Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/cMeqdhzIVxayTI5Te-oZwPQzjz0.roa
File: cMeqdhzIVxayTI5Te-oZwPQzjz0.roa (raw, json)
Hash identifier: opO/yGSPCMGlHiRXXAkyr0DveRWYRoFkmjqGZrYYDFc=
Subject key identifier: 70:C7:AA:76:1C:C8:57:16:B2:4C:8E:53:7B:EA:19:C0:F4:33:8F:3D
Certificate issuer: /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial: 0194228D9BB4122A314AB4B734EFDCE4186B
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/cMeqdhzIVxayTI5Te-oZwPQzjz0.roa
Signing time: Wed 01 Jan 2025 15:48:13 +0000
ROA not before: Wed 01 Jan 2025 15:48:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21343
IP address blocks: 91.223.19.0/24 maxlen: 24
185.158.208.0/22 maxlen: 24
194.110.204.0/24 maxlen: 24
195.234.112.0/22 maxlen: 24
2a02:2278:ff00::/40 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.mft
rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:9b:b4:12:2a:31:4a:b4:b7:34:ef:dc:e4:18:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Validity
Not Before: Jan 1 15:48:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=70c7aa761cc85716b24c8e537bea19c0f4338f3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fa:19:7c:02:b2:c5:75:45:1e:43:b3:c0:16:dd:
24:eb:73:a3:93:1e:a3:e4:b5:57:fb:69:90:4b:a1:
35:30:0e:32:7a:7a:78:f3:57:80:6d:50:62:b7:ea:
b4:d3:47:44:7a:dc:8d:77:01:ab:9d:4b:ce:1d:52:
5f:0d:3a:bd:54:db:85:fc:6f:b1:d8:4f:62:5f:f6:
72:cd:88:5d:df:50:54:91:36:55:4d:8d:d7:c9:44:
46:3c:e6:00:88:79:c6:da:09:a4:68:b4:55:9b:3a:
43:cb:ef:0a:1a:55:7d:7c:98:2d:66:e4:39:aa:07:
3b:f9:f8:22:33:7b:ab:71:61:6e:a8:d9:fb:27:45:
53:20:cd:52:10:b8:29:c6:ba:b2:44:5f:3b:2f:2c:
b6:60:be:59:21:90:1f:70:db:61:ba:58:3b:37:3c:
54:28:77:44:9c:44:52:ab:6e:8f:70:4a:6a:58:d5:
36:7b:69:66:1c:d2:dc:1e:ba:d3:27:f3:dd:b0:13:
a2:c8:bf:4b:61:3a:79:80:e8:1d:ec:65:c4:3b:27:
5a:e1:fd:a4:27:3a:bf:d8:be:7f:36:5e:25:ae:00:
73:1d:94:98:56:5e:6b:8e:99:51:f5:aa:04:21:27:
88:04:f4:23:cb:dc:db:66:59:ce:7a:84:97:b0:2b:
76:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:C7:AA:76:1C:C8:57:16:B2:4C:8E:53:7B:EA:19:C0:F4:33:8F:3D
X509v3 Authority Key Identifier:
keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/cMeqdhzIVxayTI5Te-oZwPQzjz0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.223.19.0/24
185.158.208.0/22
194.110.204.0/24
195.234.112.0/22
IPv6:
2a02:2278:ff00::/40
Signature Algorithm: sha256WithRSAEncryption
47:d4:74:41:d9:f0:a3:06:b9:9e:5b:ca:7b:47:9e:88:fc:60:
86:8b:aa:be:05:c8:c9:2c:f5:6b:10:b0:3b:06:e4:75:2c:de:
25:d1:ec:7d:00:83:18:c3:ce:06:86:29:e4:97:46:f7:57:1e:
de:28:5b:93:35:80:84:35:4d:82:3f:7e:ad:b2:81:90:73:78:
d7:24:aa:aa:e5:84:26:ac:b9:bf:cb:b4:71:2b:49:f3:25:32:
ac:1c:5a:bd:d7:f8:fe:fc:a3:10:90:44:06:bb:21:09:37:31:
88:f1:c7:46:70:94:dc:77:90:8d:28:b7:73:b8:88:96:5a:8c:
3d:41:26:13:1d:b2:3b:a1:c8:71:78:f0:94:52:01:de:50:fd:
67:97:44:74:48:aa:f8:f7:4c:74:fb:31:71:3a:29:dd:ea:ca:
88:0f:20:b1:d8:bf:76:e9:86:d8:6e:9b:c1:7f:1d:1f:e9:b2:
37:fa:4f:c1:2f:bd:b6:f7:b7:1a:f8:ce:99:f9:d1:85:fc:51:
5e:d2:5f:ca:00:6b:32:02:25:39:2d:52:83:55:76:85:d3:28:
1f:8e:7d:89:ba:1d:52:6c:2c:27:2a:b1:4b:06:92:d8:7f:e0:
1e:d7:e2:45:fe:6b:8f:d8:52:71:2c:42:c1:c7:57:ad:4b:72:
f0:e8:dd:2e
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQijZu0EioxSrS3NO/c5BhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjUwMTAxMTU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM3YWE3NjFjYzg1NzE2YjI0YzhlNTM3YmVhMTljMGY0MzM4ZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+hl8ArLFdUUeQ7PAFt0k63Ojkx6j
5LVX+2mQS6E1MA4yenp481eAbVBit+q000dEetyNdwGrnUvOHVJfDTq9VNuF/G+x
2E9iX/ZyzYhd31BUkTZVTY3XyURGPOYAiHnG2gmkaLRVmzpDy+8KGlV9fJgtZuQ5
qgc7+fgiM3urcWFuqNn7J0VTIM1SELgpxrqyRF87Lyy2YL5ZIZAfcNthulg7NzxU
KHdEnERSq26PcEpqWNU2e2lmHNLcHrrTJ/PdsBOiyL9LYTp5gOgd7GXEOyda4f2k
Jzq/2L5/Nl4lrgBzHZSYVl5rjplR9aoEISeIBPQjy9zbZlnOeoSXsCt2CwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFHDHqnYcyFcWskyOU3vqGcD0M489MB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvY01lcWRoeklWeGF5VEk1VGUtb1p3UFF6anowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQAW98TAwQC
uZ7QAwQAwm7MAwQCw+pwMA4EAgACMAgDBgAqAiJ4/zANBgkqhkiG9w0BAQsFAAOC
AQEAR9R0Qdnwowa5nlvKe0eeiPxghouqvgXIySz1axCwOwbkdSzeJdHsfQCDGMPO
BoYp5JdG91ce3ihbkzWAhDVNgj9+rbKBkHN41ySqquWEJqy5v8u0cStJ8yUyrBxa
vdf4/vyjEJBEBrshCTcxiPHHRnCU3HeQjSi3c7iIllqMPUEmEx2yO6HIcXjwlFIB
3lD9Z5dEdEiq+PdMdPsxcTop3erKiA8gsdi/dumG2G6bwX8dH+myN/pPwS+9tve3
GvjOmfnRhfxRXtJfygBrMgIlOS1Sg1V2hdMoH459ibodUmwsJyqxSwaS2H/gHtfi
Rf5rj9hScSxCwcdXrUty8OjdLg==
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:44:51 2025 by rpki-client