Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IBrK48O-7B4CsyrG8YHsZba14MU.roa
File: IBrK48O-7B4CsyrG8YHsZba14MU.roa (raw, json)
Hash identifier: jNJqur4pKVCszpvjwbN2opjyvmyVJ/ZLlLdT3QcBroc=
Subject key identifier: 20:1A:CA:E3:C3:BE:EC:1E:02:B3:2A:C6:F1:81:EC:65:B6:B5:E0:C5
Certificate issuer: /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial: 019423D6A5DD8FCE3D111DC669114D9F45D8
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IBrK48O-7B4CsyrG8YHsZba14MU.roa
Signing time: Wed 01 Jan 2025 21:47:37 +0000
ROA not before: Wed 01 Jan 2025 21:47:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58507
IP address blocks: 159.197.128.0/18 maxlen: 24
159.197.192.0/19 maxlen: 24
161.8.0.0/18 maxlen: 24
161.8.192.0/18 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 13:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:a5:dd:8f:ce:3d:11:1d:c6:69:11:4d:9f:45:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Validity
Not Before: Jan 1 21:47:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=201acae3c3beec1e02b32ac6f181ec65b6b5e0c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:3a:b9:f3:ac:49:20:5f:d6:e8:aa:0b:93:a6:
f6:8c:fd:72:0d:6a:59:bf:07:11:c5:8f:c0:51:7b:
00:c6:92:11:82:9c:3b:9d:90:79:f4:f7:5d:91:77:
20:1e:f5:d9:5a:c1:44:ec:f9:b0:5c:c9:37:d7:04:
68:6d:03:3d:fe:ed:07:be:ed:3c:c3:07:bf:0d:b2:
7a:ab:38:d3:2e:a3:26:0b:20:ed:8e:da:bd:bf:55:
9e:ad:c2:e2:b6:29:9d:44:00:d6:36:94:21:a4:bb:
10:52:a8:cc:5c:28:2f:e1:c8:f9:fb:b1:f9:ee:c1:
73:7b:76:42:83:e1:20:db:f6:f5:25:6d:65:79:4d:
7d:32:90:07:6f:7b:eb:c6:cd:97:c2:22:51:f1:2b:
00:d5:4e:6d:51:4a:f3:e3:63:cc:06:a8:98:eb:0e:
c5:1a:e8:ff:d0:b3:e6:67:02:f4:53:5e:49:3a:87:
44:ff:eb:3e:c5:7b:80:f8:58:73:4a:3b:fb:a3:9c:
2a:4b:f4:f2:97:59:22:dd:98:9f:65:82:e1:61:24:
ca:36:c3:2c:10:cc:ec:25:fc:c7:70:ba:e8:aa:5e:
90:b1:14:63:f4:d1:7b:da:f3:de:73:a2:37:93:70:
6a:e1:fd:35:6a:03:6d:8f:d0:6f:c1:a5:66:e9:72:
ba:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:1A:CA:E3:C3:BE:EC:1E:02:B3:2A:C6:F1:81:EC:65:B6:B5:E0:C5
X509v3 Authority Key Identifier:
keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IBrK48O-7B4CsyrG8YHsZba14MU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.197.128.0-159.197.223.255
161.8.0.0/18
161.8.192.0/18
Signature Algorithm: sha256WithRSAEncryption
4c:4f:b8:07:34:41:0c:63:5f:2c:79:b8:50:62:3a:f3:a3:c2:
71:96:c8:18:28:76:ec:93:d9:48:01:a6:cd:88:5a:78:45:25:
91:79:d0:42:ae:a0:f9:12:14:e1:87:a3:a5:c7:d6:05:44:22:
b6:ca:e6:8d:49:e3:c0:94:ee:45:a8:cc:08:5a:91:1b:b6:f7:
e8:0f:9d:05:e7:4d:5c:40:89:1f:71:4d:93:e6:d7:c5:5f:33:
5c:96:da:f1:94:d9:c9:f2:3b:89:b9:37:02:2d:73:f2:77:52:
45:34:1b:6a:8d:23:89:1d:58:c9:b0:d4:6e:e8:2b:f3:40:67:
fa:bd:45:3c:9b:78:e1:e5:1a:41:aa:2f:2d:f4:6d:65:70:1a:
50:b2:65:8c:66:36:29:e2:78:a6:17:9f:94:6f:c8:d9:d2:a3:
eb:b4:8d:ac:54:fd:f0:1d:ef:b9:79:73:c8:60:d8:bc:08:1c:
0a:f0:84:3c:82:7d:5b:b6:5c:24:f9:2b:b8:35:38:f7:6b:2b:
ae:52:0b:81:37:34:be:78:48:af:1b:45:2c:c5:eb:1a:4a:ed:
92:39:f0:1b:56:aa:2e:af:34:8a:6d:99:9d:55:6e:5d:9a:c8:
73:68:05:8f:10:b0:f5:e0:ab:3e:10:bf:69:5a:02:8b:d8:33:
08:3a:b0:ec
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQj1qXdj849ER3GaRFNn0XYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwMTAxMjE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDFhY2FlM2MzYmVlYzFlMDJiMzJhYzZmMTgxZWM2NWI2YjVlMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDq586xJIF/W6KoLk6b2jP1yDWpZ
vwcRxY/AUXsAxpIRgpw7nZB59PddkXcgHvXZWsFE7PmwXMk31wRobQM9/u0Hvu08
wwe/DbJ6qzjTLqMmCyDtjtq9v1WercLitimdRADWNpQhpLsQUqjMXCgv4cj5+7H5
7sFze3ZCg+Eg2/b1JW1leU19MpAHb3vrxs2XwiJR8SsA1U5tUUrz42PMBqiY6w7F
Guj/0LPmZwL0U15JOodE/+s+xXuA+FhzSjv7o5wqS/Tyl1ki3ZifZYLhYSTKNsMs
EMzsJfzHcLroql6QsRRj9NF72vPec6I3k3Bq4f01agNtj9BvwaVm6XK6ywIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCAayuPDvuweArMqxvGB7GW2teDFMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvSUJySzQ4Ty03QjRDc3lyRzhZSHNaYmExNE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAefxYAD
BAWfxcADBAahCAADBAahCMAwDQYJKoZIhvcNAQELBQADggEBAExPuAc0QQxjXyx5
uFBiOvOjwnGWyBgoduyT2UgBps2IWnhFJZF50EKuoPkSFOGHo6XH1gVEIrbK5o1J
48CU7kWozAhakRu29+gPnQXnTVxAiR9xTZPm18VfM1yW2vGU2cnyO4m5NwItc/J3
UkU0G2qNI4kdWMmw1G7oK/NAZ/q9RTybeOHlGkGqLy30bWVwGlCyZYxmNinieKYX
n5RvyNnSo+u0jaxU/fAd77l5c8hg2LwIHArwhDyCfVu2XCT5K7g1OPdrK65SC4E3
NL54SK8bRSzF6xpK7ZI58BtWqi6vNIptmZ1Vbl2ayHNoBY8QsPXgqz4Qv2laAovY
Mwg6sOw=
-----END CERTIFICATE-----
Generated at Wed Apr 9 22:12:49 2025 by rpki-client