Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Bi-w2vQ6q7Paqeb-8FWxe--YcbU.roa
File: Bi-w2vQ6q7Paqeb-8FWxe--YcbU.roa (raw, json)
Hash identifier: 9bBFk/y11iYrmgN87LW1/x7IiYYmSf4cmU0eu0rkk44=
Subject key identifier: 06:2F:B0:DA:F4:3A:AB:B3:DA:A9:E6:FE:F0:55:B1:7B:EF:98:71:B5
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 019427B68063EB33996BA8324FA86410CBC3
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Bi-w2vQ6q7Paqeb-8FWxe--YcbU.roa
Signing time: Thu 02 Jan 2025 15:50:59 +0000
ROA not before: Thu 02 Jan 2025 15:50:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33905
IP address blocks: 2.18.48.0/24 maxlen: 24
2.18.49.0/24 maxlen: 24
2.18.50.0/24 maxlen: 24
2.18.51.0/24 maxlen: 24
2.18.52.0/24 maxlen: 24
2.18.53.0/24 maxlen: 24
2.18.54.0/24 maxlen: 24
2.18.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 10:07:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:80:63:eb:33:99:6b:a8:32:4f:a8:64:10:cb:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Jan 2 15:50:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=062fb0daf43aabb3daa9e6fef055b17bef9871b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:c1:51:f4:16:f5:90:2e:4a:53:f9:fa:c4:47:
f6:57:8d:5f:3a:61:16:6e:83:14:79:dd:4d:99:59:
1f:ee:15:e7:c8:87:ae:39:6a:2e:a2:24:d7:b9:92:
a0:99:04:00:af:9f:bd:aa:22:dc:cf:7a:35:31:29:
33:61:fd:4b:8b:fa:27:27:18:ab:5b:35:f8:3f:f2:
f8:10:fd:53:0f:73:c8:50:61:38:90:d3:49:e5:31:
a8:85:39:eb:65:e4:0f:b5:1f:3d:8f:ce:75:a4:6d:
9f:8f:3e:cf:6d:9f:64:0b:e3:2f:e0:99:88:39:21:
04:aa:1d:a4:6d:6c:22:8c:ec:b4:73:78:fa:7c:b7:
6e:3e:b8:57:19:d1:b8:b9:64:13:c5:2c:57:e6:5c:
57:14:1a:3f:30:2f:6c:87:f1:69:75:16:67:6b:d1:
44:70:7e:71:25:9d:65:93:46:b9:40:b3:0c:6b:c5:
2d:02:2a:5e:ec:31:68:5c:83:83:19:0d:9f:e8:9d:
77:4d:ee:5d:00:b1:9c:51:40:05:04:66:38:17:47:
25:e7:02:31:39:d4:28:12:83:90:82:4c:f4:fa:3c:
e2:e1:0c:83:9f:d4:14:e7:33:e5:0d:c3:5f:e8:42:
96:cf:cd:49:77:91:d5:41:04:4c:d6:e6:55:f8:b0:
e5:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:2F:B0:DA:F4:3A:AB:B3:DA:A9:E6:FE:F0:55:B1:7B:EF:98:71:B5
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Bi-w2vQ6q7Paqeb-8FWxe--YcbU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.18.48.0/21
Signature Algorithm: sha256WithRSAEncryption
89:2f:95:38:b5:85:01:e0:5a:c9:f2:7e:b2:1a:20:75:9b:44:
18:31:fa:2e:86:77:c9:5b:9d:f7:a2:b6:cf:35:1a:7e:0d:7c:
76:83:92:a2:5a:f1:7a:6f:df:e2:bf:e9:52:a2:ed:91:02:1a:
55:08:65:58:71:52:37:6b:66:6c:f5:c1:24:9a:68:dd:a6:83:
80:e5:a4:bc:01:11:d2:a5:39:5c:4f:5e:56:ee:9c:33:d8:ae:
e0:dc:b1:40:45:be:99:21:ab:45:b3:da:6d:b8:01:04:a2:49:
d4:30:16:4d:12:6b:44:02:19:de:9f:5e:6f:41:07:f4:37:e2:
d6:42:9e:52:b0:6f:74:b9:9c:5e:d9:7a:d0:3c:3a:71:e9:b0:
d4:43:8a:7c:c6:c3:d8:83:4c:8f:f7:51:17:ef:5d:72:0b:53:
08:9d:58:04:97:f8:3a:27:1f:85:04:53:1f:bc:62:64:cd:5e:
b0:8b:e7:d2:16:42:a9:bd:84:10:e3:60:20:7c:35:fc:9a:f7:
ee:31:a4:a4:bc:5a:a6:88:69:9f:3c:7e:ed:ad:b2:7b:ce:ed:
f1:87:b0:a3:a9:86:70:37:77:78:a2:05:86:07:8f:3b:e4:a3:
ef:47:16:f1:5e:19:b1:10:b5:6e:15:58:c3:e5:cf:69:7e:16:
8b:f7:0a:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntoBj6zOZa6gyT6hkEMvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjJmYjBkYWY0M2FhYmIzZGFhOWU2ZmVmMDU1YjE3YmVmOTg3MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8FR9Bb1kC5KU/n6xEf2V41fOmEW
boMUed1NmVkf7hXnyIeuOWouoiTXuZKgmQQAr5+9qiLcz3o1MSkzYf1Li/onJxir
WzX4P/L4EP1TD3PIUGE4kNNJ5TGohTnrZeQPtR89j851pG2fjz7PbZ9kC+Mv4JmI
OSEEqh2kbWwijOy0c3j6fLduPrhXGdG4uWQTxSxX5lxXFBo/MC9sh/FpdRZna9FE
cH5xJZ1lk0a5QLMMa8UtAipe7DFoXIODGQ2f6J13Te5dALGcUUAFBGY4F0cl5wIx
OdQoEoOQgkz0+jzi4QyDn9QU5zPlDcNf6EKWz81Jd5HVQQRM1uZV+LDljwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYvsNr0Oquz2qnm/vBVsXvvmHG1MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvQmktdzJ2UTZxN1BhcWViLThGV3hlLS1ZY2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAhIwMA0G
CSqGSIb3DQEBCwUAA4IBAQCJL5U4tYUB4FrJ8n6yGiB1m0QYMfouhnfJW533orbP
NRp+DXx2g5KiWvF6b9/iv+lSou2RAhpVCGVYcVI3a2Zs9cEkmmjdpoOA5aS8ARHS
pTlcT15W7pwz2K7g3LFARb6ZIatFs9ptuAEEoknUMBZNEmtEAhnen15vQQf0N+LW
Qp5SsG90uZxe2XrQPDpx6bDUQ4p8xsPYg0yP91EX711yC1MInVgEl/g6Jx+FBFMf
vGJkzV6wi+fSFkKpvYQQ42AgfDX8mvfuMaSkvFqmiGmfPH7trbJ7zu3xh7CjqYZw
N3d4ogWGB4875KPvRxbxXhmxELVuFVjD5c9pfhaL9wpU
-----END CERTIFICATE-----
Generated at Sun Apr 6 17:45:34 2025 by rpki-client