Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c33a13-a54b-45bb-b0d4-a49b72a1cfe2/1/F_kIbrNoezU2xST1IGJ7znM97So.roa
File: F_kIbrNoezU2xST1IGJ7znM97So.roa (raw, json)
Hash identifier: SL4bD3bCY+6YeKuV14y0PigmsFs9RgYCxYhDjlPIAW4=
Subject key identifier: 17:F9:08:6E:B3:68:7B:35:36:C5:24:F5:20:62:7B:CE:73:3D:ED:2A
Certificate issuer: /CN=9dbb625aa55bd8ef35410afddd2a2bc358a25ed1
Certificate serial: 0194221F7454FD95FCC7BAD57B0EE58440CB
Authority key identifier: 9D:BB:62:5A:A5:5B:D8:EF:35:41:0A:FD:DD:2A:2B:C3:58:A2:5E:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nbtiWqVb2O81QQr93Sorw1iiXtE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/c33a13-a54b-45bb-b0d4-a49b72a1cfe2/1/F_kIbrNoezU2xST1IGJ7znM97So.roa
Signing time: Wed 01 Jan 2025 13:47:54 +0000
ROA not before: Wed 01 Jan 2025 13:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 559
IP address blocks: 131.152.0.0/16 maxlen: 16
192.43.192.0/22 maxlen: 22
192.43.196.0/24 maxlen: 24
2a0a:4ec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/c33a13-a54b-45bb-b0d4-a49b72a1cfe2/1/nbtiWqVb2O81QQr93Sorw1iiXtE.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/c33a13-a54b-45bb-b0d4-a49b72a1cfe2/1/nbtiWqVb2O81QQr93Sorw1iiXtE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nbtiWqVb2O81QQr93Sorw1iiXtE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:74:54:fd:95:fc:c7:ba:d5:7b:0e:e5:84:40:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dbb625aa55bd8ef35410afddd2a2bc358a25ed1
Validity
Not Before: Jan 1 13:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=17f9086eb3687b3536c524f520627bce733ded2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:fc:9b:92:a2:80:c8:cc:0c:79:9b:b6:2a:91:
77:d9:ac:ab:e7:19:3d:1c:0a:3e:c1:6f:a2:18:f1:
80:e6:9a:d2:8e:46:60:7b:5d:19:20:ad:70:fa:6c:
0e:7a:27:dd:84:0c:43:87:e5:a7:40:61:79:c5:3b:
2c:39:09:54:ac:8c:4c:f2:04:9c:6b:13:37:38:2a:
57:4b:22:e1:58:c9:47:06:cf:bf:bc:78:f8:fa:c3:
64:8d:71:b8:80:f0:19:61:84:8c:22:6c:2e:43:8c:
ae:0e:08:e5:f6:e5:50:2a:aa:51:0a:80:0a:61:2d:
84:62:5d:fc:28:0a:2e:52:ae:f9:8b:6c:f6:90:b1:
49:b3:25:df:a5:fe:5a:a3:df:74:ff:bc:d4:ec:78:
51:1d:b8:38:dd:99:56:c3:d1:85:ab:70:94:9a:19:
75:b6:02:5e:51:e0:ef:67:6a:40:91:a4:f2:af:ee:
da:1c:33:30:c6:0f:da:29:ad:24:c7:c1:d8:cf:6a:
70:c8:be:ec:2b:46:d7:16:09:06:8d:ba:8b:b7:e7:
e9:1d:01:37:bb:ab:19:81:51:f4:bb:ee:aa:7d:da:
70:db:86:c7:7b:09:f5:02:ee:50:59:90:28:e7:a3:
ed:c7:e7:8d:9d:15:01:96:45:66:e3:2d:5d:2f:9d:
5f:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:F9:08:6E:B3:68:7B:35:36:C5:24:F5:20:62:7B:CE:73:3D:ED:2A
X509v3 Authority Key Identifier:
keyid:9D:BB:62:5A:A5:5B:D8:EF:35:41:0A:FD:DD:2A:2B:C3:58:A2:5E:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nbtiWqVb2O81QQr93Sorw1iiXtE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c33a13-a54b-45bb-b0d4-a49b72a1cfe2/1/F_kIbrNoezU2xST1IGJ7znM97So.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c33a13-a54b-45bb-b0d4-a49b72a1cfe2/1/nbtiWqVb2O81QQr93Sorw1iiXtE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.152.0.0/16
192.43.192.0-192.43.196.255
IPv6:
2a0a:4ec0::/29
Signature Algorithm: sha256WithRSAEncryption
ba:01:68:b6:5d:92:28:b5:a3:e4:bd:94:67:de:5b:bd:e5:49:
e8:66:5a:cb:4e:c8:69:9b:ac:b9:3a:2c:4a:2d:6a:05:df:c0:
89:33:75:1d:e7:27:62:68:b0:e6:48:85:45:41:12:62:33:ef:
d6:c9:ee:5d:ab:69:2a:d8:b9:ba:a0:31:c0:f6:da:c4:54:ae:
77:c5:a5:80:59:16:f0:18:04:6d:cc:cb:55:2e:5f:94:c5:f2:
f2:93:f0:79:d6:17:de:23:31:31:41:d2:60:d2:39:17:38:34:
95:85:1e:d0:4e:71:08:b9:36:ed:60:11:9b:5a:09:8a:24:fe:
9e:a9:6f:51:22:0c:39:ea:6d:e6:11:f6:13:14:1e:ba:51:11:
fd:a7:21:7f:5f:f5:87:45:f0:1d:4d:d3:34:1c:88:b1:50:1f:
27:e9:a6:a5:f1:bf:25:a6:24:41:d5:8b:38:ed:72:e4:e2:a5:
90:41:ce:74:0f:e3:d4:b4:3c:d8:61:83:ca:28:40:68:86:0f:
f1:b4:fd:dd:0d:ce:40:4b:04:ec:89:c4:e7:af:7a:a2:64:db:
ac:90:13:5b:f8:3c:62:3c:cd:01:2f:ad:ec:db:ed:5f:20:fd:
cc:25:30:f4:dc:6d:c1:be:e7:45:96:d3:35:ea:f9:b9:34:bf:
c0:85:4a:8c
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQiH3RU/ZX8x7rVew7lhEDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYmI2MjVhYTU1YmQ4ZWYzNTQxMGFmZGRkMmEyYmMzNThh
MjVlZDEwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Y5MDg2ZWIzNjg3YjM1MzZjNTI0ZjUyMDYyN2JjZTczM2RlZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPybkqKAyMwMeZu2KpF32ayr5xk9
HAo+wW+iGPGA5prSjkZge10ZIK1w+mwOeifdhAxDh+WnQGF5xTssOQlUrIxM8gSc
axM3OCpXSyLhWMlHBs+/vHj4+sNkjXG4gPAZYYSMImwuQ4yuDgjl9uVQKqpRCoAK
YS2EYl38KAouUq75i2z2kLFJsyXfpf5ao990/7zU7HhRHbg43ZlWw9GFq3CUmhl1
tgJeUeDvZ2pAkaTyr+7aHDMwxg/aKa0kx8HYz2pwyL7sK0bXFgkGjbqLt+fpHQE3
u6sZgVH0u+6qfdpw24bHewn1Au5QWZAo56Ptx+eNnRUBlkVm4y1dL51fNwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFBf5CG6zaHs1NsUk9SBie85zPe0qMB8GA1UdIwQY
MBaAFJ27YlqlW9jvNUEK/d0qK8NYol7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmJ0aVdxVmIyTzgxUVFyOTNTb3J3MWlpWHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMzNhMTMtYTU0Yi00NWJiLWIwZDQt
YTQ5YjcyYTFjZmUyLzEvRl9rSWJyTm9lelUyeFNUMUlHSjd6bk05N1NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMzNhMTMtYTU0Yi00NWJiLWIwZDQtYTQ5YjcyYTFjZmUy
LzEvbmJ0aVdxVmIyTzgxUVFyOTNTb3J3MWlpWHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATAwMAg5gwDAME
BsArwAMEAMArxDANBAIAAjAHAwUDKgpOwDANBgkqhkiG9w0BAQsFAAOCAQEAugFo
tl2SKLWj5L2UZ95bveVJ6GZay07IaZusuTosSi1qBd/AiTN1HecnYmiw5kiFRUES
YjPv1snuXatpKti5uqAxwPbaxFSud8WlgFkW8BgEbczLVS5flMXy8pPwedYX3iMx
MUHSYNI5Fzg0lYUe0E5xCLk27WARm1oJiiT+nqlvUSIMOept5hH2ExQeulER/ach
f1/1h0XwHU3TNByIsVAfJ+mmpfG/JaYkQdWLOO1y5OKlkEHOdA/j1LQ82GGDyihA
aIYP8bT93Q3OQEsE7InE5696omTbrJATW/g8YjzNAS+t7NvtXyD9zCUw9Nxtwb7n
RZbTNer5uTS/wIVKjA==
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:56:20 2025 by rpki-client