Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/iUM8bJHwQ48CpEg1dQgbuZoF2F8.roa
File: iUM8bJHwQ48CpEg1dQgbuZoF2F8.roa (raw, json)
Hash identifier: FAU/hqJaw9dZlVsB9TPc90NTrKoL6yNGJeYIXg92yTQ=
Subject key identifier: 89:43:3C:6C:91:F0:43:8F:02:A4:48:35:75:08:1B:B9:9A:05:D8:5F
Certificate issuer: /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial: 01942220024FC788BC5434233BA87576C802
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/iUM8bJHwQ48CpEg1dQgbuZoF2F8.roa
Signing time: Wed 01 Jan 2025 13:48:30 +0000
ROA not before: Wed 01 Jan 2025 13:48:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42423
IP address blocks: 193.168.184.0/23 maxlen: 24
193.168.187.0/24 maxlen: 24
194.1.167.0/24 maxlen: 24
2a09:1400::/30 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:02:4f:c7:88:bc:54:34:23:3b:a8:75:76:c8:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Validity
Not Before: Jan 1 13:48:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89433c6c91f0438f02a4483575081bb99a05d85f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ee:a1:fa:17:2f:80:00:7f:c9:10:05:5e:a6:
82:18:f1:b7:34:88:e8:c9:ab:d0:4d:a8:26:72:ce:
e3:ba:cd:7f:a4:61:fc:9b:2d:38:9b:73:2b:36:e2:
95:92:6a:d8:bc:05:12:dc:4b:f1:f8:f4:e5:95:ce:
fc:5e:4e:16:5f:3e:97:35:70:56:14:b9:e5:e1:ca:
f8:4c:6d:ac:cc:b3:d8:e8:99:a1:0e:99:6d:a9:d0:
5d:11:3e:fd:26:56:b7:b5:85:b0:38:76:67:ec:59:
e6:cd:13:e5:b0:e7:89:a7:d6:b7:b7:db:e2:34:14:
ce:3e:54:c2:1f:fc:ac:83:fd:d9:ed:d7:c0:0f:5e:
01:e8:ff:51:e1:35:7c:36:e4:cc:e3:b2:9a:1f:94:
56:12:27:9f:cd:17:d0:21:a0:6e:08:f7:cb:d3:d2:
a0:18:2b:fb:96:f8:cc:1c:dd:58:a9:de:76:53:fa:
d6:5a:96:df:5c:96:c1:4e:51:46:4c:28:09:51:b2:
35:20:57:4c:67:d8:7d:50:3f:70:0d:db:43:86:6c:
9b:ca:1d:9e:81:b1:40:83:1d:ee:b4:c3:92:1f:fc:
42:86:6f:fe:77:b7:0e:77:5a:66:29:9f:28:bc:0e:
d3:4d:bb:fe:8e:08:4f:0a:e5:b8:a3:59:be:20:27:
f4:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:43:3C:6C:91:F0:43:8F:02:A4:48:35:75:08:1B:B9:9A:05:D8:5F
X509v3 Authority Key Identifier:
keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/iUM8bJHwQ48CpEg1dQgbuZoF2F8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.168.184.0/23
193.168.187.0/24
194.1.167.0/24
IPv6:
2a09:1400::/30
Signature Algorithm: sha256WithRSAEncryption
63:2c:48:9a:14:55:30:c8:eb:4a:0f:b0:cf:fb:7a:01:b6:9b:
4e:bd:3c:15:56:2b:3a:7d:46:3c:ec:d0:c5:41:aa:08:7d:db:
dd:b8:11:c0:96:20:bc:f1:c9:4e:7b:ac:b5:ad:72:40:1d:43:
aa:50:c1:9e:f6:ef:f1:14:3b:50:83:77:d8:76:77:6d:1c:02:
15:d0:b9:ed:6d:9d:41:6e:99:e5:75:c0:9b:60:71:bc:17:fb:
cd:bc:74:53:29:90:ef:ee:5d:a1:4e:92:35:c5:5a:26:36:cd:
84:ad:84:98:5c:92:02:02:b9:f7:09:57:98:c0:f4:dd:68:81:
08:a6:5b:e0:34:93:aa:98:2d:00:f4:f9:0a:4b:91:65:a2:96:
ac:d9:4c:93:4d:39:1a:0f:6f:38:74:09:90:52:74:88:bf:b4:
dc:87:da:6f:85:c5:6a:9f:64:06:f9:c9:85:c5:13:0b:0e:5f:
88:72:5b:96:ed:26:8b:4c:25:4a:8a:ce:15:35:3e:48:26:0a:
5f:a1:8a:fe:20:f8:61:b2:c8:9a:30:3d:7e:b8:39:aa:22:aa:
e6:9e:ce:f7:47:21:22:45:31:17:7b:c4:cc:24:16:da:b7:7d:
21:b2:a9:d8:21:ff:99:25:e0:e8:ea:51:19:f4:a7:a4:c2:23:
c9:fc:cc:4d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQiIAJPx4i8VDQjO6h1dsgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQzM2M2YzkxZjA0MzhmMDJhNDQ4MzU3NTA4MWJiOTlhMDVkODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO6h+hcvgAB/yRAFXqaCGPG3NIjo
yavQTagmcs7jus1/pGH8my04m3MrNuKVkmrYvAUS3Evx+PTllc78Xk4WXz6XNXBW
FLnl4cr4TG2szLPY6JmhDpltqdBdET79Jla3tYWwOHZn7FnmzRPlsOeJp9a3t9vi
NBTOPlTCH/ysg/3Z7dfAD14B6P9R4TV8NuTM47KaH5RWEiefzRfQIaBuCPfL09Kg
GCv7lvjMHN1Yqd52U/rWWpbfXJbBTlFGTCgJUbI1IFdMZ9h9UD9wDdtDhmybyh2e
gbFAgx3utMOSH/xChm/+d7cOd1pmKZ8ovA7TTbv+jghPCuW4o1m+ICf01wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIlDPGyR8EOPAqRINXUIG7maBdhfMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvaVVNOGJKSHdRNDhDcEVnMWRRZ2J1Wm9GMkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBwai4AwQA
wai7AwQAwgGnMA0EAgACMAcDBQIqCRQAMA0GCSqGSIb3DQEBCwUAA4IBAQBjLEia
FFUwyOtKD7DP+3oBtptOvTwVVis6fUY87NDFQaoIfdvduBHAliC88clOe6y1rXJA
HUOqUMGe9u/xFDtQg3fYdndtHAIV0LntbZ1BbpnldcCbYHG8F/vNvHRTKZDv7l2h
TpI1xVomNs2ErYSYXJICArn3CVeYwPTdaIEIplvgNJOqmC0A9PkKS5Flopas2UyT
TTkaD284dAmQUnSIv7Tch9pvhcVqn2QG+cmFxRMLDl+IcluW7SaLTCVKis4VNT5I
JgpfoYr+IPhhssiaMD1+uDmqIqrmns73RyEiRTEXe8TMJBbat30hsqnYIf+ZJeDo
6lEZ9KekwiPJ/MxN
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:30:57 2025 by rpki-client