Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/s0mRSNPGzNmp6WQ88QxkbOS9ktc.roa
File: s0mRSNPGzNmp6WQ88QxkbOS9ktc.roa (raw, json)
Hash identifier: /+qWzxH2Ky85VShyjzGhO9D2cLW0/sLX7hqo1iX/VWE=
Subject key identifier: B3:49:91:48:D3:C6:CC:D9:A9:E9:64:3C:F1:0C:64:6C:E4:BD:92:D7
Certificate issuer: /CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Certificate serial: 01953D83CCD1FA426DD52479726DC68A1B2B
Authority key identifier: E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/s0mRSNPGzNmp6WQ88QxkbOS9ktc.roa
Signing time: Tue 25 Feb 2025 14:30:02 +0000
ROA not before: Tue 25 Feb 2025 14:30:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48045
IP address blocks: 46.46.64.0/18 maxlen: 18
94.240.128.0/22 maxlen: 22
94.240.132.0/22 maxlen: 22
94.240.144.0/20 maxlen: 20
2a09:65c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.mft
rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 11:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:3d:83:cc:d1:fa:42:6d:d5:24:79:72:6d:c6:8a:1b:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Validity
Not Before: Feb 25 14:30:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b3499148d3c6ccd9a9e9643cf10c646ce4bd92d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:79:c8:f7:d3:55:34:fb:a7:21:f1:83:aa:74:
40:02:30:a2:58:c8:22:85:f5:4d:80:24:82:61:e4:
b8:96:2a:21:d2:8f:57:13:3b:fa:21:77:7c:41:04:
8c:94:e3:a3:33:47:f8:d2:9d:5e:da:c9:b7:ac:d0:
99:77:41:6b:1a:47:fc:05:9d:dd:78:6f:f6:3c:42:
cd:32:ec:ef:38:e3:2b:4e:5b:81:b0:5b:57:a0:59:
97:6d:df:44:b7:c6:a7:57:40:c5:d1:8a:6d:df:a7:
c3:9e:b1:8f:ce:d4:ce:1c:ef:d7:db:49:35:3a:84:
76:9e:d3:40:f8:5e:44:aa:a9:2b:98:7f:24:a0:24:
cb:7a:d6:a9:d7:78:3a:28:92:68:e4:00:d5:8d:b6:
63:e9:26:32:01:78:5d:20:af:d5:95:e0:c4:3e:02:
cf:65:76:81:2a:2d:d8:9d:11:69:76:f4:4e:1c:23:
01:85:af:ce:83:da:41:f1:45:30:18:6c:21:d7:73:
4b:72:32:93:86:be:9b:18:0c:8b:2b:fc:03:e3:32:
92:0c:5e:ad:57:81:08:d9:75:07:c3:ad:b4:3b:f5:
c5:e7:7f:38:ac:bc:65:c1:8b:29:02:d9:e1:2e:9d:
ef:bf:f6:7b:c3:a7:ed:00:dd:d7:95:6f:3e:0e:5b:
d6:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:49:91:48:D3:C6:CC:D9:A9:E9:64:3C:F1:0C:64:6C:E4:BD:92:D7
X509v3 Authority Key Identifier:
keyid:E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/s0mRSNPGzNmp6WQ88QxkbOS9ktc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.46.64.0/18
94.240.128.0/21
94.240.144.0/20
IPv6:
2a09:65c0::/32
Signature Algorithm: sha256WithRSAEncryption
8f:d0:c0:09:da:45:d8:77:b2:7e:b8:b5:38:87:e9:6f:92:99:
a9:93:96:c8:b5:3c:46:65:36:45:0b:63:a9:51:48:9e:d2:60:
00:f5:c5:2f:4d:f5:a0:6c:42:fc:04:dd:f6:c6:0f:fb:4a:cc:
4f:8d:33:69:85:db:14:bd:c3:9e:6a:2e:f7:25:a3:e4:e6:c6:
80:ee:53:ce:5b:3b:24:34:f5:16:8e:3a:4f:6e:af:71:a0:86:
20:81:e4:81:3b:e6:b5:75:7f:b5:14:5b:d4:69:0e:bf:db:9a:
71:33:75:f3:e2:19:13:6e:a6:ef:ed:2c:78:09:6c:d8:58:71:
50:51:02:f5:a5:fe:bd:62:92:d3:15:ea:c5:ae:4f:41:29:24:
9b:3c:0f:1c:ff:e5:81:c7:17:3b:40:4d:61:80:3e:47:7d:aa:
c7:60:6f:6e:5c:2e:bc:03:d3:2c:c3:f3:53:c9:41:6d:45:13:
22:87:99:4f:e2:ed:78:ca:1c:1c:55:6a:49:0b:50:e6:de:bf:
86:c6:a7:31:09:09:2a:1a:d2:46:a3:69:38:35:dc:f9:c2:5d:
cb:15:da:39:ae:28:0b:2b:27:0c:bc:87:b2:39:df:53:86:df:
61:e6:90:e1:6c:8a:d6:1a:56:c5:99:df:16:be:36:1f:ba:3a:
19:bb:e5:fd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZU9g8zR+kJt1SR5cm3GihsrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODI1ZmJlZTdjNDNhMjk4MzhlYWJlNGZjODdkNzk0MzQ5
YzBjODAwHhcNMjUwMjI1MTQzMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzQ5OTE0OGQzYzZjY2Q5YTllOTY0M2NmMTBjNjQ2Y2U0YmQ5MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHnI99NVNPunIfGDqnRAAjCiWMgi
hfVNgCSCYeS4lioh0o9XEzv6IXd8QQSMlOOjM0f40p1e2sm3rNCZd0FrGkf8BZ3d
eG/2PELNMuzvOOMrTluBsFtXoFmXbd9Et8anV0DF0Ypt36fDnrGPztTOHO/X20k1
OoR2ntNA+F5EqqkrmH8koCTLetap13g6KJJo5ADVjbZj6SYyAXhdIK/VleDEPgLP
ZXaBKi3YnRFpdvROHCMBha/Og9pB8UUwGGwh13NLcjKThr6bGAyLK/wD4zKSDF6t
V4EI2XUHw620O/XF5384rLxlwYspAtnhLp3vv/Z7w6ftAN3XlW8+DlvWrwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLNJkUjTxszZqelkPPEMZGzkvZLXMB8GA1UdIwQY
MBaAFOWCX77nxDopg46r5PyH15Q0nAyAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2Qt
MDQxYWIzMDJjMmY5LzEvczBtUlNOUEd6Tm1wNldRODhReGtiT1M5a3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2QtMDQxYWIzMDJjMmY5
LzEvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGLi5AAwQD
XvCAAwQEXvCQMA0EAgACMAcDBQAqCWXAMA0GCSqGSIb3DQEBCwUAA4IBAQCP0MAJ
2kXYd7J+uLU4h+lvkpmpk5bItTxGZTZFC2OpUUie0mAA9cUvTfWgbEL8BN32xg/7
SsxPjTNphdsUvcOeai73JaPk5saA7lPOWzskNPUWjjpPbq9xoIYggeSBO+a1dX+1
FFvUaQ6/25pxM3Xz4hkTbqbv7Sx4CWzYWHFQUQL1pf69YpLTFerFrk9BKSSbPA8c
/+WBxxc7QE1hgD5HfarHYG9uXC68A9Msw/NTyUFtRRMih5lP4u14yhwcVWpJC1Dm
3r+GxqcxCQkqGtJGo2k4Ndz5wl3LFdo5rigLKycMvIeyOd9Tht9h5pDhbIrWGlbF
md8WvjYfujoZu+X9
-----END CERTIFICATE-----
Generated at Tue Apr 22 17:09:47 2025 by rpki-client