Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/db63b5-1f96-4f00-865a-9ff5c1a3b0e0/1/TX8cnXXbIgaO3aE68x88MMtMTTI.roa
File: TX8cnXXbIgaO3aE68x88MMtMTTI.roa (raw, json)
Hash identifier: FeZgp0BLqJdm0jiS+/GIZyqTIXPtIBPoCgnCgn78SEQ=
Subject key identifier: 4D:7F:1C:9D:75:DB:22:06:8E:DD:A1:3A:F3:1F:3C:30:CB:4C:4D:32
Certificate issuer: /CN=c5ba51c07148843d400805b40335e72d324265f1
Certificate serial: 0194228DCE9BABE659C28FD2ECB38A5F81E1
Authority key identifier: C5:BA:51:C0:71:48:84:3D:40:08:05:B4:03:35:E7:2D:32:42:65:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xbpRwHFIhD1ACAW0AzXnLTJCZfE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/db63b5-1f96-4f00-865a-9ff5c1a3b0e0/1/TX8cnXXbIgaO3aE68x88MMtMTTI.roa
Signing time: Wed 01 Jan 2025 15:48:26 +0000
ROA not before: Wed 01 Jan 2025 15:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199987
IP address blocks: 185.40.35.0/24 maxlen: 24
2a01:4ba0::/29 maxlen: 29
2a01:4ba0::/48 maxlen: 48
2a01:4ba0:1::/48 maxlen: 48
2a01:4ba0:2::/48 maxlen: 48
2a01:4ba0:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7e/db63b5-1f96-4f00-865a-9ff5c1a3b0e0/1/xbpRwHFIhD1ACAW0AzXnLTJCZfE.crl
rsync://rpki.ripe.net/repository/DEFAULT/7e/db63b5-1f96-4f00-865a-9ff5c1a3b0e0/1/xbpRwHFIhD1ACAW0AzXnLTJCZfE.mft
rsync://rpki.ripe.net/repository/DEFAULT/xbpRwHFIhD1ACAW0AzXnLTJCZfE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:ce:9b:ab:e6:59:c2:8f:d2:ec:b3:8a:5f:81:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c5ba51c07148843d400805b40335e72d324265f1
Validity
Not Before: Jan 1 15:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4d7f1c9d75db22068edda13af31f3c30cb4c4d32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:5c:57:95:af:8c:54:3e:91:a8:9a:09:c8:fd:
df:64:27:4c:4b:ee:58:5d:60:e6:69:d6:d1:55:fc:
43:40:93:97:77:8f:90:49:ca:b2:2f:fa:db:03:6a:
60:95:61:45:89:b9:8b:a5:e5:54:9f:b6:ec:20:ec:
27:1e:23:23:b4:28:58:aa:4e:7d:5d:bf:ed:a1:22:
c5:0a:df:8b:79:72:4d:ea:66:7b:08:12:8a:05:ff:
0a:ac:49:ab:c3:46:e4:64:a0:0c:ec:1e:73:ed:bd:
79:c7:2e:95:0c:0e:a6:31:a6:58:32:85:37:67:dd:
7b:96:cb:a9:0a:2c:d1:3a:36:d8:53:fb:4e:a6:ee:
0a:60:ce:8b:1c:a4:49:e1:44:ec:6a:ae:e9:a3:ad:
ad:7b:73:d4:05:85:29:f5:6c:d4:d9:a9:d2:19:bb:
0e:3a:4a:f4:f0:9b:0a:81:ce:fb:6d:dd:5c:c7:17:
cd:60:3e:b8:99:d5:82:81:7b:f2:01:d1:08:25:45:
f9:50:0b:19:a7:9a:c8:d9:24:1f:c6:07:a3:1e:df:
1f:d4:f2:ac:d3:93:5e:52:b2:96:7b:80:13:ca:70:
f2:6a:a6:15:aa:9a:a3:39:10:40:5f:2f:bf:2d:c4:
8d:9b:3f:0c:0a:fb:01:0a:50:17:16:20:43:fc:86:
9b:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:7F:1C:9D:75:DB:22:06:8E:DD:A1:3A:F3:1F:3C:30:CB:4C:4D:32
X509v3 Authority Key Identifier:
keyid:C5:BA:51:C0:71:48:84:3D:40:08:05:B4:03:35:E7:2D:32:42:65:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xbpRwHFIhD1ACAW0AzXnLTJCZfE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/db63b5-1f96-4f00-865a-9ff5c1a3b0e0/1/TX8cnXXbIgaO3aE68x88MMtMTTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/db63b5-1f96-4f00-865a-9ff5c1a3b0e0/1/xbpRwHFIhD1ACAW0AzXnLTJCZfE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.40.35.0/24
IPv6:
2a01:4ba0::/29
Signature Algorithm: sha256WithRSAEncryption
08:03:e2:68:13:4e:d1:95:79:8e:05:05:a8:09:34:9d:3e:31:
e6:4f:a4:c3:87:b2:dc:73:73:6c:2f:69:d9:78:26:02:85:9c:
e5:ad:fc:9a:9d:e1:2e:13:0f:f6:89:72:18:16:8d:ea:38:a0:
50:58:47:9b:29:52:6e:e4:02:c3:3e:10:60:24:b4:85:17:7e:
60:9a:59:e2:e7:e3:32:4d:24:65:d6:24:bc:ea:a7:1c:2d:ba:
4b:a0:7c:7d:0e:8f:c5:fc:a8:be:ad:ca:33:e1:29:98:6e:7b:
73:82:d3:f3:c8:f3:26:2f:9a:7a:d7:1e:89:e0:3c:7f:c6:e7:
2b:fe:6e:ee:7d:22:2c:c8:ff:e8:c7:e7:ed:a0:46:42:a5:3d:
b1:87:c5:9d:0a:4f:92:18:92:c8:1e:48:23:73:20:24:12:32:
52:f1:b9:96:82:bf:b0:73:4e:40:b4:85:fa:57:af:aa:fa:eb:
fa:7b:b9:13:56:2f:25:d0:88:bd:13:f9:f8:3f:cb:c5:cb:08:
ab:3f:07:77:15:e2:30:6c:e7:45:29:26:01:44:7d:e2:56:bc:
a9:94:44:e3:61:5f:5e:45:2e:0c:ff:4c:0b:c3:82:97:22:f3:
38:02:f0:e6:24:0b:54:50:0f:39:47:02:67:d7:f3:1d:44:61:
c0:7d:ad:49
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijc6bq+ZZwo/S7LOKX4HhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YmE1MWMwNzE0ODg0M2Q0MDA4MDViNDAzMzVlNzJkMzI0
MjY1ZjEwHhcNMjUwMTAxMTU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDdmMWM5ZDc1ZGIyMjA2OGVkZGExM2FmMzFmM2MzMGNiNGM0ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulxXla+MVD6RqJoJyP3fZCdMS+5Y
XWDmadbRVfxDQJOXd4+QScqyL/rbA2pglWFFibmLpeVUn7bsIOwnHiMjtChYqk59
Xb/toSLFCt+LeXJN6mZ7CBKKBf8KrEmrw0bkZKAM7B5z7b15xy6VDA6mMaZYMoU3
Z917lsupCizROjbYU/tOpu4KYM6LHKRJ4UTsaq7po62te3PUBYUp9WzU2anSGbsO
Okr08JsKgc77bd1cxxfNYD64mdWCgXvyAdEIJUX5UAsZp5rI2SQfxgejHt8f1PKs
05NeUrKWe4ATynDyaqYVqpqjORBAXy+/LcSNmz8MCvsBClAXFiBD/IabRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE1/HJ112yIGjt2hOvMfPDDLTE0yMB8GA1UdIwQY
MBaAFMW6UcBxSIQ9QAgFtAM15y0yQmXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGJwUndIRkloRDFBQ0FXMEF6WG5MVEpDWmZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kYjYzYjUtMWY5Ni00ZjAwLTg2NWEt
OWZmNWMxYTNiMGUwLzEvVFg4Y25YWGJJZ2FPM2FFNjh4ODhNTXRNVFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kYjYzYjUtMWY5Ni00ZjAwLTg2NWEtOWZmNWMxYTNiMGUw
LzEveGJwUndIRkloRDFBQ0FXMEF6WG5MVEpDWmZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSgjMA0E
AgACMAcDBQMqAUugMA0GCSqGSIb3DQEBCwUAA4IBAQAIA+JoE07RlXmOBQWoCTSd
PjHmT6TDh7Lcc3NsL2nZeCYChZzlrfyaneEuEw/2iXIYFo3qOKBQWEebKVJu5ALD
PhBgJLSFF35gmlni5+MyTSRl1iS86qccLbpLoHx9Do/F/Ki+rcoz4SmYbntzgtPz
yPMmL5p61x6J4Dx/xucr/m7ufSIsyP/ox+ftoEZCpT2xh8WdCk+SGJLIHkgjcyAk
EjJS8bmWgr+wc05AtIX6V6+q+uv6e7kTVi8l0Ii9E/n4P8vFywirPwd3FeIwbOdF
KSYBRH3iVryplETjYV9eRS4M/0wLw4KXIvM4AvDmJAtUUA85RwJn1/MdRGHAfa1J
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:43:08 2025 by rpki-client