Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/0hcYkFvLnPnX3tJPZIl-Uhot1i0.roa
File: 0hcYkFvLnPnX3tJPZIl-Uhot1i0.roa (raw, json)
Hash identifier: 6/eHz/J+k5SuDY5b5eslxHZpd3P/l7+bfENiu84Xo/Y=
Subject key identifier: D2:17:18:90:5B:CB:9C:F9:D7:DE:D2:4F:64:89:7E:52:1A:2D:D6:2D
Certificate issuer: /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial: 01942826094266893DCBB8C3AF009246794F
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/0hcYkFvLnPnX3tJPZIl-Uhot1i0.roa
Signing time: Thu 02 Jan 2025 17:52:48 +0000
ROA not before: Thu 02 Jan 2025 17:52:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7018
IP address blocks: 91.225.225.0/24 maxlen: 24
91.225.226.0/24 maxlen: 24
91.225.227.0/24 maxlen: 24
188.191.98.0/24 maxlen: 24
188.191.101.0/24 maxlen: 24
188.191.103.0/24 maxlen: 24
188.191.106.0/24 maxlen: 24
188.191.109.0/24 maxlen: 24
188.191.110.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:26:09:42:66:89:3d:cb:b8:c3:af:00:92:46:79:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Validity
Not Before: Jan 2 17:52:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d21718905bcb9cf9d7ded24f64897e521a2dd62d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:a6:85:23:7c:30:05:51:cb:3b:50:14:0d:df:
69:55:d9:be:41:33:08:39:1f:b7:2a:ba:00:9f:e9:
d0:44:6d:ae:d4:3a:21:d7:d0:43:9b:bf:aa:ee:e4:
5f:97:81:0a:d6:0a:e5:e7:c7:7b:68:6b:50:49:2e:
d3:10:f8:00:0a:46:2b:c5:c7:f2:bf:27:8d:dd:d0:
d8:76:36:67:2a:ea:7e:c7:82:7e:0d:2d:cf:a6:58:
a5:74:35:df:2c:d4:68:2a:d5:98:54:e8:c5:4c:b5:
dd:b0:d4:46:28:cd:c4:82:ae:35:39:e5:09:c7:c0:
2d:c0:93:d7:96:41:de:bd:59:c9:11:48:2d:8a:8a:
57:f5:75:7b:f4:51:bd:30:8f:45:0b:dd:8f:b7:74:
5f:18:1d:f1:d4:62:16:04:7e:3b:e0:22:c0:05:6c:
21:d8:a8:e5:68:1b:7f:3e:0b:71:da:19:7b:2e:45:
9a:61:7e:42:14:d8:d3:9d:8b:62:e3:67:41:74:66:
e7:19:65:01:77:07:6e:be:a4:89:b4:d7:71:ea:99:
16:97:29:94:54:ce:14:3f:da:ed:27:3f:c4:a7:01:
24:f3:bf:89:63:5e:b9:48:61:35:95:90:19:86:8e:
dc:b9:a0:55:f8:4b:76:7a:ed:1a:30:8e:60:3a:82:
fd:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:17:18:90:5B:CB:9C:F9:D7:DE:D2:4F:64:89:7E:52:1A:2D:D6:2D
X509v3 Authority Key Identifier:
keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/0hcYkFvLnPnX3tJPZIl-Uhot1i0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.225.225.0-91.225.227.255
188.191.98.0/24
188.191.101.0/24
188.191.103.0/24
188.191.106.0/24
188.191.109.0-188.191.110.255
Signature Algorithm: sha256WithRSAEncryption
52:57:e4:4b:08:2b:37:79:09:aa:71:72:e0:5c:50:f0:a5:2a:
98:65:1d:01:c5:8d:c4:39:10:c1:59:57:be:a8:6e:22:30:10:
d6:19:84:71:3e:bc:64:e0:58:da:c0:27:33:1b:99:6d:f6:04:
6b:04:34:f7:24:50:e6:d9:a1:1f:c9:d4:64:72:42:6f:69:df:
51:85:26:b7:82:f5:af:61:64:2c:0a:fb:9f:9c:7a:f8:71:91:
0c:b9:ac:d8:f8:92:a8:42:40:f1:60:4e:07:80:8d:74:65:0e:
a5:54:fe:5c:41:74:74:54:d2:67:bd:1e:39:45:a9:db:90:ad:
89:1b:3d:c6:48:52:40:0d:72:44:f3:e6:e9:56:bf:ea:92:44:
fd:8a:e7:b5:ac:c0:19:67:ca:58:20:f4:80:a2:0e:6a:18:67:
63:9c:51:ea:dd:f2:a6:3b:32:e1:f2:5d:4b:bf:91:35:0c:8c:
8f:b6:94:86:ee:02:70:22:93:3c:e9:0c:a8:ea:55:1e:d0:8e:
6a:56:8d:0e:fb:a9:ee:a1:b3:3d:d4:60:a8:92:f3:c2:ce:91:
f5:64:5e:57:22:de:dd:23:07:b2:80:b3:80:05:c4:bd:3f:b4:
44:e1:c9:90:b3:b8:c2:f6:87:fc:91:21:af:65:fb:97:aa:89:
76:48:f4:b0
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQoJglCZok9y7jDrwCSRnlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjUwMTAyMTc1MjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE3MTg5MDViY2I5Y2Y5ZDdkZWQyNGY2NDg5N2U1MjFhMmRkNjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqaFI3wwBVHLO1AUDd9pVdm+QTMI
OR+3KroAn+nQRG2u1Doh19BDm7+q7uRfl4EK1grl58d7aGtQSS7TEPgACkYrxcfy
vyeN3dDYdjZnKup+x4J+DS3PplildDXfLNRoKtWYVOjFTLXdsNRGKM3Egq41OeUJ
x8AtwJPXlkHevVnJEUgtiopX9XV79FG9MI9FC92Pt3RfGB3x1GIWBH474CLABWwh
2KjlaBt/Pgtx2hl7LkWaYX5CFNjTnYti42dBdGbnGWUBdwduvqSJtNdx6pkWlymU
VM4UP9rtJz/EpwEk87+JY165SGE1lZAZho7cuaBV+Et2eu0aMI5gOoL9UwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFNIXGJBby5z5197ST2SJflIaLdYtMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvMGhjWWtGdkxuUG5YM3RKUFpJbC1VaG90MWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBABb4eED
BAJb4eADBAC8v2IDBAC8v2UDBAC8v2cDBAC8v2owDAMEALy/bQMEALy/bjANBgkq
hkiG9w0BAQsFAAOCAQEAUlfkSwgrN3kJqnFy4FxQ8KUqmGUdAcWNxDkQwVlXvqhu
IjAQ1hmEcT68ZOBY2sAnMxuZbfYEawQ09yRQ5tmhH8nUZHJCb2nfUYUmt4L1r2Fk
LAr7n5x6+HGRDLms2PiSqEJA8WBOB4CNdGUOpVT+XEF0dFTSZ70eOUWp25CtiRs9
xkhSQA1yRPPm6Va/6pJE/YrntazAGWfKWCD0gKIOahhnY5xR6t3ypjsy4fJdS7+R
NQyMj7aUhu4CcCKTPOkMqOpVHtCOalaNDvup7qGzPdRgqJLzws6R9WReVyLe3SMH
soCzgAXEvT+0ROHJkLO4wvaH/JEhr2X7l6qJdkj0sA==
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:13:03 2025 by rpki-client