Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/MmFJokVO4QRlDiGRue7krePTmWQ.roa
File: MmFJokVO4QRlDiGRue7krePTmWQ.roa (raw, json)
Hash identifier: 2NjaoaYGPQ9nJqZ5MUASprFLlvmc6uqFQzLhkJlBENc=
Subject key identifier: 32:61:49:A2:45:4E:E1:04:65:0E:21:91:B9:EE:E4:AD:E3:D3:99:64
Certificate issuer: /CN=528d5814c7156420dec3a3f7e526ef0f8333eef6
Certificate serial: 019425FC365F7FEDE65D45C18E918A36A982
Authority key identifier: 52:8D:58:14:C7:15:64:20:DE:C3:A3:F7:E5:26:EF:0F:83:33:EE:F6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Uo1YFMcVZCDew6P35SbvD4Mz7vY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/MmFJokVO4QRlDiGRue7krePTmWQ.roa
Signing time: Thu 02 Jan 2025 07:47:53 +0000
ROA not before: Thu 02 Jan 2025 07:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209609
IP address blocks: 109.71.76.0/24 maxlen: 24
195.210.38.0/23 maxlen: 23
195.210.38.0/24 maxlen: 24
195.210.39.0/24 maxlen: 24
2001:678:900::/48 maxlen: 48
2a0c:3340::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/Uo1YFMcVZCDew6P35SbvD4Mz7vY.crl
rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/Uo1YFMcVZCDew6P35SbvD4Mz7vY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Uo1YFMcVZCDew6P35SbvD4Mz7vY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 11:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:36:5f:7f:ed:e6:5d:45:c1:8e:91:8a:36:a9:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=528d5814c7156420dec3a3f7e526ef0f8333eef6
Validity
Not Before: Jan 2 07:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=326149a2454ee104650e2191b9eee4ade3d39964
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:a8:e6:1d:93:a8:27:d2:dc:aa:c0:ff:aa:dd:
4c:6f:ea:2f:c4:e1:73:70:26:46:bb:13:6f:ab:50:
b6:bf:1b:08:d4:7a:93:be:aa:f7:ee:71:d6:f2:1d:
02:7f:c6:b2:bf:2f:b4:77:29:97:bb:03:5c:b6:5d:
3e:9a:59:1d:fe:14:92:d8:26:ae:a7:23:64:09:ac:
68:e3:33:c5:c7:2c:ac:90:a3:f1:ba:bd:66:54:ba:
67:44:68:70:f4:52:08:9a:81:5e:23:e7:52:f8:4f:
d7:a3:78:a7:11:c8:91:76:09:18:49:46:de:a8:76:
26:82:36:39:5c:f6:e9:50:17:0b:cc:8c:ce:4a:e5:
57:fa:f2:30:7b:27:7e:c2:07:b3:59:0e:78:92:42:
83:02:9a:9b:30:73:0b:a4:ab:f9:84:07:88:69:cc:
87:cb:c6:2f:05:e7:2f:a4:39:43:3b:42:59:02:33:
5c:ca:e6:54:71:b2:a2:6e:98:41:25:88:e2:32:90:
1c:7f:11:9e:7a:89:d0:76:e6:26:6f:36:cc:74:81:
97:33:d0:ae:50:d5:e8:11:77:a5:6c:10:09:ef:96:
7f:5d:4b:4d:a4:8b:c4:c7:32:3e:e4:39:a2:74:40:
44:52:76:0a:01:86:ef:b0:1a:32:9d:fa:ee:43:3b:
98:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:61:49:A2:45:4E:E1:04:65:0E:21:91:B9:EE:E4:AD:E3:D3:99:64
X509v3 Authority Key Identifier:
keyid:52:8D:58:14:C7:15:64:20:DE:C3:A3:F7:E5:26:EF:0F:83:33:EE:F6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uo1YFMcVZCDew6P35SbvD4Mz7vY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/MmFJokVO4QRlDiGRue7krePTmWQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/Uo1YFMcVZCDew6P35SbvD4Mz7vY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.71.76.0/24
195.210.38.0/23
IPv6:
2001:678:900::/48
2a0c:3340::/29
Signature Algorithm: sha256WithRSAEncryption
1e:73:d8:0f:94:55:08:dd:54:e5:17:cf:55:76:27:e7:41:cf:
31:60:2e:c5:7a:eb:6c:46:4e:2a:c4:44:81:62:6f:08:ca:77:
6e:36:7d:f3:a9:c4:f2:41:21:c6:37:13:75:1c:fa:4d:cc:16:
9b:42:fd:b0:e9:86:6b:de:e9:1c:87:9a:ad:34:2d:a7:54:81:
7a:f7:0c:0b:f2:a7:8e:b3:0a:eb:f0:9d:18:ff:1f:f4:3f:26:
ff:7f:6c:23:a3:e6:2e:c4:e1:ac:64:8e:fc:f6:87:c2:c7:35:
24:fe:21:7c:67:d4:cf:9f:9e:64:df:c8:85:70:4e:b2:79:79:
cc:f6:df:9c:0c:b9:0a:c5:f9:fe:c0:43:4f:e1:ed:74:8b:4c:
79:10:57:37:b3:f5:f4:41:ea:2d:16:f4:cb:ad:bb:f2:2c:19:
58:fa:43:9f:3b:bf:05:2b:a9:61:47:b0:0d:cf:b5:d0:7f:22:
ca:e1:26:92:07:7b:19:31:de:c7:81:aa:9e:83:0e:fe:b6:63:
36:8a:0a:45:2d:9a:bf:75:36:25:94:65:b8:5a:89:59:c2:d8:
90:13:d1:02:80:67:c2:ea:07:c4:c0:1f:20:a5:d7:d8:45:8f:
3d:fc:ac:51:98:3e:ac:64:df:f2:f0:e3:2b:b3:87:ab:61:5d:
d3:76:69:5a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQl/DZff+3mXUXBjpGKNqmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOGQ1ODE0YzcxNTY0MjBkZWMzYTNmN2U1MjZlZjBmODMz
M2VlZjYwHhcNMjUwMTAyMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjYxNDlhMjQ1NGVlMTA0NjUwZTIxOTFiOWVlZTRhZGUzZDM5OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06jmHZOoJ9LcqsD/qt1Mb+ovxOFz
cCZGuxNvq1C2vxsI1HqTvqr37nHW8h0Cf8ayvy+0dymXuwNctl0+mlkd/hSS2Cau
pyNkCaxo4zPFxyyskKPxur1mVLpnRGhw9FIImoFeI+dS+E/Xo3inEciRdgkYSUbe
qHYmgjY5XPbpUBcLzIzOSuVX+vIweyd+wgezWQ54kkKDApqbMHMLpKv5hAeIacyH
y8YvBecvpDlDO0JZAjNcyuZUcbKibphBJYjiMpAcfxGeeonQduYmbzbMdIGXM9Cu
UNXoEXelbBAJ75Z/XUtNpIvExzI+5DmidEBEUnYKAYbvsBoynfruQzuYDQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDJhSaJFTuEEZQ4hkbnu5K3j05lkMB8GA1UdIwQY
MBaAFFKNWBTHFWQg3sOj9+Um7w+DM+72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW8xWUZNY1ZaQ0RldzZQMzVTYnZENE16N3ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9iZWFjMDktYzQ5Zi00YzcwLTk4MTgt
NDMxYzM5YmI3YjM4LzEvTW1GSm9rVk80UVJsRGlHUnVlN2tyZVBUbVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9iZWFjMDktYzQ5Zi00YzcwLTk4MTgtNDMxYzM5YmI3YjM4
LzEvVW8xWUZNY1ZaQ0RldzZQMzVTYnZENE16N3ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQAbUdMAwQB
w9ImMBYEAgACMBADBwAgAQZ4CQADBQMqDDNAMA0GCSqGSIb3DQEBCwUAA4IBAQAe
c9gPlFUI3VTlF89VdifnQc8xYC7FeutsRk4qxESBYm8IynduNn3zqcTyQSHGNxN1
HPpNzBabQv2w6YZr3ukch5qtNC2nVIF69wwL8qeOswrr8J0Y/x/0Pyb/f2wjo+Yu
xOGsZI789ofCxzUk/iF8Z9TPn55k38iFcE6yeXnM9t+cDLkKxfn+wENP4e10i0x5
EFc3s/X0QeotFvTLrbvyLBlY+kOfO78FK6lhR7ANz7XQfyLK4SaSB3sZMd7Hgaqe
gw7+tmM2igpFLZq/dTYllGW4WolZwtiQE9ECgGfC6gfEwB8gpdfYRY89/KxRmD6s
ZN/y8OMrs4erYV3Tdmla
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:29:13 2025 by rpki-client