Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/OI4m2d90B9xfmwLaDwu0RLIhyHI.roa
File: OI4m2d90B9xfmwLaDwu0RLIhyHI.roa (raw, json)
Hash identifier: 1tPpSMdOXEc4uC4QEVA58ahEFZcfSMXztb+GTkRhAk8=
Subject key identifier: 38:8E:26:D9:DF:74:07:DC:5F:9B:02:DA:0F:0B:B4:44:B2:21:C8:72
Certificate issuer: /CN=490b21f79b9ea2f3d042374714867d12401995db
Certificate serial: 01942144389120C0DBD52237C7DE4DC23CB5
Authority key identifier: 49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/OI4m2d90B9xfmwLaDwu0RLIhyHI.roa
Signing time: Wed 01 Jan 2025 09:48:26 +0000
ROA not before: Wed 01 Jan 2025 09:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51043
IP address blocks: 5.22.136.0/21 maxlen: 24
83.98.32.0/19 maxlen: 19
148.253.160.0/19 maxlen: 24
159.242.64.0/18 maxlen: 24
178.23.128.0/21 maxlen: 24
185.59.180.0/22 maxlen: 24
185.173.67.0/24 maxlen: 24
195.184.238.0/23 maxlen: 24
212.47.86.0/23 maxlen: 23
2a00:ed40::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 21:00:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:38:91:20:c0:db:d5:22:37:c7:de:4d:c2:3c:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=490b21f79b9ea2f3d042374714867d12401995db
Validity
Not Before: Jan 1 09:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=388e26d9df7407dc5f9b02da0f0bb444b221c872
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:03:ea:a3:28:8d:93:4f:bc:df:42:35:a2:b6:
1a:77:a4:3f:b5:14:2f:71:9d:c4:dd:e0:ae:b0:42:
29:4c:fd:e2:eb:88:8a:5f:4f:87:0e:40:1a:1d:e2:
bf:38:96:42:a7:11:10:39:aa:2c:43:2b:d9:f5:d4:
1b:ac:48:a1:26:f1:9d:68:8a:54:f3:73:70:42:08:
c9:26:d6:51:88:a7:59:33:68:2c:df:a3:c9:bf:9e:
1b:3f:1b:63:87:97:1a:8f:7c:73:c3:de:3c:2d:4c:
9c:46:d8:a6:e4:8a:ba:ad:85:a1:d9:26:58:c3:e1:
18:6f:12:83:d8:93:90:ec:88:84:b7:40:0f:c1:97:
75:ee:85:94:6c:27:87:b4:74:51:80:13:63:28:fb:
4f:4f:3d:3c:08:bd:71:f8:7c:a2:ec:c7:cc:c0:40:
ea:0a:8d:b4:40:7a:13:df:d6:75:1a:e0:3f:26:ca:
6a:78:e0:be:75:30:64:f5:a7:29:66:4a:39:3c:63:
77:4d:71:ab:9f:af:d3:56:31:b0:dd:fe:d4:dc:8e:
63:1a:12:72:24:85:9c:23:83:b8:06:74:92:03:bf:
4d:40:05:fe:ca:34:e0:96:df:af:4d:a0:2d:38:81:
44:67:1c:12:b4:90:91:1e:44:74:22:15:44:4e:69:
5a:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:8E:26:D9:DF:74:07:DC:5F:9B:02:DA:0F:0B:B4:44:B2:21:C8:72
X509v3 Authority Key Identifier:
keyid:49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/OI4m2d90B9xfmwLaDwu0RLIhyHI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.136.0/21
83.98.32.0/19
148.253.160.0/19
159.242.64.0/18
178.23.128.0/21
185.59.180.0/22
185.173.67.0/24
195.184.238.0/23
212.47.86.0/23
IPv6:
2a00:ed40::/32
Signature Algorithm: sha256WithRSAEncryption
5a:0e:48:ad:2d:b3:df:79:c6:20:c6:6d:34:77:bf:e7:62:76:
ea:30:59:40:f5:a0:1b:0c:87:33:83:b1:b7:0a:b7:f2:21:0a:
ba:3f:02:c9:dc:a3:2a:4c:be:b4:b7:c2:af:8e:98:9e:7b:73:
c8:b8:1b:55:43:37:24:1b:7c:7e:97:ad:39:21:8f:81:b9:c5:
23:69:d7:82:c8:83:76:7d:7e:8a:50:80:e0:bb:b5:a0:61:08:
54:e6:9d:6c:ca:52:76:10:33:3a:bc:60:04:00:a4:f6:12:d9:
91:a7:f1:f0:b9:05:38:23:47:0f:be:96:bb:42:c4:49:ce:1b:
7b:76:5f:b0:5e:fa:e4:9b:b9:6b:d8:09:23:f4:d9:4e:c4:d9:
6c:af:86:cd:aa:0c:1b:ff:52:94:dd:74:08:78:cf:a0:fb:63:
71:f8:b9:b6:83:da:d6:fd:a2:41:b3:55:75:50:0b:55:df:34:
38:28:64:bf:a5:68:60:8a:8b:e7:18:34:ab:0f:d1:ac:33:a4:
49:40:a5:f0:cd:0e:10:f2:8e:07:10:11:99:34:3e:0b:41:dd:
7d:c3:ca:d1:19:9c:9d:4d:b8:04:5a:a2:46:cc:40:10:0b:ba:
29:4e:d3:57:7b:b2:97:30:05:8c:11:1f:bb:49:72:c5:1b:bb:
0e:43:2e:92
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQhRDiRIMDb1SI3x95Nwjy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MGIyMWY3OWI5ZWEyZjNkMDQyMzc0NzE0ODY3ZDEyNDAx
OTk1ZGIwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhlMjZkOWRmNzQwN2RjNWY5YjAyZGEwZjBiYjQ0NGIyMjFjODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gPqoyiNk0+830I1orYad6Q/tRQv
cZ3E3eCusEIpTP3i64iKX0+HDkAaHeK/OJZCpxEQOaosQyvZ9dQbrEihJvGdaIpU
83NwQgjJJtZRiKdZM2gs36PJv54bPxtjh5caj3xzw948LUycRtim5Iq6rYWh2SZY
w+EYbxKD2JOQ7IiEt0APwZd17oWUbCeHtHRRgBNjKPtPTz08CL1x+Hyi7MfMwEDq
Co20QHoT39Z1GuA/JspqeOC+dTBk9acpZko5PGN3TXGrn6/TVjGw3f7U3I5jGhJy
JIWcI4O4BnSSA79NQAX+yjTglt+vTaAtOIFEZxwStJCRHkR0IhVETmla2wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDiOJtnfdAfcX5sC2g8LtESyIchyMB8GA1UdIwQY
MBaAFEkLIfebnqLz0EI3RxSGfRJAGZXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2Mt
NDgwYzMyZjQwMGUxLzEvT0k0bTJkOTBCOXhmbXdMYUR3dTBSTEloeUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2MtNDgwYzMyZjQwMGUx
LzEvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDBRaIAwQF
U2IgAwQFlP2gAwQGn/JAAwQDsheAAwQCuTu0AwQAua1DAwQBw7juAwQB1C9WMA0E
AgACMAcDBQAqAO1AMA0GCSqGSIb3DQEBCwUAA4IBAQBaDkitLbPfecYgxm00d7/n
YnbqMFlA9aAbDIczg7G3CrfyIQq6PwLJ3KMqTL60t8Kvjpiee3PIuBtVQzckG3x+
l605IY+BucUjadeCyIN2fX6KUIDgu7WgYQhU5p1sylJ2EDM6vGAEAKT2EtmRp/Hw
uQU4I0cPvpa7QsRJzht7dl+wXvrkm7lr2Akj9NlOxNlsr4bNqgwb/1KU3XQIeM+g
+2Nx+Lm2g9rW/aJBs1V1UAtV3zQ4KGS/pWhgiovnGDSrD9GsM6RJQKXwzQ4Q8o4H
EBGZND4LQd19w8rRGZydTbgEWqJGzEAQC7opTtNXe7KXMAWMER+7SXLFG7sOQy6S
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:50:25 2025 by rpki-client