Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/Tb-8GP8qcCsPrA2Xrleo-iet2HM.roa
File: Tb-8GP8qcCsPrA2Xrleo-iet2HM.roa (raw, json)
Hash identifier: yyhoDt89y5+7nL9lVvf4sdS/dAeJY+OT1BrhoMFwMME=
Subject key identifier: 4D:BF:BC:18:FF:2A:70:2B:0F:AC:0D:97:AE:57:A8:FA:27:AD:D8:73
Certificate issuer: /CN=f2ee5b6849c8c81f5a763595588a6ba6821e767b
Certificate serial: 01942220296278521878B6FB9A7D18A8393C
Authority key identifier: F2:EE:5B:68:49:C8:C8:1F:5A:76:35:95:58:8A:6B:A6:82:1E:76:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/Tb-8GP8qcCsPrA2Xrleo-iet2HM.roa
Signing time: Wed 01 Jan 2025 13:48:40 +0000
ROA not before: Wed 01 Jan 2025 13:48:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200497
IP address blocks: 5.252.16.0/22 maxlen: 24
194.4.144.0/22 maxlen: 24
194.9.8.0/23 maxlen: 24
194.9.18.0/23 maxlen: 24
2a0c:e440::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.mft
rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:29:62:78:52:18:78:b6:fb:9a:7d:18:a8:39:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f2ee5b6849c8c81f5a763595588a6ba6821e767b
Validity
Not Before: Jan 1 13:48:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4dbfbc18ff2a702b0fac0d97ae57a8fa27add873
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:26:8e:03:de:65:76:7a:4c:ce:a2:2a:dc:46:
68:48:f5:1d:2d:ae:d8:fc:ef:86:d6:e6:20:7b:2e:
28:61:40:64:6a:76:c4:ee:02:d8:22:02:cc:e9:cc:
90:50:92:ad:a1:b0:14:ad:ae:30:1d:a2:6b:65:b3:
f3:69:e0:28:aa:2e:ce:58:02:e2:0e:41:b4:5c:ef:
3a:62:a7:ec:6b:e6:6a:41:98:cf:0c:f8:32:d6:3d:
40:45:f7:28:d1:e7:19:19:a4:94:47:b5:8b:d5:62:
ac:2c:87:39:22:88:0d:29:ce:14:83:d4:33:d5:c9:
84:4c:cc:39:49:70:14:e2:b2:f7:30:44:47:4c:3a:
79:1a:aa:5d:7d:60:b3:70:c6:61:bb:91:ad:78:c3:
4d:e4:87:5f:01:3c:00:d0:f2:0b:40:26:b2:dd:8a:
03:45:59:cc:89:c3:be:f1:e5:09:e6:5a:fc:15:b9:
63:06:87:87:8b:c5:23:6b:54:04:00:46:80:c3:d3:
84:a8:4e:88:18:95:ed:3b:b1:c7:27:de:80:86:48:
c3:36:ad:4a:8e:81:6d:47:9e:08:f5:1f:76:ec:21:
bc:d7:5d:a1:a2:49:63:83:85:b0:cf:58:67:3b:de:
ee:bb:5d:10:5b:c9:f2:c8:8c:23:65:23:93:7f:a9:
dc:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:BF:BC:18:FF:2A:70:2B:0F:AC:0D:97:AE:57:A8:FA:27:AD:D8:73
X509v3 Authority Key Identifier:
keyid:F2:EE:5B:68:49:C8:C8:1F:5A:76:35:95:58:8A:6B:A6:82:1E:76:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/Tb-8GP8qcCsPrA2Xrleo-iet2HM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.16.0/22
194.4.144.0/22
194.9.8.0/23
194.9.18.0/23
IPv6:
2a0c:e440::/29
Signature Algorithm: sha256WithRSAEncryption
48:a0:39:43:31:24:59:82:e8:3c:0b:15:7c:38:7e:eb:6a:e2:
df:35:d8:07:41:b8:51:d9:84:c7:47:5e:c0:84:d9:32:cb:84:
81:f1:da:11:72:de:e5:17:22:82:ed:d1:8c:c7:93:92:08:8d:
a7:7d:ce:45:f0:39:0a:63:a3:1e:4e:9a:3b:cc:3b:1d:66:f3:
7f:24:ee:b0:11:fd:93:39:14:e9:18:3b:df:04:8a:73:7b:75:
a4:a4:a6:17:e5:32:73:2f:0f:90:20:98:ef:2c:fd:a5:67:30:
54:ac:f0:ee:e6:c0:5e:c1:b5:55:de:94:ca:d5:c5:99:a9:95:
04:5d:e8:e4:ea:f1:9e:ef:ed:6c:39:e3:49:1e:3e:5e:48:89:
8e:1f:09:7e:4c:4f:ed:02:94:b0:95:76:7a:86:7b:12:b6:79:
2b:b4:dc:50:3f:bd:06:51:42:c8:f6:29:aa:c3:65:9e:66:cc:
b5:ff:b9:db:26:7a:4a:a1:3d:54:f4:2d:71:88:8d:b7:16:ae:
61:d8:2c:ec:5a:79:be:59:d8:fd:de:ac:85:72:d8:5d:7f:14:
4f:e5:0f:cb:2c:ae:c7:60:37:d1:5b:7d:ef:be:3c:43:55:61:
fc:99:b5:40:f2:d3:0f:8b:42:72:ba:46:49:27:89:8c:73:be:
14:d7:5d:5b
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQiIClieFIYeLb7mn0YqDk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZWU1YjY4NDljOGM4MWY1YTc2MzU5NTU4OGE2YmE2ODIx
ZTc2N2IwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGJmYmMxOGZmMmE3MDJiMGZhYzBkOTdhZTU3YThmYTI3YWRkODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yaOA95ldnpMzqIq3EZoSPUdLa7Y
/O+G1uYgey4oYUBkanbE7gLYIgLM6cyQUJKtobAUra4wHaJrZbPzaeAoqi7OWALi
DkG0XO86Yqfsa+ZqQZjPDPgy1j1ARfco0ecZGaSUR7WL1WKsLIc5IogNKc4Ug9Qz
1cmETMw5SXAU4rL3MERHTDp5GqpdfWCzcMZhu5GteMNN5IdfATwA0PILQCay3YoD
RVnMicO+8eUJ5lr8FbljBoeHi8Uja1QEAEaAw9OEqE6IGJXtO7HHJ96AhkjDNq1K
joFtR54I9R927CG8112hokljg4Wwz1hnO97uu10QW8nyyIwjZSOTf6ncuQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFE2/vBj/KnArD6wNl65XqPonrdhzMB8GA1UdIwQY
MBaAFPLuW2hJyMgfWnY1lViKa6aCHnZ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHU1YmFFbkl5QjlhZGpXVldJcHJwb0llZG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wMDJhODgtM2E4NS00NzZmLWI0NTIt
NjBhMDM5ZGQxYmNhLzEvVGItOEdQOHFjQ3NQckEyWHJsZW8taWV0MkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wMDJhODgtM2E4NS00NzZmLWI0NTItNjBhMDM5ZGQxYmNh
LzEvOHU1YmFFbkl5QjlhZGpXVldJcHJwb0llZG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCBfwQAwQC
wgSQAwQBwgkIAwQBwgkSMA0EAgACMAcDBQMqDORAMA0GCSqGSIb3DQEBCwUAA4IB
AQBIoDlDMSRZgug8CxV8OH7rauLfNdgHQbhR2YTHR17AhNkyy4SB8doRct7lFyKC
7dGMx5OSCI2nfc5F8DkKY6MeTpo7zDsdZvN/JO6wEf2TORTpGDvfBIpze3WkpKYX
5TJzLw+QIJjvLP2lZzBUrPDu5sBewbVV3pTK1cWZqZUEXejk6vGe7+1sOeNJHj5e
SImOHwl+TE/tApSwlXZ6hnsStnkrtNxQP70GUULI9imqw2WeZsy1/7nbJnpKoT1U
9C1xiI23Fq5h2CzsWnm+Wdj93qyFcthdfxRP5Q/LLK7HYDfRW33vvjxDVWH8mbVA
8tMPi0JyukZJJ4mMc74U111b
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:37:32 2025 by rpki-client