Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/xZRqK0ehAUNFfp7bd5x7WM7WU48.roa
File: xZRqK0ehAUNFfp7bd5x7WM7WU48.roa (raw, json)
Hash identifier: RKiSJS4ui6TI89oyaWSjQ9KPJJo62REtrxZnTIi0/mg=
Subject key identifier: C5:94:6A:2B:47:A1:01:43:45:7E:9E:DB:77:9C:7B:58:CE:D6:53:8F
Certificate issuer: /CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
Certificate serial: 019423697EBAEE16CED9BC41E0D9FEACD959
Authority key identifier: 7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/xZRqK0ehAUNFfp7bd5x7WM7WU48.roa
Signing time: Wed 01 Jan 2025 19:48:23 +0000
ROA not before: Wed 01 Jan 2025 19:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24843
IP address blocks: 193.8.206.0/23 maxlen: 23
193.8.206.0/24 maxlen: 24
193.8.207.0/24 maxlen: 24
193.8.220.0/23 maxlen: 23
193.8.220.0/24 maxlen: 24
193.57.128.0/23 maxlen: 23
193.57.128.0/24 maxlen: 24
193.57.129.0/24 maxlen: 24
193.57.130.0/23 maxlen: 23
193.57.130.0/24 maxlen: 24
193.57.131.0/24 maxlen: 24
2a02:c804::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.mft
rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 10:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:7e:ba:ee:16:ce:d9:bc:41:e0:d9:fe:ac:d9:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
Validity
Not Before: Jan 1 19:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5946a2b47a10143457e9edb779c7b58ced6538f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d1:0a:db:5e:dc:64:3a:ee:98:7e:51:37:63:
24:2a:c1:a9:cd:40:8c:60:80:24:a4:c3:f6:b4:b5:
f0:83:55:43:e8:74:69:2c:b0:e6:ab:63:e1:7b:ae:
26:30:e0:76:a9:e2:7b:9e:93:5a:35:73:13:09:a6:
54:2b:be:2f:30:24:b9:03:b2:4f:24:4d:cb:a0:f7:
1b:e5:cf:f7:bd:4b:58:33:74:1f:7f:33:a7:e3:7a:
d3:da:ce:6e:b3:d8:ce:3b:6b:9c:20:71:6f:58:3d:
37:a4:75:4a:c5:4e:c7:a6:46:fd:e9:e4:52:74:90:
62:fb:88:ea:bf:34:85:04:e2:6d:72:3b:4b:04:5a:
07:09:51:3f:fe:19:0e:9f:1a:1d:90:93:cc:c6:01:
56:75:22:ab:af:da:ce:7d:c4:94:81:d5:d4:60:47:
03:15:53:e2:db:57:a4:d0:0e:06:8f:e4:7e:2b:a2:
6d:28:36:fa:04:25:49:cd:ca:e1:59:07:fa:06:ed:
d8:16:32:18:f5:6d:87:f2:a5:14:a2:38:d1:c5:35:
c5:2a:3d:81:d0:90:22:1b:9c:27:90:cd:b9:1c:f4:
82:4d:be:56:e5:76:2b:ab:14:d6:07:3f:9f:b8:f8:
66:dd:40:97:89:96:28:c3:21:1f:13:74:4f:8a:b4:
05:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:94:6A:2B:47:A1:01:43:45:7E:9E:DB:77:9C:7B:58:CE:D6:53:8F
X509v3 Authority Key Identifier:
keyid:7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/xZRqK0ehAUNFfp7bd5x7WM7WU48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.8.206.0/23
193.8.220.0/23
193.57.128.0/22
IPv6:
2a02:c804::/32
Signature Algorithm: sha256WithRSAEncryption
22:ec:5e:56:2b:30:1c:0e:f6:d2:52:12:0f:aa:86:0c:00:15:
8f:c5:aa:d5:bb:c2:3c:aa:44:0a:87:b2:2e:5a:bc:32:12:3c:
4d:c9:82:63:c5:99:99:c6:e2:71:63:9c:34:3a:e8:6b:8b:f2:
0c:45:14:d8:78:b1:ce:18:44:98:9f:f5:b9:3b:8b:b1:7d:33:
38:5a:56:28:f0:62:71:ed:34:50:9f:6c:ec:00:09:0d:78:76:
b9:4e:e0:de:c1:a5:16:a4:61:05:bc:49:0b:1d:1e:7e:d8:4e:
6e:73:cf:75:bb:57:35:85:05:0b:72:e5:73:aa:ae:b9:98:4b:
d9:d2:99:b7:44:dd:02:91:12:72:6c:7d:5c:df:1e:3d:20:e4:
e8:91:f1:ca:4d:e9:2d:40:e2:6c:68:8c:76:67:bb:87:dc:df:
93:a2:16:29:62:b0:3d:d8:ee:0b:0c:2f:47:54:a2:a4:d9:f4:
01:8c:b9:67:9a:68:48:0c:a9:7a:bb:f2:15:98:ab:42:2d:96:
7f:a3:14:d5:48:01:18:bf:0f:ab:8a:e4:9e:9d:ce:10:e4:89:
1e:54:21:c9:ed:b5:79:8f:b3:ef:5d:3d:28:ac:7d:00:06:d2:
f0:3d:74:26:2d:e8:ed:a2:d9:35:27:12:41:aa:4a:f4:47:69:
2c:ea:aa:65
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQjaX667hbO2bxB4Nn+rNlZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZjM5ZTZlYjMxMzFlY2YzY2RkY2QwYzllMzc4YzM1MmRh
NDFmYzIwHhcNMjUwMTAxMTk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk0NmEyYjQ3YTEwMTQzNDU3ZTllZGI3NzljN2I1OGNlZDY1MzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtEK217cZDrumH5RN2MkKsGpzUCM
YIAkpMP2tLXwg1VD6HRpLLDmq2Phe64mMOB2qeJ7npNaNXMTCaZUK74vMCS5A7JP
JE3LoPcb5c/3vUtYM3QffzOn43rT2s5us9jOO2ucIHFvWD03pHVKxU7Hpkb96eRS
dJBi+4jqvzSFBOJtcjtLBFoHCVE//hkOnxodkJPMxgFWdSKrr9rOfcSUgdXUYEcD
FVPi21ek0A4Gj+R+K6JtKDb6BCVJzcrhWQf6Bu3YFjIY9W2H8qUUojjRxTXFKj2B
0JAiG5wnkM25HPSCTb5W5XYrqxTWBz+fuPhm3UCXiZYowyEfE3RPirQFpQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMWUaitHoQFDRX6e23ece1jO1lOPMB8GA1UdIwQY
MBaAFHvznm6zEx7PPN3NDJ43jDUtpB/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYt
Yzk2N2M5ZGI1NzUyLzEveFpScUswZWhBVU5GZnA3YmQ1eDdXTTdXVTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYtYzk2N2M5ZGI1NzUy
LzEvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBwQjOAwQB
wQjcAwQCwTmAMA0EAgACMAcDBQAqAsgEMA0GCSqGSIb3DQEBCwUAA4IBAQAi7F5W
KzAcDvbSUhIPqoYMABWPxarVu8I8qkQKh7IuWrwyEjxNyYJjxZmZxuJxY5w0Ouhr
i/IMRRTYeLHOGESYn/W5O4uxfTM4WlYo8GJx7TRQn2zsAAkNeHa5TuDewaUWpGEF
vEkLHR5+2E5uc891u1c1hQULcuVzqq65mEvZ0pm3RN0CkRJybH1c3x49IOTokfHK
TektQOJsaIx2Z7uH3N+TohYpYrA92O4LDC9HVKKk2fQBjLlnmmhIDKl6u/IVmKtC
LZZ/oxTVSAEYvw+riuSenc4Q5IkeVCHJ7bV5j7PvXT0orH0ABtLwPXQmLejtotk1
JxJBqkr0R2ks6qpl
-----END CERTIFICATE-----
Generated at Fri Feb 21 13:05:21 2025 by rpki-client