Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/tlKn03Ch2n039rtBjA5ofqd299w.roa
File: tlKn03Ch2n039rtBjA5ofqd299w.roa (raw, json)
Hash identifier: 9PuwizLdWImEnrfTYLu1uBixtkLMu3z0UocdkAE0/2k=
Subject key identifier: B6:52:A7:D3:70:A1:DA:7D:37:F6:BB:41:8C:0E:68:7E:A7:76:F7:DC
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 019427B68679E296B723B6F828EECF2A068C
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/tlKn03Ch2n039rtBjA5ofqd299w.roa
Signing time: Thu 02 Jan 2025 15:51:00 +0000
ROA not before: Thu 02 Jan 2025 15:51:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200005
IP address blocks: 185.123.168.0/22 maxlen: 24
194.35.36.0/23 maxlen: 24
194.35.38.0/24 maxlen: 24
2a0b:35c0::/32 maxlen: 32
2a0b:35c1::/32 maxlen: 32
2a0b:35c2::/32 maxlen: 32
2a0b:35c3::/32 maxlen: 32
2a0b:35c4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 13:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:86:79:e2:96:b7:23:b6:f8:28:ee:cf:2a:06:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Jan 2 15:51:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b652a7d370a1da7d37f6bb418c0e687ea776f7dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:1a:ad:d6:f9:68:c7:70:a9:ce:a7:fc:1d:7c:
f5:01:e4:cb:c4:e7:b4:e0:d2:fe:24:b5:80:87:b4:
24:e1:b8:ac:1a:b3:9c:72:e4:dd:3b:38:2a:cd:b1:
6d:92:ba:5e:dc:2e:76:da:39:34:58:e4:08:43:f8:
94:3c:61:fe:83:06:ac:68:64:ff:07:01:75:46:a2:
08:fe:c9:fa:de:07:4a:78:bf:78:74:7a:40:5b:28:
a4:a4:66:b3:da:2f:02:62:b2:ac:6e:fc:dd:fe:61:
d4:2c:c9:0d:38:4b:ba:28:36:35:89:6a:be:14:8a:
e9:b8:6a:6d:e2:a6:84:fa:38:e9:17:e5:4d:93:c9:
29:35:54:f5:2c:40:d4:35:d1:0b:37:9a:74:5f:a9:
f8:42:57:9f:8c:bb:ab:d7:86:d9:6c:e8:6e:8d:ef:
bd:d1:01:87:99:4b:fd:70:c2:d0:74:70:b7:4b:a3:
ec:29:19:c1:78:50:42:e1:c6:51:52:e8:80:66:4d:
73:1d:a2:f9:01:fc:21:03:2b:c4:a8:78:ab:be:2c:
cc:3b:f5:ac:b7:c1:ba:da:88:35:9c:29:aa:25:e3:
e5:82:57:2e:99:64:d7:35:3c:ca:a9:04:a3:7d:af:
dc:b6:46:57:67:e0:26:f2:c7:b7:93:4d:fc:9e:b5:
c8:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:52:A7:D3:70:A1:DA:7D:37:F6:BB:41:8C:0E:68:7E:A7:76:F7:DC
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/tlKn03Ch2n039rtBjA5ofqd299w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.123.168.0/22
194.35.36.0-194.35.38.255
IPv6:
2a0b:35c0::-2a0b:35c4:0:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
91:11:ad:20:70:86:a6:e6:98:88:bc:70:22:5b:84:c1:ea:98:
b7:59:40:3a:fc:04:d7:41:73:85:d9:55:fd:eb:9a:d0:14:73:
38:2f:56:b5:7d:1f:6a:ab:71:a5:ec:ad:4d:43:57:79:23:0f:
e3:05:3c:b9:07:58:b8:bf:9d:df:71:4e:c4:3b:aa:90:55:dc:
3f:7f:5f:0f:89:b0:a9:19:11:50:ba:76:eb:bd:2c:95:bd:a4:
7c:c9:b1:e9:c0:93:ab:af:7f:4a:70:42:b9:32:82:e8:2e:ea:
c7:ed:19:4f:10:56:53:d0:e0:93:e2:cc:68:e9:e8:92:33:35:
5f:16:25:a5:5b:13:0c:48:68:15:53:27:4b:54:67:1b:65:de:
30:06:a3:ed:80:88:c9:b5:cd:66:f4:47:98:63:94:a8:77:d5:
7f:43:90:47:9c:92:53:60:72:87:b0:72:11:fc:40:84:93:5a:
74:a3:2f:65:a9:e0:27:a5:53:fe:ec:fe:88:bf:a7:d9:e4:13:
3d:73:04:b2:56:c4:49:ae:ad:a7:0b:bd:d5:de:06:25:43:78:
5b:40:c8:99:c0:19:2e:f8:f2:8e:0f:53:ae:74:4e:36:db:ae:
d6:36:5f:ff:f1:fe:50:11:31:e7:d2:d9:11:a5:e5:bc:87:98:
f5:61:34:30
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQntoZ54pa3I7b4KO7PKgaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjUyYTdkMzcwYTFkYTdkMzdmNmJiNDE4YzBlNjg3ZWE3NzZmN2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRqt1vlox3Cpzqf8HXz1AeTLxOe0
4NL+JLWAh7Qk4bisGrOccuTdOzgqzbFtkrpe3C522jk0WOQIQ/iUPGH+gwasaGT/
BwF1RqII/sn63gdKeL94dHpAWyikpGaz2i8CYrKsbvzd/mHULMkNOEu6KDY1iWq+
FIrpuGpt4qaE+jjpF+VNk8kpNVT1LEDUNdELN5p0X6n4QlefjLur14bZbOhuje+9
0QGHmUv9cMLQdHC3S6PsKRnBeFBC4cZRUuiAZk1zHaL5AfwhAyvEqHirvizMO/Ws
t8G62og1nCmqJePlglcumWTXNTzKqQSjfa/ctkZXZ+Am8se3k038nrXIiQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFLZSp9Nwodp9N/a7QYwOaH6ndvfcMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvdGxLbjAzQ2gybjAzOXJ0QmpBNW9mcWQyOTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAaBAIAATAUAwQCuXuoMAwD
BALCIyQDBADCIyYwGAQCAAIwEjAQAwUGKgs1wAMHACoLNcQAADANBgkqhkiG9w0B
AQsFAAOCAQEAkRGtIHCGpuaYiLxwIluEweqYt1lAOvwE10FzhdlV/eua0BRzOC9W
tX0faqtxpeytTUNXeSMP4wU8uQdYuL+d33FOxDuqkFXcP39fD4mwqRkRULp2670s
lb2kfMmx6cCTq69/SnBCuTKC6C7qx+0ZTxBWU9Dgk+LMaOnokjM1XxYlpVsTDEho
FVMnS1RnG2XeMAaj7YCIybXNZvRHmGOUqHfVf0OQR5ySU2Byh7ByEfxAhJNadKMv
ZangJ6VT/uz+iL+n2eQTPXMEslbESa6tpwu91d4GJUN4W0DImcAZLvjyjg9TrnRO
Ntuu1jZf//H+UBEx59LZEaXlvIeY9WE0MA==
-----END CERTIFICATE-----
Generated at Sun Apr 6 22:55:37 2025 by rpki-client