Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/SsNmEumrZoLnkUxPH11EPrhNmyk.roa
File: SsNmEumrZoLnkUxPH11EPrhNmyk.roa (raw, json)
Hash identifier: 0HSYGP/bwpx8ANNjYNZbYCnBbaPMMqoPY47xOsCKXpw=
Subject key identifier: 4A:C3:66:12:E9:AB:66:82:E7:91:4C:4F:1F:5D:44:3E:B8:4D:9B:29
Certificate issuer: /CN=8f7b496ea7cf763d058308371e1bf67e53bc7ba3
Certificate serial: 019425FDB3931EE9BBE563B99DFD73FE314B
Authority key identifier: 8F:7B:49:6E:A7:CF:76:3D:05:83:08:37:1E:1B:F6:7E:53:BC:7B:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/SsNmEumrZoLnkUxPH11EPrhNmyk.roa
Signing time: Thu 02 Jan 2025 07:49:31 +0000
ROA not before: Thu 02 Jan 2025 07:49:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205961
IP address blocks: 185.200.20.0/24 maxlen: 24
185.200.21.0/24 maxlen: 24
185.200.22.0/24 maxlen: 24
185.200.23.0/24 maxlen: 24
2a0b:24c1::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.crl
rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.mft
rsync://rpki.ripe.net/repository/DEFAULT/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 04:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:b3:93:1e:e9:bb:e5:63:b9:9d:fd:73:fe:31:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f7b496ea7cf763d058308371e1bf67e53bc7ba3
Validity
Not Before: Jan 2 07:49:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4ac36612e9ab6682e7914c4f1f5d443eb84d9b29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:0c:13:2d:37:0d:ab:26:eb:b5:39:bb:35:42:
3a:68:cf:05:49:87:68:b3:a0:cc:2e:1f:23:10:a6:
aa:71:37:74:76:ef:56:9d:49:e1:24:d5:a5:06:b7:
22:89:84:0c:9c:fa:7f:89:c7:85:47:0d:58:d7:13:
a2:a2:5a:15:37:5f:a4:f9:49:65:fe:4f:b6:40:ff:
35:e4:ea:65:aa:17:c5:fc:cd:3c:58:e5:11:92:56:
3e:86:ca:b3:35:cc:04:80:f7:14:8e:77:0f:3c:65:
3d:ac:d6:86:e7:2d:1d:0e:d3:4d:8b:ab:44:a7:77:
7c:dc:1d:22:20:79:dc:81:92:ef:e7:09:30:a4:81:
4a:3d:93:d5:f2:81:14:46:76:42:cc:ed:41:55:67:
50:7a:f6:bf:0a:01:a5:7b:6f:28:f8:34:be:3d:78:
24:f9:c4:bc:63:e5:1a:3f:5c:f0:e6:1a:6f:0a:1e:
13:0b:b6:da:20:a4:35:ae:a9:2e:87:3d:49:4e:26:
51:ed:a8:82:2c:07:5f:37:ed:1c:a0:31:b9:28:24:
0e:c6:8e:33:00:00:23:54:95:fa:c6:a7:7d:57:85:
96:cb:bc:34:1f:75:ac:7c:c9:c2:31:56:8c:59:17:
e3:2c:d7:0b:76:72:52:e7:6d:ba:3a:6b:18:02:66:
f1:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:C3:66:12:E9:AB:66:82:E7:91:4C:4F:1F:5D:44:3E:B8:4D:9B:29
X509v3 Authority Key Identifier:
keyid:8F:7B:49:6E:A7:CF:76:3D:05:83:08:37:1E:1B:F6:7E:53:BC:7B:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/SsNmEumrZoLnkUxPH11EPrhNmyk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9efd94-0516-4e66-98d5-251b019d51a8/1/j3tJbqfPdj0Fgwg3Hhv2flO8e6M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.200.20.0/22
IPv6:
2a0b:24c1::/33
Signature Algorithm: sha256WithRSAEncryption
99:f1:24:3f:3e:14:f4:23:c4:72:c7:1c:e9:a2:10:0e:3d:57:
28:5b:39:d8:8c:0e:07:f9:f0:3a:10:08:84:3b:0d:aa:cf:4e:
a4:db:0b:9d:96:56:9b:c2:d4:aa:c3:48:35:06:02:1d:1d:2f:
1d:97:76:94:df:45:1c:98:6e:d0:52:5e:86:e0:c9:2a:16:31:
6e:d6:a5:cd:0f:aa:79:77:19:c5:27:89:ed:f6:a0:fd:c4:fe:
f1:df:58:6b:37:63:26:5c:b1:70:53:ac:32:71:41:b4:55:ce:
04:cc:ec:40:39:e1:d5:41:c0:08:ff:37:14:1c:13:3a:5f:fb:
b9:d1:d1:64:3d:c1:04:bb:ef:29:86:9c:4d:0c:92:97:91:06:
a6:63:fc:bc:9f:2d:57:cf:d5:c4:15:8a:4d:48:52:a5:ce:00:
b7:16:91:3d:bc:4c:97:5e:d3:d6:09:29:65:58:41:b7:6e:65:
f1:6a:02:4f:8b:d7:ea:b5:e3:80:3d:41:8d:4a:91:29:41:f4:
c5:ea:be:93:a8:9b:3c:5f:12:2b:39:ee:1b:b1:e1:ad:5a:9b:
54:6b:79:96:fb:a4:43:5c:94:22:a4:ce:a8:91:8e:3b:4b:5c:
0d:44:25:2d:d6:6d:17:44:06:ff:ff:26:d2:eb:d0:b4:78:31:
66:ff:83:d8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQl/bOTHum75WO5nf1z/jFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmN2I0OTZlYTdjZjc2M2QwNTgzMDgzNzFlMWJmNjdlNTNi
YzdiYTMwHhcNMjUwMTAyMDc0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWMzNjYxMmU5YWI2NjgyZTc5MTRjNGYxZjVkNDQzZWI4NGQ5YjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9QwTLTcNqybrtTm7NUI6aM8FSYdo
s6DMLh8jEKaqcTd0du9WnUnhJNWlBrciiYQMnPp/iceFRw1Y1xOioloVN1+k+Ull
/k+2QP815OplqhfF/M08WOURklY+hsqzNcwEgPcUjncPPGU9rNaG5y0dDtNNi6tE
p3d83B0iIHncgZLv5wkwpIFKPZPV8oEURnZCzO1BVWdQeva/CgGle28o+DS+PXgk
+cS8Y+UaP1zw5hpvCh4TC7baIKQ1rqkuhz1JTiZR7aiCLAdfN+0coDG5KCQOxo4z
AAAjVJX6xqd9V4WWy7w0H3WsfMnCMVaMWRfjLNcLdnJS5226OmsYAmbxqQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFErDZhLpq2aC55FMTx9dRD64TZspMB8GA1UdIwQY
MBaAFI97SW6nz3Y9BYMINx4b9n5TvHujMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajN0SmJxZlBkajBGZ3dnM0hodjJmbE84ZTZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZWZkOTQtMDUxNi00ZTY2LTk4ZDUt
MjUxYjAxOWQ1MWE4LzEvU3NObUV1bXJab0xua1V4UEgxMUVQcmhObXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZWZkOTQtMDUxNi00ZTY2LTk4ZDUtMjUxYjAxOWQ1MWE4
LzEvajN0SmJxZlBkajBGZ3dnM0hodjJmbE84ZTZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCucgUMA4E
AgACMAgDBgcqCyTBADANBgkqhkiG9w0BAQsFAAOCAQEAmfEkPz4U9CPEcscc6aIQ
Dj1XKFs52IwOB/nwOhAIhDsNqs9OpNsLnZZWm8LUqsNINQYCHR0vHZd2lN9FHJhu
0FJehuDJKhYxbtalzQ+qeXcZxSeJ7fag/cT+8d9YazdjJlyxcFOsMnFBtFXOBMzs
QDnh1UHACP83FBwTOl/7udHRZD3BBLvvKYacTQySl5EGpmP8vJ8tV8/VxBWKTUhS
pc4AtxaRPbxMl17T1gkpZVhBt25l8WoCT4vX6rXjgD1BjUqRKUH0xeq+k6ibPF8S
KznuG7HhrVqbVGt5lvukQ1yUIqTOqJGOO0tcDUQlLdZtF0QG//8m0uvQtHgxZv+D
2A==
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:41:32 2025 by rpki-client