Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/VZwnOlrac1s2Zb9Y96cCEjN1ihI.roa
File: VZwnOlrac1s2Zb9Y96cCEjN1ihI.roa (raw, json)
Hash identifier: VbMoQoBhuySW3f8b4z7vMMYAoL+G6xfxVZmjVv4iceM=
Subject key identifier: 55:9C:27:3A:5A:DA:73:5B:36:65:BF:58:F7:A7:02:12:33:75:8A:12
Certificate issuer: /CN=d7f7f16b05a1123151a677a47ac2d8d9061df390
Certificate serial: 01942444C4EF23039D6A7EEC4D581A9A95AC
Authority key identifier: D7:F7:F1:6B:05:A1:12:31:51:A6:77:A4:7A:C2:D8:D9:06:1D:F3:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/VZwnOlrac1s2Zb9Y96cCEjN1ihI.roa
Signing time: Wed 01 Jan 2025 23:47:54 +0000
ROA not before: Wed 01 Jan 2025 23:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13044
IP address blocks: 185.118.24.0/24 maxlen: 24
185.118.25.0/24 maxlen: 24
185.118.26.0/24 maxlen: 24
185.118.27.0/24 maxlen: 24
2a09:ec42::/48 maxlen: 48
2a09:ec42:1::/48 maxlen: 48
2a09:ec42:2::/48 maxlen: 48
2a09:ec42:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.crl
rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.mft
rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 03:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:c4:ef:23:03:9d:6a:7e:ec:4d:58:1a:9a:95:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7f7f16b05a1123151a677a47ac2d8d9061df390
Validity
Not Before: Jan 1 23:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=559c273a5ada735b3665bf58f7a7021233758a12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fc:f2:d5:73:59:83:19:01:a6:fd:2c:e1:3c:
1c:a0:b6:7b:4f:63:d5:4d:87:af:b8:49:fc:3b:d1:
f3:60:da:a4:4e:b6:8a:a2:ba:31:50:dd:d7:35:bb:
a9:8b:df:fb:d0:91:b1:e6:a2:ef:72:68:4f:9f:76:
19:85:87:32:4a:c2:04:8f:e0:b5:65:d8:7d:8e:e2:
01:66:85:b7:a9:4f:57:09:d6:d5:0f:13:08:03:19:
bc:7c:6a:70:50:51:63:27:8b:fa:99:ec:8b:be:4f:
ea:26:ca:42:4f:97:b9:86:2f:1d:47:70:38:11:a8:
dd:6b:06:18:f3:36:3d:04:6a:64:0f:a5:0d:34:16:
77:52:ef:78:9f:ea:92:d2:bf:9f:91:1a:02:5e:59:
bb:40:ee:65:1f:3c:91:88:be:62:39:c9:99:48:d5:
31:d2:b5:18:27:dd:6f:c2:0d:c7:46:8f:81:36:e6:
be:63:3c:52:d2:e3:69:0a:97:b4:2b:1f:fe:de:59:
a6:c2:2a:22:d2:a1:49:7f:14:ca:bc:fe:f1:62:5a:
32:e4:74:3a:09:1d:11:03:d9:07:f2:5c:c3:4b:72:
f5:55:25:43:45:93:50:33:a5:59:02:fd:41:f8:17:
59:47:af:ef:55:be:fd:5a:6f:1c:cf:ef:01:52:93:
e6:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:9C:27:3A:5A:DA:73:5B:36:65:BF:58:F7:A7:02:12:33:75:8A:12
X509v3 Authority Key Identifier:
keyid:D7:F7:F1:6B:05:A1:12:31:51:A6:77:A4:7A:C2:D8:D9:06:1D:F3:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/VZwnOlrac1s2Zb9Y96cCEjN1ihI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.118.24.0/22
IPv6:
2a09:ec42::/46
Signature Algorithm: sha256WithRSAEncryption
8e:e3:9a:91:b5:f7:b9:8a:ce:e0:47:a4:1d:36:a0:75:15:65:
0f:13:14:a5:a8:8c:58:61:53:ac:cb:9c:80:ac:64:04:d2:d8:
20:0c:0c:66:0d:68:c8:c7:1c:35:93:ea:e8:98:9d:2e:0f:35:
3a:87:67:76:e3:59:fe:99:86:19:ac:3e:29:a2:22:5c:af:b5:
af:dd:c5:30:b9:f8:2a:be:b8:0a:51:25:a8:38:0e:1a:8f:fb:
a1:1f:cf:5e:0a:4d:4d:22:8f:ad:f7:a0:06:31:90:5e:30:fa:
c2:6e:0c:b7:88:33:3e:30:60:6b:56:dd:cc:31:bc:e2:f9:e4:
bf:1e:4d:94:27:75:ae:3a:83:6c:85:e9:2e:93:dc:3d:01:14:
b2:bf:3d:cd:34:f7:4a:69:c9:6f:ca:72:c5:d6:7f:42:d0:be:
5c:c0:cb:9f:37:a6:8c:de:f9:60:ef:73:50:7c:29:b5:89:d6:
79:43:47:d7:aa:d9:a9:a9:d2:d4:83:74:b7:d6:20:53:9c:3e:
b5:89:a8:70:1c:3c:47:ef:76:31:c6:a1:ce:8a:ab:c3:e0:d9:
4a:57:d1:c7:99:23:19:f3:11:e6:ab:a8:0c:e1:a3:48:8d:7c:
36:6b:b4:d3:e9:83:4f:cd:8d:f6:e9:18:3d:80:48:71:5c:6d:
0c:18:08:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRMTvIwOdan7sTVgampWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZjdmMTZiMDVhMTEyMzE1MWE2NzdhNDdhYzJkOGQ5MDYx
ZGYzOTAwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTljMjczYTVhZGE3MzViMzY2NWJmNThmN2E3MDIxMjMzNzU4YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvzy1XNZgxkBpv0s4TwcoLZ7T2PV
TYevuEn8O9HzYNqkTraKoroxUN3XNbupi9/70JGx5qLvcmhPn3YZhYcySsIEj+C1
Zdh9juIBZoW3qU9XCdbVDxMIAxm8fGpwUFFjJ4v6meyLvk/qJspCT5e5hi8dR3A4
EajdawYY8zY9BGpkD6UNNBZ3Uu94n+qS0r+fkRoCXlm7QO5lHzyRiL5iOcmZSNUx
0rUYJ91vwg3HRo+BNua+YzxS0uNpCpe0Kx/+3lmmwioi0qFJfxTKvP7xYloy5HQ6
CR0RA9kH8lzDS3L1VSVDRZNQM6VZAv1B+BdZR6/vVb79Wm8cz+8BUpPm+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFWcJzpa2nNbNmW/WPenAhIzdYoSMB8GA1UdIwQY
MBaAFNf38WsFoRIxUaZ3pHrC2NkGHfOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMV9meGF3V2hFakZScG5la2VzTFkyUVlkODVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wMjI3YjctNTRjYS00ZjU2LWJlMjYt
NmNiZTk0OTUzMmU0LzEvVlp3bk9scmFjMXMyWmI5WTk2Y0NFak4xaWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wMjI3YjctNTRjYS00ZjU2LWJlMjYtNmNiZTk0OTUzMmU0
LzEvMV9meGF3V2hFakZScG5la2VzTFkyUVlkODVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuXYYMA8E
AgACMAkDBwIqCexCAAAwDQYJKoZIhvcNAQELBQADggEBAI7jmpG197mKzuBHpB02
oHUVZQ8TFKWojFhhU6zLnICsZATS2CAMDGYNaMjHHDWT6uiYnS4PNTqHZ3bjWf6Z
hhmsPimiIlyvta/dxTC5+Cq+uApRJag4DhqP+6Efz14KTU0ij633oAYxkF4w+sJu
DLeIMz4wYGtW3cwxvOL55L8eTZQnda46g2yF6S6T3D0BFLK/Pc0090ppyW/KcsXW
f0LQvlzAy583poze+WDvc1B8KbWJ1nlDR9eq2amp0tSDdLfWIFOcPrWJqHAcPEfv
djHGoc6Kq8Pg2UpX0ceZIxnzEearqAzho0iNfDZrtNPpg0/NjfbpGD2ASHFcbQwY
CMo=
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:44:08 2025 by rpki-client