Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U1h0eoI0ksqeB9KSZjU9J6AuN04.roa
File: U1h0eoI0ksqeB9KSZjU9J6AuN04.roa (raw, json)
Hash identifier: LLOvZ8PIRgvh+ZgCLJZhpHmq/O3MTPVqxVcqiNzui+M=
Subject key identifier: 53:58:74:7A:82:34:92:CA:9E:07:D2:92:66:35:3D:27:A0:2E:37:4E
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01952BDBDA55F7FB8E007839B8B28744E6AF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U1h0eoI0ksqeB9KSZjU9J6AuN04.roa
Signing time: Sat 22 Feb 2025 04:13:03 +0000
ROA not before: Sat 22 Feb 2025 04:13:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215304
IP address blocks: 151.243.4.0/24 maxlen: 24
151.243.5.0/24 maxlen: 24
151.243.52.0/24 maxlen: 24
151.243.53.0/24 maxlen: 24
151.243.60.0/24 maxlen: 24
151.243.61.0/24 maxlen: 24
151.243.62.0/24 maxlen: 24
151.243.63.0/24 maxlen: 24
151.243.88.0/24 maxlen: 24
151.243.89.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:2b:db:da:55:f7:fb:8e:00:78:39:b8:b2:87:44:e6:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Feb 22 04:13:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5358747a823492ca9e07d29266353d27a02e374e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:0f:af:3c:34:ea:c9:62:18:55:f3:70:f3:6f:
28:ee:ec:00:78:2c:8e:e9:cf:5f:ad:6f:1d:60:15:
2e:50:63:7b:e7:17:d0:c4:ce:3b:9e:ed:92:fa:a8:
65:01:4e:37:29:b7:93:23:9f:56:fb:69:fc:dd:77:
aa:26:61:26:f4:88:98:fb:70:63:18:84:d2:d6:d6:
ae:25:50:eb:fb:2d:c8:e3:37:86:1b:24:40:82:5a:
df:c5:49:7d:3d:e7:9f:3c:86:15:a1:39:78:17:1e:
a1:ec:ad:59:21:3e:b7:79:8f:e0:e1:c5:5c:fe:63:
3c:e8:0b:f9:78:90:a4:71:ac:8f:4c:ac:80:04:91:
0b:37:c5:04:bb:72:df:c8:bb:a4:46:60:d3:c4:29:
64:af:38:89:01:e7:31:45:17:6e:17:03:0f:0e:8e:
d1:75:cf:b9:4f:3d:c8:dc:26:0d:5b:e6:2f:2e:9f:
0a:20:d2:38:68:9d:44:3d:b5:f0:57:be:f2:08:09:
7d:3c:99:cc:84:bb:32:70:94:21:4e:f7:01:47:a0:
57:7f:5e:65:dd:88:89:05:1f:56:44:56:21:00:18:
2e:66:04:62:a1:6e:08:32:59:e5:30:6d:6c:40:fd:
5f:bb:92:a3:bb:c5:b9:ac:ad:33:3a:58:d8:8e:61:
c2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:58:74:7A:82:34:92:CA:9E:07:D2:92:66:35:3D:27:A0:2E:37:4E
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/U1h0eoI0ksqeB9KSZjU9J6AuN04.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.243.4.0/23
151.243.52.0/23
151.243.60.0/22
151.243.88.0/23
Signature Algorithm: sha256WithRSAEncryption
b9:69:c3:7b:f3:d5:17:49:e7:19:86:1e:21:9b:18:b1:35:d6:
28:3c:68:c0:e9:9f:41:a1:4d:82:b4:96:1e:b7:33:25:1a:f7:
d1:a4:1b:fe:7c:60:ba:4f:7f:92:3f:95:e2:12:89:0a:51:c4:
79:ea:0b:8d:36:12:a3:7d:75:56:b7:62:34:d9:39:b9:d1:d1:
0f:cc:15:c7:ea:b4:6b:5c:40:72:26:b6:c8:5c:b0:75:c1:36:
91:85:58:42:02:d6:1c:91:3c:fc:83:9f:41:14:7f:c9:86:27:
d7:e4:02:a4:ca:68:03:e1:d7:0c:de:46:b5:f8:32:60:70:0b:
6f:37:99:fa:de:1f:ac:55:5a:fb:66:fa:68:f5:1b:e3:10:88:
f0:dc:e5:c4:0f:85:72:99:ba:18:d0:2f:eb:31:96:02:c2:55:
7d:de:98:98:03:dd:27:82:6d:68:20:bd:c5:39:bd:71:59:9f:
9f:38:08:da:dc:d9:1f:7c:eb:bd:ae:00:72:c8:aa:e4:34:b5:
86:f6:db:ef:b9:89:73:44:23:b6:9c:55:18:f1:1b:c9:e2:53:
18:93:4a:f9:6c:18:8d:24:0e:37:90:d0:95:fd:6c:4f:59:a6:
0d:89:4c:69:29:f2:cc:3c:4b:0a:dd:fe:22:4f:e2:33:ab:19:
a4:1e:3c:8c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZUr29pV9/uOAHg5uLKHROavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjIyMDQxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU4NzQ3YTgyMzQ5MmNhOWUwN2QyOTI2NjM1M2QyN2EwMmUzNzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnA+vPDTqyWIYVfNw828o7uwAeCyO
6c9frW8dYBUuUGN75xfQxM47nu2S+qhlAU43KbeTI59W+2n83XeqJmEm9IiY+3Bj
GITS1tauJVDr+y3I4zeGGyRAglrfxUl9PeefPIYVoTl4Fx6h7K1ZIT63eY/g4cVc
/mM86Av5eJCkcayPTKyABJELN8UEu3LfyLukRmDTxClkrziJAecxRRduFwMPDo7R
dc+5Tz3I3CYNW+YvLp8KINI4aJ1EPbXwV77yCAl9PJnMhLsycJQhTvcBR6BXf15l
3YiJBR9WRFYhABguZgRioW4IMlnlMG1sQP1fu5Kju8W5rK0zOljYjmHCZQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFNYdHqCNJLKngfSkmY1PSegLjdOMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVTFoMGVvSTBrc3FlQjlLU1pqVTlKNkF1TjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBl/MEAwQB
l/M0AwQCl/M8AwQBl/NYMA0GCSqGSIb3DQEBCwUAA4IBAQC5acN789UXSecZhh4h
mxixNdYoPGjA6Z9BoU2CtJYetzMlGvfRpBv+fGC6T3+SP5XiEokKUcR56guNNhKj
fXVWt2I02Tm50dEPzBXH6rRrXEByJrbIXLB1wTaRhVhCAtYckTz8g59BFH/JhifX
5AKkymgD4dcM3ka1+DJgcAtvN5n63h+sVVr7Zvpo9RvjEIjw3OXED4VymboY0C/r
MZYCwlV93piYA90ngm1oIL3FOb1xWZ+fOAja3NkffOu9rgByyKrkNLWG9tvvuYlz
RCO2nFUY8RvJ4lMYk0r5bBiNJA43kNCV/WxPWaYNiUxpKfLMPEsK3f4iT+Izqxmk
HjyM
-----END CERTIFICATE-----
Generated at Sat Apr 5 09:27:21 2025 by rpki-client