Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/5aaf25-9748-4592-a497-f8bd250454eb/1/Diq6O5ga68_B8MEC7x3IDqn6lbc.roa
File: Diq6O5ga68_B8MEC7x3IDqn6lbc.roa (raw, json)
Hash identifier: r+Ep1MU6KZ691K575NCgrIa7fSiICzMjhV/0OlU71vU=
Subject key identifier: 0E:2A:BA:3B:98:1A:EB:CF:C1:F0:C1:02:EF:1D:C8:0E:A9:FA:95:B7
Certificate issuer: /CN=ab45364e49dc3a15beff269c3a32b3c0541c8b66
Certificate serial: 019421B231C0E980EA7684A6D3BFFFD3CF19
Authority key identifier: AB:45:36:4E:49:DC:3A:15:BE:FF:26:9C:3A:32:B3:C0:54:1C:8B:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q0U2TkncOhW-_yacOjKzwFQci2Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/5aaf25-9748-4592-a497-f8bd250454eb/1/Diq6O5ga68_B8MEC7x3IDqn6lbc.roa
Signing time: Wed 01 Jan 2025 11:48:33 +0000
ROA not before: Wed 01 Jan 2025 11:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56513
IP address blocks: 91.224.172.0/23 maxlen: 23
91.224.172.0/24 maxlen: 24
91.224.173.0/24 maxlen: 24
2001:67c:548::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/97/5aaf25-9748-4592-a497-f8bd250454eb/1/q0U2TkncOhW-_yacOjKzwFQci2Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/97/5aaf25-9748-4592-a497-f8bd250454eb/1/q0U2TkncOhW-_yacOjKzwFQci2Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/q0U2TkncOhW-_yacOjKzwFQci2Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:31:c0:e9:80:ea:76:84:a6:d3:bf:ff:d3:cf:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab45364e49dc3a15beff269c3a32b3c0541c8b66
Validity
Not Before: Jan 1 11:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0e2aba3b981aebcfc1f0c102ef1dc80ea9fa95b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:59:a1:ca:6a:f2:1c:48:97:b9:c1:88:2f:3a:
39:ca:57:a6:1e:01:bb:ce:98:ac:b0:43:26:b6:8f:
bc:81:15:32:b4:b5:62:b6:5f:46:05:82:fd:d6:76:
c5:e2:7f:bb:a7:71:6d:de:74:d5:6b:22:70:5a:8c:
49:6c:f6:3b:1d:d9:ed:f1:43:2e:a2:b6:95:90:f8:
3e:9b:4d:32:0f:43:d7:1f:2c:05:7c:cb:c8:79:66:
31:76:27:b4:83:e1:e0:a2:e9:6c:c5:6a:64:28:d0:
96:60:2b:49:74:9b:b4:80:80:4e:ee:5e:58:0b:d6:
8c:c4:82:86:0c:20:86:03:5c:95:15:93:90:74:19:
3f:1e:cc:bf:6c:48:90:40:bd:da:68:d1:0b:d2:aa:
d6:44:4d:d9:b7:58:71:00:0b:6b:09:8c:87:8e:05:
c7:46:92:d7:fd:b8:b9:de:ae:b6:15:0e:04:91:61:
ef:d4:8c:a4:e5:e8:78:1b:91:67:dc:a3:89:78:1f:
46:3e:a2:ac:9a:41:9a:b0:52:61:32:8a:87:c1:88:
b3:4d:95:24:42:2f:e8:22:85:13:b2:00:28:7d:2b:
7d:e5:f5:9d:9f:af:2b:75:34:17:49:09:df:7d:36:
77:82:d9:4d:54:cd:ae:a2:44:1a:a3:fa:a4:84:66:
08:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:2A:BA:3B:98:1A:EB:CF:C1:F0:C1:02:EF:1D:C8:0E:A9:FA:95:B7
X509v3 Authority Key Identifier:
keyid:AB:45:36:4E:49:DC:3A:15:BE:FF:26:9C:3A:32:B3:C0:54:1C:8B:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q0U2TkncOhW-_yacOjKzwFQci2Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/5aaf25-9748-4592-a497-f8bd250454eb/1/Diq6O5ga68_B8MEC7x3IDqn6lbc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/5aaf25-9748-4592-a497-f8bd250454eb/1/q0U2TkncOhW-_yacOjKzwFQci2Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.224.172.0/23
IPv6:
2001:67c:548::/48
Signature Algorithm: sha256WithRSAEncryption
0c:71:c7:d1:6f:a9:bd:e8:4f:b0:ae:ef:7f:e3:c8:5c:a3:d5:
f0:06:1f:54:01:a6:c2:24:d4:96:5e:64:af:07:d8:35:41:6d:
80:6e:4b:02:60:c6:73:a7:5f:2a:23:e0:fb:07:71:14:c7:9f:
cd:e3:ce:4c:78:fc:ff:8e:29:01:ab:67:16:ef:37:32:77:7c:
f1:6f:59:9d:50:ec:0a:d1:27:e0:35:1b:3a:1e:08:82:1b:70:
1e:9a:3f:99:2e:c4:93:e5:61:94:ab:d5:88:b1:0f:c8:38:6a:
b1:6e:95:69:33:75:da:ec:fa:dc:3e:75:4b:d8:1f:9d:a7:6e:
e6:70:b3:6e:d9:43:6f:ca:38:b0:a8:d9:02:7c:a5:07:0b:bb:
a1:e6:11:40:cd:4a:94:b8:12:59:c1:6b:60:53:04:f3:19:77:
08:3d:c9:b5:31:06:c7:d3:d9:51:52:29:24:2d:95:ed:85:43:
70:b2:c6:4c:80:9e:d1:1c:d2:91:5f:02:56:3c:26:e7:3e:f3:
96:68:fa:8b:e3:02:19:6d:27:61:54:7e:e6:e4:87:4e:c5:c2:
4e:92:cf:45:ee:2d:8d:35:cc:bc:76:1e:29:85:03:51:a6:c0:
24:83:d5:cd:93:f5:3e:c9:a5:40:92:2e:de:40:8c:db:9e:39:
44:53:05:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsjHA6YDqdoSm07//088ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNDUzNjRlNDlkYzNhMTViZWZmMjY5YzNhMzJiM2MwNTQx
YzhiNjYwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTJhYmEzYjk4MWFlYmNmYzFmMGMxMDJlZjFkYzgwZWE5ZmE5NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1mhymryHEiXucGILzo5ylemHgG7
zpissEMmto+8gRUytLVitl9GBYL91nbF4n+7p3Ft3nTVayJwWoxJbPY7Hdnt8UMu
oraVkPg+m00yD0PXHywFfMvIeWYxdie0g+HgoulsxWpkKNCWYCtJdJu0gIBO7l5Y
C9aMxIKGDCCGA1yVFZOQdBk/Hsy/bEiQQL3aaNEL0qrWRE3Zt1hxAAtrCYyHjgXH
RpLX/bi53q62FQ4EkWHv1Iyk5eh4G5Fn3KOJeB9GPqKsmkGasFJhMoqHwYizTZUk
Qi/oIoUTsgAofSt95fWdn68rdTQXSQnffTZ3gtlNVM2uokQao/qkhGYITwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA4qujuYGuvPwfDBAu8dyA6p+pW3MB8GA1UdIwQY
MBaAFKtFNk5J3DoVvv8mnDoys8BUHItmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTBVMlRrbmNPaFctX3lhY09qS3p3RlFjaTJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny81YWFmMjUtOTc0OC00NTkyLWE0OTct
ZjhiZDI1MDQ1NGViLzEvRGlxNk81Z2E2OF9COE1FQzd4M0lEcW42bGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny81YWFmMjUtOTc0OC00NTkyLWE0OTctZjhiZDI1MDQ1NGVi
LzEvcTBVMlRrbmNPaFctX3lhY09qS3p3RlFjaTJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW+CsMA8E
AgACMAkDBwAgAQZ8BUgwDQYJKoZIhvcNAQELBQADggEBAAxxx9Fvqb3oT7Cu73/j
yFyj1fAGH1QBpsIk1JZeZK8H2DVBbYBuSwJgxnOnXyoj4PsHcRTHn83jzkx4/P+O
KQGrZxbvNzJ3fPFvWZ1Q7ArRJ+A1GzoeCIIbcB6aP5kuxJPlYZSr1YixD8g4arFu
lWkzddrs+tw+dUvYH52nbuZws27ZQ2/KOLCo2QJ8pQcLu6HmEUDNSpS4ElnBa2BT
BPMZdwg9ybUxBsfT2VFSKSQtle2FQ3CyxkyAntEc0pFfAlY8Juc+85Zo+ovjAhlt
J2FUfubkh07Fwk6Sz0XuLY01zLx2HimFA1GmwCSD1c2T9T7JpUCSLt5AjNueOURT
BT4=
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:44:39 2025 by rpki-client