Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ff25d7-5ffa-4686-8326-69d79c9d0721/1/XM057xIBl4X4QJASTmfkRwaiNaE.roa
File: XM057xIBl4X4QJASTmfkRwaiNaE.roa (raw, json)
Hash identifier: vZ1H1/yQjb9EVPL0oyydRTCpB/F5AEPyVx/M+2z5CZ0=
Subject key identifier: 5C:CD:39:EF:12:01:97:85:F8:40:90:12:4E:67:E4:47:06:A2:35:A1
Certificate issuer: /CN=9df6d163593deb8aeff072feca58e6f3f1c4e7e5
Certificate serial: 019420681B2141452088E44516887B6B0FAB
Authority key identifier: 9D:F6:D1:63:59:3D:EB:8A:EF:F0:72:FE:CA:58:E6:F3:F1:C4:E7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfbRY1k964rv8HL-yljm8_HE5-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/ff25d7-5ffa-4686-8326-69d79c9d0721/1/XM057xIBl4X4QJASTmfkRwaiNaE.roa
Signing time: Wed 01 Jan 2025 05:48:01 +0000
ROA not before: Wed 01 Jan 2025 05:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207048
IP address blocks: 185.123.52.0/24 maxlen: 24
193.107.51.0/24 maxlen: 24
2a10:ec0::/29 maxlen: 29
2a12:60c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/ff25d7-5ffa-4686-8326-69d79c9d0721/1/nfbRY1k964rv8HL-yljm8_HE5-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/ff25d7-5ffa-4686-8326-69d79c9d0721/1/nfbRY1k964rv8HL-yljm8_HE5-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfbRY1k964rv8HL-yljm8_HE5-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 05:00:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:1b:21:41:45:20:88:e4:45:16:88:7b:6b:0f:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df6d163593deb8aeff072feca58e6f3f1c4e7e5
Validity
Not Before: Jan 1 05:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5ccd39ef12019785f84090124e67e44706a235a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:60:0b:51:72:a6:00:2d:a5:9e:b6:68:67:e7:
c8:67:1d:02:c5:77:d5:e5:f6:7d:8f:7c:84:33:fe:
47:28:35:27:5f:cc:66:9d:c8:51:32:87:64:43:f4:
cf:28:cf:31:e7:8c:1d:3e:81:e3:9c:a4:d9:c0:77:
0d:ff:39:22:eb:87:12:67:a6:e3:fb:bb:99:c1:74:
8e:ba:03:39:b2:f2:5b:9e:b1:de:56:23:0a:d3:3d:
60:4b:c4:00:e3:c6:86:dd:17:7c:cd:53:a5:b2:c9:
7b:cd:2f:3d:92:a2:8a:7b:62:74:b9:e4:bd:6f:0c:
3d:5f:3a:47:6a:70:7a:15:fc:d5:50:56:83:1d:dd:
fe:f1:8a:64:c2:8c:86:60:1c:8c:10:a3:05:5b:1e:
84:a0:be:46:91:97:5c:d2:c6:aa:dd:f6:8c:9a:4e:
57:ec:69:ac:98:a6:a0:0b:07:11:3c:90:4b:88:3c:
77:bd:b1:d8:87:f4:42:16:14:ad:87:e2:39:d9:60:
4a:80:0c:b8:37:0f:59:45:83:e7:32:c6:8a:0e:2a:
92:28:40:46:71:3e:5b:55:61:84:bd:00:53:00:73:
1f:a0:30:d3:74:fc:46:39:00:56:14:25:35:57:fb:
08:b9:0f:f2:c4:af:46:fc:4e:9f:d3:e4:1d:28:ab:
d2:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:CD:39:EF:12:01:97:85:F8:40:90:12:4E:67:E4:47:06:A2:35:A1
X509v3 Authority Key Identifier:
keyid:9D:F6:D1:63:59:3D:EB:8A:EF:F0:72:FE:CA:58:E6:F3:F1:C4:E7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfbRY1k964rv8HL-yljm8_HE5-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff25d7-5ffa-4686-8326-69d79c9d0721/1/XM057xIBl4X4QJASTmfkRwaiNaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff25d7-5ffa-4686-8326-69d79c9d0721/1/nfbRY1k964rv8HL-yljm8_HE5-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.123.52.0/24
193.107.51.0/24
IPv6:
2a10:ec0::/29
2a12:60c0::/29
Signature Algorithm: sha256WithRSAEncryption
b1:37:7a:0f:35:fc:fb:74:c5:2a:30:3c:c6:47:0d:17:09:3f:
1b:d8:e2:99:d7:8a:db:9e:ba:de:a3:73:37:c0:29:99:d9:94:
85:14:19:96:ec:43:de:63:d3:2a:e5:85:0d:17:c8:61:72:03:
37:eb:b4:17:f9:69:8c:b7:fa:34:91:3d:a7:78:79:35:6b:a5:
a3:95:5f:b5:f0:76:ec:be:94:e6:15:9f:b5:21:16:9a:64:6d:
5b:ef:77:47:6f:3d:6a:d6:d7:07:0f:59:0c:0c:81:0c:5f:e1:
f6:97:ff:d2:82:d2:56:ee:a0:26:4a:51:44:a9:b2:03:7f:94:
ee:fa:c5:f9:be:09:ee:e3:87:62:1a:b0:6b:87:c7:67:92:89:
f3:e0:4f:3d:b1:68:34:56:4e:1f:e9:4b:0b:21:81:9a:21:5b:
6f:69:36:52:ab:53:71:e1:f9:73:cf:fa:77:2b:d0:cd:bb:6b:
37:8e:c2:a5:bb:35:12:40:4b:5d:ab:33:03:6d:78:5c:3d:f5:
94:b5:b0:60:49:7e:bf:f7:b5:f8:e1:87:8d:9d:a1:be:61:c7:
84:08:bb:7c:4a:5c:5e:64:09:af:18:f0:79:72:59:54:23:9d:
2d:b7:5c:33:ff:3b:c6:0e:0d:ff:42:9a:d9:af:e5:c6:c4:3d:
b4:49:15:83
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQgaBshQUUgiORFFoh7aw+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZjZkMTYzNTkzZGViOGFlZmYwNzJmZWNhNThlNmYzZjFj
NGU3ZTUwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NkMzllZjEyMDE5Nzg1Zjg0MDkwMTI0ZTY3ZTQ0NzA2YTIzNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGALUXKmAC2lnrZoZ+fIZx0CxXfV
5fZ9j3yEM/5HKDUnX8xmnchRModkQ/TPKM8x54wdPoHjnKTZwHcN/zki64cSZ6bj
+7uZwXSOugM5svJbnrHeViMK0z1gS8QA48aG3Rd8zVOlssl7zS89kqKKe2J0ueS9
bww9XzpHanB6FfzVUFaDHd3+8YpkwoyGYByMEKMFWx6EoL5GkZdc0saq3faMmk5X
7GmsmKagCwcRPJBLiDx3vbHYh/RCFhSth+I52WBKgAy4Nw9ZRYPnMsaKDiqSKEBG
cT5bVWGEvQBTAHMfoDDTdPxGOQBWFCU1V/sIuQ/yxK9G/E6f0+QdKKvStQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFFzNOe8SAZeF+ECQEk5n5EcGojWhMB8GA1UdIwQY
MBaAFJ320WNZPeuK7/By/spY5vPxxOflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmZiUlkxazk2NHJ2OEhMLXlsam04X0hFNS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mZjI1ZDctNWZmYS00Njg2LTgzMjYt
NjlkNzljOWQwNzIxLzEvWE0wNTd4SUJsNFg0UUpBU1RtZmtSd2FpTmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mZjI1ZDctNWZmYS00Njg2LTgzMjYtNjlkNzljOWQwNzIx
LzEvbmZiUlkxazk2NHJ2OEhMLXlsam04X0hFNS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQAuXs0AwQA
wWszMBQEAgACMA4DBQMqEA7AAwUDKhJgwDANBgkqhkiG9w0BAQsFAAOCAQEAsTd6
DzX8+3TFKjA8xkcNFwk/G9jimdeK25663qNzN8ApmdmUhRQZluxD3mPTKuWFDRfI
YXIDN+u0F/lpjLf6NJE9p3h5NWulo5VftfB27L6U5hWftSEWmmRtW+93R289atbX
Bw9ZDAyBDF/h9pf/0oLSVu6gJkpRRKmyA3+U7vrF+b4J7uOHYhqwa4fHZ5KJ8+BP
PbFoNFZOH+lLCyGBmiFbb2k2UqtTceH5c8/6dyvQzbtrN47Cpbs1EkBLXaszA214
XD31lLWwYEl+v/e1+OGHjZ2hvmHHhAi7fEpcXmQJrxjweXJZVCOdLbdcM/87xg4N
/0Ka2a/lxsQ9tEkVgw==
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:59:43 2025 by rpki-client