Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/aSHknzRfo3ut4IdP4sDFiOtG6lo.roa
File: aSHknzRfo3ut4IdP4sDFiOtG6lo.roa (raw, json)
Hash identifier: P3VJRH2gCdGbd9jiYKekQElrMo005p0FNDq0qs/ZIaA=
Subject key identifier: 69:21:E4:9F:34:5F:A3:7B:AD:E0:87:4F:E2:C0:C5:88:EB:46:EA:5A
Certificate issuer: /CN=4ecd75a5109e2c106e1193d57ee2b999fec27fe0
Certificate serial: 019426D96B04C8E1CCD02CE235264768D971
Authority key identifier: 4E:CD:75:A5:10:9E:2C:10:6E:11:93:D5:7E:E2:B9:99:FE:C2:7F:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/aSHknzRfo3ut4IdP4sDFiOtG6lo.roa
Signing time: Thu 02 Jan 2025 11:49:30 +0000
ROA not before: Thu 02 Jan 2025 11:49:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49191
IP address blocks: 45.129.164.0/24 maxlen: 24
185.190.249.0/24 maxlen: 24
2a07:ddc0::/48 maxlen: 48
2a07:ddc0:1::/48 maxlen: 48
2a07:ddc0:2::/48 maxlen: 48
2a07:ddc0:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.crl
rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:6b:04:c8:e1:cc:d0:2c:e2:35:26:47:68:d9:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ecd75a5109e2c106e1193d57ee2b999fec27fe0
Validity
Not Before: Jan 2 11:49:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6921e49f345fa37bade0874fe2c0c588eb46ea5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:77:e8:66:31:b1:90:93:90:b8:56:a2:2c:4c:
b6:f6:fb:6b:ce:b9:22:4f:69:5d:27:16:70:d8:c2:
3e:fe:59:e0:7b:12:c9:d2:f3:42:b8:34:cb:50:63:
46:f9:c9:c8:ef:54:30:2d:16:a4:da:c2:9d:ff:d9:
5a:dc:b6:34:55:21:1d:bb:ec:94:3a:fd:2f:97:cb:
62:7c:09:7e:c6:eb:4d:99:51:30:16:0f:c7:45:64:
32:02:a1:2a:48:5e:c5:2e:17:19:7c:0f:a6:4b:f9:
3e:e4:ee:d5:88:49:c8:5f:12:74:44:d7:42:6b:0f:
bb:6c:f6:ad:af:5d:fd:02:70:06:54:64:1a:8d:94:
8e:43:76:17:29:97:ac:eb:63:8e:a4:e7:db:80:e1:
ce:51:21:fd:d7:25:14:45:fc:26:db:cd:7e:39:4d:
97:c3:db:f9:3b:e8:f3:02:4d:e6:d2:59:b5:72:7a:
a1:05:f3:2a:71:04:07:4a:7b:fc:c6:bf:1e:be:f6:
7f:fc:99:b1:fc:0d:ab:d9:db:58:cf:8c:3e:a4:c6:
20:e6:60:47:98:2b:9f:a0:4a:39:9a:70:44:4d:20:
6a:d7:ac:b2:99:47:bc:0f:f1:51:9b:d9:47:78:e8:
b4:e2:8e:1d:a2:c1:34:ab:25:0a:f4:e3:34:06:3e:
03:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:21:E4:9F:34:5F:A3:7B:AD:E0:87:4F:E2:C0:C5:88:EB:46:EA:5A
X509v3 Authority Key Identifier:
keyid:4E:CD:75:A5:10:9E:2C:10:6E:11:93:D5:7E:E2:B9:99:FE:C2:7F:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/aSHknzRfo3ut4IdP4sDFiOtG6lo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/d7beed-df98-4ec8-87b6-4072557c47fa/1/Ts11pRCeLBBuEZPVfuK5mf7Cf-A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.164.0/24
185.190.249.0/24
IPv6:
2a07:ddc0::/46
Signature Algorithm: sha256WithRSAEncryption
76:3a:04:f0:d2:dd:ac:48:c1:bf:a3:d3:a8:06:32:9c:0f:15:
fd:d2:2a:8b:62:fd:7b:5f:9c:dd:c9:9f:f1:b4:00:39:9b:6e:
b4:1e:e2:70:20:37:ef:08:99:8f:0e:1d:51:1b:dd:61:cc:8a:
b3:c2:9a:19:ba:de:8e:3f:c5:bd:3e:f4:89:a7:53:b2:a3:35:
6a:b8:c5:e1:80:c8:dc:0a:82:b7:c4:e0:af:63:70:38:45:5f:
c5:00:40:27:92:7b:91:b8:57:c2:f7:c5:4c:2a:40:3c:6f:97:
74:c6:77:11:85:9b:5b:39:8b:86:03:3a:54:dd:9f:1d:66:7f:
b8:25:e0:c0:02:ef:fa:b3:33:e8:15:98:aa:9c:53:44:b6:b1:
25:d3:07:0f:a7:7a:85:ca:24:3c:a3:3e:8c:92:04:a2:dc:2c:
c3:68:9e:2c:74:88:f0:7c:dc:8e:be:9f:72:d5:7a:8a:e1:58:
e5:5d:9e:e8:8e:3f:3f:39:18:33:ea:e7:60:41:e3:2c:f8:22:
63:52:8f:17:72:20:8a:46:63:5c:fc:62:4a:35:41:61:a3:d9:
47:d3:ad:dc:6a:0c:be:50:8b:a8:a8:ed:d8:a5:72:23:f0:47:
7c:83:13:66:60:d7:3b:d3:b7:c9:a8:45:38:7f:d1:97:56:28:
d0:0b:7c:f0
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQm2WsEyOHM0CziNSZHaNlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Q3NWE1MTA5ZTJjMTA2ZTExOTNkNTdlZTJiOTk5ZmVj
MjdmZTAwHhcNMjUwMTAyMTE0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTIxZTQ5ZjM0NWZhMzdiYWRlMDg3NGZlMmMwYzU4OGViNDZlYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XfoZjGxkJOQuFaiLEy29vtrzrki
T2ldJxZw2MI+/lngexLJ0vNCuDTLUGNG+cnI71QwLRak2sKd/9la3LY0VSEdu+yU
Ov0vl8tifAl+xutNmVEwFg/HRWQyAqEqSF7FLhcZfA+mS/k+5O7ViEnIXxJ0RNdC
aw+7bPatr139AnAGVGQajZSOQ3YXKZes62OOpOfbgOHOUSH91yUURfwm281+OU2X
w9v5O+jzAk3m0lm1cnqhBfMqcQQHSnv8xr8evvZ//Jmx/A2r2dtYz4w+pMYg5mBH
mCufoEo5mnBETSBq16yymUe8D/FRm9lHeOi04o4dosE0qyUK9OM0Bj4D+QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGkh5J80X6N7reCHT+LAxYjrRupaMB8GA1UdIwQY
MBaAFE7NdaUQniwQbhGT1X7iuZn+wn/gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHMxMXBSQ2VMQkJ1RVpQVmZ1SzVtZjdDZi1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kN2JlZWQtZGY5OC00ZWM4LTg3YjYt
NDA3MjU1N2M0N2ZhLzEvYVNIa256UmZvM3V0NElkUDRzREZpT3RHNmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kN2JlZWQtZGY5OC00ZWM4LTg3YjYtNDA3MjU1N2M0N2Zh
LzEvVHMxMXBSQ2VMQkJ1RVpQVmZ1SzVtZjdDZi1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALYGkAwQA
ub75MA8EAgACMAkDBwIqB93AAAAwDQYJKoZIhvcNAQELBQADggEBAHY6BPDS3axI
wb+j06gGMpwPFf3SKoti/XtfnN3Jn/G0ADmbbrQe4nAgN+8ImY8OHVEb3WHMirPC
mhm63o4/xb0+9ImnU7KjNWq4xeGAyNwKgrfE4K9jcDhFX8UAQCeSe5G4V8L3xUwq
QDxvl3TGdxGFm1s5i4YDOlTdnx1mf7gl4MAC7/qzM+gVmKqcU0S2sSXTBw+neoXK
JDyjPoySBKLcLMNonix0iPB83I6+n3LVeorhWOVdnuiOPz85GDPq52BB4yz4ImNS
jxdyIIpGY1z8Yko1QWGj2UfTrdxqDL5Qi6io7dilciPwR3yDE2Zg1zvTt8moRTh/
0ZdWKNALfPA=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:45:26 2025 by rpki-client