Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/440877-319d-4630-a691-7991b4e4bfa2/1/xKaI03GURyzSZb-rRcYioTYAybk.roa
File: xKaI03GURyzSZb-rRcYioTYAybk.roa (raw, json)
Hash identifier: HlTvUY61ftuf4HfBCvEW2aFKorP77hcqRc1NgwCXzCM=
Subject key identifier: C4:A6:88:D3:71:94:47:2C:D2:65:BF:AB:45:C6:22:A1:36:00:C9:B9
Certificate issuer: /CN=e495acbafe46ef2f4d6c51fcf23bd72f639cfd0b
Certificate serial: 01941FFA89CC567F386A73449B6A24C08E0D
Authority key identifier: E4:95:AC:BA:FE:46:EF:2F:4D:6C:51:FC:F2:3B:D7:2F:63:9C:FD:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5JWsuv5G7y9NbFH88jvXL2Oc_Qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/440877-319d-4630-a691-7991b4e4bfa2/1/xKaI03GURyzSZb-rRcYioTYAybk.roa
Signing time: Wed 01 Jan 2025 03:48:20 +0000
ROA not before: Wed 01 Jan 2025 03:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12453
IP address blocks: 2.56.160.0/22 maxlen: 22
91.223.248.0/24 maxlen: 24
185.31.52.0/22 maxlen: 22
185.85.32.0/22 maxlen: 22
185.155.124.0/22 maxlen: 22
185.224.24.0/22 maxlen: 22
194.32.208.0/24 maxlen: 24
194.59.177.0/24 maxlen: 24
195.93.174.0/23 maxlen: 23
2a0d:5dc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/440877-319d-4630-a691-7991b4e4bfa2/1/5JWsuv5G7y9NbFH88jvXL2Oc_Qs.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/440877-319d-4630-a691-7991b4e4bfa2/1/5JWsuv5G7y9NbFH88jvXL2Oc_Qs.mft
rsync://rpki.ripe.net/repository/DEFAULT/5JWsuv5G7y9NbFH88jvXL2Oc_Qs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 21:01:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:89:cc:56:7f:38:6a:73:44:9b:6a:24:c0:8e:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e495acbafe46ef2f4d6c51fcf23bd72f639cfd0b
Validity
Not Before: Jan 1 03:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c4a688d37194472cd265bfab45c622a13600c9b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:41:75:01:4b:7e:61:f6:19:51:a6:97:aa:6f:
99:e2:20:85:a2:70:83:b0:63:d4:10:73:17:8e:24:
b3:28:2d:45:91:6e:ba:dd:aa:6e:04:3e:66:76:22:
02:52:81:f2:b4:80:db:da:93:7f:b2:ac:d0:98:83:
50:0b:11:c1:aa:d9:44:20:47:e1:16:e6:74:7b:f1:
a6:52:b6:a5:e7:34:4d:09:95:2f:c7:63:7f:1b:a7:
a7:9a:b7:f5:54:fe:6d:4e:33:36:2b:07:6d:c6:f0:
e9:da:20:bc:44:26:35:ad:9f:af:c3:a9:24:62:6f:
35:98:92:d3:c2:9c:f3:30:71:af:f1:ad:db:36:9e:
60:d1:d8:10:c5:19:37:4f:fb:f1:57:e0:62:68:c5:
66:03:de:3f:eb:8f:4e:97:15:d2:a2:d3:4e:e6:b4:
c7:5e:95:8d:73:98:be:da:3e:6b:c8:db:61:5c:a3:
3d:5a:f5:71:86:e7:ac:ad:f8:4f:87:23:70:13:16:
da:fa:81:da:72:17:51:e1:ce:c2:e1:1b:ed:3f:ae:
31:ab:1b:34:e9:b5:6b:84:7c:53:ea:eb:8c:d2:1e:
3f:ea:b8:37:3a:4a:1a:8d:d0:4f:b0:ac:99:bf:df:
cc:6d:7f:0a:66:3b:e3:25:41:f8:8d:59:f2:8a:a5:
22:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:A6:88:D3:71:94:47:2C:D2:65:BF:AB:45:C6:22:A1:36:00:C9:B9
X509v3 Authority Key Identifier:
keyid:E4:95:AC:BA:FE:46:EF:2F:4D:6C:51:FC:F2:3B:D7:2F:63:9C:FD:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5JWsuv5G7y9NbFH88jvXL2Oc_Qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/440877-319d-4630-a691-7991b4e4bfa2/1/xKaI03GURyzSZb-rRcYioTYAybk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/440877-319d-4630-a691-7991b4e4bfa2/1/5JWsuv5G7y9NbFH88jvXL2Oc_Qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.160.0/22
91.223.248.0/24
185.31.52.0/22
185.85.32.0/22
185.155.124.0/22
185.224.24.0/22
194.32.208.0/24
194.59.177.0/24
195.93.174.0/23
IPv6:
2a0d:5dc0::/29
Signature Algorithm: sha256WithRSAEncryption
8d:9b:51:9c:85:c3:28:1f:2e:52:a9:d8:11:a2:b9:5e:a8:0f:
94:73:8b:94:e9:54:dc:5f:86:8b:d0:b5:6f:5d:72:c2:4a:9e:
7f:c1:6a:7a:00:5b:c8:fb:f0:ff:21:f2:3d:1d:19:b8:b4:52:
84:e8:5b:a5:70:c1:20:21:b8:b6:68:61:23:0b:3b:6c:99:62:
d4:8d:da:78:41:ab:ba:ca:34:80:0d:8a:79:4a:28:94:de:de:
db:be:e8:48:f7:97:83:43:91:0f:1b:c8:87:ad:33:4c:7b:48:
49:47:06:f5:0a:e6:b7:60:ef:30:58:fc:7f:c6:70:f4:f8:0e:
8e:d7:ff:91:d3:20:35:27:ee:db:fd:00:62:08:55:28:1d:ef:
75:19:04:1e:d9:c0:85:b5:60:19:33:0f:fe:72:ae:71:37:65:
c6:5c:af:2f:c6:26:70:8e:14:1e:0d:2b:24:57:67:36:ba:8b:
74:45:da:7f:4c:9d:df:68:3e:ad:42:9f:e8:6f:1a:88:6e:61:
f1:b6:06:e4:f1:bc:e9:6d:49:75:18:45:1a:25:6d:b9:57:5d:
d1:a6:ee:25:ba:a4:43:b8:0d:bd:a5:68:53:9a:5c:29:80:9e:
13:8c:e3:d6:a4:f4:0e:31:d3:ba:8b:68:0a:f3:6c:fc:33:f6:
c0:e3:b1:71
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQf+onMVn84anNEm2okwI4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0OTVhY2JhZmU0NmVmMmY0ZDZjNTFmY2YyM2JkNzJmNjM5
Y2ZkMGIwHhcNMjUwMTAxMDM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE2ODhkMzcxOTQ0NzJjZDI2NWJmYWI0NWM2MjJhMTM2MDBjOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6EF1AUt+YfYZUaaXqm+Z4iCFonCD
sGPUEHMXjiSzKC1FkW663apuBD5mdiICUoHytIDb2pN/sqzQmINQCxHBqtlEIEfh
FuZ0e/GmUral5zRNCZUvx2N/G6enmrf1VP5tTjM2KwdtxvDp2iC8RCY1rZ+vw6kk
Ym81mJLTwpzzMHGv8a3bNp5g0dgQxRk3T/vxV+BiaMVmA94/649OlxXSotNO5rTH
XpWNc5i+2j5ryNthXKM9WvVxhuesrfhPhyNwExba+oHachdR4c7C4RvtP64xqxs0
6bVrhHxT6uuM0h4/6rg3OkoajdBPsKyZv9/MbX8KZjvjJUH4jVnyiqUibwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMSmiNNxlEcs0mW/q0XGIqE2AMm5MB8GA1UdIwQY
MBaAFOSVrLr+Ru8vTWxR/PI71y9jnP0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUpXc3V2NUc3eTlOYkZIODhqdlhMMk9jX1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy80NDA4NzctMzE5ZC00NjMwLWE2OTEt
Nzk5MWI0ZTRiZmEyLzEveEthSTAzR1VSeXpTWmItclJjWWlvVFlBeWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy80NDA4NzctMzE5ZC00NjMwLWE2OTEtNzk5MWI0ZTRiZmEy
LzEvNUpXc3V2NUc3eTlOYkZIODhqdlhMMk9jX1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCAjigAwQA
W9/4AwQCuR80AwQCuVUgAwQCuZt8AwQCueAYAwQAwiDQAwQAwjuxAwQBw12uMA0E
AgACMAcDBQMqDV3AMA0GCSqGSIb3DQEBCwUAA4IBAQCNm1GchcMoHy5SqdgRorle
qA+Uc4uU6VTcX4aL0LVvXXLCSp5/wWp6AFvI+/D/IfI9HRm4tFKE6FulcMEgIbi2
aGEjCztsmWLUjdp4Qau6yjSADYp5SiiU3t7bvuhI95eDQ5EPG8iHrTNMe0hJRwb1
Cua3YO8wWPx/xnD0+A6O1/+R0yA1J+7b/QBiCFUoHe91GQQe2cCFtWAZMw/+cq5x
N2XGXK8vxiZwjhQeDSskV2c2uot0Rdp/TJ3faD6tQp/obxqIbmHxtgbk8bzpbUl1
GEUaJW25V13Rpu4luqRDuA29pWhTmlwpgJ4TjOPWpPQOMdO6i2gK82z8M/bA47Fx
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:58:11 2025 by rpki-client