Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/iZsQcVJmfkhAcYH19cli-30jJSk.roa
File: iZsQcVJmfkhAcYH19cli-30jJSk.roa (raw, json)
Hash identifier: 5op4VZIOL+EirxQSg7kSyPAbPkqJzG43PAru2qFB904=
Subject key identifier: 89:9B:10:71:52:66:7E:48:40:71:81:F5:F5:C9:62:FB:7D:23:25:29
Certificate issuer: /CN=642c7a4e9f02b2f4e664d7d0d72a52e51261de54
Certificate serial: 019422FB75C8A7105866FE84F21CD450B90F
Authority key identifier: 64:2C:7A:4E:9F:02:B2:F4:E6:64:D7:D0:D7:2A:52:E5:12:61:DE:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/iZsQcVJmfkhAcYH19cli-30jJSk.roa
Signing time: Wed 01 Jan 2025 17:48:12 +0000
ROA not before: Wed 01 Jan 2025 17:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57473
IP address blocks: 185.115.136.0/22 maxlen: 22
194.60.250.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:75:c8:a7:10:58:66:fe:84:f2:1c:d4:50:b9:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=642c7a4e9f02b2f4e664d7d0d72a52e51261de54
Validity
Not Before: Jan 1 17:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=899b107152667e48407181f5f5c962fb7d232529
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:85:b3:a3:69:1d:b5:b4:b2:a6:8e:fd:62:bc:
ab:f4:d2:01:6e:08:a1:75:12:7a:de:6f:9b:f2:f4:
09:62:1b:ce:3f:5b:db:03:34:c4:09:29:bb:91:6d:
8e:40:6f:03:34:2a:eb:14:bc:b5:2a:93:d1:86:8b:
e5:20:89:4d:60:bd:9b:14:81:61:09:e7:65:d5:2c:
7c:ed:d0:0b:e0:a5:a9:90:ce:e4:06:3b:3d:4a:c0:
59:3b:79:ba:5f:40:c1:45:c9:2e:19:12:39:bf:1b:
d6:05:dc:cd:ff:28:3c:b1:7b:59:ad:02:6c:f1:3c:
2d:a6:36:31:e7:c5:f1:0b:82:38:34:f1:47:e9:fd:
0f:c0:e4:12:14:87:a4:f1:d7:97:78:a7:79:72:30:
7c:fb:b9:94:75:f3:99:b1:14:fc:ff:d9:66:29:b9:
43:af:d5:2c:8f:63:f6:16:3b:45:be:b3:40:2b:8d:
13:41:b1:09:d7:a5:89:a3:c1:16:e1:5b:c1:b2:93:
8c:57:b5:af:38:cd:8e:71:28:8f:e5:41:1c:3f:47:
63:c1:9a:db:68:24:0f:54:81:20:5d:3d:69:21:53:
36:b0:19:e5:0b:28:45:3b:da:e5:15:3b:19:5e:64:
eb:b9:18:1f:b2:74:1b:65:3f:dc:5a:f2:4d:03:8a:
b2:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:9B:10:71:52:66:7E:48:40:71:81:F5:F5:C9:62:FB:7D:23:25:29
X509v3 Authority Key Identifier:
keyid:64:2C:7A:4E:9F:02:B2:F4:E6:64:D7:D0:D7:2A:52:E5:12:61:DE:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/iZsQcVJmfkhAcYH19cli-30jJSk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.115.136.0/22
194.60.250.0/24
Signature Algorithm: sha256WithRSAEncryption
42:37:72:25:ac:bf:60:cd:24:23:1f:e2:8d:6e:a4:ca:29:6c:
5d:4f:82:ce:bf:e8:b9:b9:8d:c1:e5:56:9e:63:33:b6:ef:e5:
84:7d:52:32:aa:83:08:a3:31:81:a1:69:bf:41:e4:97:03:d1:
b7:50:12:1b:87:0a:65:e4:bc:ad:dd:18:31:68:91:8b:53:c3:
24:2d:ce:a0:2c:0d:41:16:cc:ee:7c:58:eb:7b:32:e4:5f:4a:
26:0d:35:35:e0:73:7f:fe:ac:45:8c:4c:87:29:25:81:66:48:
05:69:9a:01:0f:04:4e:64:27:34:b0:f6:2a:7f:f0:51:85:c7:
85:bc:63:a9:3d:be:64:d7:a0:6d:1a:74:07:28:65:43:3f:47:
d2:5a:d7:1f:fd:da:52:39:68:46:c6:26:77:e4:35:03:35:30:
06:3d:61:e7:d3:15:a6:00:37:c8:e5:3c:fc:7c:57:ad:7a:0a:
69:15:55:af:3e:ee:ce:a9:bd:1e:09:b9:8f:6c:3f:e3:24:68:
b1:c1:df:1f:ce:91:63:a8:b7:70:77:d9:dd:e0:58:3e:ed:8e:
62:df:4e:e4:4b:c3:46:df:c9:04:56:8a:7b:7d:f4:14:f7:17:
76:f9:e2:65:87:a8:cd:cb:06:3d:c3:e0:70:56:f3:f1:72:80:
f5:e7:b0:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+3XIpxBYZv6E8hzUULkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MmM3YTRlOWYwMmIyZjRlNjY0ZDdkMGQ3MmE1MmU1MTI2
MWRlNTQwHhcNMjUwMTAxMTc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTliMTA3MTUyNjY3ZTQ4NDA3MTgxZjVmNWM5NjJmYjdkMjMyNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4oWzo2kdtbSypo79Yryr9NIBbgih
dRJ63m+b8vQJYhvOP1vbAzTECSm7kW2OQG8DNCrrFLy1KpPRhovlIIlNYL2bFIFh
Cedl1Sx87dAL4KWpkM7kBjs9SsBZO3m6X0DBRckuGRI5vxvWBdzN/yg8sXtZrQJs
8TwtpjYx58XxC4I4NPFH6f0PwOQSFIek8deXeKd5cjB8+7mUdfOZsRT8/9lmKblD
r9Usj2P2FjtFvrNAK40TQbEJ16WJo8EW4VvBspOMV7WvOM2OcSiP5UEcP0djwZrb
aCQPVIEgXT1pIVM2sBnlCyhFO9rlFTsZXmTruRgfsnQbZT/cWvJNA4qyMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFImbEHFSZn5IQHGB9fXJYvt9IyUpMB8GA1UdIwQY
MBaAFGQsek6fArL05mTX0NcqUuUSYd5UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkN4NlRwOENzdlRtWk5mUTF5cFM1UkpoM2xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85OTFmZDgtMmQ4NS00Y2Y5LTkwMzYt
NWUwMmM0NjUzZTUwLzEvaVpzUWNWSm1ma2hBY1lIMTljbGktMzBqSlNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85OTFmZDgtMmQ4NS00Y2Y5LTkwMzYtNWUwMmM0NjUzZTUw
LzEvWkN4NlRwOENzdlRtWk5mUTF5cFM1UkpoM2xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXOIAwQA
wjz6MA0GCSqGSIb3DQEBCwUAA4IBAQBCN3IlrL9gzSQjH+KNbqTKKWxdT4LOv+i5
uY3B5VaeYzO27+WEfVIyqoMIozGBoWm/QeSXA9G3UBIbhwpl5Lyt3RgxaJGLU8Mk
Lc6gLA1BFszufFjrezLkX0omDTU14HN//qxFjEyHKSWBZkgFaZoBDwROZCc0sPYq
f/BRhceFvGOpPb5k16BtGnQHKGVDP0fSWtcf/dpSOWhGxiZ35DUDNTAGPWHn0xWm
ADfI5Tz8fFetegppFVWvPu7Oqb0eCbmPbD/jJGixwd8fzpFjqLdwd9nd4Fg+7Y5i
307kS8NG38kEVop7ffQU9xd2+eJlh6jNywY9w+BwVvPxcoD157Bd
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:49:01 2025 by rpki-client