Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/19FcmSsxW-HAmGMu8vNic8GlPVQ.roa
File: 19FcmSsxW-HAmGMu8vNic8GlPVQ.roa (raw, json)
Hash identifier: A/x/ATh8VjymksFnyMMUZUGv4QdGRlkBRngH5oIt50M=
Subject key identifier: D7:D1:5C:99:2B:31:5B:E1:C0:98:63:2E:F2:F3:62:73:C1:A5:3D:54
Certificate issuer: /CN=9af9d0d4befda09e999eabd0c8724e217364de10
Certificate serial: 01942747D9A5864C04E18B68ED99FCAA30CD
Authority key identifier: 9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/19FcmSsxW-HAmGMu8vNic8GlPVQ.roa
Signing time: Thu 02 Jan 2025 13:50:07 +0000
ROA not before: Thu 02 Jan 2025 13:50:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208398
IP address blocks: 45.87.132.0/22 maxlen: 22
100.43.64.0/19 maxlen: 19
199.21.96.0/22 maxlen: 22
199.36.240.0/22 maxlen: 22
2a0e:fd80::/32 maxlen: 32
2a0e:fd87::/32 maxlen: 32
2a13:a400::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:d9:a5:86:4c:04:e1:8b:68:ed:99:fc:aa:30:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9af9d0d4befda09e999eabd0c8724e217364de10
Validity
Not Before: Jan 2 13:50:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d7d15c992b315be1c098632ef2f36273c1a53d54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:87:29:aa:05:45:a9:19:ad:6b:65:e0:ee:ae:
1f:44:b2:8a:05:cd:54:b7:ed:1f:1f:07:05:e3:10:
f6:54:d4:8c:02:4f:ab:27:76:68:79:68:c0:b2:1b:
d5:e5:b3:92:69:f0:ed:74:1b:16:8c:aa:e1:c4:4d:
03:bb:b1:ca:d0:a9:3d:01:41:90:73:29:ec:b1:12:
07:8d:ce:6e:9a:62:15:9d:86:e5:d9:1b:66:78:ee:
dc:d2:a3:4c:da:a0:f1:51:92:47:6d:52:c0:a3:d9:
19:d1:c5:5f:2e:41:ca:fe:df:2d:be:ed:81:76:79:
a4:4e:7f:b0:b3:bc:f7:56:6e:f3:46:bc:89:a9:68:
79:a4:85:4b:3b:ab:08:db:50:d0:21:19:a2:2a:b6:
fc:03:47:e5:21:18:09:c1:9d:ae:fd:34:92:44:6f:
9f:a6:a4:84:39:f3:70:e7:ac:2b:ae:1f:6a:07:ef:
ad:99:ab:16:d6:0e:f0:8d:a2:07:59:e6:74:aa:92:
7a:5d:0b:e4:c4:05:2a:b4:4f:63:9c:b4:31:38:db:
61:2d:af:79:cf:0f:73:cf:d9:7c:0e:82:50:7c:71:
1e:e9:1d:9d:90:a5:7c:4d:9f:df:c9:79:20:9c:93:
65:28:23:76:e9:07:89:01:f6:7c:86:3d:62:9d:03:
d3:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:D1:5C:99:2B:31:5B:E1:C0:98:63:2E:F2:F3:62:73:C1:A5:3D:54
X509v3 Authority Key Identifier:
keyid:9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/19FcmSsxW-HAmGMu8vNic8GlPVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.132.0/22
100.43.64.0/19
199.21.96.0/22
199.36.240.0/22
IPv6:
2a0e:fd80::/32
2a0e:fd87::/32
2a13:a400::/29
Signature Algorithm: sha256WithRSAEncryption
72:da:97:9a:f8:06:68:00:d4:7e:eb:ee:22:2e:74:30:bb:55:
ea:43:d9:56:50:64:31:25:5b:dd:c7:e5:01:28:d5:26:a6:40:
43:42:b8:ef:ce:21:23:1c:c5:19:b8:9e:0a:7d:c6:07:9e:84:
cc:e1:49:6f:6e:e7:1f:89:48:f1:6c:e4:b5:d3:be:4f:5f:87:
39:e0:4f:7d:0b:87:41:36:d5:7f:62:38:ef:4e:a2:79:28:c0:
0b:a1:3b:71:5f:05:c5:55:aa:54:eb:73:d3:68:b2:6f:e3:ef:
79:cc:03:a4:ee:8d:f3:74:f6:16:7b:b3:54:5d:8a:7f:e1:20:
d3:a7:15:b8:e6:d2:77:e2:ac:0e:87:28:41:1f:9d:88:b8:7e:
77:07:7b:fb:b3:9e:c6:9b:55:08:ea:0e:38:1c:6d:1c:c1:c2:
42:99:30:d1:5a:7c:99:a4:57:9e:20:76:fb:28:32:96:44:e3:
5c:d7:7d:e7:0f:d1:32:91:2e:3f:a9:37:12:44:1d:5c:e7:60:
59:d1:1a:fc:9f:06:44:f5:64:dd:69:bc:64:df:d8:cf:19:fa:
75:a1:d8:d1:60:91:75:f7:3c:3f:cc:0e:ef:a1:c7:d6:91:ce:
5f:72:07:5d:5a:7e:bc:19:7a:57:56:d5:4f:75:42:a3:46:fe:
35:e5:2d:0e
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZQnR9mlhkwE4Yto7Zn8qjDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjlkMGQ0YmVmZGEwOWU5OTllYWJkMGM4NzI0ZTIxNzM2
NGRlMTAwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2QxNWM5OTJiMzE1YmUxYzA5ODYzMmVmMmYzNjI3M2MxYTUzZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYcpqgVFqRmta2Xg7q4fRLKKBc1U
t+0fHwcF4xD2VNSMAk+rJ3ZoeWjAshvV5bOSafDtdBsWjKrhxE0Du7HK0Kk9AUGQ
cynssRIHjc5ummIVnYbl2RtmeO7c0qNM2qDxUZJHbVLAo9kZ0cVfLkHK/t8tvu2B
dnmkTn+ws7z3Vm7zRryJqWh5pIVLO6sI21DQIRmiKrb8A0flIRgJwZ2u/TSSRG+f
pqSEOfNw56wrrh9qB++tmasW1g7wjaIHWeZ0qpJ6XQvkxAUqtE9jnLQxONthLa95
zw9zz9l8DoJQfHEe6R2dkKV8TZ/fyXkgnJNlKCN26QeJAfZ8hj1inQPT5wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFNfRXJkrMVvhwJhjLvLzYnPBpT1UMB8GA1UdIwQY
MBaAFJr50NS+/aCemZ6r0MhyTiFzZN4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgt
MjY3MDFiMTYyZmMzLzEvMTlGY21Tc3hXLUhBbUdNdTh2TmljOEdsUFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgtMjY3MDFiMTYyZmMz
LzEvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAeBAIAATAYAwQCLVeEAwQF
ZCtAAwQCxxVgAwQCxyTwMBsEAgACMBUDBQAqDv2AAwUAKg79hwMFAyoTpAAwDQYJ
KoZIhvcNAQELBQADggEBAHLal5r4BmgA1H7r7iIudDC7VepD2VZQZDElW93H5QEo
1SamQENCuO/OISMcxRm4ngp9xgeehMzhSW9u5x+JSPFs5LXTvk9fhzngT30Lh0E2
1X9iOO9OonkowAuhO3FfBcVVqlTrc9Nosm/j73nMA6TujfN09hZ7s1Rdin/hINOn
Fbjm0nfirA6HKEEfnYi4fncHe/uznsabVQjqDjgcbRzBwkKZMNFafJmkV54gdvso
MpZE41zXfecP0TKRLj+pNxJEHVznYFnRGvyfBkT1ZN1pvGTf2M8Z+nWh2NFgkXX3
PD/MDu+hx9aRzl9yB11afrwZeldW1U91QqNG/jXlLQ4=
-----END CERTIFICATE-----
Generated at Sat Apr 5 18:52:48 2025 by rpki-client