Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/j5HF96yv7cLigcHPzuSioYP7qZU.roa
File: j5HF96yv7cLigcHPzuSioYP7qZU.roa (raw, json)
Hash identifier: EZSm2GEOWgRxvLjs00cTfuWYkp01jcIX3AmXq7a4GFs=
Subject key identifier: 8F:91:C5:F7:AC:AF:ED:C2:E2:81:C1:CF:CE:E4:A2:A1:83:FB:A9:95
Certificate issuer: /CN=ef7dd1ebee513ffa318cdc88b81ac18cfe726b30
Certificate serial: 0194221F840039F2EF8477944EAED9D40B2C
Authority key identifier: EF:7D:D1:EB:EE:51:3F:FA:31:8C:DC:88:B8:1A:C1:8C:FE:72:6B:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/733R6-5RP_oxjNyIuBrBjP5yazA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/j5HF96yv7cLigcHPzuSioYP7qZU.roa
Signing time: Wed 01 Jan 2025 13:47:58 +0000
ROA not before: Wed 01 Jan 2025 13:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30972
IP address blocks: 141.138.88.0/21 maxlen: 24
185.97.184.0/22 maxlen: 24
193.22.143.0/24 maxlen: 24
193.242.217.0/24 maxlen: 24
195.88.194.0/23 maxlen: 24
2a01:a580::/29 maxlen: 32
2a01:a580::/32 maxlen: 32
2a0a:21c0::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/733R6-5RP_oxjNyIuBrBjP5yazA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/733R6-5RP_oxjNyIuBrBjP5yazA.mft
rsync://rpki.ripe.net/repository/DEFAULT/733R6-5RP_oxjNyIuBrBjP5yazA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:84:00:39:f2:ef:84:77:94:4e:ae:d9:d4:0b:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef7dd1ebee513ffa318cdc88b81ac18cfe726b30
Validity
Not Before: Jan 1 13:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8f91c5f7acafedc2e281c1cfcee4a2a183fba995
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:aa:3b:5f:50:d9:93:29:6a:27:c7:ce:d7:0e:
e0:7e:a7:f8:1c:39:d2:e2:80:18:95:17:43:9c:51:
3c:f9:54:76:67:12:13:22:36:ae:1f:71:a5:96:ee:
15:e9:fd:33:5c:be:49:36:24:ec:f1:c1:a9:53:d3:
cc:53:a0:59:3d:fe:22:cf:29:9f:b4:09:6d:8e:65:
23:67:15:45:38:bd:dd:cc:37:3e:f1:07:fa:20:25:
6c:e3:7f:d5:19:fb:43:bd:b9:0b:6d:f7:4b:7c:0b:
39:58:cb:2d:fd:af:36:7f:44:d1:4a:5e:3a:cd:d7:
f0:3f:30:7d:4e:54:fb:92:dd:e4:3f:07:4a:e2:9c:
5c:d5:48:16:54:5f:0a:cb:10:e3:e4:f7:35:9d:1c:
5e:6b:49:22:e7:73:4a:ca:2d:28:31:45:4c:bd:2a:
8c:bd:9f:44:dc:97:fb:eb:97:52:64:1a:0e:53:c3:
80:b7:31:88:79:4d:22:90:45:83:e2:20:d9:78:7c:
20:82:44:d2:ef:fa:66:28:79:c7:1c:71:77:58:53:
12:53:dc:e6:d3:06:bc:fa:fb:b5:3f:a8:16:b4:78:
73:3c:30:3f:50:e8:1b:16:d9:89:b7:52:13:fe:21:
1b:da:71:7f:7f:55:4b:c0:5d:18:16:1a:2d:c6:27:
50:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:91:C5:F7:AC:AF:ED:C2:E2:81:C1:CF:CE:E4:A2:A1:83:FB:A9:95
X509v3 Authority Key Identifier:
keyid:EF:7D:D1:EB:EE:51:3F:FA:31:8C:DC:88:B8:1A:C1:8C:FE:72:6B:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/733R6-5RP_oxjNyIuBrBjP5yazA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/j5HF96yv7cLigcHPzuSioYP7qZU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/733R6-5RP_oxjNyIuBrBjP5yazA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.138.88.0/21
185.97.184.0/22
193.22.143.0/24
193.242.217.0/24
195.88.194.0/23
IPv6:
2a01:a580::/29
2a0a:21c0::/29
Signature Algorithm: sha256WithRSAEncryption
45:5a:7c:57:39:83:53:96:fe:f8:80:59:09:0a:ab:78:0f:70:
ab:08:b2:13:36:25:eb:2c:3c:02:37:6f:0e:64:23:28:6a:d4:
f2:53:33:98:0a:77:09:72:3d:c6:89:34:cd:78:98:ba:3c:6e:
e9:6b:c5:f0:a0:b4:e5:91:42:44:51:d7:f8:80:bb:80:77:d6:
93:d0:9c:ae:35:f5:c7:45:1b:06:7f:e6:6e:c4:d6:7b:a3:c7:
e4:ad:d7:30:40:0d:1e:35:65:cb:81:30:79:16:39:ed:81:44:
8f:9f:30:a4:8a:db:3c:f2:b5:98:96:1b:af:4b:bf:3d:e4:f5:
00:9a:0b:9f:bc:40:e1:09:5c:d7:b9:48:69:44:03:d9:10:53:
36:49:62:be:a1:0b:cf:d5:40:45:22:86:c9:b7:82:10:50:e5:
1d:f9:00:e5:71:ef:fd:36:9c:f2:83:bc:00:3c:2b:1a:cb:ad:
58:ef:68:07:da:c4:ad:16:e8:79:7b:69:9a:36:b4:2f:4d:8b:
a1:0e:e7:24:7c:6c:e2:77:a5:39:63:44:b4:43:27:91:27:ba:
ec:c5:74:06:78:ea:5c:e1:a3:7b:1e:15:a1:de:63:2d:14:ad:
97:2b:d8:fc:81:b9:d2:6c:38:4f:65:1b:37:63:b4:ac:07:b3:
e7:cf:8e:3e
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQiH4QAOfLvhHeUTq7Z1AssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2RkMWViZWU1MTNmZmEzMThjZGM4OGI4MWFjMThjZmU3
MjZiMzAwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjkxYzVmN2FjYWZlZGMyZTI4MWMxY2ZjZWU0YTJhMTgzZmJhOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ko7X1DZkylqJ8fO1w7gfqf4HDnS
4oAYlRdDnFE8+VR2ZxITIjauH3Gllu4V6f0zXL5JNiTs8cGpU9PMU6BZPf4izymf
tAltjmUjZxVFOL3dzDc+8Qf6ICVs43/VGftDvbkLbfdLfAs5WMst/a82f0TRSl46
zdfwPzB9TlT7kt3kPwdK4pxc1UgWVF8KyxDj5Pc1nRxea0ki53NKyi0oMUVMvSqM
vZ9E3Jf765dSZBoOU8OAtzGIeU0ikEWD4iDZeHwggkTS7/pmKHnHHHF3WFMSU9zm
0wa8+vu1P6gWtHhzPDA/UOgbFtmJt1IT/iEb2nF/f1VLwF0YFhotxidQjwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFI+Rxfesr+3C4oHBz87koqGD+6mVMB8GA1UdIwQY
MBaAFO990evuUT/6MYzciLgawYz+cmswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzMzUjYtNVJQX294ak55SXVCckJqUDV5YXpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mOWVlNmQtNzY0MC00ZTNkLTliNDUt
ZTU2ZmVjYTYxMmU3LzEvajVIRjk2eXY3Y0xpZ2NIUHp1U2lvWVA3cVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mOWVlNmQtNzY0MC00ZTNkLTliNDUtZTU2ZmVjYTYxMmU3
LzEvNzMzUjYtNVJQX294ak55SXVCckJqUDV5YXpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDjYpYAwQC
uWG4AwQAwRaPAwQAwfLZAwQBw1jCMBQEAgACMA4DBQMqAaWAAwUDKgohwDANBgkq
hkiG9w0BAQsFAAOCAQEARVp8VzmDU5b++IBZCQqreA9wqwiyEzYl6yw8AjdvDmQj
KGrU8lMzmAp3CXI9xok0zXiYujxu6WvF8KC05ZFCRFHX+IC7gHfWk9CcrjX1x0Ub
Bn/mbsTWe6PH5K3XMEANHjVly4EweRY57YFEj58wpIrbPPK1mJYbr0u/PeT1AJoL
n7xA4Qlc17lIaUQD2RBTNklivqELz9VARSKGybeCEFDlHfkA5XHv/Tac8oO8ADwr
GsutWO9oB9rErRboeXtpmja0L02LoQ7nJHxs4nelOWNEtEMnkSe67MV0BnjqXOGj
ex4Vod5jLRStlyvY/IG50mw4T2UbN2O0rAez58+OPg==
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:18:08 2025 by rpki-client