Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/S7t59LlNCvxgMI7DsGNSR4qMw34.roa
File: S7t59LlNCvxgMI7DsGNSR4qMw34.roa (raw, json)
Hash identifier: 4sO8Qj6ryDL8EQZQIGGVCpEKJDIwq55BmcA8TSzv0hc=
Subject key identifier: 4B:BB:79:F4:B9:4D:0A:FC:60:30:8E:C3:B0:63:52:47:8A:8C:C3:7E
Certificate issuer: /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial: 0194266C1F410B5B4C143FBDB34632578858
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/S7t59LlNCvxgMI7DsGNSR4qMw34.roa
Signing time: Thu 02 Jan 2025 09:50:07 +0000
ROA not before: Thu 02 Jan 2025 09:50:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51074
IP address blocks: 5.221.0.0/16 maxlen: 16
31.184.128.0/18 maxlen: 24
31.184.145.0/24 maxlen: 24
37.130.200.0/21 maxlen: 24
37.130.202.0/23 maxlen: 23
178.252.128.0/18 maxlen: 24
178.252.138.0/24 maxlen: 24
185.115.148.0/22 maxlen: 24
2a02:2b58::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.mft
rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 18:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:1f:41:0b:5b:4c:14:3f:bd:b3:46:32:57:88:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Validity
Not Before: Jan 2 09:50:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4bbb79f4b94d0afc60308ec3b06352478a8cc37e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:91:40:cc:5c:c1:4b:e0:b4:ef:1d:b0:68:21:
0e:23:39:00:a5:84:7c:be:ec:47:2c:48:09:a3:72:
66:4f:3a:f8:f5:10:63:8b:6a:b3:9f:81:65:15:73:
7e:b1:07:02:3d:6b:27:67:47:aa:7d:46:ad:b7:03:
78:8a:d7:bf:b2:83:83:3a:72:87:27:ef:9a:9e:8f:
bf:fd:b5:2d:0c:72:7c:7d:cb:2c:04:21:02:00:85:
86:b4:b1:f2:da:eb:40:3c:f9:92:88:9f:12:9c:b0:
77:cb:83:15:a3:c7:8a:5f:38:ca:a0:d9:71:26:7f:
0d:e5:bb:b5:91:a2:20:f3:9d:d0:27:0f:dd:73:d2:
8b:cf:0c:97:5f:99:12:9b:63:3e:81:00:50:45:f1:
22:a9:27:6c:9f:cc:92:35:1e:b2:6a:ac:be:37:36:
6f:ae:6d:35:3e:a4:72:24:4a:8a:ca:1e:24:b3:ab:
43:35:43:2f:0e:34:81:32:10:35:a9:66:fe:c7:89:
c8:25:f6:4e:76:9d:7f:b5:8a:c3:0b:14:11:d9:ef:
c0:5d:c6:a1:ad:5b:3d:b0:8f:33:ec:76:d8:79:a5:
54:45:44:0c:8e:f7:71:4c:9f:d7:ba:1d:8c:db:7a:
a3:58:93:85:b0:11:d6:92:80:aa:4a:44:f9:f5:f3:
bc:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:BB:79:F4:B9:4D:0A:FC:60:30:8E:C3:B0:63:52:47:8A:8C:C3:7E
X509v3 Authority Key Identifier:
keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/S7t59LlNCvxgMI7DsGNSR4qMw34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.221.0.0/16
31.184.128.0/18
37.130.200.0/21
178.252.128.0/18
185.115.148.0/22
IPv6:
2a02:2b58::/29
Signature Algorithm: sha256WithRSAEncryption
03:75:88:84:f3:8d:f3:41:54:ec:7d:f9:3a:fa:11:56:69:6f:
a7:c7:dc:e4:3d:99:e1:d8:f2:69:b4:0f:8f:e8:f6:3d:1a:3f:
84:ac:1c:48:9e:e1:1f:54:9f:bf:71:fd:bf:5a:40:fe:a7:a2:
34:65:d6:0a:63:01:21:56:60:c5:e1:d8:fd:b8:b2:6f:cb:af:
42:5a:e9:81:fc:2a:ea:e2:7b:43:9f:e2:01:8d:0b:f5:21:53:
2e:08:9f:5a:c3:73:d1:1b:6e:29:62:c4:9e:bc:82:36:ea:40:
a3:3c:29:a5:f0:07:cf:d1:78:65:62:6d:04:19:3f:8d:9c:df:
ef:f2:e3:13:b2:35:f1:fd:6f:0e:ad:f8:c5:0a:01:7e:4f:60:
11:e5:16:fe:15:42:32:02:3c:1b:ef:b8:0a:f8:9a:10:bd:aa:
e5:ad:7a:b5:92:8b:bb:60:d6:c4:98:8c:7f:ee:3a:ac:4f:11:
e6:a3:0c:48:27:d7:19:b7:b3:e5:26:a3:6c:a5:e2:14:ff:b8:
53:fc:96:80:e6:c9:80:f9:97:11:a4:cf:8b:d7:5c:a8:2f:27:
6f:64:18:9a:b3:70:2a:be:f5:cd:b1:e5:61:50:ad:af:df:4d:
69:43:e7:c6:cf:a3:53:57:0a:57:b2:de:a3:08:63:b4:96:2b:
57:9f:b1:49
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZQmbB9BC1tMFD+9s0YyV4hYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjUwMTAyMDk1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmJiNzlmNGI5NGQwYWZjNjAzMDhlYzNiMDYzNTI0NzhhOGNjMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpFAzFzBS+C07x2waCEOIzkApYR8
vuxHLEgJo3JmTzr49RBji2qzn4FlFXN+sQcCPWsnZ0eqfUattwN4ite/soODOnKH
J++ano+//bUtDHJ8fcssBCECAIWGtLHy2utAPPmSiJ8SnLB3y4MVo8eKXzjKoNlx
Jn8N5bu1kaIg853QJw/dc9KLzwyXX5kSm2M+gQBQRfEiqSdsn8ySNR6yaqy+NzZv
rm01PqRyJEqKyh4ks6tDNUMvDjSBMhA1qWb+x4nIJfZOdp1/tYrDCxQR2e/AXcah
rVs9sI8z7HbYeaVURUQMjvdxTJ/Xuh2M23qjWJOFsBHWkoCqSkT59fO8DwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFEu7efS5TQr8YDCOw7BjUkeKjMN+MB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvUzd0NTlMbE5DdnhnTUk3RHNHTlNSNHFNdzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMABd0DBAYf
uIADBAMlgsgDBAay/IADBAK5c5QwDQQCAAIwBwMFAyoCK1gwDQYJKoZIhvcNAQEL
BQADggEBAAN1iITzjfNBVOx9+Tr6EVZpb6fH3OQ9meHY8mm0D4/o9j0aP4SsHEie
4R9Un79x/b9aQP6nojRl1gpjASFWYMXh2P24sm/Lr0Ja6YH8Kurie0Of4gGNC/Uh
Uy4In1rDc9EbbilixJ68gjbqQKM8KaXwB8/ReGVibQQZP42c3+/y4xOyNfH9bw6t
+MUKAX5PYBHlFv4VQjICPBvvuAr4mhC9quWterWSi7tg1sSYjH/uOqxPEeajDEgn
1xm3s+Umo2yl4hT/uFP8loDmyYD5lxGkz4vXXKgvJ29kGJqzcCq+9c2x5WFQra/f
TWlD58bPo1NXCley3qMIY7SWK1efsUk=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:45:45 2025 by rpki-client