Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/icdzN3903U-G6DI4zKp6RZE4flA.roa
File: icdzN3903U-G6DI4zKp6RZE4flA.roa (raw, json)
Hash identifier: kshaHbPYaGNmmaMCwtIlRpH9RaK824cfmas4wivc8R4=
Subject key identifier: 89:C7:73:37:7F:74:DD:4F:86:E8:32:38:CC:AA:7A:45:91:38:7E:50
Certificate issuer: /CN=0d702c53cb803b14644e67587e5d6fd612b64bcc
Certificate serial: 019426D9E76D646DB77DA87EC7100A78BEF3
Authority key identifier: 0D:70:2C:53:CB:80:3B:14:64:4E:67:58:7E:5D:6F:D6:12:B6:4B:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/icdzN3903U-G6DI4zKp6RZE4flA.roa
Signing time: Thu 02 Jan 2025 11:50:02 +0000
ROA not before: Thu 02 Jan 2025 11:50:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31244
IP address blocks: 45.129.64.0/23 maxlen: 23
45.129.66.0/23 maxlen: 23
193.25.112.0/23 maxlen: 23
194.117.236.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.mft
rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Apr 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:e7:6d:64:6d:b7:7d:a8:7e:c7:10:0a:78:be:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d702c53cb803b14644e67587e5d6fd612b64bcc
Validity
Not Before: Jan 2 11:50:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89c773377f74dd4f86e83238ccaa7a4591387e50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:58:49:5c:22:96:b8:b8:48:f6:2b:ea:a2:d7:
c5:14:21:a3:19:6e:24:dc:eb:13:a2:9e:d5:2f:81:
59:24:75:ed:36:dc:9c:f8:d7:f2:73:51:e1:02:2d:
bf:45:8a:de:90:3f:fc:5a:3f:35:91:91:f4:3f:1a:
69:14:39:36:eb:76:15:65:9a:c2:ed:e8:d0:7b:8d:
76:ad:c2:7f:4a:b3:a5:ae:de:97:b2:d5:81:24:c5:
2c:8d:6f:c5:6f:ea:ac:b7:bb:21:a0:97:0e:28:25:
b6:5f:19:9f:92:1c:6b:bf:16:58:c1:c1:2d:ef:a9:
c4:b4:b0:fa:c7:df:26:be:98:2b:38:a6:4a:7b:1f:
38:c4:3b:c8:0a:78:b1:65:ed:4c:87:2e:17:a7:5f:
57:53:4b:ce:1e:83:92:8a:c9:30:34:da:58:d8:b9:
cc:bb:61:54:ca:9e:76:ec:39:26:96:a9:88:98:53:
90:1e:21:8a:c7:6a:03:1f:6d:78:ed:b3:ca:bd:af:
31:09:9b:70:16:1a:8c:ed:6b:17:34:2b:ea:31:20:
2a:4f:ca:af:f7:26:8a:91:e5:72:cb:99:2f:95:c6:
bd:00:c0:90:94:ff:7e:f5:04:07:14:f9:24:16:c5:
f3:21:e3:33:1a:21:c8:93:ef:cf:7e:67:0b:ba:43:
9c:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:C7:73:37:7F:74:DD:4F:86:E8:32:38:CC:AA:7A:45:91:38:7E:50
X509v3 Authority Key Identifier:
keyid:0D:70:2C:53:CB:80:3B:14:64:4E:67:58:7E:5D:6F:D6:12:B6:4B:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/icdzN3903U-G6DI4zKp6RZE4flA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.64.0/22
193.25.112.0/23
194.117.236.0/23
Signature Algorithm: sha256WithRSAEncryption
4d:8a:65:33:15:71:10:6b:6b:48:be:d4:eb:8b:10:f9:76:d7:
b1:66:0d:0b:0d:08:95:55:50:f1:0a:07:56:dc:d9:f7:2a:6c:
8b:60:5f:e5:19:28:34:d8:c8:14:ff:59:d7:26:81:1e:8e:5e:
f9:ca:2e:e9:ea:08:d6:79:e6:42:77:ef:15:88:e2:2e:08:f0:
b9:ca:1e:83:ac:9b:7c:b2:2e:c3:18:1d:75:fa:8b:30:01:42:
70:98:c6:5b:04:d3:e1:88:95:7f:4a:c9:07:50:67:96:d0:a1:
0d:c0:15:e6:22:22:a1:fb:05:dc:0a:2f:dd:fe:82:c3:da:15:
59:78:79:65:3c:65:70:b0:e4:66:5d:06:33:25:0b:84:45:77:
28:0c:5a:96:61:28:1a:e1:93:33:24:01:86:dc:52:b9:cd:e4:
31:fa:66:be:58:cf:73:df:b8:4d:9e:0a:48:89:5d:bb:65:a0:
a9:4d:d6:cc:71:92:50:a0:58:3f:bd:6b:46:87:f6:1b:15:41:
58:36:57:3a:30:11:ca:3f:2a:57:82:66:37:c5:b2:94:9b:b2:
91:94:b6:96:64:b0:da:c4:2e:68:24:96:9d:d5:7e:a6:0b:71:
03:e5:66:19:98:14:ee:ed:de:f8:45:95:5f:01:9c:f8:51:36:
5e:cb:02:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2edtZG23fah+xxAKeL7zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzAyYzUzY2I4MDNiMTQ2NDRlNjc1ODdlNWQ2ZmQ2MTJi
NjRiY2MwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM3NzMzNzdmNzRkZDRmODZlODMyMzhjY2FhN2E0NTkxMzg3ZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFhJXCKWuLhI9ivqotfFFCGjGW4k
3OsTop7VL4FZJHXtNtyc+Nfyc1HhAi2/RYrekD/8Wj81kZH0PxppFDk263YVZZrC
7ejQe412rcJ/SrOlrt6XstWBJMUsjW/Fb+qst7shoJcOKCW2XxmfkhxrvxZYwcEt
76nEtLD6x98mvpgrOKZKex84xDvICnixZe1Mhy4Xp19XU0vOHoOSiskwNNpY2LnM
u2FUyp527DkmlqmImFOQHiGKx2oDH2147bPKva8xCZtwFhqM7WsXNCvqMSAqT8qv
9yaKkeVyy5kvlca9AMCQlP9+9QQHFPkkFsXzIeMzGiHIk+/PfmcLukOcXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFInHczd/dN1PhugyOMyqekWROH5QMB8GA1UdIwQY
MBaAFA1wLFPLgDsUZE5nWH5db9YStkvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhBc1U4dUFPeFJrVG1kWWZsMXYxaEsyUzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9kM2QxMDUtZjk3Mi00YzdjLWJmZWEt
M2YyNTM5MmRlN2Y5LzEvaWNkek4zOTAzVS1HNkRJNHpLcDZSWkU0ZmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9kM2QxMDUtZjk3Mi00YzdjLWJmZWEtM2YyNTM5MmRlN2Y5
LzEvRFhBc1U4dUFPeFJrVG1kWWZsMXYxaEsyUzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYFAAwQB
wRlwAwQBwnXsMA0GCSqGSIb3DQEBCwUAA4IBAQBNimUzFXEQa2tIvtTrixD5dtex
Zg0LDQiVVVDxCgdW3Nn3KmyLYF/lGSg02MgU/1nXJoEejl75yi7p6gjWeeZCd+8V
iOIuCPC5yh6DrJt8si7DGB11+oswAUJwmMZbBNPhiJV/SskHUGeW0KENwBXmIiKh
+wXcCi/d/oLD2hVZeHllPGVwsORmXQYzJQuERXcoDFqWYSga4ZMzJAGG3FK5zeQx
+ma+WM9z37hNngpIiV27ZaCpTdbMcZJQoFg/vWtGh/YbFUFYNlc6MBHKPypXgmY3
xbKUm7KRlLaWZLDaxC5oJJad1X6mC3ED5WYZmBTu7d74RZVfAZz4UTZeywJP
-----END CERTIFICATE-----
Generated at Sun Apr 20 17:44:34 2025 by rpki-client