU3BwQVNYWVJrRmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xNjc5MDMtZjQyNi00YmYwLTkyMzMt
YTlhYzY2YmU0OGY3LzEvRk1Cc2Q2NjVta1c4NzdMbTdtak9jQm9scjVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xNjc5MDMtZjQyNi00YmYwLTkyMzMtYTlhYzY2YmU0OGY3
LzEvU2tyUU9nOVpLN25KZkRCU3BwQVNYWVJrRmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQALQvJAwQC
LVFkAwQCucMwAwQAwaIoMA4EAgACMAgDBgQqB6XAADANBgkqhkiG9w0BAQsFAAOC
AQEAPPcPjXkT80x5cY7ijpmwwYFwzK1sfrbXMup4Noy8QyK/jdsZATLo5KvVqman
OQXNs4Gn/LUFgxM7tuH1TCDKczz+wxqt5xyZx5/kDeRfGoWT6eDp4LlckGg8NPqN
2bvKkLqMg1Ax07Jv4VMNpdPm4i2UDexvSMewDg3fQ/hiPYqwmSQqT69DDYxLVLNB
op4U9+xoZK3rK0u7l4kuorWppLxy3YqF5EnKNON4uclSG28NhiIG/gm0hZZTY3eg
SV86z1IrtcQGgtaCKa7PKwwJopez8vFGrokMmnsQ/v0Ok3N+bzSGy5zB68jhuy+Y
MvCZP06u8dsrg9R7cE05FSYxlw==
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:46:56 2025 by rpki-client