Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/938722-d415-4027-a0b3-a2aa286dc448/1/CxOk9LmHNEmsk0bxkFd_ya6kVMw.roa
File: CxOk9LmHNEmsk0bxkFd_ya6kVMw.roa (raw, json)
Hash identifier: O9c9fUKfwHQgnelPj+XeJfzisbErQmRyHoqOIpWTkUc=
Subject key identifier: 0B:13:A4:F4:B9:87:34:49:AC:93:46:F1:90:57:7F:C9:AE:A4:54:CC
Certificate issuer: /CN=53052009ba7898d2361ca2ee7d130124f9d25125
Certificate serial: 01942444C8B2AF8B51E2A377E0197D043F4A
Authority key identifier: 53:05:20:09:BA:78:98:D2:36:1C:A2:EE:7D:13:01:24:F9:D2:51:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UwUgCbp4mNI2HKLufRMBJPnSUSU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/938722-d415-4027-a0b3-a2aa286dc448/1/CxOk9LmHNEmsk0bxkFd_ya6kVMw.roa
Signing time: Wed 01 Jan 2025 23:47:55 +0000
ROA not before: Wed 01 Jan 2025 23:47:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50881
IP address blocks: 91.228.164.0/24 maxlen: 24
91.228.165.0/24 maxlen: 24
91.228.166.0/24 maxlen: 24
91.228.167.0/24 maxlen: 24
185.94.156.0/24 maxlen: 24
185.94.157.0/24 maxlen: 24
185.94.158.0/24 maxlen: 24
185.94.159.0/24 maxlen: 24
2a05:e800::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/938722-d415-4027-a0b3-a2aa286dc448/1/UwUgCbp4mNI2HKLufRMBJPnSUSU.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/938722-d415-4027-a0b3-a2aa286dc448/1/UwUgCbp4mNI2HKLufRMBJPnSUSU.mft
rsync://rpki.ripe.net/repository/DEFAULT/UwUgCbp4mNI2HKLufRMBJPnSUSU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:c8:b2:af:8b:51:e2:a3:77:e0:19:7d:04:3f:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53052009ba7898d2361ca2ee7d130124f9d25125
Validity
Not Before: Jan 1 23:47:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0b13a4f4b9873449ac9346f190577fc9aea454cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:3c:49:2e:c3:07:a8:e9:c7:31:59:39:62:78:
3b:50:65:8f:32:9b:ed:a1:df:b8:ed:4f:1c:cf:2f:
42:ce:e0:d1:f6:fb:5f:da:34:c6:66:6f:fc:f2:45:
d2:a8:b3:d6:9f:d7:39:7d:da:af:e4:42:9d:84:67:
ac:e9:ed:6a:d8:fb:22:21:32:f5:e5:a3:30:64:a5:
6b:e1:93:4b:fe:56:fe:da:c7:7a:37:db:a9:c4:3a:
49:0a:17:be:33:31:84:4c:e8:b3:00:42:f2:25:c1:
f1:53:bb:a5:f9:28:a3:65:35:7d:22:a2:3c:dc:fb:
35:7e:a0:12:31:fa:61:fc:f0:84:7d:e7:ad:8e:6d:
fc:b8:fe:4a:e0:b9:6d:07:ce:ac:43:99:07:43:bb:
38:fd:17:8f:30:54:d0:4e:2f:f7:b0:d4:01:66:00:
7f:3d:9c:29:66:e7:4a:9e:b6:e5:45:71:51:83:1d:
9e:9c:68:80:14:ea:57:11:d3:ca:28:68:52:81:0e:
a9:bc:29:47:37:8f:b4:07:c4:11:03:aa:8d:f1:9d:
48:89:cb:33:5b:39:7c:4e:2c:bb:5c:b8:89:5b:d6:
b4:ca:29:ab:da:fd:ad:ed:c1:b2:ec:2a:fa:f4:0b:
1e:8b:ea:b6:c3:1b:d9:4c:ed:4c:69:9c:b1:d0:77:
d8:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:13:A4:F4:B9:87:34:49:AC:93:46:F1:90:57:7F:C9:AE:A4:54:CC
X509v3 Authority Key Identifier:
keyid:53:05:20:09:BA:78:98:D2:36:1C:A2:EE:7D:13:01:24:F9:D2:51:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UwUgCbp4mNI2HKLufRMBJPnSUSU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/938722-d415-4027-a0b3-a2aa286dc448/1/CxOk9LmHNEmsk0bxkFd_ya6kVMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/938722-d415-4027-a0b3-a2aa286dc448/1/UwUgCbp4mNI2HKLufRMBJPnSUSU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.164.0/22
185.94.156.0/22
IPv6:
2a05:e800::/29
Signature Algorithm: sha256WithRSAEncryption
70:84:72:3d:e6:a9:3c:40:dd:e8:c8:95:04:8b:e5:83:95:0e:
82:7a:4f:02:78:67:34:00:b9:01:ca:c3:f3:21:cf:52:6e:29:
79:ef:a0:ee:59:02:53:01:21:b5:9f:2c:17:2b:91:46:33:1f:
40:e3:2c:38:c6:36:f2:f3:c5:13:99:96:4a:55:f1:7f:f1:8a:
3a:5e:88:25:95:c4:d2:26:7c:60:86:7a:12:1d:6f:2a:38:66:
40:6b:5a:a9:6f:c5:54:c0:d7:97:19:6b:5a:44:d8:53:cb:1d:
88:8f:64:fd:91:0f:35:5f:74:b9:2c:f7:1e:03:b7:22:b1:6a:
e3:68:a5:ee:a1:43:ab:4c:6f:38:ad:83:56:3e:bb:57:b2:85:
d6:9d:56:43:0f:1d:f7:23:4b:22:b1:04:e3:cd:1b:09:63:b9:
ca:2b:0e:b0:62:41:e5:7d:2a:7d:80:3b:26:20:6c:c1:43:38:
86:65:29:10:5b:58:f9:29:ae:db:ab:f7:24:af:ec:f7:04:34:
ce:a0:8b:a7:b7:53:b1:59:37:17:72:54:86:c0:0f:fb:ec:34:
8e:6c:c8:c4:84:56:b8:9e:67:01:31:04:e6:90:93:55:90:a1:
e9:2a:80:f1:70:bf:7b:47:37:52:09:c1:05:35:ae:89:e0:a4:
5a:c6:f5:69
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRMiyr4tR4qN34Bl9BD9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMDUyMDA5YmE3ODk4ZDIzNjFjYTJlZTdkMTMwMTI0Zjlk
MjUxMjUwHhcNMjUwMTAxMjM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjEzYTRmNGI5ODczNDQ5YWM5MzQ2ZjE5MDU3N2ZjOWFlYTQ1NGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DxJLsMHqOnHMVk5Yng7UGWPMpvt
od+47U8czy9CzuDR9vtf2jTGZm/88kXSqLPWn9c5fdqv5EKdhGes6e1q2PsiITL1
5aMwZKVr4ZNL/lb+2sd6N9upxDpJChe+MzGETOizAELyJcHxU7ul+SijZTV9IqI8
3Ps1fqASMfph/PCEfeetjm38uP5K4LltB86sQ5kHQ7s4/RePMFTQTi/3sNQBZgB/
PZwpZudKnrblRXFRgx2enGiAFOpXEdPKKGhSgQ6pvClHN4+0B8QRA6qN8Z1Iicsz
Wzl8Tiy7XLiJW9a0yimr2v2t7cGy7Cr69Asei+q2wxvZTO1MaZyx0HfY3QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAsTpPS5hzRJrJNG8ZBXf8mupFTMMB8GA1UdIwQY
MBaAFFMFIAm6eJjSNhyi7n0TAST50lElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXdVZ0NicDRtTkkySEtMdWZSTUJKUG5TVVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC85Mzg3MjItZDQxNS00MDI3LWEwYjMt
YTJhYTI4NmRjNDQ4LzEvQ3hPazlMbUhORW1zazBieGtGZF95YTZrVk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC85Mzg3MjItZDQxNS00MDI3LWEwYjMtYTJhYTI4NmRjNDQ4
LzEvVXdVZ0NicDRtTkkySEtMdWZSTUJKUG5TVVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW+SkAwQC
uV6cMA0EAgACMAcDBQMqBegAMA0GCSqGSIb3DQEBCwUAA4IBAQBwhHI95qk8QN3o
yJUEi+WDlQ6Cek8CeGc0ALkBysPzIc9Sbil576DuWQJTASG1nywXK5FGMx9A4yw4
xjby88UTmZZKVfF/8Yo6XogllcTSJnxghnoSHW8qOGZAa1qpb8VUwNeXGWtaRNhT
yx2Ij2T9kQ81X3S5LPceA7cisWrjaKXuoUOrTG84rYNWPrtXsoXWnVZDDx33I0si
sQTjzRsJY7nKKw6wYkHlfSp9gDsmIGzBQziGZSkQW1j5Ka7bq/ckr+z3BDTOoIun
t1OxWTcXclSGwA/77DSObMjEhFa4nmcBMQTmkJNVkKHpKoDxcL97RzdSCcEFNa6J
4KRaxvVp
-----END CERTIFICATE-----
Generated at Tue Apr 22 04:25:29 2025 by rpki-client