Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/02f95e-5fe5-4c9a-84d7-e5c9c2e8e9bf/1/o_9E0nw7QGxoWCZk4QqgNmZyf9E.roa
File: o_9E0nw7QGxoWCZk4QqgNmZyf9E.roa (raw, json)
Hash identifier: 1PmMo5WtlImsrpdUj9rWhTyVCZubOTGK5D/YW7g4Mss=
Subject key identifier: A3:FF:44:D2:7C:3B:40:6C:68:58:26:64:E1:0A:A0:36:66:72:7F:D1
Certificate issuer: /CN=6b20818b186b0b9cb09af5420d1e5ae334fe3974
Certificate serial: 0194221F736F6AE3B5BC10FFA8EA6792930C
Authority key identifier: 6B:20:81:8B:18:6B:0B:9C:B0:9A:F5:42:0D:1E:5A:E3:34:FE:39:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ayCBixhrC5ywmvVCDR5a4zT-OXQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/02f95e-5fe5-4c9a-84d7-e5c9c2e8e9bf/1/o_9E0nw7QGxoWCZk4QqgNmZyf9E.roa
Signing time: Wed 01 Jan 2025 13:47:53 +0000
ROA not before: Wed 01 Jan 2025 13:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57293
IP address blocks: 5.197.0.0/16 maxlen: 21
5.197.0.0/17 maxlen: 17
5.197.116.0/22 maxlen: 22
5.197.128.0/17 maxlen: 17
5.197.128.0/20 maxlen: 20
5.197.128.0/21 maxlen: 21
5.197.136.0/21 maxlen: 21
5.197.144.0/20 maxlen: 20
5.197.160.0/20 maxlen: 20
5.197.176.0/20 maxlen: 20
5.197.176.0/21 maxlen: 21
5.197.184.0/21 maxlen: 21
5.197.192.0/20 maxlen: 20
5.197.192.0/21 maxlen: 21
5.197.200.0/21 maxlen: 21
5.197.208.0/20 maxlen: 20
5.197.208.0/21 maxlen: 21
5.197.216.0/21 maxlen: 21
5.197.224.0/20 maxlen: 20
5.197.224.0/21 maxlen: 21
5.197.232.0/21 maxlen: 21
5.197.240.0/20 maxlen: 20
5.197.240.0/21 maxlen: 21
5.197.248.0/21 maxlen: 21
149.255.144.0/20 maxlen: 24
149.255.144.0/21 maxlen: 21
149.255.152.0/21 maxlen: 21
149.255.152.0/24 maxlen: 24
149.255.153.0/24 maxlen: 24
149.255.154.0/24 maxlen: 24
149.255.155.0/24 maxlen: 24
185.146.112.0/22 maxlen: 24
185.146.112.0/24 maxlen: 24
185.146.113.0/24 maxlen: 24
185.146.114.0/24 maxlen: 24
185.146.115.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/02f95e-5fe5-4c9a-84d7-e5c9c2e8e9bf/1/ayCBixhrC5ywmvVCDR5a4zT-OXQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/02f95e-5fe5-4c9a-84d7-e5c9c2e8e9bf/1/ayCBixhrC5ywmvVCDR5a4zT-OXQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/ayCBixhrC5ywmvVCDR5a4zT-OXQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:73:6f:6a:e3:b5:bc:10:ff:a8:ea:67:92:93:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b20818b186b0b9cb09af5420d1e5ae334fe3974
Validity
Not Before: Jan 1 13:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3ff44d27c3b406c68582664e10aa03666727fd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:89:91:bf:db:00:21:d2:cb:ac:0c:c6:19:21:
5f:a3:0e:48:e0:87:b7:fe:28:4f:d9:b0:ec:40:56:
0e:24:2e:50:46:35:1e:15:41:38:a0:c8:66:7b:bc:
33:66:11:4b:c5:be:0c:89:83:1c:52:17:70:5b:83:
36:2d:6f:7f:5e:bf:96:ef:1d:f3:10:03:c7:10:fa:
70:82:3e:4d:4c:8a:37:8e:da:17:f8:26:26:84:67:
0a:31:2a:b5:da:77:5c:67:ab:76:ee:58:33:3d:8f:
5c:5f:52:c1:12:ea:48:97:d7:05:29:a9:1e:54:de:
8f:43:27:8d:9b:7d:6d:01:b4:35:67:a8:95:93:88:
64:16:46:9f:9f:0d:a8:7b:88:ef:d7:ac:49:1c:38:
8e:4e:37:bc:84:c8:a0:69:65:2a:f4:ea:6a:9c:2c:
cd:66:5a:90:58:94:7f:40:6f:6c:01:94:d2:db:67:
d4:84:5a:5f:09:36:39:41:20:0b:fe:6e:f2:ca:20:
59:75:42:be:d0:57:e6:45:cc:d0:f0:23:78:be:44:
a9:a1:1f:4e:3d:d0:73:d1:86:61:c5:69:bc:a2:f7:
81:eb:10:49:34:b0:3b:77:7d:25:30:f3:22:00:1d:
87:ba:87:ae:94:bf:56:d9:03:db:93:e9:c8:66:fb:
11:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:FF:44:D2:7C:3B:40:6C:68:58:26:64:E1:0A:A0:36:66:72:7F:D1
X509v3 Authority Key Identifier:
keyid:6B:20:81:8B:18:6B:0B:9C:B0:9A:F5:42:0D:1E:5A:E3:34:FE:39:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayCBixhrC5ywmvVCDR5a4zT-OXQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/02f95e-5fe5-4c9a-84d7-e5c9c2e8e9bf/1/o_9E0nw7QGxoWCZk4QqgNmZyf9E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/02f95e-5fe5-4c9a-84d7-e5c9c2e8e9bf/1/ayCBixhrC5ywmvVCDR5a4zT-OXQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.197.0.0/16
149.255.144.0/20
185.146.112.0/22
Signature Algorithm: sha256WithRSAEncryption
54:74:d9:dc:04:da:66:3e:07:11:4d:59:4e:42:e1:87:a0:26:
1c:d5:b3:c8:22:31:c6:62:be:85:15:25:39:7c:2f:24:b2:aa:
5a:e9:d6:b0:89:12:a3:ef:ac:dd:ec:30:0a:e0:97:0b:4a:f7:
56:df:52:7b:ad:b5:76:fe:7e:86:93:b8:f0:44:7c:0c:7a:8d:
9d:4d:c7:63:ba:b3:8d:f1:df:90:d4:82:18:d7:da:f2:4f:23:
64:4f:ef:75:87:d9:41:bc:80:30:6e:0f:95:89:65:16:54:7a:
bc:24:c0:db:5d:04:49:25:1b:90:d4:62:54:31:c8:9e:d7:f7:
30:4a:64:fb:72:ba:1c:9a:9f:05:f3:b7:9b:37:49:28:d8:46:
17:7d:49:94:6e:85:6f:ff:82:26:2a:a4:4d:98:58:83:44:d6:
06:1b:90:83:05:e8:46:72:f7:07:a2:b8:09:f1:f9:0d:cd:32:
85:4c:03:04:b3:4d:7c:2c:15:66:54:6c:e0:a1:98:e7:63:4f:
79:22:08:19:49:d9:c1:12:40:e5:5d:4e:67:bc:8b:83:ea:9d:
77:e5:ee:f3:89:47:17:83:66:55:bb:83:0e:9a:7e:33:d7:f7:
f3:0b:67:11:5b:36:eb:f8:c9:86:b5:1e:40:ea:89:f8:5c:c9:
fd:ac:99:6f
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQiH3NvauO1vBD/qOpnkpMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjA4MThiMTg2YjBiOWNiMDlhZjU0MjBkMWU1YWUzMzRm
ZTM5NzQwHhcNMjUwMTAxMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZmNDRkMjdjM2I0MDZjNjg1ODI2NjRlMTBhYTAzNjY2NzI3ZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4mRv9sAIdLLrAzGGSFfow5I4Ie3
/ihP2bDsQFYOJC5QRjUeFUE4oMhme7wzZhFLxb4MiYMcUhdwW4M2LW9/Xr+W7x3z
EAPHEPpwgj5NTIo3jtoX+CYmhGcKMSq12ndcZ6t27lgzPY9cX1LBEupIl9cFKake
VN6PQyeNm31tAbQ1Z6iVk4hkFkafnw2oe4jv16xJHDiOTje8hMigaWUq9OpqnCzN
ZlqQWJR/QG9sAZTS22fUhFpfCTY5QSAL/m7yyiBZdUK+0FfmRczQ8CN4vkSpoR9O
PdBz0YZhxWm8oveB6xBJNLA7d30lMPMiAB2HuoeulL9W2QPbk+nIZvsRfwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFKP/RNJ8O0BsaFgmZOEKoDZmcn/RMB8GA1UdIwQY
MBaAFGsggYsYawucsJr1Qg0eWuM0/jl0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlDQml4aHJDNXl3bXZWQ0RSNWE0elQtT1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8wMmY5NWUtNWZlNS00YzlhLTg0ZDct
ZTVjOWMyZThlOWJmLzEvb185RTBudzdRR3hvV0NaazRRcWdObVp5ZjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8wMmY5NWUtNWZlNS00YzlhLTg0ZDctZTVjOWMyZThlOWJm
LzEvYXlDQml4aHJDNXl3bXZWQ0RSNWE0elQtT1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAATARAwMABcUDBASV
/5ADBAK5knAwDQYJKoZIhvcNAQELBQADggEBAFR02dwE2mY+BxFNWU5C4YegJhzV
s8giMcZivoUVJTl8LySyqlrp1rCJEqPvrN3sMArglwtK91bfUnuttXb+foaTuPBE
fAx6jZ1Nx2O6s43x35DUghjX2vJPI2RP73WH2UG8gDBuD5WJZRZUerwkwNtdBEkl
G5DUYlQxyJ7X9zBKZPtyuhyanwXzt5s3SSjYRhd9SZRuhW//giYqpE2YWINE1gYb
kIMF6EZy9weiuAnx+Q3NMoVMAwSzTXwsFWZUbOChmOdjT3kiCBlJ2cESQOVdTme8
i4PqnXfl7vOJRxeDZlW7gw6afjPX9/MLZxFbNuv4yYa1HkDqifhcyf2smW8=
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:08:35 2025 by rpki-client