Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/4lhTaQhjom1qkpeBd0ZsbdWiEJ4.roa
File: 4lhTaQhjom1qkpeBd0ZsbdWiEJ4.roa (raw, json)
Hash identifier: XdHlLCQ2Kh6iuUQP6DmaSkVFP47PPhEh+iIit9uDq/c=
Subject key identifier: E2:58:53:69:08:63:A2:6D:6A:92:97:81:77:46:6C:6D:D5:A2:10:9E
Certificate issuer: /CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
Certificate serial: 019427B5D67BC1829750A3AD6466F0F47F8A
Authority key identifier: B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/4lhTaQhjom1qkpeBd0ZsbdWiEJ4.roa
Signing time: Thu 02 Jan 2025 15:50:15 +0000
ROA not before: Thu 02 Jan 2025 15:50:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199670
IP address blocks: 194.0.6.0/24 maxlen: 24
194.0.37.0/24 maxlen: 24
194.0.43.0/24 maxlen: 24
194.0.44.0/24 maxlen: 24
2001:678:9::/48 maxlen: 48
2001:678:64::/48 maxlen: 48
2001:678:68::/48 maxlen: 48
2001:678:6c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl
rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.mft
rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:d6:7b:c1:82:97:50:a3:ad:64:66:f0:f4:7f:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
Validity
Not Before: Jan 2 15:50:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e25853690863a26d6a92978177466c6dd5a2109e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:1b:9e:f6:f3:ea:1a:9d:05:1a:d8:91:df:e8:
d2:6e:1f:ef:18:28:35:d4:a0:3f:db:a3:a8:ab:54:
82:1f:a5:cd:88:60:2b:8b:70:14:4a:e4:04:b3:11:
27:45:33:59:85:f5:ef:bc:22:4c:4c:7d:64:7c:5c:
70:7c:ed:4f:88:66:94:83:18:af:ac:5a:54:4a:33:
aa:c5:7d:ae:6f:26:64:0f:e2:ec:67:bf:07:12:2d:
54:63:6e:87:d6:58:0e:78:1c:2f:d7:1c:4d:fd:c8:
22:6a:65:3b:f3:22:b8:08:89:6b:7a:b2:65:31:4e:
25:63:28:04:64:8b:9a:65:23:32:f5:9d:a8:b6:37:
68:bd:dc:c0:c8:57:01:f1:99:4a:ee:b6:78:46:9e:
d5:9b:a6:7f:42:5e:a2:be:9b:7f:03:e0:89:65:6b:
44:cf:bb:bf:b8:45:6f:fa:78:8e:38:9f:d2:ec:1e:
d3:13:df:2a:0a:ab:0c:72:b1:7c:e5:e5:7d:25:71:
2a:69:1c:7e:c0:d1:9b:55:73:73:69:75:59:dd:9e:
67:9a:4e:36:87:f9:00:75:9a:71:50:f0:9c:8d:4c:
ef:0a:c0:64:f1:16:75:78:9c:31:91:8f:15:4b:d0:
7e:24:22:e3:93:26:1e:05:f9:da:9b:d6:a0:52:73:
d7:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:58:53:69:08:63:A2:6D:6A:92:97:81:77:46:6C:6D:D5:A2:10:9E
X509v3 Authority Key Identifier:
keyid:B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/4lhTaQhjom1qkpeBd0ZsbdWiEJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.0.6.0/24
194.0.37.0/24
194.0.43.0-194.0.44.255
IPv6:
2001:678:9::/48
2001:678:64::/48
2001:678:68::/48
2001:678:6c::/48
Signature Algorithm: sha256WithRSAEncryption
11:a8:68:ef:97:8e:a5:c5:dd:f8:ae:38:51:a1:5c:ac:ce:c0:
1a:e9:8e:40:f4:00:4f:76:e9:de:f5:2d:60:36:c1:7c:ea:15:
63:32:4c:5d:31:8c:69:cf:4b:37:62:78:b2:cd:71:75:1d:85:
14:81:8f:e3:64:23:73:d9:45:3e:46:96:c5:84:10:37:66:d1:
c1:cc:a3:e5:eb:fc:93:97:33:87:00:13:6b:ee:8b:16:15:c2:
9f:6c:8e:68:dd:16:88:6b:68:83:8a:e5:f4:d5:a3:e5:3e:36:
a5:b6:ef:3a:e0:57:85:8d:de:2c:22:89:a7:9e:b5:d6:65:d4:
66:0c:1e:a6:f1:68:a0:27:02:2e:73:6b:4d:eb:08:b2:0b:ac:
4c:95:01:92:d5:9e:76:f1:fb:bf:d0:2c:99:16:36:2a:0d:74:
63:b5:c7:ee:72:3f:56:0b:77:19:46:30:3f:0a:4c:3c:f0:be:
c2:7b:29:ef:50:b5:73:f4:05:93:b2:1e:5a:01:18:bd:24:84:
1e:ff:ef:09:31:23:bc:56:40:f9:19:0b:e1:ad:a9:a0:68:b4:
ff:ea:79:d2:3a:34:6a:01:ab:18:38:de:8b:e2:9c:6d:19:69:
db:8f:41:67:a2:0a:37:a5:41:4f:d9:41:9e:41:09:0a:24:06:
cb:55:9b:97
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQntdZ7wYKXUKOtZGbw9H+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NDM5MTRhNDhlNWRhZTVhNzU2YjFlM2I4ZmJlNDM3ZWUw
ZDhiMGMwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjU4NTM2OTA4NjNhMjZkNmE5Mjk3ODE3NzQ2NmM2ZGQ1YTIxMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xue9vPqGp0FGtiR3+jSbh/vGCg1
1KA/26Ooq1SCH6XNiGAri3AUSuQEsxEnRTNZhfXvvCJMTH1kfFxwfO1PiGaUgxiv
rFpUSjOqxX2ubyZkD+LsZ78HEi1UY26H1lgOeBwv1xxN/cgiamU78yK4CIlrerJl
MU4lYygEZIuaZSMy9Z2otjdovdzAyFcB8ZlK7rZ4Rp7Vm6Z/Ql6ivpt/A+CJZWtE
z7u/uEVv+niOOJ/S7B7TE98qCqsMcrF85eV9JXEqaRx+wNGbVXNzaXVZ3Z5nmk42
h/kAdZpxUPCcjUzvCsBk8RZ1eJwxkY8VS9B+JCLjkyYeBfnam9agUnPX4QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOJYU2kIY6JtapKXgXdGbG3VohCeMB8GA1UdIwQY
MBaAFLRDkUpI5drlp1ax47j75DfuDYsMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAt
MzE0ZWY3NDZkOGE2LzEvNGxoVGFRaGpvbTFxa3BlQmQwWnNiZFdpRUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAtMzE0ZWY3NDZkOGE2
LzEvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAgBAIAATAaAwQAwgAGAwQA
wgAlMAwDBADCACsDBADCACwwKgQCAAIwJAMHACABBngACQMHACABBngAZAMHACAB
BngAaAMHACABBngAbDANBgkqhkiG9w0BAQsFAAOCAQEAEaho75eOpcXd+K44UaFc
rM7AGumOQPQAT3bp3vUtYDbBfOoVYzJMXTGMac9LN2J4ss1xdR2FFIGP42Qjc9lF
PkaWxYQQN2bRwcyj5ev8k5czhwATa+6LFhXCn2yOaN0WiGtog4rl9NWj5T42pbbv
OuBXhY3eLCKJp5611mXUZgwepvFooCcCLnNrTesIsgusTJUBktWedvH7v9AsmRY2
Kg10Y7XH7nI/Vgt3GUYwPwpMPPC+wnsp71C1c/QFk7IeWgEYvSSEHv/vCTEjvFZA
+RkL4a2poGi0/+p50jo0agGrGDjei+KcbRlp249BZ6IKN6VBT9lBnkEJCiQGy1Wb
lw==
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:47:03 2025 by rpki-client