Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/2iTqb20RZYjB5IZMEXSYr9QsXIo.roa
File: 2iTqb20RZYjB5IZMEXSYr9QsXIo.roa (raw, json)
Hash identifier: lpBOVqF2KXgwHcHtanGmlNU04H0N1yx6rXRx+JUpjeo=
Subject key identifier: DA:24:EA:6F:6D:11:65:88:C1:E4:86:4C:11:74:98:AF:D4:2C:5C:8A
Certificate issuer: /CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Certificate serial: 019437103E8739DCD346C288B00053F96912
Authority key identifier: 7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/2iTqb20RZYjB5IZMEXSYr9QsXIo.roa
Signing time: Sun 05 Jan 2025 15:23:19 +0000
ROA not before: Sun 05 Jan 2025 15:23:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 5.182.124.0/22 maxlen: 22
45.13.250.0/24 maxlen: 24
45.13.251.0/24 maxlen: 24
45.85.108.0/22 maxlen: 22
45.94.96.0/22 maxlen: 22
45.130.65.0/24 maxlen: 24
45.139.0.0/24 maxlen: 24
45.139.1.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.mft
rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:37:10:3e:87:39:dc:d3:46:c2:88:b0:00:53:f9:69:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Validity
Not Before: Jan 5 15:23:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=da24ea6f6d116588c1e4864c117498afd42c5c8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:f4:70:ae:ed:f6:a6:de:40:bd:de:76:0e:94:
ea:27:10:06:f8:83:1e:2d:62:ea:e7:82:70:92:db:
49:27:c7:e1:c3:8d:c4:89:49:d4:e0:4d:31:8d:fe:
d3:1a:e0:4e:c2:a6:44:e8:1c:4d:2a:c0:be:d1:9a:
3b:5a:19:45:d4:28:84:f2:3d:6b:cf:fe:dc:20:d6:
e6:95:4d:b6:22:8e:d3:f4:aa:95:29:5a:5e:41:fa:
2c:9a:f0:5b:f2:dc:e5:78:7f:ef:52:d2:37:e2:66:
98:57:81:b3:33:c1:8e:f7:cc:d2:40:e6:3d:7d:ce:
72:c5:3d:24:52:ea:1f:a9:46:26:c1:f7:08:61:0a:
7b:1c:62:48:d5:ce:56:f0:a6:68:3a:9d:9e:cb:37:
a0:1e:79:56:6f:c9:1f:ec:81:e6:04:e8:99:7b:b5:
92:a3:4b:80:f6:dc:51:b2:5b:f8:8c:ab:59:66:3a:
1e:ab:2c:82:4a:68:24:88:3d:71:96:a1:e8:2b:b3:
36:98:28:7e:c0:62:27:62:79:ac:69:1d:e6:06:1b:
57:26:ff:87:39:1b:6b:41:8d:d6:da:41:5d:56:4a:
aa:23:fa:0a:74:89:bd:e3:3f:1e:0b:d9:52:28:69:
75:70:c3:73:4b:55:1d:50:ed:72:9d:04:63:f2:d9:
3a:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:24:EA:6F:6D:11:65:88:C1:E4:86:4C:11:74:98:AF:D4:2C:5C:8A
X509v3 Authority Key Identifier:
keyid:7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/2iTqb20RZYjB5IZMEXSYr9QsXIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.124.0/22
45.13.250.0/23
45.85.108.0/22
45.94.96.0/22
45.130.65.0/24
45.139.0.0/23
Signature Algorithm: sha256WithRSAEncryption
b1:4f:72:e6:59:88:be:b6:c6:9f:1f:46:cd:45:86:c2:c5:51:
4b:18:c3:ff:85:cd:b8:38:17:47:46:0c:6e:b4:fe:d1:e5:cf:
b0:9b:fc:04:21:8d:2a:d4:24:f7:a9:03:df:1b:e8:7b:8c:22:
7e:58:55:b6:25:b7:9b:e8:f4:34:52:0d:43:14:98:18:d4:a7:
0c:08:6c:08:f4:22:45:eb:da:c1:24:e3:29:0c:0f:f2:a5:3d:
b7:f5:fc:d6:20:a2:7f:0f:c6:3b:1d:11:a4:c4:94:ab:0b:61:
5b:fe:cd:77:18:1c:a1:56:e6:af:ad:c7:26:8c:7f:b5:58:f6:
a5:14:69:17:47:a6:8a:97:e3:52:1b:21:29:4f:af:e9:3f:d3:
ae:50:33:db:77:70:35:d3:0a:f7:da:f4:3a:a3:e2:e6:5c:88:
b7:2d:af:b5:cc:e3:07:0f:ae:83:fd:0d:2c:88:5d:b4:01:4e:
73:7e:aa:2b:f3:78:64:f8:35:54:ac:e3:39:da:cf:c7:5a:87:
58:2d:ab:c2:f8:a5:da:40:13:e1:e4:66:4d:7d:04:cd:a3:56:
c5:9c:e3:bb:c8:14:de:36:73:36:67:5b:d2:95:19:4a:95:b0:
13:10:53:53:80:98:f7:2e:7e:0f:cd:cd:3f:ae:ff:fb:0c:5e:
df:7a:31:25
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQ3ED6HOdzTRsKIsABT+WkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTY0M2JiMzk5YzZkODdhZGM0YzdjYmE1ZDJiNzJmYmQw
MGQwNDYwHhcNMjUwMTA1MTUyMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTI0ZWE2ZjZkMTE2NTg4YzFlNDg2NGMxMTc0OThhZmQ0MmM1YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9fRwru32pt5Avd52DpTqJxAG+IMe
LWLq54JwkttJJ8fhw43EiUnU4E0xjf7TGuBOwqZE6BxNKsC+0Zo7WhlF1CiE8j1r
z/7cINbmlU22Io7T9KqVKVpeQfosmvBb8tzleH/vUtI34maYV4GzM8GO98zSQOY9
fc5yxT0kUuofqUYmwfcIYQp7HGJI1c5W8KZoOp2eyzegHnlWb8kf7IHmBOiZe7WS
o0uA9txRslv4jKtZZjoeqyyCSmgkiD1xlqHoK7M2mCh+wGInYnmsaR3mBhtXJv+H
ORtrQY3W2kFdVkqqI/oKdIm94z8eC9lSKGl1cMNzS1UdUO1ynQRj8tk6DQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNok6m9tEWWIweSGTBF0mK/ULFyKMB8GA1UdIwQY
MBaAFHymQ7s5nG2HrcTHy6XSty+9ANBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMt
NDRlYTY0NzIxYzllLzEvMmlUcWIyMFJaWWpCNUlaTUVYU1lyOVFzWElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMtNDRlYTY0NzIxYzll
LzEvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCBbZ8AwQB
LQ36AwQCLVVsAwQCLV5gAwQALYJBAwQBLYsAMA0GCSqGSIb3DQEBCwUAA4IBAQCx
T3LmWYi+tsafH0bNRYbCxVFLGMP/hc24OBdHRgxutP7R5c+wm/wEIY0q1CT3qQPf
G+h7jCJ+WFW2Jbeb6PQ0Ug1DFJgY1KcMCGwI9CJF69rBJOMpDA/ypT239fzWIKJ/
D8Y7HRGkxJSrC2Fb/s13GByhVuavrccmjH+1WPalFGkXR6aKl+NSGyEpT6/pP9Ou
UDPbd3A10wr32vQ6o+LmXIi3La+1zOMHD66D/Q0siF20AU5zfqor83hk+DVUrOM5
2s/HWodYLavC+KXaQBPh5GZNfQTNo1bFnOO7yBTeNnM2Z1vSlRlKlbATEFNTgJj3
Ln4Pzc0/rv/7DF7fejEl
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:15:56 2025 by rpki-client