Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/sjGNR44IPNB6YOE5kbYUMAmAQ2c.roa
File: sjGNR44IPNB6YOE5kbYUMAmAQ2c.roa (raw, json)
Hash identifier: sEDrCkJksXTVWaboHfAfeMVVlrdjOtJNi3rs1KmLVVI=
Subject key identifier: B2:31:8D:47:8E:08:3C:D0:7A:60:E1:39:91:B6:14:30:09:80:43:67
Certificate issuer: /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial: 019424456C1BBA2E6BE7F4BE209C6B0D909E
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/sjGNR44IPNB6YOE5kbYUMAmAQ2c.roa
Signing time: Wed 01 Jan 2025 23:48:36 +0000
ROA not before: Wed 01 Jan 2025 23:48:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 147.136.64.0/22 maxlen: 22
147.136.70.0/24 maxlen: 24
168.199.141.0/24 maxlen: 24
168.199.159.0/24 maxlen: 24
168.199.209.0/24 maxlen: 24
168.199.225.0/24 maxlen: 24
185.101.253.0/24 maxlen: 24
185.101.254.0/24 maxlen: 24
192.95.85.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 11:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:6c:1b:ba:2e:6b:e7:f4:be:20:9c:6b:0d:90:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
Validity
Not Before: Jan 1 23:48:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b2318d478e083cd07a60e13991b6143009804367
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:07:d0:df:a5:78:bb:52:72:e8:b3:86:a6:e4:
ac:f8:67:b2:98:7f:24:23:56:63:62:93:46:e8:49:
e6:fe:2a:08:84:9a:b7:b6:51:a1:24:8c:fe:a7:31:
4f:f2:10:9a:2c:aa:8c:35:81:cc:87:03:0b:86:61:
9c:42:ae:86:8a:04:d7:6d:4f:2f:fa:71:21:79:c8:
2b:75:09:63:7b:8e:7b:5b:ac:82:d8:aa:56:7b:be:
42:75:5e:42:1f:ae:1f:a2:36:6e:2f:5e:4b:49:31:
72:2c:21:95:ac:38:b3:fa:a7:b8:27:cb:ef:40:97:
4f:67:b2:ab:75:1a:a8:b4:51:a9:b7:c7:0f:55:e0:
bd:a8:19:a3:77:c9:0c:64:64:45:76:30:86:5b:7b:
98:ba:e3:ed:04:87:24:80:2d:e8:e3:88:51:b1:52:
f2:85:d2:68:d4:86:c8:65:cd:b8:a3:2f:f7:5d:b7:
02:ef:89:a2:4f:c3:60:f9:32:2a:a2:1a:b2:d1:f3:
60:59:cb:c9:d2:96:65:80:6b:e7:b0:e0:ee:40:ca:
3a:ce:13:b7:22:cb:7d:0c:e7:e7:87:a4:b8:88:3c:
e5:4d:dd:81:13:ac:dc:47:63:ef:df:62:52:a4:95:
82:ef:ae:ba:b9:38:75:2d:5d:c0:39:3a:fd:e2:fd:
31:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:31:8D:47:8E:08:3C:D0:7A:60:E1:39:91:B6:14:30:09:80:43:67
X509v3 Authority Key Identifier:
keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/sjGNR44IPNB6YOE5kbYUMAmAQ2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.136.64.0/22
147.136.70.0/24
168.199.141.0/24
168.199.159.0/24
168.199.209.0/24
168.199.225.0/24
185.101.253.0-185.101.254.255
192.95.85.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:b7:17:f0:84:cf:3a:10:4e:65:b2:cc:f0:15:42:5d:5f:30:
40:21:c8:eb:9c:83:d0:1a:c2:6c:c0:48:3d:c7:b3:0a:fe:34:
d9:92:19:ce:ae:9f:65:a6:29:20:fe:f5:e0:9f:4a:50:ae:9d:
fa:1d:ce:2e:12:d6:83:48:62:e4:97:29:1d:7c:bb:72:65:99:
1e:ff:d2:c8:ad:9f:6a:b5:d2:9b:38:49:23:21:2e:28:37:84:
f6:8f:6d:05:11:cd:b7:a9:05:a1:49:6b:fb:11:66:82:09:d2:
b1:35:ae:cd:3e:5f:fe:52:97:fd:40:ae:e6:13:50:03:2d:46:
dd:a4:e1:48:1f:e1:8e:32:a9:a6:c9:c5:31:04:d3:d2:fb:15:
f1:72:03:8a:49:af:61:e4:d0:51:93:5c:31:1c:15:2b:56:30:
ef:b2:ef:55:30:c2:b2:d7:bc:71:ed:85:1a:af:23:f3:a7:1e:
19:87:4c:22:22:16:53:f6:c0:e0:f5:6c:4d:25:da:f7:9b:66:
13:50:1a:fa:44:2b:6a:e4:01:ad:30:9d:ac:99:e1:24:53:e6:
24:f3:82:42:54:9a:d7:84:2f:56:02:55:33:a6:da:ea:ab:02:
df:4d:59:2e:b2:57:0d:53:6f:0a:9e:ae:71:5b:9e:ec:d6:ff:
68:36:5d:ed
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQkRWwbui5r5/S+IJxrDZCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjMxOGQ0NzhlMDgzY2QwN2E2MGUxMzk5MWI2MTQzMDA5ODA0MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAfQ36V4u1Jy6LOGpuSs+GeymH8k
I1ZjYpNG6Enm/ioIhJq3tlGhJIz+pzFP8hCaLKqMNYHMhwMLhmGcQq6GigTXbU8v
+nEhecgrdQlje457W6yC2KpWe75CdV5CH64fojZuL15LSTFyLCGVrDiz+qe4J8vv
QJdPZ7KrdRqotFGpt8cPVeC9qBmjd8kMZGRFdjCGW3uYuuPtBIckgC3o44hRsVLy
hdJo1IbIZc24oy/3XbcC74miT8Ng+TIqohqy0fNgWcvJ0pZlgGvnsODuQMo6zhO3
Ist9DOfnh6S4iDzlTd2BE6zcR2Pv32JSpJWC7666uTh1LV3AOTr94v0xPQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFLIxjUeOCDzQemDhOZG2FDAJgENnMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvc2pHTlI0NElQTkI2WU9FNWtiWVVNQW1BUTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCk4hAAwQA
k4hGAwQAqMeNAwQAqMefAwQAqMfRAwQAqMfhMAwDBAC5Zf0DBAC5Zf4DBADAX1Uw
DQYJKoZIhvcNAQELBQADggEBAKy3F/CEzzoQTmWyzPAVQl1fMEAhyOucg9AawmzA
SD3Hswr+NNmSGc6un2WmKSD+9eCfSlCunfodzi4S1oNIYuSXKR18u3JlmR7/0sit
n2q10ps4SSMhLig3hPaPbQURzbepBaFJa/sRZoIJ0rE1rs0+X/5Sl/1AruYTUAMt
Rt2k4Ugf4Y4yqabJxTEE09L7FfFyA4pJr2Hk0FGTXDEcFStWMO+y71UwwrLXvHHt
hRqvI/OnHhmHTCIiFlP2wOD1bE0l2vebZhNQGvpEK2rkAa0wnayZ4SRT5iTzgkJU
mteEL1YCVTOm2uqrAt9NWS6yVw1TbwqernFbnuzW/2g2Xe0=
-----END CERTIFICATE-----
Generated at Wed Feb 5 18:54:53 2025 by rpki-client