Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/TBZUFVuLjgaJ-XADpnEKR7pLEmo.roa
File: TBZUFVuLjgaJ-XADpnEKR7pLEmo.roa (raw, json)
Hash identifier: DDp1P+ue/jG2hxWSfwXECX5hRH8hg4KzLSyGRRpINWI=
Subject key identifier: 4C:16:54:15:5B:8B:8E:06:89:F9:70:03:A6:71:0A:47:BA:4B:12:6A
Certificate issuer: /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial: 019424B3FCA15BEDA349A325A6E7FEC34399
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/TBZUFVuLjgaJ-XADpnEKR7pLEmo.roa
Signing time: Thu 02 Jan 2025 01:49:22 +0000
ROA not before: Thu 02 Jan 2025 01:49:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 27471
IP address blocks: 109.68.56.0/24 maxlen: 24
109.68.57.0/24 maxlen: 24
109.68.58.0/24 maxlen: 24
109.68.59.0/24 maxlen: 24
109.68.60.0/24 maxlen: 24
109.68.61.0/24 maxlen: 24
109.68.62.0/24 maxlen: 24
109.68.63.0/24 maxlen: 24
193.151.72.0/24 maxlen: 24
193.151.73.0/24 maxlen: 24
193.151.74.0/24 maxlen: 24
193.151.75.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:fc:a1:5b:ed:a3:49:a3:25:a6:e7:fe:c3:43:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Validity
Not Before: Jan 2 01:49:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4c1654155b8b8e0689f97003a6710a47ba4b126a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:ca:26:aa:c9:09:ec:53:2d:ea:02:03:d7:fc:
8a:1c:26:18:92:a4:7c:51:e2:34:e0:4f:91:84:ba:
db:b3:d9:89:31:e1:d9:07:ec:66:65:c0:11:19:aa:
f3:b4:e6:28:0d:67:d8:5a:f8:8e:20:cd:20:80:48:
8c:9b:f4:4e:38:00:5b:51:97:f9:20:b3:5f:9c:58:
6b:49:00:39:d5:cc:aa:8e:df:81:d2:c4:41:a3:83:
e6:ce:5c:3c:09:fd:6f:92:50:a9:d9:7b:37:31:21:
3b:0e:4c:e5:32:3f:05:72:4f:10:0a:cd:a9:78:1d:
34:a6:69:77:9a:9b:6b:de:8f:e9:44:50:2f:40:1b:
2e:04:fa:25:d2:a9:e1:39:f7:7e:fe:e0:84:cc:22:
db:22:9d:52:b8:56:bd:e9:56:43:c5:69:54:23:82:
14:c7:84:b7:3b:0c:c6:06:05:16:07:79:e2:ea:d9:
2a:7e:27:91:c9:10:be:e2:8b:28:b8:d7:5d:45:2c:
ec:b7:08:e3:48:9f:8d:0c:c3:ef:08:9d:d0:67:53:
6c:91:71:29:57:3a:df:58:2f:70:b5:45:dc:ed:5f:
5d:55:79:f9:f7:c7:f2:41:ef:49:d2:1f:82:29:96:
cb:dd:91:f8:ee:bc:53:25:8d:e0:6a:a5:e8:7f:a6:
92:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:16:54:15:5B:8B:8E:06:89:F9:70:03:A6:71:0A:47:BA:4B:12:6A
X509v3 Authority Key Identifier:
keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/TBZUFVuLjgaJ-XADpnEKR7pLEmo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.68.56.0/21
193.151.72.0/22
Signature Algorithm: sha256WithRSAEncryption
50:d5:f2:4f:9a:be:ad:1e:3e:1d:2d:47:99:e1:55:f5:b4:c6:
08:2b:89:c3:67:7a:bd:e9:33:63:e6:b0:00:da:64:f5:06:27:
7a:e3:f4:77:b1:d3:e0:f4:c2:ab:32:59:7d:2d:34:10:86:9b:
10:f6:4b:3c:0a:47:8e:4c:d1:40:54:bc:67:8a:17:25:c8:86:
80:94:0f:99:80:dc:bd:57:76:b8:96:2f:ea:7d:c1:8f:19:d6:
67:66:5a:f8:ae:77:4b:2d:0a:57:dc:3e:3f:c6:ce:4a:5b:7d:
81:08:dd:8d:c5:af:66:55:66:19:64:ca:8f:41:c9:8d:96:98:
56:48:c8:34:91:9f:05:7d:49:86:6c:db:dc:83:24:9e:94:0f:
93:ab:94:bc:d0:52:88:1d:97:14:df:03:9c:b3:cd:11:18:3a:
c7:36:cf:f1:96:52:f1:3e:d9:8d:ac:29:50:13:62:04:eb:af:
c3:4e:87:24:94:e5:28:ce:41:ce:1d:9e:36:1e:04:1e:26:61:
46:7e:61:dc:0a:3c:5e:2e:79:6e:20:1d:b1:b0:73:45:5f:7e:
5f:64:5d:23:59:69:66:fc:c2:9b:b7:3c:64:38:3a:9d:64:97:
fe:a8:5a:df:f7:9b:13:04:46:13:d9:93:6b:32:07:8d:1b:4f:
d4:18:ed:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks/yhW+2jSaMlpuf+w0OZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDczMzZmYTkxNTcyMWNlM2JmZWUyMTdmNGU5OTE2NGRi
OTUzMmIwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzE2NTQxNTViOGI4ZTA2ODlmOTcwMDNhNjcxMGE0N2JhNGIxMjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcomqskJ7FMt6gID1/yKHCYYkqR8
UeI04E+RhLrbs9mJMeHZB+xmZcARGarztOYoDWfYWviOIM0ggEiMm/ROOABbUZf5
ILNfnFhrSQA51cyqjt+B0sRBo4Pmzlw8Cf1vklCp2Xs3MSE7DkzlMj8Fck8QCs2p
eB00pml3mptr3o/pRFAvQBsuBPol0qnhOfd+/uCEzCLbIp1SuFa96VZDxWlUI4IU
x4S3OwzGBgUWB3ni6tkqfieRyRC+4osouNddRSzstwjjSJ+NDMPvCJ3QZ1NskXEp
VzrfWC9wtUXc7V9dVXn598fyQe9J0h+CKZbL3ZH47rxTJY3gaqXof6aSDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEwWVBVbi44GiflwA6ZxCke6SxJqMB8GA1UdIwQY
MBaAFF3XM2+pFXIc47/uIX9OmRZNuVMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEt
OGM0YmM0NTkyN2EzLzEvVEJaVUZWdUxqZ2FKLVhBRHBuRUtSN3BMRW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEtOGM0YmM0NTkyN2Ez
LzEvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUQ4AwQC
wZdIMA0GCSqGSIb3DQEBCwUAA4IBAQBQ1fJPmr6tHj4dLUeZ4VX1tMYIK4nDZ3q9
6TNj5rAA2mT1Bid64/R3sdPg9MKrMll9LTQQhpsQ9ks8CkeOTNFAVLxnihclyIaA
lA+ZgNy9V3a4li/qfcGPGdZnZlr4rndLLQpX3D4/xs5KW32BCN2Nxa9mVWYZZMqP
QcmNlphWSMg0kZ8FfUmGbNvcgySelA+Tq5S80FKIHZcU3wOcs80RGDrHNs/xllLx
PtmNrClQE2IE66/DTocklOUozkHOHZ42HgQeJmFGfmHcCjxeLnluIB2xsHNFX35f
ZF0jWWlm/MKbtzxkODqdZJf+qFrf95sTBEYT2ZNrMgeNG0/UGO1x
-----END CERTIFICATE-----
Generated at Sat Apr 5 05:02:07 2025 by rpki-client