Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/243b53-4b94-4244-a8ec-7c549f1ed16c/1/angMmzMX4gcbPlkGiqliyl-4RsY.roa
File: angMmzMX4gcbPlkGiqliyl-4RsY.roa (raw, json)
Hash identifier: EA5h2yHtnaMB3WqoR9kfvdgGUE89WgrdN7IrWKjGg8w=
Subject key identifier: 6A:78:0C:9B:33:17:E2:07:1B:3E:59:06:8A:A9:62:CA:5F:B8:46:C6
Certificate issuer: /CN=bca0ec59564324237420d506b9b498d752ee2168
Certificate serial: 01942444A736309D7B272FC29E76C163072E
Authority key identifier: BC:A0:EC:59:56:43:24:23:74:20:D5:06:B9:B4:98:D7:52:EE:21:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vKDsWVZDJCN0INUGubSY11LuIWg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/243b53-4b94-4244-a8ec-7c549f1ed16c/1/angMmzMX4gcbPlkGiqliyl-4RsY.roa
Signing time: Wed 01 Jan 2025 23:47:46 +0000
ROA not before: Wed 01 Jan 2025 23:47:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203476
IP address blocks: 46.226.104.0/22 maxlen: 22
92.243.0.0/19 maxlen: 20
95.142.160.0/20 maxlen: 20
217.70.188.0/22 maxlen: 22
2001:4b98:dc4::/48 maxlen: 48
2001:4b98:dc5::/48 maxlen: 48
2001:4b98:dc6::/48 maxlen: 48
2001:4b99:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/243b53-4b94-4244-a8ec-7c549f1ed16c/1/vKDsWVZDJCN0INUGubSY11LuIWg.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/243b53-4b94-4244-a8ec-7c549f1ed16c/1/vKDsWVZDJCN0INUGubSY11LuIWg.mft
rsync://rpki.ripe.net/repository/DEFAULT/vKDsWVZDJCN0INUGubSY11LuIWg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 15 Apr 2025 14:19:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:a7:36:30:9d:7b:27:2f:c2:9e:76:c1:63:07:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bca0ec59564324237420d506b9b498d752ee2168
Validity
Not Before: Jan 1 23:47:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6a780c9b3317e2071b3e59068aa962ca5fb846c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:dd:6d:61:49:55:3b:d0:40:ee:39:99:b8:21:
b9:7b:b7:d4:b4:4c:cb:a0:ad:ab:d5:47:93:06:0d:
78:bf:d1:29:49:df:a0:d6:d5:64:7d:4a:58:bc:20:
1d:55:6a:b0:10:88:24:ac:4f:24:94:e2:2e:eb:9d:
91:02:0b:02:34:2b:9f:e9:6e:a1:ff:f1:96:a5:f9:
cc:09:04:20:ff:9f:9b:fd:a5:08:0d:26:6d:a6:33:
f8:c8:d3:74:94:01:8e:83:7d:57:50:db:d7:24:88:
bc:28:66:ff:76:5d:07:96:f2:29:14:ab:32:ab:0b:
1c:25:7d:c2:9b:6b:c4:4b:50:e3:5a:6a:e7:ec:a0:
0c:e1:8a:03:40:88:73:d5:53:f9:79:16:15:77:23:
11:31:88:21:1c:e9:da:4e:eb:d8:3e:e0:33:77:74:
f4:1f:92:00:93:cc:fc:3a:ec:35:dc:22:51:16:ac:
34:ed:7b:75:d9:1c:c4:3e:2d:e0:56:fa:b3:b9:68:
6a:37:74:2f:5c:57:f6:7a:5f:23:5c:ce:3b:e0:24:
6a:b4:a5:bd:2f:2a:8b:0f:5c:9c:c6:96:bf:16:84:
f2:e2:c9:cf:ee:03:83:ed:e0:79:d7:d9:8d:d5:9c:
4e:0e:5a:b9:c6:9b:4b:c4:ba:29:58:11:2b:47:d1:
49:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:78:0C:9B:33:17:E2:07:1B:3E:59:06:8A:A9:62:CA:5F:B8:46:C6
X509v3 Authority Key Identifier:
keyid:BC:A0:EC:59:56:43:24:23:74:20:D5:06:B9:B4:98:D7:52:EE:21:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vKDsWVZDJCN0INUGubSY11LuIWg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/243b53-4b94-4244-a8ec-7c549f1ed16c/1/angMmzMX4gcbPlkGiqliyl-4RsY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/243b53-4b94-4244-a8ec-7c549f1ed16c/1/vKDsWVZDJCN0INUGubSY11LuIWg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.104.0/22
92.243.0.0/19
95.142.160.0/20
217.70.188.0/22
IPv6:
2001:4b98:dc4::-2001:4b98:dc6:ffff:ffff:ffff:ffff:ffff
2001:4b99:1::/48
Signature Algorithm: sha256WithRSAEncryption
94:bc:72:a1:13:9d:f5:9f:2f:e9:4d:68:b3:e4:27:f7:e5:f5:
92:93:c1:61:5f:b1:84:c9:bc:8c:68:24:dc:75:db:d2:30:6f:
63:7b:7d:8c:78:72:b8:d6:2d:cf:1e:24:e6:8e:31:17:75:47:
0c:27:35:0c:ad:f8:17:e3:62:22:2e:79:0c:23:f0:76:c4:03:
88:8a:02:5e:87:f5:3e:ca:26:64:ae:c3:7d:5f:b7:11:7f:49:
55:bf:28:63:37:c0:aa:c9:73:70:d8:13:a9:25:c5:e9:dd:eb:
8a:2b:ed:5b:72:9f:13:18:79:5c:ba:fc:1d:8d:02:e1:99:3d:
b1:5b:2b:9a:6d:24:3b:35:0f:2f:05:31:6e:7a:ac:d5:e0:ed:
d2:4b:a8:79:37:14:3e:da:07:7a:92:c1:57:22:13:b8:9e:7c:
33:e4:46:70:75:06:1d:8c:08:19:d5:75:a5:a1:ef:33:5a:a8:
5a:d9:d7:63:10:e2:00:8f:bf:e1:92:ac:13:6e:92:c4:12:12:
c0:ce:11:7d:55:27:c3:bf:7d:3c:61:10:0b:a4:37:69:c8:8d:
0c:fc:61:5b:bd:32:e7:e3:60:21:65:1a:a1:8f:30:b4:af:a7:
db:f1:14:f2:fb:31:22:a2:6a:1a:15:db:18:2a:a8:ba:12:29:
57:4d:b8:80
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZQkRKc2MJ17Jy/CnnbBYwcuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYTBlYzU5NTY0MzI0MjM3NDIwZDUwNmI5YjQ5OGQ3NTJl
ZTIxNjgwHhcNMjUwMTAxMjM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTc4MGM5YjMzMTdlMjA3MWIzZTU5MDY4YWE5NjJjYTVmYjg0NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj91tYUlVO9BA7jmZuCG5e7fUtEzL
oK2r1UeTBg14v9EpSd+g1tVkfUpYvCAdVWqwEIgkrE8klOIu652RAgsCNCuf6W6h
//GWpfnMCQQg/5+b/aUIDSZtpjP4yNN0lAGOg31XUNvXJIi8KGb/dl0HlvIpFKsy
qwscJX3Cm2vES1DjWmrn7KAM4YoDQIhz1VP5eRYVdyMRMYghHOnaTuvYPuAzd3T0
H5IAk8z8Ouw13CJRFqw07Xt12RzEPi3gVvqzuWhqN3QvXFf2el8jXM474CRqtKW9
LyqLD1ycxpa/FoTy4snP7gOD7eB519mN1ZxODlq5xptLxLopWBErR9FJtQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFGp4DJszF+IHGz5ZBoqpYspfuEbGMB8GA1UdIwQY
MBaAFLyg7FlWQyQjdCDVBrm0mNdS7iFoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdktEc1dWWkRKQ04wSU5VR3ViU1kxMUx1SVdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yNDNiNTMtNGI5NC00MjQ0LWE4ZWMt
N2M1NDlmMWVkMTZjLzEvYW5nTW16TVg0Z2NiUGxrR2lxbGl5bC00UnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yNDNiNTMtNGI5NC00MjQ0LWE4ZWMtN2M1NDlmMWVkMTZj
LzEvdktEc1dWWkRKQ04wSU5VR3ViU1kxMUx1SVdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAeBAIAATAYAwQCLuJoAwQF
XPMAAwQEX46gAwQC2Ua8MCMEAgACMB0wEgMHAiABS5gNxAMHACABS5gNxgMHACAB
S5kAATANBgkqhkiG9w0BAQsFAAOCAQEAlLxyoROd9Z8v6U1os+Qn9+X1kpPBYV+x
hMm8jGgk3HXb0jBvY3t9jHhyuNYtzx4k5o4xF3VHDCc1DK34F+NiIi55DCPwdsQD
iIoCXof1PsomZK7DfV+3EX9JVb8oYzfAqslzcNgTqSXF6d3riivtW3KfExh5XLr8
HY0C4Zk9sVsrmm0kOzUPLwUxbnqs1eDt0kuoeTcUPtoHepLBVyITuJ58M+RGcHUG
HYwIGdV1paHvM1qoWtnXYxDiAI+/4ZKsE26SxBISwM4RfVUnw799PGEQC6Q3aciN
DPxhW70y5+NgIWUaoY8wtK+n2/EU8vsxIqJqGhXbGCqouhIpV024gA==
-----END CERTIFICATE-----
Generated at Mon Apr 14 18:31:18 2025 by rpki-client