Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/46207f-7e34-4292-b14a-44c07f314904/1/0mGXGaCdx8b0IvVKiGo7317nAQw.roa
File: 0mGXGaCdx8b0IvVKiGo7317nAQw.roa (raw, json)
Hash identifier: JBoOppkoR2+2kdzZgQYn1vdyTCQusp5l9Um4sKeOKzw=
Subject key identifier: D2:61:97:19:A0:9D:C7:C6:F4:22:F5:4A:88:6A:3B:DF:5E:E7:01:0C
Certificate issuer: /CN=d476b006351a2f9cf2a91386de50ce27f1550595
Certificate serial: 0194228E23EA8A9AD270718C0AC7D8FF0055
Authority key identifier: D4:76:B0:06:35:1A:2F:9C:F2:A9:13:86:DE:50:CE:27:F1:55:05:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HawBjUaL5zyqROG3lDOJ_FVBZU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/46207f-7e34-4292-b14a-44c07f314904/1/0mGXGaCdx8b0IvVKiGo7317nAQw.roa
Signing time: Wed 01 Jan 2025 15:48:48 +0000
ROA not before: Wed 01 Jan 2025 15:48:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8586
IP address blocks: 5.102.80.0/20 maxlen: 24
37.152.32.0/20 maxlen: 24
62.8.96.0/19 maxlen: 24
84.252.192.0/18 maxlen: 24
94.250.224.0/20 maxlen: 24
146.255.0.0/20 maxlen: 24
164.40.208.0/20 maxlen: 24
178.239.96.0/20 maxlen: 24
185.13.140.0/22 maxlen: 24
195.12.0.0/19 maxlen: 24
195.74.128.0/19 maxlen: 24
212.58.32.0/19 maxlen: 24
213.83.64.0/18 maxlen: 24
213.246.128.0/18 maxlen: 24
2001:4160::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/46207f-7e34-4292-b14a-44c07f314904/1/1HawBjUaL5zyqROG3lDOJ_FVBZU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/46207f-7e34-4292-b14a-44c07f314904/1/1HawBjUaL5zyqROG3lDOJ_FVBZU.mft
rsync://rpki.ripe.net/repository/DEFAULT/1HawBjUaL5zyqROG3lDOJ_FVBZU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 06:01:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:23:ea:8a:9a:d2:70:71:8c:0a:c7:d8:ff:00:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d476b006351a2f9cf2a91386de50ce27f1550595
Validity
Not Before: Jan 1 15:48:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2619719a09dc7c6f422f54a886a3bdf5ee7010c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:4c:76:e8:a4:33:a7:f8:65:5d:b3:4f:74:98:
0d:fa:9e:38:d2:2a:22:f9:d7:00:e4:63:f1:21:d3:
94:27:d7:fb:bd:45:b3:70:7e:c9:52:58:dd:8b:2b:
1b:73:64:7c:e3:81:97:bd:c7:49:36:7c:52:ff:74:
15:52:0e:f9:7b:d1:8c:8e:76:0a:95:95:99:7b:13:
9f:c2:55:36:b7:da:82:aa:cb:2a:21:c6:b7:0a:ba:
3b:60:18:28:d6:67:fc:9c:c8:eb:71:c4:65:17:95:
6a:d5:cd:15:31:7f:45:6b:11:ea:1f:ef:db:18:e6:
97:91:13:49:fd:54:ff:8f:30:93:29:d2:90:30:07:
6c:55:6b:29:3e:72:02:bb:ac:80:0e:55:c6:0b:f8:
ad:0b:7d:1f:6d:ff:ad:d2:3b:40:30:70:d5:37:38:
07:9d:5e:45:0d:d9:95:d0:60:6e:db:0c:e0:da:be:
39:c3:b7:a6:f3:5b:bd:f7:6f:15:c4:62:67:d1:5a:
e2:35:e7:aa:73:d7:26:45:23:ab:0b:6e:9b:16:1c:
66:59:b9:c0:69:6f:3e:93:87:91:f5:11:93:b7:bd:
46:55:f6:fb:10:00:97:81:ea:57:7b:38:ce:ba:55:
f0:e5:5e:c0:dd:bb:93:df:cc:3e:28:62:da:9b:a7:
0d:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:61:97:19:A0:9D:C7:C6:F4:22:F5:4A:88:6A:3B:DF:5E:E7:01:0C
X509v3 Authority Key Identifier:
keyid:D4:76:B0:06:35:1A:2F:9C:F2:A9:13:86:DE:50:CE:27:F1:55:05:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HawBjUaL5zyqROG3lDOJ_FVBZU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/46207f-7e34-4292-b14a-44c07f314904/1/0mGXGaCdx8b0IvVKiGo7317nAQw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/46207f-7e34-4292-b14a-44c07f314904/1/1HawBjUaL5zyqROG3lDOJ_FVBZU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.80.0/20
37.152.32.0/20
62.8.96.0/19
84.252.192.0/18
94.250.224.0/20
146.255.0.0/20
164.40.208.0/20
178.239.96.0/20
185.13.140.0/22
195.12.0.0/19
195.74.128.0/19
212.58.32.0/19
213.83.64.0/18
213.246.128.0/18
IPv6:
2001:4160::/32
Signature Algorithm: sha256WithRSAEncryption
01:62:b9:c5:dd:d7:a4:cc:7c:8d:81:f6:56:90:61:a3:bc:e2:
9d:e0:9f:5e:bb:84:2a:bc:6c:13:29:f8:e1:7d:52:59:c6:05:
52:0f:87:13:52:26:b8:64:2e:bb:76:9f:07:ba:5c:bd:b9:17:
ee:f1:9f:52:14:68:d9:0d:2d:61:db:a0:e6:a9:3d:06:24:50:
cf:19:40:bc:9e:84:9b:04:48:21:0e:67:74:9d:11:8e:ea:78:
cf:5a:9e:8d:6d:d9:ff:47:69:09:66:28:38:be:01:e6:e5:61:
34:df:4c:ad:9a:b1:ed:86:94:11:09:e9:eb:b0:e8:93:bc:63:
12:6a:70:4a:f1:07:c9:a8:1e:00:2f:56:ec:db:8d:e1:5e:89:
f9:98:3a:97:c9:03:31:01:08:50:00:96:4c:80:f7:b3:8b:c3:
42:97:82:e7:f4:c5:0b:78:78:5c:34:26:60:fb:69:f8:f2:5f:
d6:c6:f9:3f:0c:f5:ce:d1:0b:6b:de:d1:09:14:31:58:9c:dd:
a7:86:e3:e0:f4:d9:0b:cb:2d:5c:7b:a2:43:05:79:30:f9:83:
27:31:91:54:df:ef:21:16:84:40:ad:7a:ba:f1:bb:cd:4f:4b:
71:b6:2b:02:f3:7b:33:9c:1a:ed:bd:c0:5e:c8:e7:e5:10:c7:
46:55:17:ee
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZQijiPqiprScHGMCsfY/wBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzZiMDA2MzUxYTJmOWNmMmE5MTM4NmRlNTBjZTI3ZjE1
NTA1OTUwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjYxOTcxOWEwOWRjN2M2ZjQyMmY1NGE4ODZhM2JkZjVlZTcwMTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0x26KQzp/hlXbNPdJgN+p440ioi
+dcA5GPxIdOUJ9f7vUWzcH7JUljdiysbc2R844GXvcdJNnxS/3QVUg75e9GMjnYK
lZWZexOfwlU2t9qCqssqIca3Cro7YBgo1mf8nMjrccRlF5Vq1c0VMX9FaxHqH+/b
GOaXkRNJ/VT/jzCTKdKQMAdsVWspPnICu6yADlXGC/itC30fbf+t0jtAMHDVNzgH
nV5FDdmV0GBu2wzg2r45w7em81u9928VxGJn0VriNeeqc9cmRSOrC26bFhxmWbnA
aW8+k4eR9RGTt71GVfb7EACXgepXezjOulXw5V7A3buT38w+KGLam6cN2QIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFNJhlxmgncfG9CL1SohqO99e5wEMMB8GA1UdIwQY
MBaAFNR2sAY1Gi+c8qkTht5QzifxVQWVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhhd0JqVWFMNXp5cVJPRzNsRE9KX0ZWQlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80NjIwN2YtN2UzNC00MjkyLWIxNGEt
NDRjMDdmMzE0OTA0LzEvMG1HWEdhQ2R4OGIwSXZWS2lHbzczMTduQVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80NjIwN2YtN2UzNC00MjkyLWIxNGEtNDRjMDdmMzE0OTA0
LzEvMUhhd0JqVWFMNXp5cVJPRzNsRE9KX0ZWQlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQEBWZQAwQE
JZggAwQFPghgAwQGVPzAAwQEXvrgAwQEkv8AAwQEpCjQAwQEsu9gAwQCuQ2MAwQF
wwwAAwQFw0qAAwQF1DogAwQG1VNAAwQG1faAMA0EAgACMAcDBQAgAUFgMA0GCSqG
SIb3DQEBCwUAA4IBAQABYrnF3dekzHyNgfZWkGGjvOKd4J9eu4QqvGwTKfjhfVJZ
xgVSD4cTUia4ZC67dp8Huly9uRfu8Z9SFGjZDS1h26DmqT0GJFDPGUC8noSbBEgh
Dmd0nRGO6njPWp6Nbdn/R2kJZig4vgHm5WE030ytmrHthpQRCenrsOiTvGMSanBK
8QfJqB4AL1bs243hXon5mDqXyQMxAQhQAJZMgPezi8NCl4Ln9MULeHhcNCZg+2n4
8l/Wxvk/DPXO0Qtr3tEJFDFYnN2nhuPg9NkLyy1ce6JDBXkw+YMnMZFU3+8hFoRA
rXq68bvNT0txtisC83sznBrtvcBeyOflEMdGVRfu
-----END CERTIFICATE-----
Generated at Sun Apr 13 14:29:18 2025 by rpki-client