Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/zGWw5y3QtBedo3lJVh0hQTzv87w.roa
File: zGWw5y3QtBedo3lJVh0hQTzv87w.roa (raw, json)
Hash identifier: LJqgZZZrONstDDkOQIUQr4bq2xXQX5fdOe5gdv77tuI=
Subject key identifier: CC:65:B0:E7:2D:D0:B4:17:9D:A3:79:49:56:1D:21:41:3C:EF:F3:BC
Certificate issuer: /CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
Certificate serial: 01942444ECFB3FB86D8511F6D2AA78394B77
Authority key identifier: 49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/zGWw5y3QtBedo3lJVh0hQTzv87w.roa
Signing time: Wed 01 Jan 2025 23:48:04 +0000
ROA not before: Wed 01 Jan 2025 23:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7393
IP address blocks: 5.172.180.0/24 maxlen: 24
94.154.116.0/24 maxlen: 24
146.19.67.0/24 maxlen: 24
185.83.231.0/24 maxlen: 24
185.149.148.0/24 maxlen: 24
185.235.227.0/24 maxlen: 24
193.3.169.0/24 maxlen: 24
194.62.104.0/24 maxlen: 24
194.104.135.0/24 maxlen: 24
212.23.195.0/24 maxlen: 24
212.52.29.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl
rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.mft
rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:ec:fb:3f:b8:6d:85:11:f6:d2:aa:78:39:4b:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
Validity
Not Before: Jan 1 23:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc65b0e72dd0b4179da37949561d21413ceff3bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:5d:6e:84:a5:67:ce:bc:55:09:9c:74:a6:36:
53:99:6b:f5:57:c7:62:ea:c5:cf:e0:be:f6:79:c6:
23:c2:aa:98:1f:cd:2d:61:0d:12:a9:ed:9e:d8:cd:
31:08:e1:d3:f8:48:0e:94:c1:64:f5:d9:2e:74:41:
02:12:7c:73:96:99:05:2d:3b:0e:1c:44:44:82:16:
36:ea:dd:12:b3:77:24:bb:16:55:3f:1e:a9:be:1b:
20:a5:d2:51:08:b1:ff:f0:10:9b:32:80:fa:bd:3e:
02:7f:88:87:d6:4e:32:67:0a:e6:45:e7:b1:01:d9:
93:18:59:da:a1:3b:f8:f7:88:6c:a9:73:f0:8e:05:
23:54:6e:7f:5e:ad:c5:9e:6d:03:1d:85:a1:d4:7c:
ae:42:29:a2:6a:40:ab:ed:02:30:65:56:e3:48:47:
4f:93:16:6f:d9:4c:a4:6b:50:03:f3:a7:23:5d:c9:
94:9d:5e:e0:6b:af:81:b1:f9:17:d8:23:a2:0a:49:
6f:2f:c4:dc:73:e2:fd:f4:5e:52:70:b3:1a:39:1b:
55:4a:de:7a:43:53:08:6d:c7:60:42:63:10:40:d4:
82:07:d9:67:bc:96:2a:28:92:b3:80:1e:9f:c9:e0:
bd:3a:6f:6e:6e:9c:08:a7:f4:cd:f0:2e:b1:d8:44:
b3:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:65:B0:E7:2D:D0:B4:17:9D:A3:79:49:56:1D:21:41:3C:EF:F3:BC
X509v3 Authority Key Identifier:
keyid:49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/zGWw5y3QtBedo3lJVh0hQTzv87w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.180.0/24
94.154.116.0/24
146.19.67.0/24
185.83.231.0/24
185.149.148.0/24
185.235.227.0/24
193.3.169.0/24
194.62.104.0/24
194.104.135.0/24
212.23.195.0/24
212.52.29.0/24
Signature Algorithm: sha256WithRSAEncryption
28:b8:69:cc:bd:4d:54:57:9a:21:5e:ba:d4:c9:59:37:cb:07:
f3:8d:75:43:21:09:f8:76:71:b7:5e:21:2c:bb:e1:d6:f5:69:
e2:5c:24:23:d8:8d:28:88:2d:14:a8:88:c9:cf:8b:28:d7:49:
c9:18:74:b6:f4:cd:e7:96:76:ed:e7:ca:c6:dd:e9:0d:06:f9:
d3:92:6d:6f:b5:f1:09:b4:58:37:02:0a:9f:c7:e1:f9:7a:9d:
9b:29:df:ed:58:53:2f:fc:d9:05:43:f0:3d:6f:6e:1a:34:ee:
1f:73:5a:f5:c1:23:f0:c3:50:d7:38:0d:f6:b9:3a:f9:b7:f7:
31:75:a7:e0:63:cb:8a:87:3b:5d:14:85:71:98:73:70:ab:94:
d2:4c:7e:7f:fc:87:ec:b1:84:9b:27:fb:83:60:5e:e5:c6:9b:
c2:cf:ec:c4:52:a2:ac:c8:a7:ce:21:22:2a:43:16:d5:34:c3:
f6:53:9b:52:33:1c:01:c0:e8:7b:87:5c:18:d7:81:20:00:f0:
a9:af:29:d7:92:61:9e:c4:0c:b6:0c:5c:4d:ff:bf:e4:f4:16:
3c:98:47:f9:bd:fd:59:90:b0:bc:dd:2d:68:ac:4b:97:36:14:
9b:d2:69:d6:7a:21:f0:58:6c:43:c5:49:94:bb:82:23:b9:d4:
46:02:be:5b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQkROz7P7hthRH20qp4OUt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTE0YmY3NmY0MmRhNGYyYWMwMDNhNmM2OWQ2MWMyMzIw
ZTJjZDgwHhcNMjUwMTAxMjM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzY1YjBlNzJkZDBiNDE3OWRhMzc5NDk1NjFkMjE0MTNjZWZmM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7l1uhKVnzrxVCZx0pjZTmWv1V8di
6sXP4L72ecYjwqqYH80tYQ0Sqe2e2M0xCOHT+EgOlMFk9dkudEECEnxzlpkFLTsO
HEREghY26t0Ss3ckuxZVPx6pvhsgpdJRCLH/8BCbMoD6vT4Cf4iH1k4yZwrmReex
AdmTGFnaoTv494hsqXPwjgUjVG5/Xq3Fnm0DHYWh1HyuQimiakCr7QIwZVbjSEdP
kxZv2Uyka1AD86cjXcmUnV7ga6+BsfkX2COiCklvL8Tcc+L99F5ScLMaORtVSt56
Q1MIbcdgQmMQQNSCB9lnvJYqKJKzgB6fyeC9Om9ubpwIp/TN8C6x2ESzFQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFMxlsOct0LQXnaN5SVYdIUE87/O8MB8GA1UdIwQY
MBaAFEnhS/dvQtpPKsADpsadYcIyDizYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEt
M2JlY2NhYWUzMzZkLzEvekdXdzV5M1F0QmVkbzNsSlZoMGhRVHp2ODd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEtM2JlY2NhYWUzMzZk
LzEvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABay0AwQA
Xpp0AwQAkhNDAwQAuVPnAwQAuZWUAwQAuevjAwQAwQOpAwQAwj5oAwQAwmiHAwQA
1BfDAwQA1DQdMA0GCSqGSIb3DQEBCwUAA4IBAQAouGnMvU1UV5ohXrrUyVk3ywfz
jXVDIQn4dnG3XiEsu+HW9WniXCQj2I0oiC0UqIjJz4so10nJGHS29M3nlnbt58rG
3ekNBvnTkm1vtfEJtFg3Agqfx+H5ep2bKd/tWFMv/NkFQ/A9b24aNO4fc1r1wSPw
w1DXOA32uTr5t/cxdafgY8uKhztdFIVxmHNwq5TSTH5//IfssYSbJ/uDYF7lxpvC
z+zEUqKsyKfOISIqQxbVNMP2U5tSMxwBwOh7h1wY14EgAPCprynXkmGexAy2DFxN
/7/k9BY8mEf5vf1ZkLC83S1orEuXNhSb0mnWeiHwWGxDxUmUu4IjudRGAr5b
-----END CERTIFICATE-----
Generated at Wed Feb 5 12:50:23 2025 by rpki-client