Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/d5008a-0f42-4557-9feb-3984c213e214/1/n0XS6IJCl3vm93lJQsjg2X6pLdw.roa
File: n0XS6IJCl3vm93lJQsjg2X6pLdw.roa (raw, json)
Hash identifier: k2WYtuBGETSvwmKGDnyWeLNoT+PiSlaaWRzhdHXtIhs=
Subject key identifier: 9F:45:D2:E8:82:42:97:7B:E6:F7:79:49:42:C8:E0:D9:7E:A9:2D:DC
Certificate issuer: /CN=2bbbd639efb113d19688a1acce6945bb6c6a9ac5
Certificate serial: 01942521D96E3E1CC3FD4C03016E24EE9B4F
Authority key identifier: 2B:BB:D6:39:EF:B1:13:D1:96:88:A1:AC:CE:69:45:BB:6C:6A:9A:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K7vWOe-xE9GWiKGszmlFu2xqmsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/d5008a-0f42-4557-9feb-3984c213e214/1/n0XS6IJCl3vm93lJQsjg2X6pLdw.roa
Signing time: Thu 02 Jan 2025 03:49:22 +0000
ROA not before: Thu 02 Jan 2025 03:49:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31034
IP address blocks: 109.70.240.0/22 maxlen: 24
109.70.244.0/22 maxlen: 24
185.58.192.0/22 maxlen: 24
2a04:e100::/32 maxlen: 32
2a04:e101::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/77/d5008a-0f42-4557-9feb-3984c213e214/1/K7vWOe-xE9GWiKGszmlFu2xqmsU.crl
rsync://rpki.ripe.net/repository/DEFAULT/77/d5008a-0f42-4557-9feb-3984c213e214/1/K7vWOe-xE9GWiKGszmlFu2xqmsU.mft
rsync://rpki.ripe.net/repository/DEFAULT/K7vWOe-xE9GWiKGszmlFu2xqmsU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 23:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:d9:6e:3e:1c:c3:fd:4c:03:01:6e:24:ee:9b:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2bbbd639efb113d19688a1acce6945bb6c6a9ac5
Validity
Not Before: Jan 2 03:49:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9f45d2e88242977be6f7794942c8e0d97ea92ddc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:cb:c5:6c:79:5f:21:1b:8e:90:7f:45:72:01:
dd:13:dd:d8:24:fc:fb:fa:0d:4a:23:d8:d7:35:22:
40:79:44:c5:dd:ec:b6:65:c4:89:77:22:30:1d:95:
08:38:6d:d4:11:9e:a0:82:6e:49:e2:c5:65:ea:6c:
5e:38:90:c2:6f:d0:1f:63:37:fa:24:32:c9:05:7e:
35:24:1e:18:d5:0d:40:83:c7:0f:e7:76:f8:6c:84:
db:32:d0:bb:64:a8:32:f9:ad:ee:eb:a2:29:76:4d:
05:e2:28:f8:2f:4b:09:cf:9a:52:76:10:17:73:aa:
0a:86:6d:54:e0:d2:0a:e3:c1:02:aa:66:d0:de:66:
47:cd:32:fe:93:d4:c7:b2:91:ef:62:86:d8:24:b8:
b8:10:c7:fc:13:12:ec:66:91:68:ef:f1:bf:9c:33:
54:ae:6e:15:4b:c8:ce:5e:3b:25:a1:38:a6:ad:f8:
8a:32:9d:ad:58:c8:89:27:0c:7c:e6:ef:7f:c1:90:
0d:55:c7:ca:00:22:14:d0:92:c6:a6:d5:04:c3:ed:
34:d2:09:21:be:8e:31:56:57:b9:01:a0:08:cc:33:
7c:67:da:3a:b1:b3:7f:ae:ac:e4:53:62:8e:61:28:
40:5b:d1:e9:18:72:ba:c6:96:f1:f1:83:04:43:e3:
a0:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:45:D2:E8:82:42:97:7B:E6:F7:79:49:42:C8:E0:D9:7E:A9:2D:DC
X509v3 Authority Key Identifier:
keyid:2B:BB:D6:39:EF:B1:13:D1:96:88:A1:AC:CE:69:45:BB:6C:6A:9A:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K7vWOe-xE9GWiKGszmlFu2xqmsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/d5008a-0f42-4557-9feb-3984c213e214/1/n0XS6IJCl3vm93lJQsjg2X6pLdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/d5008a-0f42-4557-9feb-3984c213e214/1/K7vWOe-xE9GWiKGszmlFu2xqmsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.70.240.0/21
185.58.192.0/22
IPv6:
2a04:e100::/31
Signature Algorithm: sha256WithRSAEncryption
73:74:e1:49:24:26:80:1c:a4:bf:8d:6c:38:d1:8c:3e:b0:df:
a7:57:d5:e0:b2:a3:56:b3:c9:c2:15:ef:05:87:54:cb:7b:b3:
17:24:e9:b8:5a:99:4b:72:58:63:d0:9c:2f:80:20:2f:61:8b:
bf:91:31:a7:78:ee:5c:dc:60:2e:1d:de:e8:19:e7:9d:fe:62:
06:14:42:11:c8:a5:56:a3:7b:ce:9f:84:00:cd:2e:f7:eb:64:
da:e0:87:f4:d4:f0:8a:cb:83:7a:f5:ae:2c:ab:49:dc:85:cb:
09:b9:c0:4d:38:9a:52:aa:92:a8:65:c9:15:3f:d6:4f:5d:f9:
d0:f1:ba:8e:b3:4f:28:b0:a9:e7:43:89:a7:e7:8d:26:6d:29:
f2:a2:58:7e:f6:3a:39:c7:ac:70:92:80:3d:c7:59:35:2c:f0:
90:2b:ad:be:a4:46:b2:97:11:62:28:a0:69:f8:54:68:e2:3e:
f1:7c:e3:51:d9:a0:c0:9f:bd:8b:c6:2e:39:e0:2d:5b:7a:59:
65:8a:3d:37:3f:01:6e:e6:00:47:42:72:f7:b4:d3:73:f7:d1:
b7:53:15:65:6b:23:be:4f:87:cb:11:ed:6d:3a:d4:6d:8a:aa:
fd:56:1e:54:86:f2:2b:6f:a1:9b:34:98:12:51:fb:8a:ca:cc:
7b:90:fe:ce
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIdluPhzD/UwDAW4k7ptPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYmJkNjM5ZWZiMTEzZDE5Njg4YTFhY2NlNjk0NWJiNmM2
YTlhYzUwHhcNMjUwMTAyMDM0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQ1ZDJlODgyNDI5NzdiZTZmNzc5NDk0MmM4ZTBkOTdlYTkyZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8vFbHlfIRuOkH9FcgHdE93YJPz7
+g1KI9jXNSJAeUTF3ey2ZcSJdyIwHZUIOG3UEZ6ggm5J4sVl6mxeOJDCb9AfYzf6
JDLJBX41JB4Y1Q1Ag8cP53b4bITbMtC7ZKgy+a3u66Ipdk0F4ij4L0sJz5pSdhAX
c6oKhm1U4NIK48ECqmbQ3mZHzTL+k9THspHvYobYJLi4EMf8ExLsZpFo7/G/nDNU
rm4VS8jOXjsloTimrfiKMp2tWMiJJwx85u9/wZANVcfKACIU0JLGptUEw+000gkh
vo4xVle5AaAIzDN8Z9o6sbN/rqzkU2KOYShAW9HpGHK6xpbx8YMEQ+OgeQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ9F0uiCQpd75vd5SULI4Nl+qS3cMB8GA1UdIwQY
MBaAFCu71jnvsRPRloihrM5pRbtsaprFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzd2V09lLXhFOUdXaUtHc3ptbEZ1MnhxbXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9kNTAwOGEtMGY0Mi00NTU3LTlmZWIt
Mzk4NGMyMTNlMjE0LzEvbjBYUzZJSkNsM3ZtOTNsSlFzamcyWDZwTGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9kNTAwOGEtMGY0Mi00NTU3LTlmZWItMzk4NGMyMTNlMjE0
LzEvSzd2V09lLXhFOUdXaUtHc3ptbEZ1MnhxbXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbUbwAwQC
uTrAMA0EAgACMAcDBQEqBOEAMA0GCSqGSIb3DQEBCwUAA4IBAQBzdOFJJCaAHKS/
jWw40Yw+sN+nV9XgsqNWs8nCFe8Fh1TLe7MXJOm4WplLclhj0JwvgCAvYYu/kTGn
eO5c3GAuHd7oGeed/mIGFEIRyKVWo3vOn4QAzS7362Ta4If01PCKy4N69a4sq0nc
hcsJucBNOJpSqpKoZckVP9ZPXfnQ8bqOs08osKnnQ4mn540mbSnyolh+9jo5x6xw
koA9x1k1LPCQK62+pEaylxFiKKBp+FRo4j7xfONR2aDAn72Lxi454C1belllij03
PwFu5gBHQnL3tNNz99G3UxVlayO+T4fLEe1tOtRtiqr9Vh5UhvIrb6GbNJgSUfuK
ysx7kP7O
-----END CERTIFICATE-----
Generated at Tue Apr 8 06:04:46 2025 by rpki-client