Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/I1sRKyvYdSWFdpxY3K3hgfpLh8c.roa
File: I1sRKyvYdSWFdpxY3K3hgfpLh8c.roa (raw, json)
Hash identifier: EW9DVDBND5j7A8L4kBfb9CEdZ+sujph27uho+pUx/m0=
Subject key identifier: 23:5B:11:2B:2B:D8:75:25:85:76:9C:58:DC:AD:E1:81:FA:4B:87:C7
Certificate issuer: /CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Certificate serial: 0194244564EC64CE80CFB76647321C6A812F
Authority key identifier: 1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/I1sRKyvYdSWFdpxY3K3hgfpLh8c.roa
Signing time: Wed 01 Jan 2025 23:48:35 +0000
ROA not before: Wed 01 Jan 2025 23:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47692
IP address blocks: 5.132.157.0/24 maxlen: 24
5.132.159.0/24 maxlen: 24
5.132.160.0/24 maxlen: 24
5.132.191.0/24 maxlen: 24
2a03:3180:f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl
rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.mft
rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 05:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:64:ec:64:ce:80:cf:b7:66:47:32:1c:6a:81:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Validity
Not Before: Jan 1 23:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=235b112b2bd8752585769c58dcade181fa4b87c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ef:98:94:e4:70:f7:86:c2:6f:5a:aa:20:d0:
c2:fc:f4:9e:35:8e:1c:c6:04:c6:68:65:a9:05:d1:
c3:85:67:c4:e3:17:08:cb:10:df:5a:cf:88:d5:f3:
b5:81:8e:23:7c:d5:19:ae:ea:7d:a5:66:ae:f4:f3:
9f:30:be:0f:fc:6e:a9:12:d1:ea:3c:ce:c8:01:37:
2b:0d:22:a7:f4:26:ce:d2:a8:4b:08:b5:80:60:bf:
5b:92:8a:1f:b3:52:2e:81:ec:8e:46:f7:23:df:d0:
62:4b:58:d9:09:b6:2f:fc:f1:54:61:f8:e9:0c:06:
ab:87:66:69:06:84:72:25:89:33:7a:a8:7e:e5:ae:
91:a5:41:02:8f:ca:a9:4c:e0:99:17:d5:5f:5e:fa:
a4:88:e1:81:7f:c4:49:0c:9e:b0:8b:3f:87:a9:39:
10:2d:16:7f:51:9c:6e:30:8c:8e:a6:50:48:14:28:
8b:d3:b0:0b:7f:e7:91:ed:94:bc:81:f9:5c:bd:73:
9a:4a:b4:0d:4c:22:56:4f:25:2d:ab:c2:de:c7:37:
1b:4a:d8:d4:04:b5:88:99:d1:b1:4e:8c:d1:03:54:
32:a3:82:cb:c3:6f:43:42:40:69:2e:97:7a:3b:c8:
83:fb:a2:3f:06:d1:2f:53:ca:20:fe:71:af:f0:cf:
32:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:5B:11:2B:2B:D8:75:25:85:76:9C:58:DC:AD:E1:81:FA:4B:87:C7
X509v3 Authority Key Identifier:
keyid:1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/I1sRKyvYdSWFdpxY3K3hgfpLh8c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.132.157.0/24
5.132.159.0-5.132.160.255
5.132.191.0/24
IPv6:
2a03:3180:f::/48
Signature Algorithm: sha256WithRSAEncryption
52:c9:29:72:c1:04:59:ba:bb:32:e1:fd:ea:c2:15:73:f8:e9:
59:c4:fa:03:e1:ba:5c:d4:5d:8b:ec:07:c0:f6:d4:a7:58:33:
f4:12:88:b3:8b:6d:0d:3e:9f:f1:b1:67:27:7e:b8:e4:43:91:
e1:95:9a:07:c0:73:25:26:24:78:b6:2b:e6:63:91:e1:65:72:
92:fe:13:2c:20:c4:bf:dd:27:5a:0b:aa:0a:5c:d0:c8:6e:01:
4c:4c:61:b7:50:c6:b7:eb:2c:87:66:96:9b:4c:32:76:4c:0f:
a5:ca:3a:ef:32:17:c5:4a:43:5f:06:60:2a:eb:0c:35:c6:e4:
24:b9:33:69:64:e6:18:08:6b:0b:09:92:e6:bf:96:16:01:1d:
35:de:0d:e0:46:3c:77:db:62:88:92:2e:f9:47:ea:50:a1:2b:
2a:09:0b:c2:10:ef:e0:ad:4d:8e:6a:19:f8:92:c0:40:da:e1:
97:c9:44:b4:f6:57:81:4c:6d:3d:7d:fc:3c:a4:4f:05:3d:20:
4b:09:fe:76:4f:c9:10:c2:e6:28:0a:b9:60:60:26:ca:e1:52:
f8:25:12:42:75:c9:db:57:dd:fd:90:05:40:47:b2:12:38:05:
01:39:9a:c5:6d:71:8e:86:cd:2b:96:78:ac:ba:40:ab:a5:9f:
66:e0:98:c3
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZQkRWTsZM6Az7dmRzIcaoEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGEyMDIwYjgyZDAyOTRlOTBhMmQ2YjJjMGYyOGQxMTcz
YjY0NjUwHhcNMjUwMTAxMjM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzViMTEyYjJiZDg3NTI1ODU3NjljNThkY2FkZTE4MWZhNGI4N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu+YlORw94bCb1qqINDC/PSeNY4c
xgTGaGWpBdHDhWfE4xcIyxDfWs+I1fO1gY4jfNUZrup9pWau9POfML4P/G6pEtHq
PM7IATcrDSKn9CbO0qhLCLWAYL9bkoofs1IugeyORvcj39BiS1jZCbYv/PFUYfjp
DAarh2ZpBoRyJYkzeqh+5a6RpUECj8qpTOCZF9VfXvqkiOGBf8RJDJ6wiz+HqTkQ
LRZ/UZxuMIyOplBIFCiL07ALf+eR7ZS8gflcvXOaSrQNTCJWTyUtq8LexzcbStjU
BLWImdGxTozRA1Qyo4LLw29DQkBpLpd6O8iD+6I/BtEvU8og/nGv8M8ywwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFCNbESsr2HUlhXacWNyt4YH6S4fHMB8GA1UdIwQY
MBaAFB5KICC4LQKU6QotaywPKNEXO2RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQt
NTMwNDQwYzRmYTI5LzEvSTFzUkt5dllkU1dGZHB4WTNLM2hnZnBMaDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQtNTMwNDQwYzRmYTI5
LzEvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaAwQABYSdMAwD
BAAFhJ8DBAAFhKADBAAFhL8wDwQCAAIwCQMHACoDMYAADzANBgkqhkiG9w0BAQsF
AAOCAQEAUskpcsEEWbq7MuH96sIVc/jpWcT6A+G6XNRdi+wHwPbUp1gz9BKIs4tt
DT6f8bFnJ3645EOR4ZWaB8BzJSYkeLYr5mOR4WVykv4TLCDEv90nWguqClzQyG4B
TExht1DGt+ssh2aWm0wydkwPpco67zIXxUpDXwZgKusMNcbkJLkzaWTmGAhrCwmS
5r+WFgEdNd4N4EY8d9tiiJIu+UfqUKErKgkLwhDv4K1NjmoZ+JLAQNrhl8lEtPZX
gUxtPX38PKRPBT0gSwn+dk/JEMLmKAq5YGAmyuFS+CUSQnXJ21fd/ZAFQEeyEjgF
ATmaxW1xjobNK5Z4rLpAq6WfZuCYww==
-----END CERTIFICATE-----
Generated at Mon Apr 7 14:02:59 2025 by rpki-client