Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/9XHx-FMLe5KFZj_JCaCK7as9iPY.roa
File: 9XHx-FMLe5KFZj_JCaCK7as9iPY.roa (raw, json)
Hash identifier: sCVbuVUuH2ERBnxlvsUX4HPEyoA2qfu7FIegGKtn/gw=
Subject key identifier: F5:71:F1:F8:53:0B:7B:92:85:66:3F:C9:09:A0:8A:ED:AB:3D:88:F6
Certificate issuer: /CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Certificate serial: 01941FFA20EF9A0DE5A4E8A3D94C730CF0E9
Authority key identifier: 2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/9XHx-FMLe5KFZj_JCaCK7as9iPY.roa
Signing time: Wed 01 Jan 2025 03:47:53 +0000
ROA not before: Wed 01 Jan 2025 03:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209631
IP address blocks: 194.116.112.0/21 maxlen: 24
194.116.112.0/24 maxlen: 24
194.116.113.0/24 maxlen: 24
194.116.116.0/24 maxlen: 24
194.116.118.0/24 maxlen: 24
194.116.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.mft
rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 05:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:20:ef:9a:0d:e5:a4:e8:a3:d9:4c:73:0c:f0:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Validity
Not Before: Jan 1 03:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f571f1f8530b7b9285663fc909a08aedab3d88f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:5b:e6:32:25:d4:e2:fa:57:ad:ea:51:fc:93:
e1:7d:73:d9:18:47:7d:07:f9:09:16:48:9d:bb:9c:
90:6c:3f:22:62:ce:a7:61:f3:89:f2:c0:4b:2b:49:
5d:e4:63:f0:9a:1c:62:03:32:bf:50:85:66:27:10:
28:63:ae:b9:31:c3:69:13:64:1c:3e:57:e4:91:bb:
b0:85:56:a6:6a:12:97:b1:1b:a5:0c:07:86:b2:1b:
4a:34:c3:58:b8:7c:a5:ee:10:ea:9b:c8:31:ab:c8:
b7:e5:40:e7:54:90:75:29:90:a4:e6:ff:4a:e0:c7:
4c:b8:33:de:cd:1a:ce:3e:e7:5d:51:53:01:0d:99:
12:12:a9:63:8d:79:02:64:31:b3:54:27:1e:91:e8:
e5:96:f7:49:14:c7:b1:e9:d7:4b:d3:4d:c0:d4:b1:
70:40:98:48:f8:26:33:2b:84:f9:e7:85:07:1a:27:
01:6e:45:fe:f8:e1:bc:8a:56:dd:ee:78:8a:c3:2e:
79:e2:9a:9c:bb:18:39:d0:05:2e:48:bc:51:3e:81:
a4:3e:02:d1:50:a0:ee:b1:a4:12:73:83:c5:ea:d3:
05:ed:6c:cb:84:13:47:25:c7:3a:69:44:78:30:16:
c3:ce:e3:88:4a:df:e5:9e:d7:59:5e:3a:46:9c:bb:
4a:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:71:F1:F8:53:0B:7B:92:85:66:3F:C9:09:A0:8A:ED:AB:3D:88:F6
X509v3 Authority Key Identifier:
keyid:2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/9XHx-FMLe5KFZj_JCaCK7as9iPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.116.112.0/21
Signature Algorithm: sha256WithRSAEncryption
5d:b1:92:ec:9d:66:84:e5:a1:b4:ff:a8:2a:59:6b:f7:dd:a0:
08:2a:20:41:52:e5:d4:ec:23:bd:79:11:0d:19:fb:72:82:38:
c0:a4:12:90:cd:82:e3:de:b1:5d:4a:3b:cb:1d:88:ca:da:cf:
3f:ba:2e:6a:c2:58:44:de:e5:5d:e9:df:6b:25:39:02:33:a9:
58:28:f1:6e:c0:08:4b:62:6c:f6:da:a2:84:8d:fd:da:00:39:
43:f4:40:24:cc:63:28:56:5d:1a:e1:b6:4e:66:b0:04:51:48:
88:aa:03:8b:fc:20:30:47:58:a5:89:f8:db:ef:46:c9:56:24:
e3:30:54:34:e2:9f:16:e6:de:b9:6a:7e:f0:b2:ba:b4:14:6a:
0f:f8:33:8b:a7:7f:7b:30:f2:4b:0e:c1:fb:1e:c4:05:af:2f:
2b:27:3e:5c:b5:30:d5:8f:f5:da:40:b0:fe:0f:10:c8:38:aa:
2b:b9:c8:6b:fc:84:cb:4c:85:cd:23:ad:52:db:d5:3f:6e:3c:
e9:a7:47:a0:bc:85:df:3d:fd:e6:de:47:42:fc:7e:70:e2:49:
94:36:61:a5:a8:fa:da:48:74:88:6c:f0:3b:ad:12:59:78:7c:
e2:86:5d:c7:b6:c2:e5:72:7a:cc:81:ce:01:f7:2d:2e:21:8b:
e1:96:09:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iDvmg3lpOij2UxzDPDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjODg3MzAyZDFlNzQwZjVmOTg0ODFmYjRiN2E0NjE2OTZi
ZmU1YzEwHhcNMjUwMTAxMDM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTcxZjFmODUzMGI3YjkyODU2NjNmYzkwOWEwOGFlZGFiM2Q4OGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21vmMiXU4vpXrepR/JPhfXPZGEd9
B/kJFkidu5yQbD8iYs6nYfOJ8sBLK0ld5GPwmhxiAzK/UIVmJxAoY665McNpE2Qc
PlfkkbuwhVamahKXsRulDAeGshtKNMNYuHyl7hDqm8gxq8i35UDnVJB1KZCk5v9K
4MdMuDPezRrOPuddUVMBDZkSEqljjXkCZDGzVCcekejllvdJFMex6ddL003A1LFw
QJhI+CYzK4T554UHGicBbkX++OG8ilbd7niKwy554pqcuxg50AUuSLxRPoGkPgLR
UKDusaQSc4PF6tMF7WzLhBNHJcc6aUR4MBbDzuOISt/lntdZXjpGnLtKdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVx8fhTC3uShWY/yQmgiu2rPYj2MB8GA1UdIwQY
MBaAFCyIcwLR50D1+YSB+0t6RhaWv+XBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQt
YzAyOGQ5MWViYzljLzEvOVhIeC1GTUxlNUtGWmpfSkNhQ0s3YXM5aVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQtYzAyOGQ5MWViYzlj
LzEvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwnRwMA0G
CSqGSIb3DQEBCwUAA4IBAQBdsZLsnWaE5aG0/6gqWWv33aAIKiBBUuXU7CO9eREN
GftygjjApBKQzYLj3rFdSjvLHYjK2s8/ui5qwlhE3uVd6d9rJTkCM6lYKPFuwAhL
Ymz22qKEjf3aADlD9EAkzGMoVl0a4bZOZrAEUUiIqgOL/CAwR1ilifjb70bJViTj
MFQ04p8W5t65an7wsrq0FGoP+DOLp397MPJLDsH7HsQFry8rJz5ctTDVj/XaQLD+
DxDIOKoruchr/ITLTIXNI61S29U/bjzpp0egvIXfPf3m3kdC/H5w4kmUNmGlqPra
SHSIbPA7rRJZeHzihl3HtsLlcnrMgc4B9y0uIYvhlgkj
-----END CERTIFICATE-----
Generated at Thu Apr 17 12:45:58 2025 by rpki-client