Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/mbXBHvnDkr71szR1uqXUf3o_CNU.roa
File: mbXBHvnDkr71szR1uqXUf3o_CNU.roa (raw, json)
Hash identifier: gBt+bTGYlOGXiT5DEgI8/fzoH444V5sSGRbb6v+iHAk=
Subject key identifier: 99:B5:C1:1E:F9:C3:92:BE:F5:B3:34:75:BA:A5:D4:7F:7A:3F:08:D5
Certificate issuer: /CN=37915673b28bdfadb2c2019ac68d0464fd21b71a
Certificate serial: 019425FCB0ECFFEFDDEF93B73DEE928E1185
Authority key identifier: 37:91:56:73:B2:8B:DF:AD:B2:C2:01:9A:C6:8D:04:64:FD:21:B7:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/mbXBHvnDkr71szR1uqXUf3o_CNU.roa
Signing time: Thu 02 Jan 2025 07:48:24 +0000
ROA not before: Thu 02 Jan 2025 07:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34108
IP address blocks: 145.32.0.0/16 maxlen: 16
145.32.0.0/17 maxlen: 17
145.32.0.0/24 maxlen: 24
145.32.10.0/23 maxlen: 23
145.32.66.0/24 maxlen: 24
145.32.86.0/23 maxlen: 24
145.32.128.0/17 maxlen: 17
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.mft
rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 12:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:b0:ec:ff:ef:dd:ef:93:b7:3d:ee:92:8e:11:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37915673b28bdfadb2c2019ac68d0464fd21b71a
Validity
Not Before: Jan 2 07:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=99b5c11ef9c392bef5b33475baa5d47f7a3f08d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:04:a6:40:bb:cd:6d:9a:d7:a1:6a:8b:17:75:
ff:37:db:8e:18:74:1d:25:00:73:35:cb:51:cd:5d:
cd:bc:09:b8:dc:dd:0b:99:30:8c:c3:87:b1:7f:b4:
d7:f0:4f:3e:d7:47:83:ce:fe:b8:52:7a:67:e1:b7:
31:6c:7d:80:0a:0a:6b:f2:2a:22:a3:e4:89:56:8c:
de:40:b9:3e:97:e8:0e:8f:ac:33:3e:6c:ab:00:68:
7a:79:1e:e8:f8:cc:4b:a3:f8:d5:41:dc:40:89:e9:
1a:77:ca:f9:ba:32:ef:8b:90:9c:23:c3:b4:a5:68:
36:9e:ed:79:ad:46:40:00:bd:15:2e:d5:47:98:e5:
34:d9:85:d3:1d:e6:f5:78:05:e5:6a:39:66:16:cd:
85:67:42:7a:cc:ac:47:32:9e:84:1d:d9:4b:54:66:
92:03:fc:97:7f:c8:51:ae:a4:ed:bd:a9:02:db:67:
95:28:05:a2:d4:e7:e3:92:87:ec:f3:76:84:74:8c:
73:7d:d7:8d:bd:b8:e6:9f:6a:67:dd:51:4d:a1:29:
c6:2e:ea:90:7c:3a:67:5e:5b:6e:c9:07:94:f4:54:
04:3a:a9:b2:d7:e0:e3:ac:46:cc:aa:57:75:21:64:
11:da:8b:e5:b2:e7:f3:66:57:57:8f:b1:7e:90:91:
9c:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:B5:C1:1E:F9:C3:92:BE:F5:B3:34:75:BA:A5:D4:7F:7A:3F:08:D5
X509v3 Authority Key Identifier:
keyid:37:91:56:73:B2:8B:DF:AD:B2:C2:01:9A:C6:8D:04:64:FD:21:B7:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/mbXBHvnDkr71szR1uqXUf3o_CNU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.32.0.0/16
Signature Algorithm: sha256WithRSAEncryption
14:5d:a4:62:bb:07:18:10:06:4b:0e:56:80:43:25:56:61:b4:
a3:f7:3a:45:ea:6e:91:ec:92:6b:90:15:d3:47:3c:10:33:ea:
9d:62:4c:19:ed:70:17:eb:cb:e0:0a:31:fd:5f:c1:44:11:2b:
e7:a8:8d:65:08:ae:ee:2f:28:76:96:f5:2e:63:52:6e:06:cf:
0b:80:df:9d:6b:e3:5d:a9:9d:0d:b8:9b:9b:1c:a6:5b:5d:f9:
c2:d4:cb:89:39:44:51:03:fe:8b:b6:0b:16:5c:df:c6:88:d4:
c1:be:17:ab:dc:c0:2b:6d:06:af:02:24:ce:c7:2f:4b:c6:1a:
e7:49:e5:e2:d9:7e:77:bd:63:bd:e2:58:91:c3:fd:ef:78:06:
dc:b2:b8:ae:ed:8a:7a:ff:be:e9:6a:e6:e5:f1:53:f7:d8:34:
c4:00:8f:b4:b5:d7:b9:aa:dd:f0:fc:08:0c:85:c7:c8:9a:7e:
3a:5a:6b:36:75:55:d8:23:ff:dd:c9:6e:8a:ec:a5:12:48:90:
d4:cd:0d:23:2e:28:8d:bf:5d:ef:d1:40:d4:4a:74:c2:87:de:
60:3b:86:66:68:0f:23:5c:7f:14:96:0c:0e:7f:9e:92:2d:69:
c0:27:45:46:e1:e2:5a:a9:e8:c3:7b:4d:99:3b:c5:20:11:41:
2a:7d:d7:3f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQl/LDs/+/d75O3Pe6SjhGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTE1NjczYjI4YmRmYWRiMmMyMDE5YWM2OGQwNDY0ZmQy
MWI3MWEwHhcNMjUwMTAyMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWI1YzExZWY5YzM5MmJlZjViMzM0NzViYWE1ZDQ3ZjdhM2YwOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQSmQLvNbZrXoWqLF3X/N9uOGHQd
JQBzNctRzV3NvAm43N0LmTCMw4exf7TX8E8+10eDzv64Unpn4bcxbH2ACgpr8ioi
o+SJVozeQLk+l+gOj6wzPmyrAGh6eR7o+MxLo/jVQdxAiekad8r5ujLvi5CcI8O0
pWg2nu15rUZAAL0VLtVHmOU02YXTHeb1eAXlajlmFs2FZ0J6zKxHMp6EHdlLVGaS
A/yXf8hRrqTtvakC22eVKAWi1Ofjkofs83aEdIxzfdeNvbjmn2pn3VFNoSnGLuqQ
fDpnXltuyQeU9FQEOqmy1+DjrEbMqld1IWQR2ovlsufzZldXj7F+kJGcyQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJm1wR75w5K+9bM0dbql1H96PwjVMB8GA1UdIwQY
MBaAFDeRVnOyi9+tssIBmsaNBGT9IbcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVGV2M3S0wzNjJ5d2dHYXhvMEVaUDBodHhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80ZWE0ZjctZDcwZS00MmEyLWFmZDct
M2UzYTE4OGY0OWRlLzEvbWJYQkh2bkRrcjcxc3pSMXVxWFVmM29fQ05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80ZWE0ZjctZDcwZS00MmEyLWFmZDctM2UzYTE4OGY0OWRl
LzEvTjVGV2M3S0wzNjJ5d2dHYXhvMEVaUDBodHhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkSAwDQYJ
KoZIhvcNAQELBQADggEBABRdpGK7BxgQBksOVoBDJVZhtKP3OkXqbpHskmuQFdNH
PBAz6p1iTBntcBfry+AKMf1fwUQRK+eojWUIru4vKHaW9S5jUm4GzwuA351r412p
nQ24m5scpltd+cLUy4k5RFED/ou2CxZc38aI1MG+F6vcwCttBq8CJM7HL0vGGudJ
5eLZfne9Y73iWJHD/e94BtyyuK7tinr/vulq5uXxU/fYNMQAj7S117mq3fD8CAyF
x8iafjpaazZ1Vdgj/93JborspRJIkNTNDSMuKI2/Xe/RQNRKdMKH3mA7hmZoDyNc
fxSWDA5/npItacAnRUbh4lqp6MN7TZk7xSARQSp91z8=
-----END CERTIFICATE-----
Generated at Wed Apr 16 16:11:55 2025 by rpki-client