Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/iZqL6_PSGazhAHTG8n5f5upkE7o.roa
File: iZqL6_PSGazhAHTG8n5f5upkE7o.roa (raw, json)
Hash identifier: TdanwoPOzVBRuHWtY8645nRrqXQAZFZC688e8tbzVuE=
Subject key identifier: 89:9A:8B:EB:F3:D2:19:AC:E1:00:74:C6:F2:7E:5F:E6:EA:64:13:BA
Certificate issuer: /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial: 019425FD4E436C7B933C26D3FC1B679387D5
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/iZqL6_PSGazhAHTG8n5f5upkE7o.roa
Signing time: Thu 02 Jan 2025 07:49:05 +0000
ROA not before: Thu 02 Jan 2025 07:49:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3216
IP address blocks: 194.85.128.0/19 maxlen: 19
194.85.129.0/28 maxlen: 28
194.85.129.16/28 maxlen: 28
194.85.153.240/28 maxlen: 28
194.85.154.0/24 maxlen: 24
195.209.160.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 14:34:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:4e:43:6c:7b:93:3c:26:d3:fc:1b:67:93:87:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
Validity
Not Before: Jan 2 07:49:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=899a8bebf3d219ace10074c6f27e5fe6ea6413ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:5e:0b:24:7c:ca:9f:2b:d6:5a:49:7f:af:4a:
9f:09:b9:f9:70:7d:5c:22:ad:a3:51:9a:14:40:d4:
39:07:be:68:47:89:66:31:5d:2a:be:8c:a6:a6:05:
3b:06:f7:96:d0:da:6d:7d:41:8c:98:2c:47:a4:4d:
71:44:be:14:29:69:c8:e4:aa:25:d0:de:96:cb:4a:
80:aa:24:4d:b6:fb:60:41:65:a0:c0:fa:f3:2a:d7:
2d:62:64:e5:c6:c2:95:9d:9a:0c:fb:9c:57:a9:76:
0f:6e:f5:75:98:8c:ce:27:26:0d:4b:5f:04:d4:43:
cb:3c:18:e9:9b:bc:19:78:c5:23:4d:53:23:1c:36:
90:34:61:4b:8c:ca:2f:54:1b:e4:80:24:cb:38:dc:
e9:e7:99:4b:4b:73:cf:cf:09:89:d2:25:7e:a2:85:
08:b5:1b:88:53:6b:b1:ea:6d:be:45:56:d0:7f:88:
b5:f2:54:a7:6e:37:ca:ec:99:30:65:02:72:75:5d:
41:92:88:c6:27:7c:72:4e:31:a4:e6:61:76:69:1d:
ef:ef:98:0e:2f:7c:ed:ce:39:00:62:3b:3f:ca:b8:
f5:1a:5f:d3:9e:44:30:bf:6e:cb:86:f1:03:29:64:
97:2f:a7:2c:13:b3:87:8e:de:cf:91:84:40:a4:ac:
46:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:9A:8B:EB:F3:D2:19:AC:E1:00:74:C6:F2:7E:5F:E6:EA:64:13:BA
X509v3 Authority Key Identifier:
keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/iZqL6_PSGazhAHTG8n5f5upkE7o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.85.128.0/19
195.209.160.0/20
Signature Algorithm: sha256WithRSAEncryption
ab:4c:2f:f9:8b:ae:a9:c7:b3:80:93:44:74:45:d8:09:e5:9e:
40:05:0d:9a:f8:04:bc:9a:20:c1:48:57:0e:7c:22:e7:6a:7d:
d1:ba:9a:67:54:b0:03:75:2a:20:4f:82:82:52:97:82:69:50:
42:62:84:84:75:3d:c8:16:7d:46:a6:2c:c9:f2:44:2c:d2:7d:
7c:14:ec:ac:97:1c:b7:23:43:b2:74:89:da:56:c6:e1:c1:51:
04:6b:d5:e5:f6:4e:32:68:f7:bf:17:af:a9:63:54:a9:0f:7a:
bd:d1:b8:62:1c:84:98:51:44:3c:d4:ca:a1:87:f9:1d:ec:26:
ad:13:b6:99:a9:a2:a8:23:e2:61:41:a8:72:33:23:ea:da:da:
ee:9a:2d:c4:d7:9d:45:da:1c:95:cb:c3:07:e5:76:b4:84:5a:
a8:a3:f0:3e:e3:a9:c3:16:10:8b:4a:5e:3d:19:00:66:9c:17:
fa:dc:a6:1a:03:5b:7b:7c:84:e3:32:83:80:4f:63:dd:75:65:
c6:e4:b1:9f:69:ac:fb:6a:72:9e:d1:a3:fc:71:bf:fc:77:51:
66:6d:99:e6:02:f1:2d:18:3d:37:bd:d8:7a:03:30:d9:d5:00:
9e:43:95:2d:b3:95:98:a0:84:81:88:12:9a:31:37:50:f1:ce:
9f:16:d4:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/U5DbHuTPCbT/Btnk4fVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTlhOGJlYmYzZDIxOWFjZTEwMDc0YzZmMjdlNWZlNmVhNjQxM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1l4LJHzKnyvWWkl/r0qfCbn5cH1c
Iq2jUZoUQNQ5B75oR4lmMV0qvoympgU7BveW0NptfUGMmCxHpE1xRL4UKWnI5Kol
0N6Wy0qAqiRNtvtgQWWgwPrzKtctYmTlxsKVnZoM+5xXqXYPbvV1mIzOJyYNS18E
1EPLPBjpm7wZeMUjTVMjHDaQNGFLjMovVBvkgCTLONzp55lLS3PPzwmJ0iV+ooUI
tRuIU2ux6m2+RVbQf4i18lSnbjfK7JkwZQJydV1BkojGJ3xyTjGk5mF2aR3v75gO
L3ztzjkAYjs/yrj1Gl/TnkQwv27LhvEDKWSXL6csE7OHjt7PkYRApKxGUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFImai+vz0hms4QB0xvJ+X+bqZBO6MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvaVpxTDZfUFNHYXpoQUhURzhuNWY1dXBrRTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFwlWAAwQE
w9GgMA0GCSqGSIb3DQEBCwUAA4IBAQCrTC/5i66px7OAk0R0RdgJ5Z5ABQ2a+AS8
miDBSFcOfCLnan3RuppnVLADdSogT4KCUpeCaVBCYoSEdT3IFn1GpizJ8kQs0n18
FOyslxy3I0OydInaVsbhwVEEa9Xl9k4yaPe/F6+pY1SpD3q90bhiHISYUUQ81Mqh
h/kd7CatE7aZqaKoI+JhQahyMyPq2trumi3E151F2hyVy8MH5Xa0hFqoo/A+46nD
FhCLSl49GQBmnBf63KYaA1t7fITjMoOAT2PddWXG5LGfaaz7anKe0aP8cb/8d1Fm
bZnmAvEtGD03vdh6AzDZ1QCeQ5Uts5WYoISBiBKaMTdQ8c6fFtQA
-----END CERTIFICATE-----
Generated at Sat Apr 12 00:44:51 2025 by rpki-client