Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d81a43-482a-4433-a7a2-027c0d6424e3/1/atjesNZQ2ZNfTEAkHa8X7G1spoI.roa
File: atjesNZQ2ZNfTEAkHa8X7G1spoI.roa (raw, json)
Hash identifier: ztzd1xVIo16Gew42+wgHm3Qb1gPLUkf9BdSdxy5xsYQ=
Subject key identifier: 6A:D8:DE:B0:D6:50:D9:93:5F:4C:40:24:1D:AF:17:EC:6D:6C:A6:82
Certificate issuer: /CN=3a539e501dff37cdc92cbee0cddb92ed2e81c13c
Certificate serial: 01942068306A8B4F525D5E88C1F20807EABF
Authority key identifier: 3A:53:9E:50:1D:FF:37:CD:C9:2C:BE:E0:CD:DB:92:ED:2E:81:C1:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OlOeUB3_N83JLL7gzduS7S6BwTw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/d81a43-482a-4433-a7a2-027c0d6424e3/1/atjesNZQ2ZNfTEAkHa8X7G1spoI.roa
Signing time: Wed 01 Jan 2025 05:48:06 +0000
ROA not before: Wed 01 Jan 2025 05:48:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44347
IP address blocks: 46.43.192.0/18 maxlen: 18
46.43.192.0/19 maxlen: 19
46.43.224.0/19 maxlen: 19
185.14.32.0/22 maxlen: 22
185.14.32.0/23 maxlen: 23
185.14.34.0/23 maxlen: 23
188.65.48.0/21 maxlen: 21
188.65.48.0/22 maxlen: 22
188.65.52.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/d81a43-482a-4433-a7a2-027c0d6424e3/1/OlOeUB3_N83JLL7gzduS7S6BwTw.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/d81a43-482a-4433-a7a2-027c0d6424e3/1/OlOeUB3_N83JLL7gzduS7S6BwTw.mft
rsync://rpki.ripe.net/repository/DEFAULT/OlOeUB3_N83JLL7gzduS7S6BwTw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 17:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:30:6a:8b:4f:52:5d:5e:88:c1:f2:08:07:ea:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a539e501dff37cdc92cbee0cddb92ed2e81c13c
Validity
Not Before: Jan 1 05:48:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6ad8deb0d650d9935f4c40241daf17ec6d6ca682
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:dd:cb:24:2a:aa:8e:ba:b0:19:1f:36:e8:5f:
b6:7d:6e:63:1c:f8:90:b7:cd:49:e2:9c:b8:3e:81:
00:9e:46:1b:89:e3:02:30:01:db:ed:63:89:71:7f:
01:5f:8f:dd:4d:c8:1c:f1:d0:d3:4a:96:ca:45:cf:
6e:5b:d8:8f:b0:d3:90:0e:a2:23:9c:4e:fb:11:3d:
6f:6d:97:1a:7c:c8:d9:99:28:e1:c2:5e:19:78:5f:
57:fd:48:13:b8:e9:bd:a9:59:67:b6:bc:f8:06:ab:
97:63:28:75:00:7e:63:1e:6a:d6:88:d7:58:40:b2:
86:ff:74:85:a8:14:57:ea:31:65:a5:12:ee:c0:a8:
4c:e9:f6:33:94:92:85:90:60:cc:df:84:33:b4:38:
1b:e8:13:e0:bf:a8:f1:b8:c1:4a:d3:cf:a2:37:24:
97:27:6f:44:27:a5:0d:ee:11:9e:0c:3c:eb:9a:c9:
b2:15:28:4c:b3:22:73:d9:b5:9a:ee:9b:47:c4:fa:
0d:72:cf:38:bb:2a:88:fb:95:44:d6:b5:89:14:1c:
65:73:74:f9:e9:a5:ab:42:2b:d2:4d:ba:bd:6e:7a:
18:38:45:67:1b:6b:02:5b:c2:ca:4c:de:11:ed:6a:
56:3f:f0:c2:e9:5c:56:bb:05:ee:2c:0f:62:e4:a7:
ad:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:D8:DE:B0:D6:50:D9:93:5F:4C:40:24:1D:AF:17:EC:6D:6C:A6:82
X509v3 Authority Key Identifier:
keyid:3A:53:9E:50:1D:FF:37:CD:C9:2C:BE:E0:CD:DB:92:ED:2E:81:C1:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OlOeUB3_N83JLL7gzduS7S6BwTw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d81a43-482a-4433-a7a2-027c0d6424e3/1/atjesNZQ2ZNfTEAkHa8X7G1spoI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d81a43-482a-4433-a7a2-027c0d6424e3/1/OlOeUB3_N83JLL7gzduS7S6BwTw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.43.192.0/18
185.14.32.0/22
188.65.48.0/21
Signature Algorithm: sha256WithRSAEncryption
65:52:53:9e:64:2c:87:f0:d1:5f:5b:bf:6f:ee:e8:03:28:7e:
72:d9:b6:fa:6f:d1:a8:95:4e:af:a6:17:24:dc:71:ad:b0:14:
dd:c6:f3:2f:12:4a:65:0f:25:89:00:9a:a8:80:d9:30:f1:ac:
0e:6c:81:af:e2:59:e4:95:58:f5:79:67:01:f7:df:61:5c:38:
a0:ae:df:4b:03:41:3c:c4:8c:7c:45:42:7f:70:61:07:68:f0:
87:4c:a7:01:b9:e1:3d:c8:c8:46:18:a3:3f:35:1a:29:4c:f5:
09:6a:24:f0:9e:07:e1:b8:5b:25:72:31:d9:22:bc:83:dc:31:
e5:05:3a:2d:c9:b2:c3:a8:75:ac:bd:85:e7:de:39:8e:66:26:
49:52:ab:e7:5c:db:1b:5b:1d:60:17:c2:b9:37:a2:2d:31:37:
32:f4:97:8f:d7:aa:c5:25:74:52:3b:78:6a:7f:c4:6f:da:ea:
83:c7:92:40:55:86:41:68:fe:b2:d7:79:44:cf:f2:3a:36:0c:
e0:b8:bb:a4:68:64:2d:63:0f:f5:a8:24:e4:f6:f4:f6:a3:d1:
2b:56:98:7f:3e:27:b9:93:bb:b0:c3:f3:bd:98:3a:c7:04:dc:
92:a2:7f:1b:0a:a9:f0:1d:ae:5e:91:12:25:bf:19:79:5d:19:
30:e9:d6:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQgaDBqi09SXV6IwfIIB+q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNTM5ZTUwMWRmZjM3Y2RjOTJjYmVlMGNkZGI5MmVkMmU4
MWMxM2MwHhcNMjUwMTAxMDU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ4ZGViMGQ2NTBkOTkzNWY0YzQwMjQxZGFmMTdlYzZkNmNhNjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN3LJCqqjrqwGR826F+2fW5jHPiQ
t81J4py4PoEAnkYbieMCMAHb7WOJcX8BX4/dTcgc8dDTSpbKRc9uW9iPsNOQDqIj
nE77ET1vbZcafMjZmSjhwl4ZeF9X/UgTuOm9qVlntrz4BquXYyh1AH5jHmrWiNdY
QLKG/3SFqBRX6jFlpRLuwKhM6fYzlJKFkGDM34QztDgb6BPgv6jxuMFK08+iNySX
J29EJ6UN7hGeDDzrmsmyFShMsyJz2bWa7ptHxPoNcs84uyqI+5VE1rWJFBxlc3T5
6aWrQivSTbq9bnoYOEVnG2sCW8LKTN4R7WpWP/DC6VxWuwXuLA9i5KetXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGrY3rDWUNmTX0xAJB2vF+xtbKaCMB8GA1UdIwQY
MBaAFDpTnlAd/zfNySy+4M3bku0ugcE8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2xPZVVCM19OODNKTEw3Z3pkdVM3UzZCd1R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kODFhNDMtNDgyYS00NDMzLWE3YTIt
MDI3YzBkNjQyNGUzLzEvYXRqZXNOWlEyWk5mVEVBa0hhOFg3RzFzcG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kODFhNDMtNDgyYS00NDMzLWE3YTItMDI3YzBkNjQyNGUz
LzEvT2xPZVVCM19OODNKTEw3Z3pkdVM3UzZCd1R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGLivAAwQC
uQ4gAwQDvEEwMA0GCSqGSIb3DQEBCwUAA4IBAQBlUlOeZCyH8NFfW79v7ugDKH5y
2bb6b9GolU6vphck3HGtsBTdxvMvEkplDyWJAJqogNkw8awObIGv4lnklVj1eWcB
999hXDigrt9LA0E8xIx8RUJ/cGEHaPCHTKcBueE9yMhGGKM/NRopTPUJaiTwngfh
uFslcjHZIryD3DHlBTotybLDqHWsvYXn3jmOZiZJUqvnXNsbWx1gF8K5N6ItMTcy
9JeP16rFJXRSO3hqf8Rv2uqDx5JAVYZBaP6y13lEz/I6NgzguLukaGQtYw/1qCTk
9vT2o9ErVph/Pie5k7uww/O9mDrHBNySon8bCqnwHa5ekRIlvxl5XRkw6dbn
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:37:39 2025 by rpki-client