Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/xThsddYizU9zce14GHgo8DJEm0M.roa
File: xThsddYizU9zce14GHgo8DJEm0M.roa (raw, json)
Hash identifier: xTnNSblE9F5a4BVdVV24fpOa0j64fQcjoHWF3jqeK84=
Subject key identifier: C5:38:6C:75:D6:22:CD:4F:73:71:ED:78:18:78:28:F0:32:44:9B:43
Certificate issuer: /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial: 01941F8BFE18720D6D7BABD67A7E6402BB60
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/xThsddYizU9zce14GHgo8DJEm0M.roa
Signing time: Wed 01 Jan 2025 01:47:35 +0000
ROA not before: Wed 01 Jan 2025 01:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3301
IP address blocks: 171.25.128.0/21 maxlen: 21
193.221.28.0/24 maxlen: 24
193.221.36.0/24 maxlen: 24
193.221.37.0/24 maxlen: 24
193.221.47.0/24 maxlen: 24
193.221.52.0/24 maxlen: 24
193.221.53.0/24 maxlen: 24
193.221.59.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.mft
rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 18:31:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8b:fe:18:72:0d:6d:7b:ab:d6:7a:7e:64:02:bb:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Validity
Not Before: Jan 1 01:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5386c75d622cd4f7371ed78187828f032449b43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:13:3d:1a:c1:2f:70:04:fa:17:4b:48:84:04:
31:d9:f1:81:19:b7:7f:6c:00:17:28:ae:d5:fc:10:
10:b8:ab:83:58:6e:ef:18:6b:1e:c1:fa:1e:d4:61:
33:a9:f1:8b:16:25:6f:fa:ff:57:e9:68:74:46:12:
99:5e:f4:ad:78:f2:bf:3d:a1:fc:65:fb:12:8a:be:
08:91:32:20:41:cf:7d:c3:43:47:fb:85:c1:de:db:
f7:83:59:1e:32:2a:6f:78:95:d4:75:5a:3b:11:d3:
08:8b:fc:f4:c4:e2:6b:3c:f3:9f:d7:7f:13:d4:75:
1e:68:87:07:9c:5f:23:b5:ba:e7:d6:97:9a:14:66:
87:10:16:1c:f1:88:8c:47:c5:ef:18:00:62:bb:35:
eb:45:53:c2:91:d0:77:75:59:ae:82:25:ee:79:d0:
a7:5e:9b:32:e0:81:b3:b7:a5:64:d7:d4:27:39:45:
97:d3:f9:0c:a7:92:83:f2:fd:b1:d1:38:97:12:a6:
c5:99:b5:b1:2a:4b:e8:94:e4:c1:4b:02:7b:fa:81:
ed:0f:08:ab:07:bf:63:4f:6d:39:a4:93:73:ae:a6:
ca:57:79:97:d3:cc:b2:99:1b:b6:d5:63:b4:75:4f:
5c:7c:58:1b:0d:ca:60:e3:78:37:1c:b0:51:05:5e:
c9:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:38:6C:75:D6:22:CD:4F:73:71:ED:78:18:78:28:F0:32:44:9B:43
X509v3 Authority Key Identifier:
keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/xThsddYizU9zce14GHgo8DJEm0M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.128.0/21
193.221.28.0/24
193.221.36.0/23
193.221.47.0/24
193.221.52.0/23
193.221.59.0/24
Signature Algorithm: sha256WithRSAEncryption
12:ab:51:5d:cd:f7:5d:da:7b:6e:35:bb:c8:f7:26:83:7f:f8:
68:f2:3e:5c:de:d4:55:74:6d:e1:8f:86:c9:42:59:2d:3f:18:
ca:d5:14:61:4c:f9:40:ad:47:63:09:8e:0c:cd:f4:f9:b9:b5:
32:1f:09:d6:bc:3b:92:36:d9:3c:1b:85:ea:79:07:14:c7:06:
80:c2:7f:d4:9e:8f:85:7d:40:7c:6f:a4:2d:6e:75:ff:ca:f2:
29:5b:04:04:d4:07:ef:96:0d:6d:f6:96:98:5b:bd:2a:22:49:
ed:9f:00:15:07:d4:25:ce:71:01:3f:3f:d8:43:f1:89:c5:43:
65:7a:25:8b:4e:81:a2:a6:89:1c:d5:19:88:4d:2d:cb:61:ac:
1e:b6:78:f5:33:61:d8:e2:44:9b:7b:4e:3a:7c:b5:d5:59:3f:
35:af:53:cb:69:5b:3e:99:a5:a2:c7:10:c9:f9:57:f8:69:c7:
15:9b:dc:b2:20:db:a3:7e:f7:c8:59:3d:18:23:ed:52:b2:59:
f8:c8:d0:45:21:47:d8:c1:59:b8:ab:ba:35:96:21:85:87:2a:
f8:91:4b:09:9b:ca:d6:1d:ea:17:27:2c:c5:a7:64:f6:0a:37:
9c:cb:c7:9e:9d:af:54:8b:ec:b3:f6:fe:6a:74:ef:c0:5f:ff:
a0:d4:a2:0e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQfi/4Ycg1te6vWen5kArtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjUwMTAxMDE0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTM4NmM3NWQ2MjJjZDRmNzM3MWVkNzgxODc4MjhmMDMyNDQ5YjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxM9GsEvcAT6F0tIhAQx2fGBGbd/
bAAXKK7V/BAQuKuDWG7vGGsewfoe1GEzqfGLFiVv+v9X6Wh0RhKZXvStePK/PaH8
ZfsSir4IkTIgQc99w0NH+4XB3tv3g1keMipveJXUdVo7EdMIi/z0xOJrPPOf138T
1HUeaIcHnF8jtbrn1peaFGaHEBYc8YiMR8XvGABiuzXrRVPCkdB3dVmugiXuedCn
Xpsy4IGzt6Vk19QnOUWX0/kMp5KD8v2x0TiXEqbFmbWxKkvolOTBSwJ7+oHtDwir
B79jT205pJNzrqbKV3mX08yymRu21WO0dU9cfFgbDcpg43g3HLBRBV7J2QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMU4bHXWIs1Pc3HteBh4KPAyRJtDMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEveFRoc2RkWWl6VTl6Y2UxNEdIZ284REpFbTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDqxmAAwQA
wd0cAwQBwd0kAwQAwd0vAwQBwd00AwQAwd07MA0GCSqGSIb3DQEBCwUAA4IBAQAS
q1Fdzfdd2ntuNbvI9yaDf/ho8j5c3tRVdG3hj4bJQlktPxjK1RRhTPlArUdjCY4M
zfT5ubUyHwnWvDuSNtk8G4XqeQcUxwaAwn/Uno+FfUB8b6QtbnX/yvIpWwQE1Afv
lg1t9paYW70qIkntnwAVB9QlznEBPz/YQ/GJxUNleiWLToGipokc1RmITS3LYawe
tnj1M2HY4kSbe046fLXVWT81r1PLaVs+maWixxDJ+Vf4accVm9yyINujfvfIWT0Y
I+1Ssln4yNBFIUfYwVm4q7o1liGFhyr4kUsJm8rWHeoXJyzFp2T2Cjecy8eena9U
i+yz9v5qdO/AX/+g1KIO
-----END CERTIFICATE-----
Generated at Mon Apr 14 04:03:14 2025 by rpki-client