Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/HlO9ZQi1YEqVxRv4xtahO5YLBGA.roa
File: HlO9ZQi1YEqVxRv4xtahO5YLBGA.roa (raw, json)
Hash identifier: aJ2b3cCx1ndyavIj0cgELjQKu/oO/oTwQkl8MyIO1oI=
Subject key identifier: 1E:53:BD:65:08:B5:60:4A:95:C5:1B:F8:C6:D6:A1:3B:96:0B:04:60
Certificate issuer: /CN=3016b10d0ac218017c749394e4f2519cf2c0514e
Certificate serial: 0194258E91EDAB7251B7CFDE4F8B3AD8969E
Authority key identifier: 30:16:B1:0D:0A:C2:18:01:7C:74:93:94:E4:F2:51:9C:F2:C0:51:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/HlO9ZQi1YEqVxRv4xtahO5YLBGA.roa
Signing time: Thu 02 Jan 2025 05:48:07 +0000
ROA not before: Thu 02 Jan 2025 05:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47834
IP address blocks: 45.85.172.0/22 maxlen: 22
95.129.240.0/21 maxlen: 21
213.129.128.0/21 maxlen: 21
213.129.136.0/21 maxlen: 21
213.129.144.0/21 maxlen: 21
213.129.152.0/21 maxlen: 21
2a03:f300::/29 maxlen: 29
2a03:f300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.mft
rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 14:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8e:91:ed:ab:72:51:b7:cf:de:4f:8b:3a:d8:96:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3016b10d0ac218017c749394e4f2519cf2c0514e
Validity
Not Before: Jan 2 05:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1e53bd6508b5604a95c51bf8c6d6a13b960b0460
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:76:2e:a1:26:bf:ff:9f:ba:55:b8:11:4d:fd:
8a:9d:79:f7:cd:de:4f:32:db:86:88:ab:17:84:ee:
59:05:64:17:49:44:69:85:2d:9f:da:9f:1e:9b:04:
21:87:3d:a9:9c:2f:fe:c6:9a:e9:93:ad:70:04:5f:
b7:2f:b1:b2:57:92:41:fd:a5:27:c7:a5:d7:05:14:
f5:83:1c:bf:a9:e1:d4:83:db:68:95:f6:47:9b:71:
82:d9:60:09:4a:12:47:cd:66:5d:94:d0:c4:90:c3:
58:36:b4:42:8f:74:a3:1c:c2:09:07:e0:96:b9:3a:
c5:78:46:a9:d7:90:63:49:71:19:49:a8:29:41:e8:
91:c0:25:02:09:32:64:08:16:91:e5:25:c6:95:14:
e6:e6:95:c5:34:04:86:f5:05:e4:16:66:e8:05:53:
9b:89:04:a3:88:40:39:b0:42:f5:59:ca:0f:90:47:
8b:c2:ea:12:8e:12:b0:d4:ac:0b:c7:d1:3e:06:f2:
9a:fd:d9:d1:89:e7:2f:b7:73:01:20:1c:b9:4c:0e:
0b:fe:c5:ab:88:c5:99:51:b5:a6:b0:9a:d5:10:22:
cb:77:d5:12:75:49:56:d7:53:cf:88:05:eb:56:72:
40:8e:3c:2a:39:d2:10:c5:eb:a5:10:08:3b:6a:af:
a9:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:53:BD:65:08:B5:60:4A:95:C5:1B:F8:C6:D6:A1:3B:96:0B:04:60
X509v3 Authority Key Identifier:
keyid:30:16:B1:0D:0A:C2:18:01:7C:74:93:94:E4:F2:51:9C:F2:C0:51:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MBaxDQrCGAF8dJOU5PJRnPLAUU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/HlO9ZQi1YEqVxRv4xtahO5YLBGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3eb64a-e6de-45f5-b68c-6936762d2fce/1/MBaxDQrCGAF8dJOU5PJRnPLAUU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.172.0/22
95.129.240.0/21
213.129.128.0/19
IPv6:
2a03:f300::/29
Signature Algorithm: sha256WithRSAEncryption
5a:af:e6:64:b4:12:88:3e:00:69:7b:e1:c7:49:66:19:ea:3d:
bc:4a:3a:f0:b7:5b:d8:82:03:44:45:37:0f:d0:e4:a7:89:e9:
c6:f6:50:ac:26:71:8b:d4:82:1c:c3:48:1b:fc:57:cb:60:7a:
9f:1e:be:61:c8:a3:7a:28:b3:1a:b1:bd:1c:f4:f4:85:6b:b4:
67:e9:8b:50:fb:26:a5:46:62:f2:ec:9b:af:19:be:f6:fb:04:
54:9a:8e:b0:5b:39:a0:3f:81:6c:6e:fe:43:b4:59:c6:b7:95:
57:cc:4e:a6:06:ab:df:4e:e4:85:cd:e9:fb:86:02:3c:a3:93:
5e:ab:08:f3:06:a9:33:d6:f2:72:49:e8:65:90:40:47:fe:58:
cb:da:d1:07:ff:fb:55:7a:89:32:df:90:07:ac:13:0e:05:80:
17:2e:e6:59:eb:30:78:34:18:04:2e:5d:bb:31:e3:00:7a:f3:
a6:9f:25:ef:58:e0:f6:1c:51:3a:60:4f:75:68:38:58:17:eb:
91:c0:0f:26:ba:55:91:aa:8d:89:d8:3d:6d:ca:2d:91:a3:1e:
9e:d1:90:0e:80:2c:ed:94:28:0d:35:5a:d3:07:a5:20:e1:db:
d2:27:65:88:15:df:56:38:e9:63:60:82:5c:e1:79:7c:25:c0:
c1:e6:4f:4e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQljpHtq3JRt8/eT4s62JaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMTZiMTBkMGFjMjE4MDE3Yzc0OTM5NGU0ZjI1MTljZjJj
MDUxNGUwHhcNMjUwMTAyMDU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTUzYmQ2NTA4YjU2MDRhOTVjNTFiZjhjNmQ2YTEzYjk2MGIwNDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXYuoSa//5+6VbgRTf2KnXn3zd5P
MtuGiKsXhO5ZBWQXSURphS2f2p8emwQhhz2pnC/+xprpk61wBF+3L7GyV5JB/aUn
x6XXBRT1gxy/qeHUg9tolfZHm3GC2WAJShJHzWZdlNDEkMNYNrRCj3SjHMIJB+CW
uTrFeEap15BjSXEZSagpQeiRwCUCCTJkCBaR5SXGlRTm5pXFNASG9QXkFmboBVOb
iQSjiEA5sEL1WcoPkEeLwuoSjhKw1KwLx9E+BvKa/dnRiecvt3MBIBy5TA4L/sWr
iMWZUbWmsJrVECLLd9USdUlW11PPiAXrVnJAjjwqOdIQxeulEAg7aq+pgQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFB5TvWUItWBKlcUb+MbWoTuWCwRgMB8GA1UdIwQY
MBaAFDAWsQ0KwhgBfHSTlOTyUZzywFFOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUJheERRckNHQUY4ZEpPVTVQSlJuUExBVVU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zZWI2NGEtZTZkZS00NWY1LWI2OGMt
NjkzNjc2MmQyZmNlLzEvSGxPOVpRaTFZRXFWeFJ2NHh0YWhPNVlMQkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zZWI2NGEtZTZkZS00NWY1LWI2OGMtNjkzNjc2MmQyZmNl
LzEvTUJheERRckNHQUY4ZEpPVTVQSlJuUExBVVU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLVWsAwQD
X4HwAwQF1YGAMA0EAgACMAcDBQMqA/MAMA0GCSqGSIb3DQEBCwUAA4IBAQBar+Zk
tBKIPgBpe+HHSWYZ6j28Sjrwt1vYggNERTcP0OSnienG9lCsJnGL1IIcw0gb/FfL
YHqfHr5hyKN6KLMasb0c9PSFa7Rn6YtQ+yalRmLy7JuvGb72+wRUmo6wWzmgP4Fs
bv5DtFnGt5VXzE6mBqvfTuSFzen7hgI8o5NeqwjzBqkz1vJySehlkEBH/ljL2tEH
//tVeoky35AHrBMOBYAXLuZZ6zB4NBgELl27MeMAevOmnyXvWOD2HFE6YE91aDhY
F+uRwA8mulWRqo2J2D1tyi2Rox6e0ZAOgCztlCgNNVrTB6Ug4dvSJ2WIFd9WOOlj
YIJc4Xl8JcDB5k9O
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:44:35 2025 by rpki-client