Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/xWvxYFAZyAYuQbuw5LcBYmpTVhE.roa
File: xWvxYFAZyAYuQbuw5LcBYmpTVhE.roa (raw, json)
Hash identifier: jF6nMrItYL3p1nixedbqVRkj6MMqr/ktH4rh4D+Amos=
Subject key identifier: C5:6B:F1:60:50:19:C8:06:2E:41:BB:B0:E4:B7:01:62:6A:53:56:11
Certificate issuer: /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial: 0194221F6D599DF8415D62033CB53F608E67
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/xWvxYFAZyAYuQbuw5LcBYmpTVhE.roa
Signing time: Wed 01 Jan 2025 13:47:52 +0000
ROA not before: Wed 01 Jan 2025 13:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 52035
IP address blocks: 158.41.24.0/21 maxlen: 24
2a0e:ce40::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 16:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:6d:59:9d:f8:41:5d:62:03:3c:b5:3f:60:8e:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=18101772248996b87d90840c2d27d62549458173
Validity
Not Before: Jan 1 13:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c56bf1605019c8062e41bbb0e4b701626a535611
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d2:c3:a7:ab:94:40:61:ea:23:c4:18:be:da:
ce:77:eb:99:44:4c:72:7e:14:12:71:27:93:11:31:
e0:ce:5e:d6:25:e4:0a:b5:d3:76:2e:55:c5:74:1d:
8a:bf:f1:1d:30:bf:70:ab:8a:11:58:a8:f4:fb:0f:
9b:46:51:b8:ce:aa:73:82:d7:01:a3:e8:a7:00:35:
ea:24:bd:e1:c8:a1:73:aa:bb:81:34:fe:dc:ad:2a:
d0:4d:3a:ec:b0:3a:a1:f8:db:32:1a:3f:2c:22:ae:
15:50:34:f5:84:a3:9f:81:55:f4:10:f7:0b:84:d0:
ff:d8:29:cb:0b:f8:fd:87:72:c7:d6:34:f6:a6:0e:
6b:7b:c0:d6:34:a9:9c:b7:41:bd:86:a1:94:1e:be:
67:6d:ed:8d:c2:f1:92:80:69:6b:5a:da:0c:d5:6c:
ce:cb:64:ff:12:b5:fd:10:97:ed:77:41:57:f7:63:
fd:c0:7f:f3:f2:a8:6c:92:c2:c0:de:d8:b8:9b:68:
49:2d:d5:2b:b9:f2:53:66:93:17:55:9d:56:e4:ac:
37:67:46:d3:af:15:be:f4:fc:91:d6:22:67:bc:b1:
43:9d:97:c9:b3:60:5d:0b:17:c9:d1:bd:21:da:09:
2e:f7:e0:84:9f:6a:22:04:22:1c:81:3c:bb:a3:af:
b4:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:6B:F1:60:50:19:C8:06:2E:41:BB:B0:E4:B7:01:62:6A:53:56:11
X509v3 Authority Key Identifier:
keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/xWvxYFAZyAYuQbuw5LcBYmpTVhE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.41.24.0/21
IPv6:
2a0e:ce40::/29
Signature Algorithm: sha256WithRSAEncryption
66:0b:94:cf:93:aa:56:a8:3a:c3:19:d6:d8:bf:5d:25:94:e9:
bb:c0:a2:de:e9:d5:94:cb:21:5c:31:ca:43:08:b4:54:3a:e9:
5e:4d:51:1e:4b:73:dc:1e:0d:ad:a7:a0:84:96:9a:11:df:17:
5b:73:dc:31:a2:1b:1e:2e:18:f9:77:2f:89:25:d1:c0:ce:e7:
92:58:f0:a3:d8:d3:63:ba:7b:8d:4c:39:06:ed:c4:ac:28:75:
6d:d0:22:4f:a2:de:47:c2:52:81:0a:fe:26:c6:f2:aa:dc:3f:
bc:53:ed:d3:7f:ef:a8:2c:6e:4d:fd:30:48:5e:00:08:83:09:
44:dc:59:1f:c0:e4:74:bf:8a:93:e9:55:54:bc:74:3d:d0:73:
89:70:d4:bc:d0:6c:05:fb:4a:6b:77:ef:5b:d7:a6:f0:3d:1f:
93:c3:fb:43:e4:69:ac:fc:4c:e5:45:52:e8:c2:2b:6a:c5:ed:
11:dd:38:51:69:7b:91:d4:59:16:f9:9f:a1:a5:ca:cd:bd:cd:
8a:95:22:21:76:d5:96:f7:9e:dc:25:5c:f9:12:a5:f7:af:34:
47:f9:06:16:46:92:72:02:ee:17:0f:89:c6:46:3d:92:22:fd:
6d:34:ae:8f:df:b3:4e:d7:e0:61:35:e4:84:bf:6f:d5:47:ea:
9e:38:d2:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH21ZnfhBXWIDPLU/YI5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwMTAxMTM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTZiZjE2MDUwMTljODA2MmU0MWJiYjBlNGI3MDE2MjZhNTM1NjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotLDp6uUQGHqI8QYvtrOd+uZRExy
fhQScSeTETHgzl7WJeQKtdN2LlXFdB2Kv/EdML9wq4oRWKj0+w+bRlG4zqpzgtcB
o+inADXqJL3hyKFzqruBNP7crSrQTTrssDqh+NsyGj8sIq4VUDT1hKOfgVX0EPcL
hND/2CnLC/j9h3LH1jT2pg5re8DWNKmct0G9hqGUHr5nbe2NwvGSgGlrWtoM1WzO
y2T/ErX9EJftd0FX92P9wH/z8qhsksLA3ti4m2hJLdUrufJTZpMXVZ1W5Kw3Z0bT
rxW+9PyR1iJnvLFDnZfJs2BdCxfJ0b0h2gku9+CEn2oiBCIcgTy7o6+0TwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMVr8WBQGcgGLkG7sOS3AWJqU1YRMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEveFd2eFlGQVp5QVl1UWJ1dzVMY0JZbXBUVmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDnikYMA0E
AgACMAcDBQMqDs5AMA0GCSqGSIb3DQEBCwUAA4IBAQBmC5TPk6pWqDrDGdbYv10l
lOm7wKLe6dWUyyFcMcpDCLRUOuleTVEeS3PcHg2tp6CElpoR3xdbc9wxohseLhj5
dy+JJdHAzueSWPCj2NNjunuNTDkG7cSsKHVt0CJPot5HwlKBCv4mxvKq3D+8U+3T
f++oLG5N/TBIXgAIgwlE3FkfwOR0v4qT6VVUvHQ90HOJcNS80GwF+0prd+9b16bw
PR+Tw/tD5Gms/EzlRVLowitqxe0R3ThRaXuR1FkW+Z+hpcrNvc2KlSIhdtWW957c
JVz5EqX3rzRH+QYWRpJyAu4XD4nGRj2SIv1tNK6P37NO1+BhNeSEv2/VR+qeONIb
-----END CERTIFICATE-----
Generated at Mon Apr 7 00:11:45 2025 by rpki-client