Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/9y87QXHvPreUOvjZ1Oe2QvXling.roa
File: 9y87QXHvPreUOvjZ1Oe2QvXling.roa (raw, json)
Hash identifier: THAUh6ARfmUeBlEORlfxrZB6XW0KTPM4GpL4IBGKtq4=
Subject key identifier: F7:2F:3B:41:71:EF:3E:B7:94:3A:F8:D9:D4:E7:B6:42:F5:E5:8A:78
Certificate issuer: /CN=709d69957d333432accac810231e289388e302e2
Certificate serial: 0194252185931521034629DFA97B148F9838
Authority key identifier: 70:9D:69:95:7D:33:34:32:AC:CA:C8:10:23:1E:28:93:88:E3:02:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cJ1plX0zNDKsysgQIx4ok4jjAuI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/9y87QXHvPreUOvjZ1Oe2QvXling.roa
Signing time: Thu 02 Jan 2025 03:49:01 +0000
ROA not before: Thu 02 Jan 2025 03:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13287
IP address blocks: 178.255.224.0/24 maxlen: 24
178.255.225.0/24 maxlen: 24
178.255.226.0/24 maxlen: 24
178.255.227.0/24 maxlen: 24
178.255.228.0/24 maxlen: 24
178.255.229.0/24 maxlen: 24
178.255.230.0/24 maxlen: 24
178.255.231.0/24 maxlen: 24
2a00:a220::/33 maxlen: 33
2a00:a220:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/cJ1plX0zNDKsysgQIx4ok4jjAuI.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/cJ1plX0zNDKsysgQIx4ok4jjAuI.mft
rsync://rpki.ripe.net/repository/DEFAULT/cJ1plX0zNDKsysgQIx4ok4jjAuI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 06:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:85:93:15:21:03:46:29:df:a9:7b:14:8f:98:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=709d69957d333432accac810231e289388e302e2
Validity
Not Before: Jan 2 03:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f72f3b4171ef3eb7943af8d9d4e7b642f5e58a78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:ca:84:60:17:f3:1e:12:95:53:a6:42:66:b7:
c5:5a:e5:8a:1a:86:0c:d3:98:87:79:15:80:38:2c:
65:b4:54:f6:59:df:2f:4a:27:ca:fa:57:ec:60:ac:
ba:0a:82:fe:be:b3:51:ca:bf:5d:6b:92:28:08:fb:
2a:8e:ac:c7:d6:c9:39:89:d8:db:91:b3:4a:16:0d:
c9:c7:23:24:b7:40:d6:50:82:4b:29:24:61:1b:3f:
83:f6:a0:23:f7:11:c9:25:33:92:84:54:1b:7a:ae:
96:ca:dd:1a:07:d1:c4:21:d2:e6:d9:f2:1f:4a:12:
f9:8f:91:ae:f0:3f:fd:4a:f4:71:45:f1:44:96:8e:
d2:37:b1:76:ce:b3:28:86:46:e4:f3:30:4d:b1:97:
6c:a4:35:90:1a:ec:69:2b:f5:25:0b:f2:0d:1d:4e:
c1:9e:8e:a8:8a:17:b1:83:98:e4:92:b5:61:4d:e0:
9b:a5:b5:57:3f:53:92:22:be:4d:45:6e:20:6d:5b:
82:1b:3d:e1:56:77:b4:02:53:44:23:45:7a:ad:51:
c6:29:47:78:18:74:8e:dd:ae:6d:0a:4f:3b:e2:47:
fc:67:12:6a:e9:11:8f:d9:89:fd:1a:9e:3b:13:50:
c3:b3:50:f3:a3:25:2e:26:d5:0c:a1:6f:1c:0b:32:
d5:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:2F:3B:41:71:EF:3E:B7:94:3A:F8:D9:D4:E7:B6:42:F5:E5:8A:78
X509v3 Authority Key Identifier:
keyid:70:9D:69:95:7D:33:34:32:AC:CA:C8:10:23:1E:28:93:88:E3:02:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJ1plX0zNDKsysgQIx4ok4jjAuI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/9y87QXHvPreUOvjZ1Oe2QvXling.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/cJ1plX0zNDKsysgQIx4ok4jjAuI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.255.224.0/21
IPv6:
2a00:a220::/32
Signature Algorithm: sha256WithRSAEncryption
4e:cd:54:7d:da:76:a2:ad:e9:e4:3b:10:79:6c:94:4a:ef:78:
2e:9e:b8:6a:39:e2:97:97:b6:52:b1:84:92:1b:31:fd:36:c1:
d2:89:1a:ec:71:9a:0f:83:2d:a9:72:fb:ad:ae:44:4d:9f:97:
6a:35:3a:0f:6c:65:84:46:97:b2:1c:70:04:97:97:55:70:c3:
86:2e:7d:46:2f:f3:c6:c5:82:15:e1:f1:9d:6e:eb:9c:a6:f2:
e0:6f:6c:79:03:9d:9b:96:d1:50:72:de:3f:be:3e:ef:ea:08:
0a:36:66:e7:25:f1:45:30:95:49:32:11:88:da:4d:46:7e:79:
d1:55:14:dd:79:47:64:21:7c:b0:46:83:1c:5e:de:a4:4a:72:
eb:49:ac:64:4a:b5:9c:d4:07:a6:1a:44:d0:df:b2:84:3a:16:
3d:8e:a2:30:05:90:ff:5d:37:2f:c5:90:2d:e7:45:0d:c3:bf:
d1:bf:9d:3a:01:4d:c0:24:5f:bd:73:60:43:19:1b:63:c4:9b:
36:cd:85:57:fc:74:d4:9a:97:ea:85:e0:68:1d:5e:92:77:60:
84:24:db:b8:90:ef:6a:6b:1e:89:c1:3d:e1:32:fc:5c:3f:b3:
f1:7b:e5:2f:f7:ac:40:53:9f:63:a7:dd:1b:f5:71:70:fc:57:
1b:21:ef:ca
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIYWTFSEDRinfqXsUj5g4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOWQ2OTk1N2QzMzM0MzJhY2NhYzgxMDIzMWUyODkzODhl
MzAyZTIwHhcNMjUwMTAyMDM0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzJmM2I0MTcxZWYzZWI3OTQzYWY4ZDlkNGU3YjY0MmY1ZTU4YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssqEYBfzHhKVU6ZCZrfFWuWKGoYM
05iHeRWAOCxltFT2Wd8vSifK+lfsYKy6CoL+vrNRyr9da5IoCPsqjqzH1sk5idjb
kbNKFg3JxyMkt0DWUIJLKSRhGz+D9qAj9xHJJTOShFQbeq6Wyt0aB9HEIdLm2fIf
ShL5j5Gu8D/9SvRxRfFElo7SN7F2zrMohkbk8zBNsZdspDWQGuxpK/UlC/INHU7B
no6oihexg5jkkrVhTeCbpbVXP1OSIr5NRW4gbVuCGz3hVne0AlNEI0V6rVHGKUd4
GHSO3a5tCk874kf8ZxJq6RGP2Yn9Gp47E1DDs1DzoyUuJtUMoW8cCzLVpQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPcvO0Fx7z63lDr42dTntkL15Yp4MB8GA1UdIwQY
MBaAFHCdaZV9MzQyrMrIECMeKJOI4wLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0oxcGxYMHpOREtzeXNnUUl4NG9rNGpqQXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81M2Q1NmEtMDk2ZS00NThhLTlhOTQt
MDhhNjg2MzJhNjNhLzEvOXk4N1FYSHZQcmVVT3ZqWjFPZTJRdlhsaW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81M2Q1NmEtMDk2ZS00NThhLTlhOTQtMDhhNjg2MzJhNjNh
LzEvY0oxcGxYMHpOREtzeXNnUUl4NG9rNGpqQXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDsv/gMA0E
AgACMAcDBQAqAKIgMA0GCSqGSIb3DQEBCwUAA4IBAQBOzVR92nairenkOxB5bJRK
73gunrhqOeKXl7ZSsYSSGzH9NsHSiRrscZoPgy2pcvutrkRNn5dqNToPbGWERpey
HHAEl5dVcMOGLn1GL/PGxYIV4fGdbuucpvLgb2x5A52bltFQct4/vj7v6ggKNmbn
JfFFMJVJMhGI2k1GfnnRVRTdeUdkIXywRoMcXt6kSnLrSaxkSrWc1AemGkTQ37KE
OhY9jqIwBZD/XTcvxZAt50UNw7/Rv506AU3AJF+9c2BDGRtjxJs2zYVX/HTUmpfq
heBoHV6Sd2CEJNu4kO9qax6JwT3hMvxcP7Pxe+Uv96xAU59jp90b9XFw/FcbIe/K
-----END CERTIFICATE-----
Generated at Sun Apr 6 16:05:04 2025 by rpki-client