Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/383xruHS9gjuKR0YjGqV2ugUrGs.roa
File: 383xruHS9gjuKR0YjGqV2ugUrGs.roa (raw, json)
Hash identifier: yHlfc6+ACf2WRV0TaB1YAv4EeJOrblQempkg7RUI1mU=
Subject key identifier: DF:CD:F1:AE:E1:D2:F6:08:EE:29:1D:18:8C:6A:95:DA:E8:14:AC:6B
Certificate issuer: /CN=6f5c5712fbbcd832419d4c5884ae3bc3c4a16e7b
Certificate serial: 0194876B0956C4F5CBD34AA8C6AA3DCA233C
Authority key identifier: 6F:5C:57:12:FB:BC:D8:32:41:9D:4C:58:84:AE:3B:C3:C4:A1:6E:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/383xruHS9gjuKR0YjGqV2ugUrGs.roa
Signing time: Tue 21 Jan 2025 05:52:06 +0000
ROA not before: Tue 21 Jan 2025 05:52:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198541
IP address blocks: 81.162.0.0/20 maxlen: 24
81.162.16.0/21 maxlen: 24
91.219.72.0/22 maxlen: 24
91.233.28.0/22 maxlen: 24
91.236.60.0/22 maxlen: 24
176.110.160.0/19 maxlen: 24
176.110.192.0/20 maxlen: 24
188.0.208.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/b1xXEvu82DJBnUxYhK47w8Shbns.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/b1xXEvu82DJBnUxYhK47w8Shbns.mft
rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 07:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:87:6b:09:56:c4:f5:cb:d3:4a:a8:c6:aa:3d:ca:23:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f5c5712fbbcd832419d4c5884ae3bc3c4a16e7b
Validity
Not Before: Jan 21 05:52:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dfcdf1aee1d2f608ee291d188c6a95dae814ac6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:f3:fb:6e:03:19:a9:0e:e2:3f:9d:c5:40:c9:
54:e2:c9:9f:81:4a:b9:03:4d:48:98:50:7a:37:1d:
d3:56:87:18:20:76:27:d7:1c:c7:38:e3:0d:4f:a8:
73:b9:ba:d2:1a:48:e6:1f:d9:f7:f0:b6:00:dc:af:
f1:87:3c:a3:96:05:2d:7c:7b:b6:c1:c9:5f:e3:bb:
97:2a:27:24:08:53:5e:71:2c:8e:7f:5f:3e:c2:85:
b5:bb:ac:2f:a4:23:7b:7e:8d:35:19:97:9e:da:61:
c1:d7:19:29:8d:83:3d:5b:9a:da:4c:99:77:e3:0e:
12:70:6a:3d:20:c2:d1:fd:2c:50:c1:11:06:72:66:
14:8d:9d:86:d5:96:a7:33:9c:a0:16:44:45:9f:55:
00:e2:b1:69:33:4f:02:1a:12:e5:0c:c2:19:30:ed:
2c:8a:c8:22:d5:b9:80:2b:a4:98:0b:ec:db:18:84:
73:c4:5f:c1:d6:35:c8:8c:dd:48:70:32:cc:58:1c:
95:7a:17:9b:f7:ab:91:90:8e:b9:df:77:8f:04:f6:
22:82:32:b6:0c:58:a2:74:0a:4e:90:f7:2c:05:3b:
4a:fc:e2:9e:5d:d2:a5:72:b9:6a:27:d2:81:87:97:
a1:87:29:60:81:5b:74:68:2a:55:3b:7a:ef:36:7a:
0c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:CD:F1:AE:E1:D2:F6:08:EE:29:1D:18:8C:6A:95:DA:E8:14:AC:6B
X509v3 Authority Key Identifier:
keyid:6F:5C:57:12:FB:BC:D8:32:41:9D:4C:58:84:AE:3B:C3:C4:A1:6E:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/383xruHS9gjuKR0YjGqV2ugUrGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/b1xXEvu82DJBnUxYhK47w8Shbns.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.162.0.0-81.162.23.255
91.219.72.0/22
91.233.28.0/22
91.236.60.0/22
176.110.160.0-176.110.207.255
188.0.208.0/20
Signature Algorithm: sha256WithRSAEncryption
36:9f:d5:b2:22:01:1c:a2:17:bc:44:15:73:41:6c:9f:7e:9c:
a5:23:47:e6:64:dd:b1:7b:c6:ed:31:29:f6:04:1c:2f:8d:40:
fc:e4:15:f9:23:66:c8:19:5a:9a:91:a8:f7:d8:67:ec:f2:a8:
91:ca:34:4e:58:86:7c:50:e7:db:a9:cb:2d:37:f5:de:df:93:
37:69:d8:c8:12:9b:13:87:16:99:b1:e7:8b:52:8a:9f:49:28:
dd:b0:67:61:b9:df:cd:93:ea:d0:af:ba:bd:af:ec:08:a9:fd:
fc:0f:70:a6:ae:9a:3b:41:64:22:7b:77:23:b6:f3:0c:15:82:
ad:5f:ab:b0:55:0c:73:c9:16:fb:b7:9c:21:b5:6d:fc:4f:cb:
2c:6f:a4:00:bd:f8:03:9a:11:cb:39:9b:7c:9f:0c:69:aa:15:
60:9c:64:74:7c:07:a8:8c:c1:a4:70:18:5b:89:53:2b:9f:04:
0e:60:d1:0c:3e:2a:8d:0e:3d:ca:68:5b:63:7b:48:0f:cf:5e:
4c:5a:f5:e6:ed:da:fa:c4:6c:54:56:6f:06:ae:78:a2:3a:96:
e2:25:6b:38:6b:de:56:a4:63:a6:a0:dc:b4:23:74:d7:f7:99:
91:4b:35:ba:7a:63:11:16:85:bc:69:9a:67:c9:ee:b8:c3:99:
0b:fb:80:ba
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZSHawlWxPXL00qoxqo9yiM8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWM1NzEyZmJiY2Q4MzI0MTlkNGM1ODg0YWUzYmMzYzRh
MTZlN2IwHhcNMjUwMTIxMDU1MjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNkZjFhZWUxZDJmNjA4ZWUyOTFkMTg4YzZhOTVkYWU4MTRhYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfP7bgMZqQ7iP53FQMlU4smfgUq5
A01ImFB6Nx3TVocYIHYn1xzHOOMNT6hzubrSGkjmH9n38LYA3K/xhzyjlgUtfHu2
wclf47uXKickCFNecSyOf18+woW1u6wvpCN7fo01GZee2mHB1xkpjYM9W5raTJl3
4w4ScGo9IMLR/SxQwREGcmYUjZ2G1ZanM5ygFkRFn1UA4rFpM08CGhLlDMIZMO0s
isgi1bmAK6SYC+zbGIRzxF/B1jXIjN1IcDLMWByVeheb96uRkI6533ePBPYigjK2
DFiidApOkPcsBTtK/OKeXdKlcrlqJ9KBh5ehhylggVt0aCpVO3rvNnoMiwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFN/N8a7h0vYI7ikdGIxqldroFKxrMB8GA1UdIwQY
MBaAFG9cVxL7vNgyQZ1MWISuO8PEoW57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjF4WEV2dTgyREpCblV4WWhLNDd3OFNoYm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9iNDAzY2MtNGU2Yy00ZmU5LTgzYTEt
NzU1MDUyOWQ4NDdhLzEvMzgzeHJ1SFM5Z2p1S1IwWWpHcVYydWdVckdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9iNDAzY2MtNGU2Yy00ZmU5LTgzYTEtNzU1MDUyOWQ4NDdh
LzEvYjF4WEV2dTgyREpCblV4WWhLNDd3OFNoYm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAATAzMAsDAwFRogME
A1GiEAMEAlvbSAMEAlvpHAMEAlvsPDAMAwQFsG6gAwQEsG7AAwQEvADQMA0GCSqG
SIb3DQEBCwUAA4IBAQA2n9WyIgEcohe8RBVzQWyffpylI0fmZN2xe8btMSn2BBwv
jUD85BX5I2bIGVqakaj32Gfs8qiRyjROWIZ8UOfbqcstN/Xe35M3adjIEpsThxaZ
seeLUoqfSSjdsGdhud/Nk+rQr7q9r+wIqf38D3Cmrpo7QWQie3cjtvMMFYKtX6uw
VQxzyRb7t5whtW38T8ssb6QAvfgDmhHLOZt8nwxpqhVgnGR0fAeojMGkcBhbiVMr
nwQOYNEMPiqNDj3KaFtje0gPz15MWvXm7dr6xGxUVm8GrniiOpbiJWs4a95WpGOm
oNy0I3TX95mRSzW6emMRFoW8aZpnye64w5kL+4C6
-----END CERTIFICATE-----
Generated at Tue Apr 22 15:32:25 2025 by rpki-client