Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/f7S9xAXMtoHXIWXeQsykpctQxNM.roa
File: f7S9xAXMtoHXIWXeQsykpctQxNM.roa (raw, json)
Hash identifier: Q4hA/wIKEkwP/Vj65aZ2uO4MqJnj/mjQP7x/ZVfd3Uc=
Subject key identifier: 7F:B4:BD:C4:05:CC:B6:81:D7:21:65:DE:42:CC:A4:A5:CB:50:C4:D3
Certificate issuer: /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial: 01941F8BFE4E83ECED73EEF4ED3F3A6ABEA6
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/f7S9xAXMtoHXIWXeQsykpctQxNM.roa
Signing time: Wed 01 Jan 2025 01:47:35 +0000
ROA not before: Wed 01 Jan 2025 01:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25252
IP address blocks: 171.25.128.0/21 maxlen: 21
193.221.28.0/24 maxlen: 24
193.221.36.0/24 maxlen: 24
193.221.37.0/24 maxlen: 24
193.221.47.0/24 maxlen: 24
193.221.52.0/24 maxlen: 24
193.221.53.0/24 maxlen: 24
193.221.59.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.mft
rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 17:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8b:fe:4e:83:ec:ed:73:ee:f4:ed:3f:3a:6a:be:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Validity
Not Before: Jan 1 01:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7fb4bdc405ccb681d72165de42cca4a5cb50c4d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:0d:1e:a1:cc:cd:38:71:aa:34:d6:5f:d4:9f:
35:01:ef:99:5b:89:3e:d4:35:71:81:da:65:69:f0:
fe:bf:bd:52:7c:58:dd:bf:1a:d2:33:ae:47:cd:dc:
81:4b:0c:f9:aa:7b:aa:7e:3d:52:b0:5a:16:bf:f6:
c1:9a:df:e8:17:fb:95:ca:c2:fb:a7:b7:0b:0d:e7:
e5:11:8a:8c:2a:25:a5:90:62:e5:27:bb:15:a8:71:
b9:85:24:fc:80:0f:84:f5:bf:17:d9:45:1f:11:eb:
48:20:84:c5:65:e3:5e:21:ca:ee:ed:3d:1b:fc:bc:
6c:2a:f2:ed:fd:6c:ff:46:a4:86:dc:12:28:3a:69:
82:13:9f:e0:be:6b:2b:50:75:f7:4a:f1:7b:2b:48:
f0:24:d4:35:a2:89:40:36:7c:01:56:f4:d5:31:ad:
7c:a8:38:7e:d4:95:cc:a8:1c:6e:76:e3:23:9f:a3:
61:ba:28:90:03:00:1c:f0:20:02:0a:2f:18:87:c5:
f1:10:c4:6d:81:a4:ba:13:70:7e:7b:96:c4:7b:10:
77:14:cf:1e:9b:8a:4f:8b:c6:4f:0b:be:ab:b8:5d:
47:95:83:43:d0:05:34:74:d9:a1:69:d4:75:d2:93:
17:f4:b5:09:10:75:70:5a:3c:74:ce:a0:e6:be:0c:
8a:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:B4:BD:C4:05:CC:B6:81:D7:21:65:DE:42:CC:A4:A5:CB:50:C4:D3
X509v3 Authority Key Identifier:
keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/f7S9xAXMtoHXIWXeQsykpctQxNM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.128.0/21
193.221.28.0/24
193.221.36.0/23
193.221.47.0/24
193.221.52.0/23
193.221.59.0/24
Signature Algorithm: sha256WithRSAEncryption
2f:57:2e:d5:40:f3:a9:8e:a6:ee:53:74:2f:94:12:5a:a9:c8:
5b:b4:94:ea:0a:fd:6b:9b:e8:5e:08:7d:ec:08:6b:10:2e:96:
34:7d:10:8b:80:36:56:92:56:2b:47:71:44:5d:66:78:c9:7b:
cc:eb:69:49:b6:7b:d0:ca:96:ec:ed:95:fb:1f:37:3b:4c:04:
e4:6f:ea:b0:53:06:0c:cf:eb:76:f2:ec:54:d3:32:8e:a4:01:
a1:bd:ee:08:a9:88:a2:53:23:7e:a1:8d:25:44:d0:16:f9:57:
b0:e6:eb:cd:b8:74:20:8e:8b:90:43:c1:b0:ff:2f:9c:11:e2:
90:a6:40:eb:30:17:ef:88:2c:fe:0e:eb:ac:c1:08:c1:06:8d:
ba:0b:dc:90:21:27:3c:ed:86:f9:3a:07:47:39:d1:1d:e4:e9:
11:c4:65:a6:56:8d:56:26:d7:81:71:60:e3:e9:7d:ad:13:25:
8d:ef:5b:88:a3:20:cc:94:b9:dc:5d:35:a6:5b:bd:0a:dc:eb:
03:1c:f3:31:48:46:d6:41:62:bd:a5:15:a9:01:73:78:3b:79:
62:1a:29:b5:d9:35:1e:ea:22:29:12:9d:97:b5:6d:1b:f5:65:
48:0d:81:89:f3:92:0e:bd:07:2e:6b:6c:91:c6:b4:84:a9:08:
82:15:14:0d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQfi/5Og+ztc+707T86ar6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjUwMTAxMDE0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmI0YmRjNDA1Y2NiNjgxZDcyMTY1ZGU0MmNjYTRhNWNiNTBjNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApA0eoczNOHGqNNZf1J81Ae+ZW4k+
1DVxgdplafD+v71SfFjdvxrSM65HzdyBSwz5qnuqfj1SsFoWv/bBmt/oF/uVysL7
p7cLDeflEYqMKiWlkGLlJ7sVqHG5hST8gA+E9b8X2UUfEetIIITFZeNeIcru7T0b
/LxsKvLt/Wz/RqSG3BIoOmmCE5/gvmsrUHX3SvF7K0jwJNQ1oolANnwBVvTVMa18
qDh+1JXMqBxuduMjn6NhuiiQAwAc8CACCi8Yh8XxEMRtgaS6E3B+e5bEexB3FM8e
m4pPi8ZPC76ruF1HlYND0AU0dNmhadR10pMX9LUJEHVwWjx0zqDmvgyKjwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFH+0vcQFzLaB1yFl3kLMpKXLUMTTMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEvZjdTOXhBWE10b0hYSVdYZVFzeWtwY3RReE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDqxmAAwQA
wd0cAwQBwd0kAwQAwd0vAwQBwd00AwQAwd07MA0GCSqGSIb3DQEBCwUAA4IBAQAv
Vy7VQPOpjqbuU3QvlBJaqchbtJTqCv1rm+heCH3sCGsQLpY0fRCLgDZWklYrR3FE
XWZ4yXvM62lJtnvQypbs7ZX7Hzc7TATkb+qwUwYMz+t28uxU0zKOpAGhve4IqYii
UyN+oY0lRNAW+Vew5uvNuHQgjouQQ8Gw/y+cEeKQpkDrMBfviCz+DuuswQjBBo26
C9yQISc87Yb5OgdHOdEd5OkRxGWmVo1WJteBcWDj6X2tEyWN71uIoyDMlLncXTWm
W70K3OsDHPMxSEbWQWK9pRWpAXN4O3liGim12TUe6iIpEp2XtW0b9WVIDYGJ85IO
vQcua2yRxrSEqQiCFRQN
-----END CERTIFICATE-----
Generated at Mon Apr 14 00:18:30 2025 by rpki-client