Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d56c11-25e1-49c8-8863-7f37b778c011/1/T3NYMawRHngwhI3EFd9dMZQSV1E.roa
File: T3NYMawRHngwhI3EFd9dMZQSV1E.roa (raw, json)
Hash identifier: f99KOEwXdj6H3ZJRNRBeTA3dMK19zszZZ6xzWHN3tPk=
Subject key identifier: 4F:73:58:31:AC:11:1E:78:30:84:8D:C4:15:DF:5D:31:94:12:57:51
Certificate issuer: /CN=70980b60e0d30e498de1baa645a1be57a952049d
Certificate serial: 0194EC0CF7B090ABBF6BB2327318E97A7335
Authority key identifier: 70:98:0B:60:E0:D3:0E:49:8D:E1:BA:A6:45:A1:BE:57:A9:52:04:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cJgLYODTDkmN4bqmRaG-V6lSBJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/d56c11-25e1-49c8-8863-7f37b778c011/1/T3NYMawRHngwhI3EFd9dMZQSV1E.roa
Signing time: Sun 09 Feb 2025 18:51:00 +0000
ROA not before: Sun 09 Feb 2025 18:51:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 45.15.64.0/24 maxlen: 24
45.15.65.0/24 maxlen: 24
45.15.66.0/24 maxlen: 24
87.236.37.0/24 maxlen: 24
2a12:b2c0:1::/48 maxlen: 48
2a12:b2c0:3::/48 maxlen: 48
2a12:b2c0:4::/48 maxlen: 48
2a12:b2c0:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/d56c11-25e1-49c8-8863-7f37b778c011/1/cJgLYODTDkmN4bqmRaG-V6lSBJ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/d56c11-25e1-49c8-8863-7f37b778c011/1/cJgLYODTDkmN4bqmRaG-V6lSBJ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/cJgLYODTDkmN4bqmRaG-V6lSBJ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ec:0c:f7:b0:90:ab:bf:6b:b2:32:73:18:e9:7a:73:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70980b60e0d30e498de1baa645a1be57a952049d
Validity
Not Before: Feb 9 18:51:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f735831ac111e7830848dc415df5d3194125751
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:d3:53:08:05:34:44:d6:09:c6:e1:65:15:ba:
55:44:dd:a4:60:7a:69:be:a6:14:aa:7e:41:ca:ea:
6f:f2:ef:f8:c0:2f:85:76:3b:32:29:ad:bd:cf:92:
2a:90:fa:82:47:84:61:31:67:c8:9f:f6:80:8b:89:
3b:5c:c0:46:f4:c5:be:88:60:82:16:90:bd:f3:90:
91:0b:04:fd:34:a8:c8:08:8d:0b:07:4f:a8:0e:eb:
cb:47:2f:4b:12:03:7b:45:08:9f:63:0b:be:f5:34:
49:f0:f1:c8:67:36:ba:3a:c8:d3:f9:03:a0:04:d4:
58:5c:65:75:e4:76:61:30:ca:7c:e7:c2:58:34:ca:
1b:22:6e:65:13:38:a8:09:b1:8e:82:f8:7c:d3:fe:
13:64:f7:cd:02:e4:10:e5:4f:88:7a:b2:31:c5:18:
ca:c1:88:d9:7e:80:49:fb:b0:b9:0b:aa:5d:60:70:
c3:11:ea:a5:d1:22:6a:6e:fd:79:85:4e:ff:25:26:
6f:c2:d8:2c:1f:d3:e0:e6:5f:a4:59:5e:75:50:aa:
62:4e:42:57:29:ef:b0:a9:ed:89:3d:06:9b:76:6d:
9e:99:d9:a2:31:f2:ce:64:ec:5f:22:16:35:ea:e1:
aa:d8:37:d5:91:61:95:d8:3e:d3:88:a6:8a:e4:a6:
f6:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:73:58:31:AC:11:1E:78:30:84:8D:C4:15:DF:5D:31:94:12:57:51
X509v3 Authority Key Identifier:
keyid:70:98:0B:60:E0:D3:0E:49:8D:E1:BA:A6:45:A1:BE:57:A9:52:04:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJgLYODTDkmN4bqmRaG-V6lSBJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d56c11-25e1-49c8-8863-7f37b778c011/1/T3NYMawRHngwhI3EFd9dMZQSV1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d56c11-25e1-49c8-8863-7f37b778c011/1/cJgLYODTDkmN4bqmRaG-V6lSBJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.64.0-45.15.66.255
87.236.37.0/24
IPv6:
2a12:b2c0:1::/48
2a12:b2c0:3::-2a12:b2c0:5:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
22:05:26:22:1f:26:46:04:86:71:1d:88:ee:28:5a:87:2a:65:
ca:c7:bb:39:eb:9d:36:d1:8b:0c:2e:a2:53:33:31:93:af:81:
e5:ce:8e:11:4a:98:e3:f6:12:08:bf:ec:85:01:de:63:f8:6f:
38:39:d7:50:51:be:98:dd:11:1c:ea:58:c2:8f:13:93:a5:90:
5a:09:69:db:2a:ca:94:6f:60:01:54:1c:5d:68:f0:02:ee:d3:
5e:1b:66:0c:94:84:a6:9a:ad:87:19:e0:28:d5:00:bb:42:63:
33:e0:fa:f1:b7:95:dc:0f:12:6c:75:c0:7a:cb:62:a6:1a:c7:
a4:92:b4:0a:2e:8e:91:50:fa:00:57:7d:42:10:c1:62:2b:a7:
c0:d9:ea:58:aa:88:d2:1d:4f:44:65:bd:fe:ac:49:e6:66:06:
9d:3b:46:40:fe:00:c4:70:8f:5f:e7:3b:55:00:0a:88:2b:28:
40:50:0d:81:8c:e9:96:06:d3:63:6a:84:15:7a:d9:8e:ce:f5:
57:ea:00:a0:8c:c1:2c:78:8e:c1:87:be:1d:58:35:bc:d9:73:
00:b4:c2:13:68:2c:1c:3f:cc:0a:9b:8f:10:4e:e5:38:d0:78:
bf:ef:99:3d:1c:9e:93:72:f5:5c:73:14:71:52:b5:a1:23:3f:
f3:61:67:b3
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZTsDPewkKu/a7IycxjpenM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOTgwYjYwZTBkMzBlNDk4ZGUxYmFhNjQ1YTFiZTU3YTk1
MjA0OWQwHhcNMjUwMjA5MTg1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjczNTgzMWFjMTExZTc4MzA4NDhkYzQxNWRmNWQzMTk0MTI1NzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNNTCAU0RNYJxuFlFbpVRN2kYHpp
vqYUqn5Byupv8u/4wC+FdjsyKa29z5IqkPqCR4RhMWfIn/aAi4k7XMBG9MW+iGCC
FpC985CRCwT9NKjICI0LB0+oDuvLRy9LEgN7RQifYwu+9TRJ8PHIZza6OsjT+QOg
BNRYXGV15HZhMMp858JYNMobIm5lEzioCbGOgvh80/4TZPfNAuQQ5U+IerIxxRjK
wYjZfoBJ+7C5C6pdYHDDEeql0SJqbv15hU7/JSZvwtgsH9Pg5l+kWV51UKpiTkJX
Ke+wqe2JPQabdm2emdmiMfLOZOxfIhY16uGq2DfVkWGV2D7TiKaK5Kb2SQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFE9zWDGsER54MISNxBXfXTGUEldRMB8GA1UdIwQY
MBaAFHCYC2Dg0w5JjeG6pkWhvlepUgSdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0pnTFlPRFREa21ONGJxbVJhRy1WNmxTQkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kNTZjMTEtMjVlMS00OWM4LTg4NjMt
N2YzN2I3NzhjMDExLzEvVDNOWU1hd1JIbmd3aEkzRUZkOWRNWlFTVjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kNTZjMTEtMjVlMS00OWM4LTg4NjMtN2YzN2I3NzhjMDEx
LzEvY0pnTFlPRFREa21ONGJxbVJhRy1WNmxTQkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAaBAIAATAUMAwDBAYtD0AD
BAAtD0IDBABX7CUwIwQCAAIwHQMHACoSssAAATASAwcAKhKywAADAwcBKhKywAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQAiBSYiHyZGBIZxHYjuKFqHKmXKx7s565020YsM
LqJTMzGTr4Hlzo4RSpjj9hIIv+yFAd5j+G84OddQUb6Y3REc6ljCjxOTpZBaCWnb
KsqUb2ABVBxdaPAC7tNeG2YMlISmmq2HGeAo1QC7QmMz4Prxt5XcDxJsdcB6y2Km
GsekkrQKLo6RUPoAV31CEMFiK6fA2epYqojSHU9EZb3+rEnmZgadO0ZA/gDEcI9f
5ztVAAqIKyhAUA2BjOmWBtNjaoQVetmOzvVX6gCgjMEseI7Bh74dWDW82XMAtMIT
aCwcP8wKm48QTuU40Hi/75k9HJ6TcvVccxRxUrWhIz/zYWez
-----END CERTIFICATE-----
Generated at Sat Apr 12 08:12:35 2025 by rpki-client