Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/1v8i4fKHGgVFWMzHMhW8J-xxCqk.roa
File: 1v8i4fKHGgVFWMzHMhW8J-xxCqk.roa (raw, json)
Hash identifier: 3nrn/SO1kBcjpxN/GEFTE06I2/Ei7ozh8XwfvRrFcmg=
Subject key identifier: D6:FF:22:E1:F2:87:1A:05:45:58:CC:C7:32:15:BC:27:EC:71:0A:A9
Certificate issuer: /CN=6665dd97665a23b1b183e223822b66b5ae536a2f
Certificate serial: 0194266B2F789D702D8251E4A51154F44F7C
Authority key identifier: 66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/1v8i4fKHGgVFWMzHMhW8J-xxCqk.roa
Signing time: Thu 02 Jan 2025 09:49:06 +0000
ROA not before: Thu 02 Jan 2025 09:49:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3170
IP address blocks: 5.198.137.0/24 maxlen: 24
5.198.138.0/24 maxlen: 24
5.198.139.0/24 maxlen: 24
5.198.141.0/24 maxlen: 24
83.137.211.0/24 maxlen: 24
83.137.212.0/24 maxlen: 24
188.92.138.0/24 maxlen: 24
188.92.139.0/24 maxlen: 24
2001:67c:128::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:2f:78:9d:70:2d:82:51:e4:a5:11:54:f4:4f:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6665dd97665a23b1b183e223822b66b5ae536a2f
Validity
Not Before: Jan 2 09:49:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d6ff22e1f2871a054558ccc73215bc27ec710aa9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:e9:3f:41:3d:13:71:c4:53:b2:70:38:c3:9c:
b0:dc:da:4c:43:20:b0:7a:e3:8e:e7:51:f0:e2:be:
01:90:10:d0:e4:59:a2:75:63:2c:30:6f:e1:39:13:
5c:fc:11:55:39:24:e3:ae:3c:c0:c1:7b:42:5b:34:
2c:03:9f:f7:3b:39:a2:07:a5:a0:10:bb:9c:9c:25:
05:2b:5c:c7:df:74:ee:4b:b4:37:14:61:79:b7:31:
c5:cd:01:27:03:91:7d:74:10:23:f7:2d:71:f7:6f:
38:4d:9d:ee:3b:52:73:fe:a7:91:66:6e:6c:0b:70:
6a:9a:f9:1a:6e:bc:7f:78:71:48:b4:c8:ad:c3:00:
73:c1:5b:c2:27:2b:0b:12:dc:cb:f5:c6:84:3b:48:
af:d8:a7:17:a7:5c:62:ba:dc:c7:8c:37:52:e8:10:
94:c6:f5:4e:b0:79:a5:13:b8:2c:48:62:84:ca:71:
c9:61:13:7d:29:f8:0b:be:cc:06:eb:8a:5a:ae:e9:
e0:cd:73:2d:91:cf:b9:10:ee:5e:a1:32:26:57:48:
a0:48:74:66:cf:8d:66:7a:20:a9:16:0a:5b:82:be:
97:f2:e9:f7:1a:95:84:c4:ea:9a:98:e8:0f:b8:24:
6e:3f:02:ba:e3:88:cb:4d:a8:0b:4a:01:4c:8c:cf:
ec:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:FF:22:E1:F2:87:1A:05:45:58:CC:C7:32:15:BC:27:EC:71:0A:A9
X509v3 Authority Key Identifier:
keyid:66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/1v8i4fKHGgVFWMzHMhW8J-xxCqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.198.137.0-5.198.139.255
5.198.141.0/24
83.137.211.0-83.137.212.255
188.92.138.0/23
IPv6:
2001:67c:128::/48
Signature Algorithm: sha256WithRSAEncryption
2a:34:48:c6:4d:c6:a6:7a:9f:bc:a3:eb:fc:30:6e:f5:b7:49:
d8:fd:94:e3:bf:9c:75:fd:99:32:7d:da:41:e1:bf:ad:ec:8d:
65:08:bc:69:81:e5:7c:dc:36:83:cc:2d:18:6d:6c:20:08:8d:
dd:70:3e:3e:3f:b5:4f:dc:30:c3:b5:cb:30:17:53:51:3e:b0:
00:81:7d:cd:ed:a2:12:98:47:71:f8:58:69:35:72:8f:94:44:
33:6d:e7:3b:bd:7f:cf:fe:3a:6b:a0:76:50:a9:d3:d4:f9:f9:
84:ba:89:03:25:9d:a9:e3:79:71:16:b2:7e:4c:6d:45:ae:10:
17:f5:4f:d9:85:cb:1f:9f:2b:06:f5:99:64:d9:42:da:34:b3:
60:1d:a6:42:ce:3f:9b:45:1d:02:2a:88:48:b5:00:58:a4:e9:
7a:22:30:ce:4e:1c:0b:6f:3e:76:9c:de:8d:96:38:6f:b2:49:
50:72:54:fb:c4:d5:98:6b:7d:18:7c:04:10:3e:56:82:33:f0:
b8:80:7e:98:e1:cf:eb:9c:53:75:95:b8:ef:cc:41:0a:be:8b:
7f:da:9e:ae:e3:5d:b4:f4:48:72:19:93:dd:3b:5d:f0:d1:37:
0b:82:15:86:37:d1:cd:e6:a7:f2:16:00:a8:96:8c:fd:67:59:
eb:1e:ce:a9
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQmay94nXAtglHkpRFU9E98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjVkZDk3NjY1YTIzYjFiMTgzZTIyMzgyMmI2NmI1YWU1
MzZhMmYwHhcNMjUwMTAyMDk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmZmMjJlMWYyODcxYTA1NDU1OGNjYzczMjE1YmMyN2VjNzEwYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uk/QT0TccRTsnA4w5yw3NpMQyCw
euOO51Hw4r4BkBDQ5FmidWMsMG/hORNc/BFVOSTjrjzAwXtCWzQsA5/3OzmiB6Wg
ELucnCUFK1zH33TuS7Q3FGF5tzHFzQEnA5F9dBAj9y1x9284TZ3uO1Jz/qeRZm5s
C3Bqmvkabrx/eHFItMitwwBzwVvCJysLEtzL9caEO0iv2KcXp1xiutzHjDdS6BCU
xvVOsHmlE7gsSGKEynHJYRN9KfgLvswG64parungzXMtkc+5EO5eoTImV0igSHRm
z41meiCpFgpbgr6X8un3GpWExOqamOgPuCRuPwK644jLTagLSgFMjM/s0QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNb/IuHyhxoFRVjMxzIVvCfscQqpMB8GA1UdIwQY
MBaAFGZl3ZdmWiOxsYPiI4IrZrWuU2ovMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWIt
ZThkNzA3MTdmZjhhLzEvMXY4aTRmS0hHZ1ZGV016SE1oVzhKLXh4Q3FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWItZThkNzA3MTdmZjhh
LzEvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAuBAIAATAoMAwDBAAFxokD
BAIFxogDBAAFxo0wDAMEAFOJ0wMEAFOJ1AMEAbxcijAPBAIAAjAJAwcAIAEGfAEo
MA0GCSqGSIb3DQEBCwUAA4IBAQAqNEjGTcamep+8o+v8MG71t0nY/ZTjv5x1/Zky
fdpB4b+t7I1lCLxpgeV83DaDzC0YbWwgCI3dcD4+P7VP3DDDtcswF1NRPrAAgX3N
7aISmEdx+FhpNXKPlEQzbec7vX/P/jproHZQqdPU+fmEuokDJZ2p43lxFrJ+TG1F
rhAX9U/ZhcsfnysG9Zlk2ULaNLNgHaZCzj+bRR0CKohItQBYpOl6IjDOThwLbz52
nN6NljhvsklQclT7xNWYa30YfAQQPlaCM/C4gH6Y4c/rnFN1lbjvzEEKvot/2p6u
41209EhyGZPdO13w0TcLghWGN9HN5qfyFgColoz9Z1nrHs6p
-----END CERTIFICATE-----
Generated at Sat Apr 5 03:44:16 2025 by rpki-client