Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/Z4QpcHYXBCOxLZCFjGoLrz6cFGk.roa
File: Z4QpcHYXBCOxLZCFjGoLrz6cFGk.roa (raw, json)
Hash identifier: oyUwzFN1AaMW4pBeh+gugcld7qVJlrTpQ8Umw+uhKM4=
Subject key identifier: 67:84:29:70:76:17:04:23:B1:2D:90:85:8C:6A:0B:AF:3E:9C:14:69
Certificate issuer: /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial: 01942521AB8D6986DD60931CA3D1E4245F2F
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/Z4QpcHYXBCOxLZCFjGoLrz6cFGk.roa
Signing time: Thu 02 Jan 2025 03:49:11 +0000
ROA not before: Thu 02 Jan 2025 03:49:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 52091
IP address blocks: 31.133.40.0/23 maxlen: 24
31.133.40.0/24 maxlen: 24
31.133.41.0/24 maxlen: 24
31.133.42.0/24 maxlen: 24
2a0d:df80::/29 maxlen: 29
2a0d:df80::/31 maxlen: 31
2a0d:df80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:ab:8d:69:86:dd:60:93:1c:a3:d1:e4:24:5f:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Validity
Not Before: Jan 2 03:49:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6784297076170423b12d90858c6a0baf3e9c1469
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b0:de:96:30:c2:1a:0d:00:0a:fd:2a:ae:62:
82:16:aa:8d:26:65:91:97:e2:a2:fe:f9:f4:71:69:
49:6a:8d:c4:cb:a3:16:60:8c:b8:c2:03:c3:34:d3:
37:e2:69:b7:eb:c7:9d:ff:23:9d:9b:de:ea:41:b0:
ae:2a:c3:75:c3:6c:5b:38:75:da:43:82:c2:57:60:
bd:87:cc:e0:70:d1:48:b4:e4:d8:15:b9:b9:a3:37:
1d:2d:14:83:eb:a8:48:07:e3:35:3a:b7:52:9c:ae:
94:a7:64:22:43:da:b4:e4:6d:d2:1e:68:02:dd:43:
76:0c:55:a3:43:60:20:88:3e:95:12:47:8b:88:ba:
fc:93:b0:b4:bf:a5:91:b1:e9:fa:a8:7b:38:40:17:
45:17:1d:e8:f1:52:4e:50:7c:fc:64:7e:5f:c1:e5:
90:09:66:55:12:d4:4c:76:bd:39:4c:10:c7:14:94:
24:c3:37:61:6b:6f:ba:54:24:55:60:02:15:6a:4c:
f9:ba:6c:cd:1e:39:24:7b:12:4c:a9:ae:76:24:09:
8e:0c:4d:76:cc:80:21:e3:04:ba:4e:85:1a:5f:f5:
7f:f1:b5:69:1c:3e:31:25:84:d3:51:f8:fb:ee:85:
04:51:fc:39:c5:2f:3e:66:3d:58:f6:b5:e9:23:86:
88:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:84:29:70:76:17:04:23:B1:2D:90:85:8C:6A:0B:AF:3E:9C:14:69
X509v3 Authority Key Identifier:
keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/Z4QpcHYXBCOxLZCFjGoLrz6cFGk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.133.40.0-31.133.42.255
IPv6:
2a0d:df80::/29
Signature Algorithm: sha256WithRSAEncryption
b2:a8:10:e8:18:fc:fe:88:0b:26:a7:ec:e3:75:c0:ab:fa:64:
96:dd:26:d2:91:61:24:3c:d1:1b:9e:21:9e:72:7d:bb:a7:73:
54:a7:d0:29:d3:57:50:33:87:bf:be:36:49:87:2c:ef:5d:7b:
46:5a:2d:e0:12:86:0d:94:e1:27:ae:9c:81:e1:d2:6c:4e:e3:
18:40:e3:72:30:a8:40:00:23:20:f7:97:79:eb:cc:b6:6c:97:
73:22:64:e3:1a:b1:08:8c:77:b1:71:10:74:c0:28:48:22:78:
b1:ab:6b:18:bd:57:61:8e:db:67:3c:30:32:9a:28:67:a2:c2:
63:84:3f:ea:f1:fd:fd:da:91:56:bf:94:06:36:ed:a9:9b:de:
c5:83:b1:5b:6e:32:0d:36:44:9f:66:72:83:47:83:82:56:e1:
f1:9d:5f:c9:bd:53:18:1c:a3:d6:57:fb:7e:75:c7:76:2f:82:
66:0b:6a:9f:5f:84:e4:08:70:b4:2b:33:08:ef:97:f7:57:4a:
98:2e:dc:3c:ac:31:8b:49:0e:c7:5e:e7:6d:fe:05:8f:81:90:
77:65:68:a2:b2:73:b6:8b:e5:ec:d2:70:3c:9a:e5:c0:72:a3:
30:f1:e1:ea:66:25:9b:eb:d5:24:96:52:3e:a6:70:e7:ab:85:
82:1e:99:b8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQlIauNaYbdYJMco9HkJF8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjUwMTAyMDM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg0Mjk3MDc2MTcwNDIzYjEyZDkwODU4YzZhMGJhZjNlOWMxNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bDeljDCGg0ACv0qrmKCFqqNJmWR
l+Ki/vn0cWlJao3Ey6MWYIy4wgPDNNM34mm368ed/yOdm97qQbCuKsN1w2xbOHXa
Q4LCV2C9h8zgcNFItOTYFbm5ozcdLRSD66hIB+M1OrdSnK6Up2QiQ9q05G3SHmgC
3UN2DFWjQ2AgiD6VEkeLiLr8k7C0v6WRsen6qHs4QBdFFx3o8VJOUHz8ZH5fweWQ
CWZVEtRMdr05TBDHFJQkwzdha2+6VCRVYAIVakz5umzNHjkkexJMqa52JAmODE12
zIAh4wS6ToUaX/V/8bVpHD4xJYTTUfj77oUEUfw5xS8+Zj1Y9rXpI4aIzQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGeEKXB2FwQjsS2QhYxqC68+nBRpMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvWjRRcGNIWVhCQ094TFpDRmpHb0xyejZjRkdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAMfhSgD
BAAfhSowDQQCAAIwBwMFAyoN34AwDQYJKoZIhvcNAQELBQADggEBALKoEOgY/P6I
Cyan7ON1wKv6ZJbdJtKRYSQ80RueIZ5yfbunc1Sn0CnTV1Azh7++NkmHLO9de0Za
LeAShg2U4SeunIHh0mxO4xhA43IwqEAAIyD3l3nrzLZsl3MiZOMasQiMd7FxEHTA
KEgieLGraxi9V2GO22c8MDKaKGeiwmOEP+rx/f3akVa/lAY27amb3sWDsVtuMg02
RJ9mcoNHg4JW4fGdX8m9Uxgco9ZX+351x3YvgmYLap9fhOQIcLQrMwjvl/dXSpgu
3DysMYtJDsde523+BY+BkHdlaKKyc7aL5ezScDya5cByozDx4epmJZvr1SSWUj6m
cOerhYIembg=
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:10:42 2025 by rpki-client