Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/83yHnqR55YpNJ6sDNSfeUwQPJSU.roa
File: 83yHnqR55YpNJ6sDNSfeUwQPJSU.roa (raw, json)
Hash identifier: e+9U+VRAv+pY6TcOM+TtKl2lfx0rhjB5FDO+9Jovf1k=
Subject key identifier: F3:7C:87:9E:A4:79:E5:8A:4D:27:AB:03:35:27:DE:53:04:0F:25:25
Certificate issuer: /CN=bb4bbd334581ddcdd935bcef47d9a04cbce5fded
Certificate serial: 019427B3D5A47353A0D9AE2BA6191B3EDCA1
Authority key identifier: BB:4B:BD:33:45:81:DD:CD:D9:35:BC:EF:47:D9:A0:4C:BC:E5:FD:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/83yHnqR55YpNJ6sDNSfeUwQPJSU.roa
Signing time: Thu 02 Jan 2025 15:48:04 +0000
ROA not before: Thu 02 Jan 2025 15:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199408
IP address blocks: 91.195.0.0/23 maxlen: 23
91.195.1.0/24 maxlen: 24
185.14.168.0/22 maxlen: 22
2a03:aec0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.mft
rsync://rpki.ripe.net/repository/DEFAULT/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 02:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b3:d5:a4:73:53:a0:d9:ae:2b:a6:19:1b:3e:dc:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bb4bbd334581ddcdd935bcef47d9a04cbce5fded
Validity
Not Before: Jan 2 15:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f37c879ea479e58a4d27ab033527de53040f2525
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:c8:91:e9:4a:4f:d2:9f:86:73:24:06:79:87:
7f:e9:64:3b:f7:ba:2e:8b:2c:55:2b:5f:db:56:ae:
67:c3:11:ee:8e:f5:16:ca:98:6b:cb:74:8f:60:2e:
03:46:5f:c4:42:70:23:3f:35:50:ed:72:43:c0:b5:
18:91:44:b1:84:9a:d7:4e:b9:5a:3e:0d:74:5e:88:
ef:db:d7:55:6e:48:e5:69:9d:18:80:3f:00:21:c9:
fc:bc:64:7a:fb:01:ba:bb:53:c1:65:c6:61:16:9d:
28:56:6c:6f:e3:81:0d:27:d0:2d:63:25:3c:66:db:
7f:58:58:7b:28:5b:c0:67:64:8f:4e:b7:57:8a:a1:
a3:0b:e1:55:c9:b6:10:c4:50:ff:e3:1f:0b:50:d3:
3d:ac:3e:bd:11:8f:39:24:d8:d4:f4:50:70:75:98:
8e:2b:88:9a:dd:1f:09:fc:66:23:43:66:07:f2:ab:
a8:42:33:08:35:47:12:a7:24:49:7d:cf:8f:a0:d3:
35:28:07:e5:77:45:87:c3:2c:67:81:64:45:50:7c:
b4:b7:8e:fa:95:e2:d3:fe:01:8c:1a:38:8f:55:01:
d7:15:a9:1b:77:f6:f6:b2:ae:ab:be:53:8b:f4:61:
83:22:0a:84:4f:63:c8:ed:fe:11:d0:0a:01:32:6b:
39:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:7C:87:9E:A4:79:E5:8A:4D:27:AB:03:35:27:DE:53:04:0F:25:25
X509v3 Authority Key Identifier:
keyid:BB:4B:BD:33:45:81:DD:CD:D9:35:BC:EF:47:D9:A0:4C:BC:E5:FD:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/83yHnqR55YpNJ6sDNSfeUwQPJSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.0.0/23
185.14.168.0/22
IPv6:
2a03:aec0::/32
Signature Algorithm: sha256WithRSAEncryption
58:d6:70:d6:5d:26:d2:fc:02:75:f2:d5:92:b2:b9:bf:55:69:
80:59:24:43:18:67:93:2f:85:bf:6c:0e:83:a1:df:c8:47:f1:
83:08:88:31:42:98:1e:65:22:db:84:a3:c8:58:07:84:ce:e2:
70:71:49:82:5c:b1:32:4d:04:ff:c6:48:3f:14:d5:9f:6a:26:
2f:dc:fb:3e:0c:58:6e:39:ed:28:f4:0b:37:af:3a:96:4d:77:
f2:eb:21:d9:49:0b:d3:d6:67:6d:ae:0f:0b:2d:90:88:66:4d:
7a:5b:06:30:59:ec:b1:df:3a:a3:0e:1e:b5:57:d3:5c:23:bd:
04:78:f6:b0:46:3d:c8:81:bf:a1:6b:f5:47:f1:0d:ab:fd:4c:
51:bb:21:4b:72:99:d1:38:d3:21:77:5d:60:ff:47:b0:fb:9b:
d0:42:68:41:9e:d4:7d:c2:a7:b0:eb:f4:ef:45:86:f5:f7:8a:
5d:64:2e:56:ac:27:1f:e3:9e:0c:af:5b:d9:93:5f:5d:ab:d1:
bf:5a:4f:75:fe:3b:e3:ad:3f:cd:fe:e9:7e:15:65:cb:36:c5:
cb:1f:8e:42:d1:4d:68:ad:81:a5:0f:cc:c8:f4:81:99:52:02:
bc:16:c6:d5:34:d5:8d:dc:f8:84:12:13:89:98:af:e5:3a:00:
d1:bc:18:9e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQns9Wkc1Og2a4rphkbPtyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGJiZDMzNDU4MWRkY2RkOTM1YmNlZjQ3ZDlhMDRjYmNl
NWZkZWQwHhcNMjUwMTAyMTU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzdjODc5ZWE0NzllNThhNGQyN2FiMDMzNTI3ZGU1MzA0MGYyNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvciR6UpP0p+GcyQGeYd/6WQ797ou
iyxVK1/bVq5nwxHujvUWyphry3SPYC4DRl/EQnAjPzVQ7XJDwLUYkUSxhJrXTrla
Pg10Xojv29dVbkjlaZ0YgD8AIcn8vGR6+wG6u1PBZcZhFp0oVmxv44ENJ9AtYyU8
Ztt/WFh7KFvAZ2SPTrdXiqGjC+FVybYQxFD/4x8LUNM9rD69EY85JNjU9FBwdZiO
K4ia3R8J/GYjQ2YH8quoQjMINUcSpyRJfc+PoNM1KAfld0WHwyxngWRFUHy0t476
leLT/gGMGjiPVQHXFakbd/b2sq6rvlOL9GGDIgqET2PI7f4R0AoBMms53wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPN8h56keeWKTSerAzUn3lMEDyUlMB8GA1UdIwQY
MBaAFLtLvTNFgd3N2TW870fZoEy85f3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTB1OU0wV0IzYzNaTmJ6dlI5bWdUTHpsX2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83YTdjZTYtMDZhNi00MWQzLWI1ZmEt
OTcxNzRhOTZlODE1LzEvODN5SG5xUjU1WXBOSjZzRE5TZmVVd1FQSlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83YTdjZTYtMDZhNi00MWQzLWI1ZmEtOTcxNzRhOTZlODE1
LzEvdTB1OU0wV0IzYzNaTmJ6dlI5bWdUTHpsX2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW8MAAwQC
uQ6oMA0EAgACMAcDBQAqA67AMA0GCSqGSIb3DQEBCwUAA4IBAQBY1nDWXSbS/AJ1
8tWSsrm/VWmAWSRDGGeTL4W/bA6Dod/IR/GDCIgxQpgeZSLbhKPIWAeEzuJwcUmC
XLEyTQT/xkg/FNWfaiYv3Ps+DFhuOe0o9As3rzqWTXfy6yHZSQvT1mdtrg8LLZCI
Zk16WwYwWeyx3zqjDh61V9NcI70EePawRj3Igb+ha/VH8Q2r/UxRuyFLcpnRONMh
d11g/0ew+5vQQmhBntR9wqew6/TvRYb194pdZC5WrCcf454Mr1vZk19dq9G/Wk91
/jvjrT/N/ul+FWXLNsXLH45C0U1orYGlD8zI9IGZUgK8FsbVNNWN3PiEEhOJmK/l
OgDRvBie
-----END CERTIFICATE-----
Generated at Sat Apr 5 11:10:14 2025 by rpki-client