Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/tB5aBJS3V73LTF4Y_ajxS_KE82E.roa
File: tB5aBJS3V73LTF4Y_ajxS_KE82E.roa (raw, json)
Hash identifier: 9K+XAgVeIkD6/9g1gviP3PsjTP4VKXdwP9YBlFoakdM=
Subject key identifier: B4:1E:5A:04:94:B7:57:BD:CB:4C:5E:18:FD:A8:F1:4B:F2:84:F3:61
Certificate issuer: /CN=5b9a40fc3f350abda59dbfc01ca37a46d8d74764
Certificate serial: 01942445911359997EDD1CA230C43EBBF1CC
Authority key identifier: 5B:9A:40:FC:3F:35:0A:BD:A5:9D:BF:C0:1C:A3:7A:46:D8:D7:47:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/tB5aBJS3V73LTF4Y_ajxS_KE82E.roa
Signing time: Wed 01 Jan 2025 23:48:46 +0000
ROA not before: Wed 01 Jan 2025 23:48:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43623
IP address blocks: 91.195.78.0/23 maxlen: 23
185.17.244.0/22 maxlen: 22
185.17.246.0/24 maxlen: 24
185.17.247.0/24 maxlen: 24
194.113.143.0/24 maxlen: 24
194.156.7.0/24 maxlen: 24
2a04:880::/29 maxlen: 29
2a04:880:affe::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:91:13:59:99:7e:dd:1c:a2:30:c4:3e:bb:f1:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5b9a40fc3f350abda59dbfc01ca37a46d8d74764
Validity
Not Before: Jan 1 23:48:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b41e5a0494b757bdcb4c5e18fda8f14bf284f361
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:71:99:11:4d:de:9f:db:79:25:37:4d:12:44:
9e:62:ca:dd:dd:c1:49:c9:9f:d8:82:cf:78:5d:73:
02:ad:df:10:b0:a9:ca:dd:59:38:2b:f1:2e:db:4d:
bf:2b:0d:52:f3:fd:14:d5:57:b9:9e:41:9c:91:da:
e6:a5:77:d8:02:8c:ab:db:1a:19:e7:f6:44:57:2d:
c9:d2:01:fc:bd:9d:32:cf:fb:cb:58:83:af:0c:06:
5c:4f:32:37:0c:d3:45:e0:32:94:04:d3:82:f8:b9:
69:f5:0e:d6:0d:42:26:e1:4a:c4:f3:fa:be:1f:38:
76:b8:40:d4:73:ad:6f:2c:1f:82:74:4e:2f:f1:db:
fb:32:ba:c4:b1:5e:50:ef:0f:f2:7b:2e:be:d5:3b:
53:63:0b:88:70:62:b2:4c:ad:6b:13:f0:0e:7d:87:
d3:c0:9e:a1:50:c3:9a:a9:97:fa:f9:23:13:8e:e2:
5a:ab:5d:61:5a:e7:92:46:00:77:a1:95:c0:9e:1c:
93:61:87:9e:4b:19:57:f9:27:c2:13:97:ff:25:62:
6c:1e:6d:1f:f4:69:15:fc:4f:d1:87:6c:16:9e:32:
10:28:b6:bb:70:a1:2d:c4:63:39:37:6a:07:f6:ab:
4a:59:01:b1:d5:6e:79:f4:d6:31:1c:cb:71:28:83:
64:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:1E:5A:04:94:B7:57:BD:CB:4C:5E:18:FD:A8:F1:4B:F2:84:F3:61
X509v3 Authority Key Identifier:
keyid:5B:9A:40:FC:3F:35:0A:BD:A5:9D:BF:C0:1C:A3:7A:46:D8:D7:47:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/tB5aBJS3V73LTF4Y_ajxS_KE82E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2eede6-fc20-4f8a-ae29-72537526aee2/1/W5pA_D81Cr2lnb_AHKN6RtjXR2Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.78.0/23
185.17.244.0/22
194.113.143.0/24
194.156.7.0/24
IPv6:
2a04:880::/29
Signature Algorithm: sha256WithRSAEncryption
89:f2:8d:f2:ba:d2:18:d1:9f:a2:a2:ed:31:fa:bf:6f:5d:a0:
07:d9:d3:de:15:46:21:23:4f:bc:db:95:fd:73:2d:25:90:72:
24:1f:87:6a:ca:6a:ec:a2:9b:53:57:c7:ff:f7:72:1e:4d:7d:
02:5e:7c:00:cd:21:88:b2:34:b5:d9:e6:bc:0c:7d:93:73:91:
5b:fe:52:b2:fd:a1:96:71:f7:6b:ea:85:f3:01:26:26:73:27:
fe:d6:e6:b0:f0:59:28:02:5c:54:0d:18:ae:55:36:90:5e:c8:
54:6b:22:e9:34:fa:39:e0:92:c4:ea:58:28:22:64:cb:fc:fa:
80:3c:63:68:04:25:37:cb:bc:14:5b:6c:23:04:c8:6e:a8:be:
ff:f3:25:67:e7:6d:42:84:cd:54:15:a6:ff:ec:aa:b9:f9:b5:
70:59:b3:23:72:c5:9d:b3:7e:96:57:d4:a2:48:ee:8d:03:54:
92:04:10:1e:57:da:3b:60:d1:f7:09:11:4b:82:bf:37:ef:4c:
29:0a:6c:f9:98:aa:dc:b6:34:34:d1:b5:e6:7d:e7:ab:33:5f:
88:6b:1d:8b:41:ad:3a:71:91:54:36:cf:0c:bf:95:52:30:81:
ac:11:28:f0:f3:41:c6:5d:93:2b:7f:e6:25:84:09:c1:e9:bc:
bb:7f:ec:d0
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQkRZETWZl+3RyiMMQ+u/HMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOWE0MGZjM2YzNTBhYmRhNTlkYmZjMDFjYTM3YTQ2ZDhk
NzQ3NjQwHhcNMjUwMTAxMjM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDFlNWEwNDk0Yjc1N2JkY2I0YzVlMThmZGE4ZjE0YmYyODRmMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznGZEU3en9t5JTdNEkSeYsrd3cFJ
yZ/Ygs94XXMCrd8QsKnK3Vk4K/Eu202/Kw1S8/0U1Ve5nkGckdrmpXfYAoyr2xoZ
5/ZEVy3J0gH8vZ0yz/vLWIOvDAZcTzI3DNNF4DKUBNOC+Llp9Q7WDUIm4UrE8/q+
Hzh2uEDUc61vLB+CdE4v8dv7MrrEsV5Q7w/yey6+1TtTYwuIcGKyTK1rE/AOfYfT
wJ6hUMOaqZf6+SMTjuJaq11hWueSRgB3oZXAnhyTYYeeSxlX+SfCE5f/JWJsHm0f
9GkV/E/Rh2wWnjIQKLa7cKEtxGM5N2oH9qtKWQGx1W559NYxHMtxKINkzQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLQeWgSUt1e9y0xeGP2o8UvyhPNhMB8GA1UdIwQY
MBaAFFuaQPw/NQq9pZ2/wByjekbY10dkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVwQV9EODFDcjJsbmJfQUhLTjZSdGpYUjJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yZWVkZTYtZmMyMC00ZjhhLWFlMjkt
NzI1Mzc1MjZhZWUyLzEvdEI1YUJKUzNWNzNMVEY0WV9hanhTX0tFODJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yZWVkZTYtZmMyMC00ZjhhLWFlMjktNzI1Mzc1MjZhZWUy
LzEvVzVwQV9EODFDcjJsbmJfQUhLTjZSdGpYUjJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW8NOAwQC
uRH0AwQAwnGPAwQAwpwHMA0EAgACMAcDBQMqBAiAMA0GCSqGSIb3DQEBCwUAA4IB
AQCJ8o3yutIY0Z+iou0x+r9vXaAH2dPeFUYhI0+825X9cy0lkHIkH4dqymrsoptT
V8f/93IeTX0CXnwAzSGIsjS12ea8DH2Tc5Fb/lKy/aGWcfdr6oXzASYmcyf+1uaw
8FkoAlxUDRiuVTaQXshUayLpNPo54JLE6lgoImTL/PqAPGNoBCU3y7wUW2wjBMhu
qL7/8yVn521ChM1UFab/7Kq5+bVwWbMjcsWds36WV9SiSO6NA1SSBBAeV9o7YNH3
CRFLgr8370wpCmz5mKrctjQ00bXmfeerM1+Iax2LQa06cZFUNs8Mv5VSMIGsESjw
80HGXZMrf+YlhAnB6by7f+zQ
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:31:29 2025 by rpki-client