Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/745fcb-f472-4039-8b1d-44efd130659c/1/xQ3PdmMDye_3ODxtjF3bxTEbrgU.roa
File: xQ3PdmMDye_3ODxtjF3bxTEbrgU.roa (raw, json)
Hash identifier: OnYXJU1mRvo0V2FhsSO8D1b8k47DbXdYSrQ7JN4NAuQ=
Subject key identifier: C5:0D:CF:76:63:03:C9:EF:F7:38:3C:6D:8C:5D:DB:C5:31:1B:AE:05
Certificate issuer: /CN=05ae5f23db983fd136ae9d71e87e1e5130bcf6d4
Certificate serial: 0194258F69EE9EC1E69797DB3B3DEE695B5D
Authority key identifier: 05:AE:5F:23:DB:98:3F:D1:36:AE:9D:71:E8:7E:1E:51:30:BC:F6:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ba5fI9uYP9E2rp1x6H4eUTC89tQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/745fcb-f472-4039-8b1d-44efd130659c/1/xQ3PdmMDye_3ODxtjF3bxTEbrgU.roa
Signing time: Thu 02 Jan 2025 05:49:03 +0000
ROA not before: Thu 02 Jan 2025 05:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48840
IP address blocks: 95.129.8.0/21 maxlen: 21
95.129.8.0/24 maxlen: 24
95.129.9.0/24 maxlen: 24
95.129.10.0/24 maxlen: 24
95.129.11.0/24 maxlen: 24
95.129.12.0/24 maxlen: 24
95.129.13.0/24 maxlen: 24
95.129.14.0/24 maxlen: 24
95.129.15.0/24 maxlen: 24
2a05:e940::/29 maxlen: 29
2a05:e940::/48 maxlen: 48
2a05:e940:120::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/745fcb-f472-4039-8b1d-44efd130659c/1/Ba5fI9uYP9E2rp1x6H4eUTC89tQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/745fcb-f472-4039-8b1d-44efd130659c/1/Ba5fI9uYP9E2rp1x6H4eUTC89tQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ba5fI9uYP9E2rp1x6H4eUTC89tQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 02:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:69:ee:9e:c1:e6:97:97:db:3b:3d:ee:69:5b:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05ae5f23db983fd136ae9d71e87e1e5130bcf6d4
Validity
Not Before: Jan 2 05:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c50dcf766303c9eff7383c6d8c5ddbc5311bae05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:22:8e:6f:7b:54:1c:b9:35:35:de:73:ba:51:
3b:cd:ef:32:33:8f:64:2f:28:12:ec:02:15:ae:a8:
f9:49:b3:dd:a7:8e:f7:05:9b:f5:3c:38:13:df:3e:
07:58:7b:51:c1:40:82:d6:7b:97:cf:bf:1c:f2:9b:
9a:83:ef:91:4b:f4:15:4e:62:f9:ae:c0:da:d8:f8:
b7:5d:0b:30:f1:4e:9a:c8:dd:fb:8b:50:52:71:1e:
5e:fb:1c:5b:c7:46:99:6d:28:c7:3e:77:13:70:3f:
d9:01:57:fd:ac:29:e7:d0:64:2f:62:38:53:7f:3e:
7b:59:df:c0:d2:41:74:bd:a4:94:3d:1f:43:c9:5f:
91:b4:f2:59:c7:7c:4e:25:34:21:2b:5b:32:81:7a:
8d:b1:3e:7e:28:64:7c:eb:ee:53:dc:60:49:0a:92:
af:e6:74:da:b2:41:fb:cd:c9:92:26:71:a2:d7:2c:
57:8b:f0:4b:aa:0f:a2:35:b4:85:36:d9:44:90:14:
94:e2:ca:22:91:c2:38:a7:42:57:40:4f:1c:83:27:
bd:fc:18:aa:4c:e8:b3:99:bd:e0:27:47:23:16:a3:
cf:61:d5:44:08:3d:f5:89:a4:0a:48:78:7c:7a:fb:
ba:07:fc:19:32:98:e7:7c:b1:1b:cd:b1:24:58:c9:
55:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:0D:CF:76:63:03:C9:EF:F7:38:3C:6D:8C:5D:DB:C5:31:1B:AE:05
X509v3 Authority Key Identifier:
keyid:05:AE:5F:23:DB:98:3F:D1:36:AE:9D:71:E8:7E:1E:51:30:BC:F6:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ba5fI9uYP9E2rp1x6H4eUTC89tQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/745fcb-f472-4039-8b1d-44efd130659c/1/xQ3PdmMDye_3ODxtjF3bxTEbrgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/745fcb-f472-4039-8b1d-44efd130659c/1/Ba5fI9uYP9E2rp1x6H4eUTC89tQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.129.8.0/21
IPv6:
2a05:e940::/29
Signature Algorithm: sha256WithRSAEncryption
6a:53:b8:e3:cf:0a:f1:9f:25:14:67:b9:28:db:d2:df:91:0a:
db:2a:9f:c2:dd:65:8d:11:69:4f:0d:4f:2c:9e:79:f8:f7:08:
9d:ed:b2:ed:69:80:93:ed:cf:50:cd:a5:27:97:3d:f9:74:a6:
e6:d7:c4:8b:fe:cd:b1:33:6a:fb:ab:bd:22:bd:4e:9f:63:dd:
6d:c0:e1:cd:78:da:30:bc:4f:04:06:f8:0b:8a:e3:13:12:a8:
16:bb:42:46:6c:e3:08:c8:64:c6:45:38:98:2c:c1:41:aa:f6:
b8:93:ad:c5:7e:e4:c8:93:b1:b0:72:00:e6:e9:9c:7e:5f:39:
1a:6a:26:94:00:05:de:3d:8b:7a:5b:47:c9:10:e9:b5:9d:fa:
6c:fe:13:f9:ba:1b:d1:78:b7:b0:37:7d:ea:21:e2:88:23:94:
6e:4d:c0:38:36:e9:d1:5a:e8:36:69:e5:46:82:57:2a:f6:5f:
40:b6:a4:fa:32:25:86:3c:e7:4e:a3:fb:56:e4:4c:01:47:8d:
68:3f:1c:f2:8b:8f:5a:40:70:e0:4e:99:91:ea:f7:72:d4:b8:
92:dd:a5:5a:a6:b7:1a:73:db:63:f5:f7:d4:ac:95:f0:91:f0:
0d:99:55:0b:1b:30:e2:fd:8d:76:d6:e9:19:34:e4:43:30:62:
47:91:ed:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj2nunsHml5fbOz3uaVtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YWU1ZjIzZGI5ODNmZDEzNmFlOWQ3MWU4N2UxZTUxMzBi
Y2Y2ZDQwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTBkY2Y3NjYzMDNjOWVmZjczODNjNmQ4YzVkZGJjNTMxMWJhZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCKOb3tUHLk1Nd5zulE7ze8yM49k
LygS7AIVrqj5SbPdp473BZv1PDgT3z4HWHtRwUCC1nuXz78c8puag++RS/QVTmL5
rsDa2Pi3XQsw8U6ayN37i1BScR5e+xxbx0aZbSjHPncTcD/ZAVf9rCnn0GQvYjhT
fz57Wd/A0kF0vaSUPR9DyV+RtPJZx3xOJTQhK1sygXqNsT5+KGR86+5T3GBJCpKv
5nTaskH7zcmSJnGi1yxXi/BLqg+iNbSFNtlEkBSU4soikcI4p0JXQE8cgye9/Biq
TOizmb3gJ0cjFqPPYdVECD31iaQKSHh8evu6B/wZMpjnfLEbzbEkWMlVQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMUNz3ZjA8nv9zg8bYxd28UxG64FMB8GA1UdIwQY
MBaAFAWuXyPbmD/RNq6dceh+HlEwvPbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmE1Zkk5dVlQOUUycnAxeDZINGVVVEM4OXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS83NDVmY2ItZjQ3Mi00MDM5LThiMWQt
NDRlZmQxMzA2NTljLzEveFEzUGRtTUR5ZV8zT0R4dGpGM2J4VEVicmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS83NDVmY2ItZjQ3Mi00MDM5LThiMWQtNDRlZmQxMzA2NTlj
LzEvQmE1Zkk5dVlQOUUycnAxeDZINGVVVEM4OXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDX4EIMA0E
AgACMAcDBQMqBelAMA0GCSqGSIb3DQEBCwUAA4IBAQBqU7jjzwrxnyUUZ7ko29Lf
kQrbKp/C3WWNEWlPDU8snnn49wid7bLtaYCT7c9QzaUnlz35dKbm18SL/s2xM2r7
q70ivU6fY91twOHNeNowvE8EBvgLiuMTEqgWu0JGbOMIyGTGRTiYLMFBqva4k63F
fuTIk7GwcgDm6Zx+XzkaaiaUAAXePYt6W0fJEOm1nfps/hP5uhvReLewN33qIeKI
I5RuTcA4NunRWug2aeVGglcq9l9AtqT6MiWGPOdOo/tW5EwBR41oPxzyi49aQHDg
TpmR6vdy1LiS3aVaprcac9tj9ffUrJXwkfANmVULGzDi/Y121ukZNORDMGJHke2M
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:06:42 2025 by rpki-client