Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/xmnElpjW7A7CZR6BNActB4hUkqQ.roa
File: xmnElpjW7A7CZR6BNActB4hUkqQ.roa (raw, json)
Hash identifier: b7xPSVC6CwQb9FVx95rjLXVmj8SRkW6pnrS7QPGCHVo=
Subject key identifier: C6:69:C4:96:98:D6:EC:0E:C2:65:1E:81:34:07:2D:07:88:54:92:A4
Certificate issuer: /CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
Certificate serial: 01952CB2FDA81B83F2EAC4EAA4C5351728A0
Authority key identifier: EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/xmnElpjW7A7CZR6BNActB4hUkqQ.roa
Signing time: Sat 22 Feb 2025 08:08:02 +0000
ROA not before: Sat 22 Feb 2025 08:08:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 194.39.128.0/21 maxlen: 24
194.45.236.0/23 maxlen: 24
194.55.88.0/22 maxlen: 24
2a00:fe00::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.mft
rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 19:01:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:2c:b2:fd:a8:1b:83:f2:ea:c4:ea:a4:c5:35:17:28:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
Validity
Not Before: Feb 22 08:08:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c669c49698d6ec0ec2651e8134072d07885492a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:10:a5:94:05:a8:d5:4a:0c:e5:33:7a:d9:12:
18:f5:df:ef:6a:97:a7:8f:6d:f0:80:80:0f:31:7d:
f7:d0:e5:82:29:fb:d2:31:5e:bf:fb:97:0e:30:91:
67:d1:f6:a2:48:13:6d:b2:e3:56:af:19:1b:ed:af:
fb:3f:79:7e:65:85:0f:e6:43:9b:0f:0b:c2:fb:80:
7e:41:2f:a1:32:a8:7c:43:7f:f7:3e:6d:3c:fb:f5:
b9:2f:bd:ca:33:57:ca:db:6d:6f:54:f3:33:1d:94:
7b:ae:4f:7f:49:62:4c:ac:10:61:14:85:41:cd:15:
d3:25:a4:ad:8e:aa:ed:5d:8f:b3:86:e6:b0:a2:27:
35:a2:bf:4b:8b:ce:9e:98:1f:ea:10:75:ea:42:fe:
41:ee:55:61:97:1b:0a:87:13:9f:8f:97:ac:ee:c6:
60:70:ca:32:ba:da:20:ba:5c:49:69:27:09:17:12:
48:62:a0:12:da:88:fc:b9:84:8e:5c:39:2b:7d:69:
3a:44:9f:1b:79:ee:e2:4a:e6:38:53:93:c1:76:cb:
0e:65:a6:f6:82:ab:cd:fb:a0:b7:bd:36:f9:ed:45:
6c:40:38:ea:1b:6c:1d:98:de:0d:f8:bd:22:6a:94:
55:d3:16:b5:e7:93:f7:03:6e:a0:86:2f:a5:41:72:
07:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:69:C4:96:98:D6:EC:0E:C2:65:1E:81:34:07:2D:07:88:54:92:A4
X509v3 Authority Key Identifier:
keyid:EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/xmnElpjW7A7CZR6BNActB4hUkqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.39.128.0/21
194.45.236.0/23
194.55.88.0/22
IPv6:
2a00:fe00::/32
Signature Algorithm: sha256WithRSAEncryption
3b:4e:dc:21:a0:16:ad:c7:56:10:8e:f9:12:f2:37:21:09:d7:
b1:87:ff:56:51:fa:ed:64:ec:ff:38:be:a4:51:28:96:4e:cc:
12:f9:cb:31:00:1f:55:0a:0f:1b:cf:5a:fa:53:a4:bb:f5:7d:
50:34:1a:89:47:e9:72:36:f4:2a:54:45:67:bd:77:29:64:b7:
9b:3a:7e:e1:50:30:ca:ec:65:2e:07:68:5e:48:06:1c:37:4c:
fb:1e:d0:e8:dd:6d:0f:10:74:50:f0:3a:73:aa:6c:5e:b0:e3:
9a:20:1f:15:ff:b6:39:04:85:00:d5:d2:f1:38:f1:df:ad:63:
78:cf:d6:d6:ff:55:37:b7:96:f5:f1:f9:2a:5e:7a:87:fa:cc:
cd:23:c8:76:05:ff:35:af:a3:c4:75:ea:2a:37:ea:0b:a0:a0:
8c:58:9b:fb:1c:f3:d9:f9:68:78:63:c3:0d:80:91:6f:3d:5a:
15:e2:62:26:f8:68:66:e1:42:10:c9:72:76:aa:0e:fb:8e:dc:
57:7e:dc:25:e9:8b:24:6f:c9:5b:83:9b:50:62:09:f2:9f:b0:
a5:26:26:5e:c9:eb:fe:62:82:e9:c6:f2:0d:c5:6f:78:14:19:
d8:30:6b:4d:d0:56:86:89:27:cd:63:30:ce:8c:d7:fb:d8:e1:
61:68:e3:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZUssv2oG4Py6sTqpMU1FyigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNDY5NjNjYzQ3OWRhZGJlM2M1MjIzNGFiOWZhYmFhODEy
MmQyNWIwHhcNMjUwMjIyMDgwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY5YzQ5Njk4ZDZlYzBlYzI2NTFlODEzNDA3MmQwNzg4NTQ5MmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RCllAWo1UoM5TN62RIY9d/vapen
j23wgIAPMX330OWCKfvSMV6/+5cOMJFn0faiSBNtsuNWrxkb7a/7P3l+ZYUP5kOb
DwvC+4B+QS+hMqh8Q3/3Pm08+/W5L73KM1fK221vVPMzHZR7rk9/SWJMrBBhFIVB
zRXTJaStjqrtXY+zhuawoic1or9Li86emB/qEHXqQv5B7lVhlxsKhxOfj5es7sZg
cMoyutogulxJaScJFxJIYqAS2oj8uYSOXDkrfWk6RJ8bee7iSuY4U5PBdssOZab2
gqvN+6C3vTb57UVsQDjqG2wdmN4N+L0iapRV0xa155P3A26ghi+lQXIHFQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMZpxJaY1uwOwmUegTQHLQeIVJKkMB8GA1UdIwQY
MBaAFOpGljzEedrb48UiNKufq6qBItJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUt
ZWI1YmM3ZDk3YWEwLzEveG1uRWxwalc3QTdDWlI2Qk5BY3RCNGhVa3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUtZWI1YmM3ZDk3YWEw
LzEvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDwieAAwQB
wi3sAwQCwjdYMA0EAgACMAcDBQAqAP4AMA0GCSqGSIb3DQEBCwUAA4IBAQA7Ttwh
oBatx1YQjvkS8jchCdexh/9WUfrtZOz/OL6kUSiWTswS+csxAB9VCg8bz1r6U6S7
9X1QNBqJR+lyNvQqVEVnvXcpZLebOn7hUDDK7GUuB2heSAYcN0z7HtDo3W0PEHRQ
8DpzqmxesOOaIB8V/7Y5BIUA1dLxOPHfrWN4z9bW/1U3t5b18fkqXnqH+szNI8h2
Bf81r6PEdeoqN+oLoKCMWJv7HPPZ+Wh4Y8MNgJFvPVoV4mIm+Ghm4UIQyXJ2qg77
jtxXftwl6Yskb8lbg5tQYgnyn7ClJiZeyev+YoLpxvINxW94FBnYMGtN0FaGiSfN
YzDOjNf72OFhaOOb
-----END CERTIFICATE-----
Generated at Sat Apr 12 02:32:10 2025 by rpki-client