Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/yGFlSDdiFlFUJBTzkBDJlODQZoY.roa
File: yGFlSDdiFlFUJBTzkBDJlODQZoY.roa (raw, json)
Hash identifier: 5kgFGMiEYqgnd4sbR3CvLQA6/mpT37R4CFK6/AUcK/Y=
Subject key identifier: C8:61:65:48:37:62:16:51:54:24:14:F3:90:10:C9:94:E0:D0:66:86
Certificate issuer: /CN=921b4c85caa8d8b16619bf945a2fd6af1c77fc78
Certificate serial: 01941FFAA672A161E6E4888B01659A256A96
Authority key identifier: 92:1B:4C:85:CA:A8:D8:B1:66:19:BF:94:5A:2F:D6:AF:1C:77:FC:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/yGFlSDdiFlFUJBTzkBDJlODQZoY.roa
Signing time: Wed 01 Jan 2025 03:48:27 +0000
ROA not before: Wed 01 Jan 2025 03:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8283
IP address blocks: 94.142.240.0/21 maxlen: 21
94.142.240.0/24 maxlen: 24
94.142.241.0/24 maxlen: 24
94.142.242.0/24 maxlen: 24
94.142.244.0/24 maxlen: 24
94.142.245.0/24 maxlen: 24
94.142.246.0/24 maxlen: 24
94.142.247.0/24 maxlen: 24
185.52.224.0/22 maxlen: 22
185.52.224.0/24 maxlen: 24
185.52.225.0/24 maxlen: 24
185.52.226.0/24 maxlen: 24
185.52.227.0/24 maxlen: 24
2a02:898::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.mft
rsync://rpki.ripe.net/repository/DEFAULT/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 09:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:a6:72:a1:61:e6:e4:88:8b:01:65:9a:25:6a:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=921b4c85caa8d8b16619bf945a2fd6af1c77fc78
Validity
Not Before: Jan 1 03:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c861654837621651542414f39010c994e0d06686
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:71:6e:44:8d:ff:2d:d2:15:1b:5a:11:7a:df:
c3:5d:a9:5f:0c:79:a7:48:a2:13:3f:f9:4f:f3:41:
7e:f1:1b:c6:08:e1:4f:d9:88:1c:4c:3e:79:89:dc:
31:f6:67:f3:2c:a1:e7:53:3e:bf:73:11:8f:5d:18:
98:dc:54:32:60:09:2d:a3:a8:a7:14:3d:db:10:28:
6b:ee:c3:0c:f5:71:89:fc:3b:37:ed:43:d4:63:c5:
01:ed:cb:44:8a:d5:60:d1:bd:96:94:24:62:11:1f:
c2:ed:91:74:c5:0d:91:ac:f3:5c:01:4a:3a:b1:d4:
3e:fd:69:c8:54:38:1e:ef:a2:6a:53:57:4c:58:16:
ce:6d:ff:86:41:a9:90:4a:5a:9d:45:f6:bd:81:ab:
7b:b7:bb:c8:93:93:28:63:27:ac:03:13:98:cf:eb:
d5:dc:d6:bf:9a:0e:79:54:7a:ea:4b:b6:16:94:1c:
a1:23:27:02:42:24:6a:92:57:be:af:86:fe:8c:14:
ca:23:5f:ee:77:6b:00:b9:6b:0b:29:25:d3:4d:ba:
89:9d:98:7d:f1:fe:4d:64:e5:a6:3f:70:52:66:91:
27:23:d8:96:4c:a8:c5:0d:02:93:94:05:99:17:e3:
e8:c3:0d:6f:90:3a:b2:87:0e:92:07:2b:78:71:2f:
3f:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:61:65:48:37:62:16:51:54:24:14:F3:90:10:C9:94:E0:D0:66:86
X509v3 Authority Key Identifier:
keyid:92:1B:4C:85:CA:A8:D8:B1:66:19:BF:94:5A:2F:D6:AF:1C:77:FC:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/yGFlSDdiFlFUJBTzkBDJlODQZoY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.142.240.0/21
185.52.224.0/22
IPv6:
2a02:898::/32
Signature Algorithm: sha256WithRSAEncryption
81:4d:3a:39:75:34:73:ca:12:a7:53:d3:ca:bc:b5:33:e9:00:
0f:86:52:33:f8:82:f9:d1:a8:71:55:64:07:32:0c:a5:12:1f:
a1:cf:9c:5e:5a:0a:f8:7d:40:9f:da:34:4c:1a:5b:87:a6:46:
e7:17:45:2f:c1:7a:21:77:4a:22:3b:ab:0b:d0:f8:be:2e:64:
e7:aa:1b:98:1e:28:3e:bc:9f:db:05:e3:54:81:ee:e4:a8:c7:
6a:9e:ea:bd:7d:d8:46:da:9d:bb:cb:1d:fd:18:3b:f5:63:64:
e5:d6:75:df:63:95:1f:c2:b3:8c:51:32:c4:96:0c:fd:65:26:
a9:d3:28:08:3a:22:63:b9:3e:96:c5:88:63:16:bb:d7:ce:15:
65:36:c1:6c:1d:c9:fd:5a:21:0e:d1:7e:ed:53:60:47:55:df:
ba:87:a8:58:a9:13:4c:b0:e8:2b:41:18:e4:cc:30:f2:a9:82:
5f:d4:fd:92:c9:b4:5b:fb:20:7d:78:81:96:5f:a7:e4:db:d0:
20:e8:e1:d8:9b:78:d4:68:eb:1f:49:d0:54:98:e7:ad:ae:67:
82:df:81:26:3b:af:50:fd:26:c0:69:7e:24:12:da:d1:31:a5:
5b:b7:57:ba:be:45:bb:d5:6c:6d:12:d5:55:db:1c:0c:d6:51:
45:fe:06:fb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+qZyoWHm5IiLAWWaJWqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMWI0Yzg1Y2FhOGQ4YjE2NjE5YmY5NDVhMmZkNmFmMWM3
N2ZjNzgwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODYxNjU0ODM3NjIxNjUxNTQyNDE0ZjM5MDEwYzk5NGUwZDA2Njg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nFuRI3/LdIVG1oRet/DXalfDHmn
SKITP/lP80F+8RvGCOFP2YgcTD55idwx9mfzLKHnUz6/cxGPXRiY3FQyYAkto6in
FD3bEChr7sMM9XGJ/Ds37UPUY8UB7ctEitVg0b2WlCRiER/C7ZF0xQ2RrPNcAUo6
sdQ+/WnIVDge76JqU1dMWBbObf+GQamQSlqdRfa9gat7t7vIk5MoYyesAxOYz+vV
3Na/mg55VHrqS7YWlByhIycCQiRqkle+r4b+jBTKI1/ud2sAuWsLKSXTTbqJnZh9
8f5NZOWmP3BSZpEnI9iWTKjFDQKTlAWZF+Poww1vkDqyhw6SByt4cS8/pQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMhhZUg3YhZRVCQU85AQyZTg0GaGMB8GA1UdIwQY
MBaAFJIbTIXKqNixZhm/lFov1q8cd/x4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2h0TWhjcW8yTEZtR2ItVVdpX1dyeHgzX0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80MmIxNzktNDc5MC00NTIwLWIxNzQt
NTA1MDUzODJmZDcyLzEveUdGbFNEZGlGbEZVSkJUemtCREpsT0RRWm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80MmIxNzktNDc5MC00NTIwLWIxNzQtNTA1MDUzODJmZDcy
LzEva2h0TWhjcW8yTEZtR2ItVVdpX1dyeHgzX0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXo7wAwQC
uTTgMA0EAgACMAcDBQAqAgiYMA0GCSqGSIb3DQEBCwUAA4IBAQCBTTo5dTRzyhKn
U9PKvLUz6QAPhlIz+IL50ahxVWQHMgylEh+hz5xeWgr4fUCf2jRMGluHpkbnF0Uv
wXohd0oiO6sL0Pi+LmTnqhuYHig+vJ/bBeNUge7kqMdqnuq9fdhG2p27yx39GDv1
Y2Tl1nXfY5UfwrOMUTLElgz9ZSap0ygIOiJjuT6WxYhjFrvXzhVlNsFsHcn9WiEO
0X7tU2BHVd+6h6hYqRNMsOgrQRjkzDDyqYJf1P2SybRb+yB9eIGWX6fk29Ag6OHY
m3jUaOsfSdBUmOetrmeC34EmO69Q/SbAaX4kEtrRMaVbt1e6vkW71WxtEtVV2xwM
1lFF/gb7
-----END CERTIFICATE-----
Generated at Wed Feb 5 13:02:59 2025 by rpki-client