Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/dmn9WWC1cOw8-syFOH8rVvRUYcM.roa
File: dmn9WWC1cOw8-syFOH8rVvRUYcM.roa (raw, json)
Hash identifier: yTiBT+PxdCbTZTX/xwUlIfZpsEgNm89xZp8RsHoNwSE=
Subject key identifier: 76:69:FD:59:60:B5:70:EC:3C:FA:CC:85:38:7F:2B:56:F4:54:61:C3
Certificate issuer: /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial: 019424456F999384D43EED8405DBB5D6C88A
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/dmn9WWC1cOw8-syFOH8rVvRUYcM.roa
Signing time: Wed 01 Jan 2025 23:48:37 +0000
ROA not before: Wed 01 Jan 2025 23:48:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61161
IP address blocks: 185.17.72.0/22 maxlen: 24
185.100.56.0/22 maxlen: 24
2a04:600::/29 maxlen: 48
2a0d:3200::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 11:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:6f:99:93:84:d4:3e:ed:84:05:db:b5:d6:c8:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
Validity
Not Before: Jan 1 23:48:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7669fd5960b570ec3cfacc85387f2b56f45461c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:6a:cb:e5:7a:e3:b4:20:c1:25:b3:20:24:44:
ed:32:53:6f:d0:16:ed:85:a3:47:0a:6d:5b:48:94:
f5:0a:06:8b:f7:4a:0b:9f:0b:ae:74:fe:6e:8c:07:
5f:7b:f1:45:1d:5e:b9:f8:ec:0d:c3:87:e9:85:8c:
e9:64:ef:f1:c5:7e:8b:69:8e:d4:e8:16:24:aa:70:
32:eb:33:a7:d0:25:0d:3e:02:40:68:9d:ca:7b:95:
85:40:50:81:a6:c4:e2:25:94:7f:74:2d:53:be:ec:
2c:d4:fa:44:ac:be:0f:7b:3c:b9:d2:89:bd:59:d1:
11:9f:32:99:b4:c5:fa:3e:e9:57:8e:58:bc:0e:ef:
0a:b1:26:69:a6:48:40:f2:b0:f1:2b:44:9c:cb:86:
d4:d1:c5:30:86:8c:50:0d:12:49:b6:f2:5e:b6:c3:
57:0b:8a:8a:e6:ad:e3:57:ea:64:a6:4c:8c:53:01:
24:7e:50:da:c2:cd:4f:e6:3d:0a:e1:07:f9:c2:92:
c1:2f:16:84:fa:9b:9e:7a:b3:5f:6a:be:40:8b:cd:
03:7c:2b:97:ee:88:c2:48:cd:c0:34:db:ee:6b:cd:
97:3d:4e:3d:99:2d:fe:a3:a3:82:ea:fb:46:e7:fc:
0d:a2:67:ec:b6:ca:e2:6d:68:aa:72:8e:ee:41:42:
0d:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:69:FD:59:60:B5:70:EC:3C:FA:CC:85:38:7F:2B:56:F4:54:61:C3
X509v3 Authority Key Identifier:
keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/dmn9WWC1cOw8-syFOH8rVvRUYcM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.17.72.0/22
185.100.56.0/22
IPv6:
2a04:600::/29
2a0d:3200::/29
Signature Algorithm: sha256WithRSAEncryption
4e:57:4e:97:b9:28:b9:5f:ac:b8:c3:18:12:22:ed:c3:2b:58:
fe:1a:01:21:df:8d:12:11:e5:d6:a8:11:24:c0:db:4f:92:82:
46:77:8b:d5:39:0b:b2:21:88:ce:83:7c:b6:65:a8:19:e3:04:
4a:f7:b1:d3:7d:1f:05:b8:97:44:34:73:69:88:41:29:7e:fc:
f1:68:3b:e4:b5:03:df:fc:10:d7:fb:e3:7e:f4:eb:e3:f7:49:
bf:ff:ca:e5:f7:3d:a8:67:ee:60:5b:d1:13:ae:a6:10:8b:d9:
6c:2e:5e:52:98:f5:c9:1f:5a:30:2d:4b:49:0a:fd:e7:6e:02:
c2:d3:8e:df:b4:d5:97:11:aa:aa:cb:13:b7:8a:c4:d1:32:1c:
95:ce:1b:f8:16:f3:61:7c:5a:9b:bc:d4:fe:05:f3:aa:1f:67:
1b:5a:81:ec:c3:d6:11:3f:c6:06:6d:df:1f:e9:3d:d2:58:93:
a4:d5:d2:25:ff:1c:6c:93:5c:4e:53:eb:3b:7d:8d:09:fc:86:
1f:eb:ab:4b:fb:db:63:dc:fb:db:dc:11:b9:2b:5c:a5:0d:17:
a3:e1:af:e0:02:eb:c1:f2:b0:96:ff:72:89:8b:a4:c0:b1:0f:
28:fc:a4:29:0d:7e:94:9f:1e:48:e7:29:52:52:f3:e7:4f:d0:
e1:23:7c:70
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQkRW+Zk4TUPu2EBdu11siKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjY5ZmQ1OTYwYjU3MGVjM2NmYWNjODUzODdmMmI1NmY0NTQ2MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWrL5XrjtCDBJbMgJETtMlNv0Bbt
haNHCm1bSJT1CgaL90oLnwuudP5ujAdfe/FFHV65+OwNw4fphYzpZO/xxX6LaY7U
6BYkqnAy6zOn0CUNPgJAaJ3Ke5WFQFCBpsTiJZR/dC1Tvuws1PpErL4Pezy50om9
WdERnzKZtMX6PulXjli8Du8KsSZppkhA8rDxK0Scy4bU0cUwhoxQDRJJtvJetsNX
C4qK5q3jV+pkpkyMUwEkflDaws1P5j0K4Qf5wpLBLxaE+pueerNfar5Ai80DfCuX
7ojCSM3ANNvua82XPU49mS3+o6OC6vtG5/wNomfstsribWiqco7uQUINvQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHZp/VlgtXDsPPrMhTh/K1b0VGHDMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvZG1uOVdXQzFjT3c4LXN5Rk9IOHJWdlJVWWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuRFIAwQC
uWQ4MBQEAgACMA4DBQMqBAYAAwUDKg0yADANBgkqhkiG9w0BAQsFAAOCAQEATldO
l7kouV+suMMYEiLtwytY/hoBId+NEhHl1qgRJMDbT5KCRneL1TkLsiGIzoN8tmWo
GeMESvex030fBbiXRDRzaYhBKX788Wg75LUD3/wQ1/vjfvTr4/dJv//K5fc9qGfu
YFvRE66mEIvZbC5eUpj1yR9aMC1LSQr9524CwtOO37TVlxGqqssTt4rE0TIclc4b
+BbzYXxam7zU/gXzqh9nG1qB7MPWET/GBm3fH+k90liTpNXSJf8cbJNcTlPrO32N
CfyGH+urS/vbY9z729wRuStcpQ0Xo+Gv4ALrwfKwlv9yiYukwLEPKPykKQ1+lJ8e
SOcpUlLz50/Q4SN8cA==
-----END CERTIFICATE-----
Generated at Wed Feb 5 19:12:07 2025 by rpki-client