Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/HE3ngXhibuMNnlUTqhNdyzJzI7E.roa
File: HE3ngXhibuMNnlUTqhNdyzJzI7E.roa (raw, json)
Hash identifier: vbHlj5WYFjRLuQiS72fylFam6l6ufmPPLhOlt+s0Jhw=
Subject key identifier: 1C:4D:E7:81:78:62:6E:E3:0D:9E:55:13:AA:13:5D:CB:32:73:23:B1
Certificate issuer: /CN=03a5e95abb91d64d73b9148c0aaf59b3af3f4e6a
Certificate serial: 019425FDA392301F5C04A8E8BE80D7851865
Authority key identifier: 03:A5:E9:5A:BB:91:D6:4D:73:B9:14:8C:0A:AF:59:B3:AF:3F:4E:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A6XpWruR1k1zuRSMCq9Zs68_Tmo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/HE3ngXhibuMNnlUTqhNdyzJzI7E.roa
Signing time: Thu 02 Jan 2025 07:49:26 +0000
ROA not before: Thu 02 Jan 2025 07:49:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1930
IP address blocks: 192.26.236.0/24 maxlen: 24
192.68.186.0/24 maxlen: 24
192.138.86.0/24 maxlen: 24
192.195.195.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/A6XpWruR1k1zuRSMCq9Zs68_Tmo.crl
rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/A6XpWruR1k1zuRSMCq9Zs68_Tmo.mft
rsync://rpki.ripe.net/repository/DEFAULT/A6XpWruR1k1zuRSMCq9Zs68_Tmo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 22:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:a3:92:30:1f:5c:04:a8:e8:be:80:d7:85:18:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=03a5e95abb91d64d73b9148c0aaf59b3af3f4e6a
Validity
Not Before: Jan 2 07:49:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c4de78178626ee30d9e5513aa135dcb327323b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b1:1b:f8:4c:57:65:a2:10:cc:90:15:5f:0c:
1f:09:39:e0:c3:88:c7:ea:b2:7e:a2:a1:7c:da:03:
7c:df:65:d2:47:fa:58:76:c9:93:2c:c9:38:86:de:
4a:10:3b:4d:45:2d:69:a9:fe:57:0f:d1:71:31:01:
2e:cd:e6:9b:d2:5e:de:ec:91:36:aa:65:4c:c7:fb:
e7:43:39:63:1c:a3:34:7f:25:50:49:45:3a:f5:39:
93:e0:47:c0:04:cd:96:5f:9a:e0:48:5b:5a:87:b1:
d8:db:c9:68:60:d7:ad:a8:4d:ae:61:cc:19:23:a6:
75:a8:bd:40:d4:44:7b:18:86:d3:25:a8:df:60:a4:
23:69:bf:e6:a3:f3:07:23:73:88:c7:3a:73:78:5a:
12:70:6d:8a:d8:34:19:83:79:1e:8b:e7:1d:70:e2:
4b:25:a0:4a:01:05:1c:e6:d2:1d:29:03:d3:f5:0b:
ae:34:8e:5c:d0:3d:1b:1b:10:c7:0f:e8:07:31:3f:
ff:58:01:0f:53:d7:af:f8:17:8e:b9:59:58:54:4b:
bf:30:01:24:1e:c3:06:1a:f7:f9:23:a0:b3:96:0a:
f2:09:70:e8:7b:ab:7e:44:83:5b:24:25:51:1b:f7:
8b:a5:22:bb:01:86:c6:35:90:6e:1f:a0:d6:f9:01:
d0:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:4D:E7:81:78:62:6E:E3:0D:9E:55:13:AA:13:5D:CB:32:73:23:B1
X509v3 Authority Key Identifier:
keyid:03:A5:E9:5A:BB:91:D6:4D:73:B9:14:8C:0A:AF:59:B3:AF:3F:4E:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A6XpWruR1k1zuRSMCq9Zs68_Tmo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/HE3ngXhibuMNnlUTqhNdyzJzI7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/5aa284-2414-4558-beb6-7d4be068c9a5/1/A6XpWruR1k1zuRSMCq9Zs68_Tmo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.26.236.0/24
192.68.186.0/24
192.138.86.0/24
192.195.195.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:d1:f3:f5:92:ed:ac:0d:68:4b:10:8f:96:be:8c:e1:35:73:
5f:84:60:03:84:c4:a7:2e:88:d4:15:a5:6f:8b:a3:06:61:bf:
ec:64:e6:24:83:5c:01:39:3e:f4:3c:cf:80:dd:6e:a8:bf:a9:
8b:fb:8a:d5:30:04:1d:21:37:58:1c:bc:9c:07:92:df:be:a9:
38:6e:7e:7a:36:03:de:cc:cf:f4:4d:85:c8:07:e5:f4:1f:58:
ef:a1:2f:51:43:d4:2d:dd:c5:fd:94:00:31:a9:e6:bf:a7:03:
6d:a7:62:c0:38:27:0f:f6:b9:5f:9f:fd:8c:5a:61:7c:d2:47:
36:7a:eb:00:e6:27:25:ac:1f:f9:0d:46:a3:d3:0d:f1:d2:d4:
fb:0f:bb:0a:84:75:20:23:4e:8e:2b:0f:93:be:ae:ac:52:ba:
c5:84:53:b6:bb:34:76:0d:99:21:bc:f6:30:f3:6a:f7:f8:2b:
a8:99:00:c4:ad:c4:35:84:f3:7c:27:fd:10:55:1e:d7:2a:15:
9f:7b:cc:8c:ef:5e:94:2f:6a:a9:fc:c9:1f:4f:0e:46:ec:10:
4b:5f:d7:10:1f:31:39:c5:46:b1:0f:8e:5f:2b:61:a1:94:6c:
0d:c9:7d:aa:0a:2b:58:9b:65:b1:5b:2f:20:c8:92:7f:d1:4a:
09:38:02:a1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQl/aOSMB9cBKjovoDXhRhlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYTVlOTVhYmI5MWQ2NGQ3M2I5MTQ4YzBhYWY1OWIzYWYz
ZjRlNmEwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzRkZTc4MTc4NjI2ZWUzMGQ5ZTU1MTNhYTEzNWRjYjMyNzMyM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybEb+ExXZaIQzJAVXwwfCTngw4jH
6rJ+oqF82gN832XSR/pYdsmTLMk4ht5KEDtNRS1pqf5XD9FxMQEuzeab0l7e7JE2
qmVMx/vnQzljHKM0fyVQSUU69TmT4EfABM2WX5rgSFtah7HY28loYNetqE2uYcwZ
I6Z1qL1A1ER7GIbTJajfYKQjab/mo/MHI3OIxzpzeFoScG2K2DQZg3kei+cdcOJL
JaBKAQUc5tIdKQPT9QuuNI5c0D0bGxDHD+gHMT//WAEPU9ev+BeOuVlYVEu/MAEk
HsMGGvf5I6CzlgryCXDoe6t+RINbJCVRG/eLpSK7AYbGNZBuH6DW+QHQrwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBxN54F4Ym7jDZ5VE6oTXcsycyOxMB8GA1UdIwQY
MBaAFAOl6Vq7kdZNc7kUjAqvWbOvP05qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTZYcFdydVIxazF6dVJTTUNxOVpzNjhfVG1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni81YWEyODQtMjQxNC00NTU4LWJlYjYt
N2Q0YmUwNjhjOWE1LzEvSEUzbmdYaGlidU1ObmxVVHFoTmR5ekp6STdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni81YWEyODQtMjQxNC00NTU4LWJlYjYtN2Q0YmUwNjhjOWE1
LzEvQTZYcFdydVIxazF6dVJTTUNxOVpzNjhfVG1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwBrsAwQA
wES6AwQAwIpWAwQAwMPDMA0GCSqGSIb3DQEBCwUAA4IBAQBc0fP1ku2sDWhLEI+W
vozhNXNfhGADhMSnLojUFaVvi6MGYb/sZOYkg1wBOT70PM+A3W6ov6mL+4rVMAQd
ITdYHLycB5Lfvqk4bn56NgPezM/0TYXIB+X0H1jvoS9RQ9Qt3cX9lAAxqea/pwNt
p2LAOCcP9rlfn/2MWmF80kc2eusA5iclrB/5DUaj0w3x0tT7D7sKhHUgI06OKw+T
vq6sUrrFhFO2uzR2DZkhvPYw82r3+CuomQDErcQ1hPN8J/0QVR7XKhWfe8yM716U
L2qp/MkfTw5G7BBLX9cQHzE5xUaxD45fK2GhlGwNyX2qCitYm2WxWy8gyJJ/0UoJ
OAKh
-----END CERTIFICATE-----
Generated at Tue Apr 8 04:00:42 2025 by rpki-client