Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/pYvKtWHjQL1axAyemHXasjizsXI.roa
File: pYvKtWHjQL1axAyemHXasjizsXI.roa (raw, json)
Hash identifier: +saRg/F7RlIOLGe+6CACF+gl/0HmxqxN1SsKDNk6n+M=
Subject key identifier: A5:8B:CA:B5:61:E3:40:BD:5A:C4:0C:9E:98:75:DA:B2:38:B3:B1:72
Certificate issuer: /CN=5a955ca458468c5776b8d9936dfe9b0b2668731c
Certificate serial: 019422FB9A08B28178CD1635878AAEB33626
Authority key identifier: 5A:95:5C:A4:58:46:8C:57:76:B8:D9:93:6D:FE:9B:0B:26:68:73:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/pYvKtWHjQL1axAyemHXasjizsXI.roa
Signing time: Wed 01 Jan 2025 17:48:21 +0000
ROA not before: Wed 01 Jan 2025 17:48:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57173
IP address blocks: 87.247.224.0/24 maxlen: 24
87.247.226.0/24 maxlen: 24
87.247.230.0/23 maxlen: 23
87.247.230.0/24 maxlen: 24
87.247.231.0/24 maxlen: 24
185.197.100.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.mft
rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 20:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:9a:08:b2:81:78:cd:16:35:87:8a:ae:b3:36:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a955ca458468c5776b8d9936dfe9b0b2668731c
Validity
Not Before: Jan 1 17:48:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a58bcab561e340bd5ac40c9e9875dab238b3b172
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:64:44:8b:2a:19:a3:0c:85:ce:49:6d:24:73:
85:44:12:42:a0:3f:5c:08:80:46:31:b7:f3:fd:09:
e2:f4:d0:f6:32:ad:3f:00:50:51:15:8d:98:83:67:
16:dc:1d:4d:f3:77:6b:61:1c:72:fa:33:fd:ed:5b:
03:91:cb:c0:3b:6a:42:a3:ae:a6:73:58:3f:0a:05:
87:05:cf:4d:a9:93:a9:19:47:97:01:9d:32:60:f6:
5e:07:c9:42:07:08:5f:9b:7e:b3:72:b7:53:93:91:
31:67:a0:b3:96:11:dd:b6:7a:f7:a6:73:7d:cc:87:
a4:cb:e3:94:bf:29:bf:db:f9:d3:3d:33:c9:bb:6d:
40:49:61:49:62:b2:b8:bd:c1:66:95:e3:e2:ab:73:
c2:c4:66:b8:29:0c:b2:45:3a:c6:ad:9a:b6:21:00:
74:5a:e6:21:31:fd:c7:2a:44:4b:78:c4:f8:47:c2:
0c:db:32:f9:f0:91:c5:6b:50:4c:42:d0:5e:2b:37:
e8:11:f5:c2:c9:5c:7f:28:fc:1b:31:73:38:72:4a:
ac:c9:0a:ab:40:f3:50:4a:99:99:71:44:90:e5:71:
ae:99:6a:88:8c:f1:4c:9d:56:6e:42:c8:10:a1:e9:
17:17:7f:bc:e6:cc:89:1e:da:8a:bd:2d:52:dd:dd:
8d:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:8B:CA:B5:61:E3:40:BD:5A:C4:0C:9E:98:75:DA:B2:38:B3:B1:72
X509v3 Authority Key Identifier:
keyid:5A:95:5C:A4:58:46:8C:57:76:B8:D9:93:6D:FE:9B:0B:26:68:73:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/pYvKtWHjQL1axAyemHXasjizsXI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.224.0/24
87.247.226.0/24
87.247.230.0/23
185.197.100.0/24
Signature Algorithm: sha256WithRSAEncryption
93:79:c0:62:5e:c2:d4:f5:18:4e:89:c3:58:c3:98:c0:b6:f3:
fa:cd:c5:d7:f7:12:b3:46:7e:ba:eb:14:0b:13:1f:7e:b5:59:
be:13:b7:1e:39:e7:e9:24:d6:d9:1d:63:2f:3f:91:d8:ad:46:
b4:46:f9:f1:4f:69:14:dc:49:0b:28:03:f4:71:8e:18:a5:8d:
10:a5:e4:00:51:6b:f2:d2:f7:62:d9:52:1f:a7:4f:46:6f:0e:
0b:e0:b3:cb:95:53:1d:b9:f3:ca:9d:49:e4:f2:e9:3a:40:17:
9e:04:02:88:27:6e:a1:84:f1:d6:e2:c7:f1:51:b6:43:ec:6e:
81:ea:e2:aa:b2:ad:bb:12:02:d2:48:d0:a3:67:77:17:68:09:
28:ec:a2:f4:9d:ed:be:92:52:88:f8:03:ea:d1:d1:8d:56:1b:
4b:4c:71:18:25:83:0f:73:ee:d8:b1:c1:71:47:89:66:0e:d1:
17:b1:bf:e1:c9:26:e8:17:13:e5:77:43:ef:0a:d9:a0:97:86:
29:a3:d6:91:d3:67:d9:a7:e8:91:f7:8a:fa:92:6b:c9:b3:dd:
85:05:d5:43:2d:08:91:59:e5:59:3c:cd:04:67:f3:d1:68:3a:
ed:14:6b:c1:ef:a0:a3:aa:c6:8e:74:5c:65:a5:db:c8:7d:20:
cb:1b:da:1e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQi+5oIsoF4zRY1h4quszYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTU1Y2E0NTg0NjhjNTc3NmI4ZDk5MzZkZmU5YjBiMjY2
ODczMWMwHhcNMjUwMTAxMTc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNThiY2FiNTYxZTM0MGJkNWFjNDBjOWU5ODc1ZGFiMjM4YjNiMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomREiyoZowyFzkltJHOFRBJCoD9c
CIBGMbfz/Qni9ND2Mq0/AFBRFY2Yg2cW3B1N83drYRxy+jP97VsDkcvAO2pCo66m
c1g/CgWHBc9NqZOpGUeXAZ0yYPZeB8lCBwhfm36zcrdTk5ExZ6CzlhHdtnr3pnN9
zIeky+OUvym/2/nTPTPJu21ASWFJYrK4vcFmlePiq3PCxGa4KQyyRTrGrZq2IQB0
WuYhMf3HKkRLeMT4R8IM2zL58JHFa1BMQtBeKzfoEfXCyVx/KPwbMXM4ckqsyQqr
QPNQSpmZcUSQ5XGumWqIjPFMnVZuQsgQoekXF3+85syJHtqKvS1S3d2N8QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKWLyrVh40C9WsQMnph12rI4s7FyMB8GA1UdIwQY
MBaAFFqVXKRYRoxXdrjZk23+mwsmaHMcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BWY3BGaEdqRmQydU5tVGJmNmJDeVpvY3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iZTlhMDAtZTBiMS00NTQxLTljMGYt
MTM4NThkYTg1ZjUzLzEvcFl2S3RXSGpRTDFheEF5ZW1IWGFzaml6c1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iZTlhMDAtZTBiMS00NTQxLTljMGYtMTM4NThkYTg1ZjUz
LzEvV3BWY3BGaEdqRmQydU5tVGJmNmJDeVpvY3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAV/fgAwQA
V/fiAwQBV/fmAwQAucVkMA0GCSqGSIb3DQEBCwUAA4IBAQCTecBiXsLU9RhOicNY
w5jAtvP6zcXX9xKzRn666xQLEx9+tVm+E7ceOefpJNbZHWMvP5HYrUa0RvnxT2kU
3EkLKAP0cY4YpY0QpeQAUWvy0vdi2VIfp09Gbw4L4LPLlVMdufPKnUnk8uk6QBee
BAKIJ26hhPHW4sfxUbZD7G6B6uKqsq27EgLSSNCjZ3cXaAko7KL0ne2+klKI+APq
0dGNVhtLTHEYJYMPc+7YscFxR4lmDtEXsb/hySboFxPld0PvCtmgl4Ypo9aR02fZ
p+iR94r6kmvJs92FBdVDLQiRWeVZPM0EZ/PRaDrtFGvB76CjqsaOdFxlpdvIfSDL
G9oe
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:01:08 2025 by rpki-client