Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/134ccb-b0ab-446b-8172-62e27cd1e975/1/x7aEXzfMRzlzp6VorB64R028Jvk.roa
File: x7aEXzfMRzlzp6VorB64R028Jvk.roa (raw, json)
Hash identifier: 3aOt7CTs1p/zJJSbWQR2//U36Y0+Zh2Kxl00BzPCEXA=
Subject key identifier: C7:B6:84:5F:37:CC:47:39:73:A7:A5:68:AC:1E:B8:47:4D:BC:26:F9
Certificate issuer: /CN=b40d849cc43b732dab6641fc6fd5a4db3a2db947
Certificate serial: 01941F8C8B6DE81EFF7B20FD967290AE903B
Authority key identifier: B4:0D:84:9C:C4:3B:73:2D:AB:66:41:FC:6F:D5:A4:DB:3A:2D:B9:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tA2EnMQ7cy2rZkH8b9Wk2zotuUc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/134ccb-b0ab-446b-8172-62e27cd1e975/1/x7aEXzfMRzlzp6VorB64R028Jvk.roa
Signing time: Wed 01 Jan 2025 01:48:11 +0000
ROA not before: Wed 01 Jan 2025 01:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49898
IP address blocks: 185.169.168.0/24 maxlen: 24
185.169.169.0/24 maxlen: 24
185.169.170.0/24 maxlen: 24
185.169.171.0/24 maxlen: 24
2a0a:5301::/32 maxlen: 32
2a0a:5302::/32 maxlen: 32
2a0a:5303::/32 maxlen: 32
2a0a:5304::/32 maxlen: 32
2a0a:5305::/32 maxlen: 32
2a0a:5306::/32 maxlen: 32
2a0a:5307::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7d/134ccb-b0ab-446b-8172-62e27cd1e975/1/tA2EnMQ7cy2rZkH8b9Wk2zotuUc.crl
rsync://rpki.ripe.net/repository/DEFAULT/7d/134ccb-b0ab-446b-8172-62e27cd1e975/1/tA2EnMQ7cy2rZkH8b9Wk2zotuUc.mft
rsync://rpki.ripe.net/repository/DEFAULT/tA2EnMQ7cy2rZkH8b9Wk2zotuUc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 01:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:8b:6d:e8:1e:ff:7b:20:fd:96:72:90:ae:90:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b40d849cc43b732dab6641fc6fd5a4db3a2db947
Validity
Not Before: Jan 1 01:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c7b6845f37cc473973a7a568ac1eb8474dbc26f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:10:ce:a1:ac:a6:a1:e1:5b:80:ec:13:d8:95:
68:95:81:a6:af:ad:da:11:ee:58:03:48:2e:f4:76:
04:a3:10:18:98:39:c2:7c:08:b5:63:1d:30:ea:1e:
dd:87:1f:6f:b6:62:06:f0:1a:1a:2d:ec:09:c6:86:
44:02:6c:76:37:3d:f9:07:13:4b:8d:ca:eb:d2:b3:
75:33:38:ec:9b:6f:d1:64:0e:be:0e:62:e0:d0:cb:
d3:45:36:d8:40:c7:b1:64:a0:39:ac:81:0e:34:0e:
2a:04:b7:4e:b9:76:5b:19:64:3e:26:18:cd:78:a3:
0f:c0:51:7c:25:0c:c2:28:c5:76:d1:3a:d4:6c:35:
7d:15:ec:fd:b5:eb:4d:ba:03:00:f9:25:bc:5a:f6:
07:54:b1:5f:fb:c4:56:2d:27:51:da:ab:88:53:56:
ce:93:c5:cc:7c:dc:66:83:ea:85:3f:c7:70:1e:d7:
bd:15:74:95:83:e3:8a:45:c5:d1:77:7e:04:91:73:
b1:0a:b6:ce:e3:37:5a:80:8d:d5:7f:1c:bd:16:4a:
9f:50:bf:2d:17:f1:26:01:5f:1b:18:67:21:09:75:
50:77:ec:86:e1:89:47:25:7c:e6:ba:21:25:ec:8b:
c0:1d:62:f9:d9:09:34:06:29:73:fd:6a:0d:6a:ea:
59:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:B6:84:5F:37:CC:47:39:73:A7:A5:68:AC:1E:B8:47:4D:BC:26:F9
X509v3 Authority Key Identifier:
keyid:B4:0D:84:9C:C4:3B:73:2D:AB:66:41:FC:6F:D5:A4:DB:3A:2D:B9:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tA2EnMQ7cy2rZkH8b9Wk2zotuUc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/134ccb-b0ab-446b-8172-62e27cd1e975/1/x7aEXzfMRzlzp6VorB64R028Jvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/134ccb-b0ab-446b-8172-62e27cd1e975/1/tA2EnMQ7cy2rZkH8b9Wk2zotuUc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.169.168.0/22
IPv6:
2a0a:5301::-2a0a:5307:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
3e:64:f6:3a:c9:4f:9b:6c:17:0a:32:57:5f:6a:81:39:94:df:
e3:3f:dd:6e:bc:8e:54:93:b7:ef:35:a9:b1:69:86:ca:a6:2d:
94:19:43:90:8c:0c:bc:ab:6e:50:24:d7:88:3b:84:e2:e0:1f:
f5:1b:b7:6e:43:46:66:b8:37:50:1b:93:d9:6e:64:ce:f1:af:
aa:49:88:ed:ef:8b:f9:87:00:82:b7:43:1b:b9:60:48:c9:ac:
a2:1e:81:d5:18:70:d1:0d:71:79:06:4b:63:2b:6f:a8:5c:a0:
5b:4a:66:2d:6c:73:55:f5:d8:0d:ed:ed:37:c7:ff:e6:dd:b6:
30:cf:7a:f5:53:b0:41:27:25:aa:04:c0:e0:5b:ce:b6:f8:db:
85:5d:c5:a3:ff:12:09:16:cf:3a:dd:e6:a4:48:2f:ac:fe:1a:
54:9a:18:f2:30:80:f1:4b:d0:ae:51:4a:ed:1e:24:a2:05:17:
1f:66:4b:ad:cd:35:d0:d8:ea:2d:e4:98:c2:4c:18:ab:aa:bc:
dc:b6:b0:ac:04:74:91:fd:76:e2:3e:d0:b7:17:ac:cb:79:55:
62:1b:21:3a:66:af:66:28:5e:1e:3f:af:4a:91:fa:84:c6:23:
7c:76:b0:5d:88:0a:5f:b0:f8:50:13:60:04:64:63:d2:e0:7b:
8b:5e:58:3c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQfjItt6B7/eyD9lnKQrpA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MGQ4NDljYzQzYjczMmRhYjY2NDFmYzZmZDVhNGRiM2Ey
ZGI5NDcwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2I2ODQ1ZjM3Y2M0NzM5NzNhN2E1NjhhYzFlYjg0NzRkYmMyNmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xDOoaymoeFbgOwT2JVolYGmr63a
Ee5YA0gu9HYEoxAYmDnCfAi1Yx0w6h7dhx9vtmIG8BoaLewJxoZEAmx2Nz35BxNL
jcrr0rN1Mzjsm2/RZA6+DmLg0MvTRTbYQMexZKA5rIEONA4qBLdOuXZbGWQ+JhjN
eKMPwFF8JQzCKMV20TrUbDV9Fez9tetNugMA+SW8WvYHVLFf+8RWLSdR2quIU1bO
k8XMfNxmg+qFP8dwHte9FXSVg+OKRcXRd34EkXOxCrbO4zdagI3Vfxy9FkqfUL8t
F/EmAV8bGGchCXVQd+yG4YlHJXzmuiEl7IvAHWL52Qk0Bilz/WoNaupZ1wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMe2hF83zEc5c6elaKweuEdNvCb5MB8GA1UdIwQY
MBaAFLQNhJzEO3Mtq2ZB/G/VpNs6LblHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEEyRW5NUTdjeTJyWmtIOGI5V2syem90dVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8xMzRjY2ItYjBhYi00NDZiLTgxNzIt
NjJlMjdjZDFlOTc1LzEveDdhRVh6Zk1Semx6cDZWb3JCNjRSMDI4SnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8xMzRjY2ItYjBhYi00NDZiLTgxNzItNjJlMjdjZDFlOTc1
LzEvdEEyRW5NUTdjeTJyWmtIOGI5V2syem90dVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCuamoMBYE
AgACMBAwDgMFACoKUwEDBQMqClMAMA0GCSqGSIb3DQEBCwUAA4IBAQA+ZPY6yU+b
bBcKMldfaoE5lN/jP91uvI5Uk7fvNamxaYbKpi2UGUOQjAy8q25QJNeIO4Ti4B/1
G7duQ0ZmuDdQG5PZbmTO8a+qSYjt74v5hwCCt0MbuWBIyayiHoHVGHDRDXF5Bktj
K2+oXKBbSmYtbHNV9dgN7e03x//m3bYwz3r1U7BBJyWqBMDgW862+NuFXcWj/xIJ
Fs863eakSC+s/hpUmhjyMIDxS9CuUUrtHiSiBRcfZkutzTXQ2Oot5JjCTBirqrzc
trCsBHSR/XbiPtC3F6zLeVViGyE6Zq9mKF4eP69KkfqExiN8drBdiApfsPhQE2AE
ZGPS4HuLXlg8
-----END CERTIFICATE-----
Generated at Fri Feb 21 10:17:23 2025 by rpki-client