Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/e71d21-a360-4579-81a0-bcca26fc8945/1/0MAgU7sTLhp2qbqkuMgBEoG1GaM.roa
File: 0MAgU7sTLhp2qbqkuMgBEoG1GaM.roa (raw, json)
Hash identifier: qBfT5pIrk1/WlfhHIXDzrsxZlkpu9JZ5SsEtvG7MW+c=
Subject key identifier: D0:C0:20:53:BB:13:2E:1A:76:A9:BA:A4:B8:C8:01:12:81:B5:19:A3
Certificate issuer: /CN=fe414ea21a9116d2cdf8f5c02d08673afa576893
Certificate serial: 019425FDE20B6921755D7B19279A77708DCC
Authority key identifier: FE:41:4E:A2:1A:91:16:D2:CD:F8:F5:C0:2D:08:67:3A:FA:57:68:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_kFOohqRFtLN-PXALQhnOvpXaJM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/e71d21-a360-4579-81a0-bcca26fc8945/1/0MAgU7sTLhp2qbqkuMgBEoG1GaM.roa
Signing time: Thu 02 Jan 2025 07:49:42 +0000
ROA not before: Thu 02 Jan 2025 07:49:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59533
IP address blocks: 91.218.100.0/24 maxlen: 24
91.218.101.0/24 maxlen: 24
91.218.102.0/24 maxlen: 24
91.218.103.0/24 maxlen: 24
91.219.200.0/24 maxlen: 24
91.219.201.0/24 maxlen: 24
91.219.202.0/24 maxlen: 24
91.219.203.0/24 maxlen: 24
91.235.180.0/24 maxlen: 24
91.235.181.0/24 maxlen: 24
91.240.112.0/24 maxlen: 24
91.240.113.0/24 maxlen: 24
193.150.52.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/e71d21-a360-4579-81a0-bcca26fc8945/1/_kFOohqRFtLN-PXALQhnOvpXaJM.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/e71d21-a360-4579-81a0-bcca26fc8945/1/_kFOohqRFtLN-PXALQhnOvpXaJM.mft
rsync://rpki.ripe.net/repository/DEFAULT/_kFOohqRFtLN-PXALQhnOvpXaJM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:e2:0b:69:21:75:5d:7b:19:27:9a:77:70:8d:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe414ea21a9116d2cdf8f5c02d08673afa576893
Validity
Not Before: Jan 2 07:49:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0c02053bb132e1a76a9baa4b8c8011281b519a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:1c:c2:5a:e9:38:46:a0:de:75:8f:04:c4:e3:
3e:52:21:bd:31:f2:d3:1d:a1:4a:b9:14:0d:86:00:
b0:fa:8a:85:5f:41:11:04:bf:b1:c9:58:48:fc:4b:
c9:ce:0a:f2:1d:55:fb:5b:53:9d:01:df:8d:85:32:
25:23:42:76:a9:94:ce:a3:f8:04:9c:90:4e:42:98:
09:96:bb:fd:52:69:a8:7c:81:82:c4:8c:ea:fe:ac:
db:34:cf:eb:d4:9a:d9:ae:cd:a9:5b:f1:a4:1b:e5:
a5:36:56:bc:88:cb:21:90:17:a9:c0:1c:e4:20:03:
eb:e0:93:15:98:0f:31:d5:c5:04:b5:77:bb:39:3b:
6c:f3:38:90:22:05:61:a9:db:b7:86:43:71:b0:ad:
26:d4:9e:0a:cf:e5:8d:2d:84:ed:f1:90:54:48:a3:
e5:fb:ec:9f:da:fb:c7:1a:26:d5:09:85:a0:b1:c8:
fb:ef:0a:f9:8f:21:a0:76:28:f5:14:f4:2a:7b:8b:
86:30:d5:fc:29:89:b8:96:64:64:3d:a0:fd:39:98:
70:1e:b0:79:e7:0c:50:21:af:4a:ff:5a:f8:c6:fc:
a3:42:d3:bb:85:b4:36:bf:ed:90:81:61:1c:f6:bf:
d7:8d:a6:bd:c6:61:d4:d3:5a:7f:39:75:fd:78:5b:
71:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:C0:20:53:BB:13:2E:1A:76:A9:BA:A4:B8:C8:01:12:81:B5:19:A3
X509v3 Authority Key Identifier:
keyid:FE:41:4E:A2:1A:91:16:D2:CD:F8:F5:C0:2D:08:67:3A:FA:57:68:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_kFOohqRFtLN-PXALQhnOvpXaJM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e71d21-a360-4579-81a0-bcca26fc8945/1/0MAgU7sTLhp2qbqkuMgBEoG1GaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e71d21-a360-4579-81a0-bcca26fc8945/1/_kFOohqRFtLN-PXALQhnOvpXaJM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.218.100.0/22
91.219.200.0/22
91.235.180.0/23
91.240.112.0/23
193.150.52.0/23
Signature Algorithm: sha256WithRSAEncryption
7a:66:23:46:7f:31:9a:ae:48:0d:70:78:ea:a4:30:4f:1f:61:
46:7c:47:74:10:17:fb:b6:75:35:d9:c7:40:7f:5d:8e:e6:72:
90:49:ae:a0:00:ec:55:84:cd:cd:19:dd:4c:59:bb:db:82:96:
d7:44:9f:f6:08:02:8b:58:7f:84:1d:e0:e8:61:e2:30:08:bf:
64:f1:1a:2c:6c:37:d9:43:54:db:7a:1e:30:5e:15:31:f6:6a:
8b:4b:95:fe:88:69:59:88:f3:ed:48:00:6b:9a:9f:17:0d:b5:
e1:0d:1f:eb:df:b1:19:45:52:7a:83:ea:82:30:bd:45:38:04:
69:94:1b:73:fd:a7:2d:95:30:b9:07:a1:23:ae:cf:e4:9e:6e:
8e:77:3f:b0:ca:b2:92:0b:d6:c1:aa:2d:5b:98:c0:6a:fd:f8:
8d:7e:62:45:76:67:cb:ae:25:43:21:26:43:d9:3a:1f:8a:47:
0b:7a:c4:48:45:57:94:91:13:e6:24:d1:ab:b6:b2:ae:d0:0b:
47:1f:c1:9b:23:73:cc:c6:be:33:38:84:a5:14:1d:e3:17:70:
17:1a:c2:e7:49:d8:2a:06:25:85:a2:9c:c4:b8:cc:0d:59:d6:
6f:92:eb:41:56:5d:c1:34:ad:93:90:39:21:3f:2c:fb:f1:e5:
a9:fa:df:f0
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQl/eILaSF1XXsZJ5p3cI3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNDE0ZWEyMWE5MTE2ZDJjZGY4ZjVjMDJkMDg2NzNhZmE1
NzY4OTMwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGMwMjA1M2JiMTMyZTFhNzZhOWJhYTRiOGM4MDExMjgxYjUxOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRzCWuk4RqDedY8ExOM+UiG9MfLT
HaFKuRQNhgCw+oqFX0ERBL+xyVhI/EvJzgryHVX7W1OdAd+NhTIlI0J2qZTOo/gE
nJBOQpgJlrv9UmmofIGCxIzq/qzbNM/r1JrZrs2pW/GkG+WlNla8iMshkBepwBzk
IAPr4JMVmA8x1cUEtXe7OTts8ziQIgVhqdu3hkNxsK0m1J4Kz+WNLYTt8ZBUSKPl
++yf2vvHGibVCYWgscj77wr5jyGgdij1FPQqe4uGMNX8KYm4lmRkPaD9OZhwHrB5
5wxQIa9K/1r4xvyjQtO7hbQ2v+2QgWEc9r/Xjaa9xmHU01p/OXX9eFtxIQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNDAIFO7Ey4adqm6pLjIARKBtRmjMB8GA1UdIwQY
MBaAFP5BTqIakRbSzfj1wC0IZzr6V2iTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2tGT29ocVJGdExOLVBYQUxRaG5PdnBYYUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lNzFkMjEtYTM2MC00NTc5LTgxYTAt
YmNjYTI2ZmM4OTQ1LzEvME1BZ1U3c1RMaHAycWJxa3VNZ0JFb0cxR2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lNzFkMjEtYTM2MC00NTc5LTgxYTAtYmNjYTI2ZmM4OTQ1
LzEvX2tGT29ocVJGdExOLVBYQUxRaG5PdnBYYUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCW9pkAwQC
W9vIAwQBW+u0AwQBW/BwAwQBwZY0MA0GCSqGSIb3DQEBCwUAA4IBAQB6ZiNGfzGa
rkgNcHjqpDBPH2FGfEd0EBf7tnU12cdAf12O5nKQSa6gAOxVhM3NGd1MWbvbgpbX
RJ/2CAKLWH+EHeDoYeIwCL9k8RosbDfZQ1Tbeh4wXhUx9mqLS5X+iGlZiPPtSABr
mp8XDbXhDR/r37EZRVJ6g+qCML1FOARplBtz/actlTC5B6Ejrs/knm6Odz+wyrKS
C9bBqi1bmMBq/fiNfmJFdmfLriVDISZD2TofikcLesRIRVeUkRPmJNGrtrKu0AtH
H8GbI3PMxr4zOISlFB3jF3AXGsLnSdgqBiWFopzEuMwNWdZvkutBVl3BNK2TkDkh
Pyz78eWp+t/w
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:48:33 2025 by rpki-client