Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e51583-f55c-493b-b950-736ab83494ac/1/ksfUG5eUsSmxI4_eXAlia-83kt8.roa
File: ksfUG5eUsSmxI4_eXAlia-83kt8.roa (raw, json)
Hash identifier: Ve1sXWpLbI/ytU2pjBhiO6pODt6uVzJVCiwoLnmWH3M=
Subject key identifier: 92:C7:D4:1B:97:94:B1:29:B1:23:8F:DE:5C:09:62:6B:EF:37:92:DF
Certificate issuer: /CN=71051b0e2ce9a4c9e6121e983d165feab87ec354
Certificate serial: 019425FDCCC5956E16C0063658DE447B45BF
Authority key identifier: 71:05:1B:0E:2C:E9:A4:C9:E6:12:1E:98:3D:16:5F:EA:B8:7E:C3:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cQUbDizppMnmEh6YPRZf6rh-w1Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/e51583-f55c-493b-b950-736ab83494ac/1/ksfUG5eUsSmxI4_eXAlia-83kt8.roa
Signing time: Thu 02 Jan 2025 07:49:37 +0000
ROA not before: Thu 02 Jan 2025 07:49:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209510
IP address blocks: 152.89.172.0/23 maxlen: 23
152.89.174.0/23 maxlen: 23
2a09:35c0:100::/40 maxlen: 40
2a09:35c0:200::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b5/e51583-f55c-493b-b950-736ab83494ac/1/cQUbDizppMnmEh6YPRZf6rh-w1Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/b5/e51583-f55c-493b-b950-736ab83494ac/1/cQUbDizppMnmEh6YPRZf6rh-w1Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/cQUbDizppMnmEh6YPRZf6rh-w1Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 15 Apr 2025 14:19:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:cc:c5:95:6e:16:c0:06:36:58:de:44:7b:45:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=71051b0e2ce9a4c9e6121e983d165feab87ec354
Validity
Not Before: Jan 2 07:49:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92c7d41b9794b129b1238fde5c09626bef3792df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:d1:fb:6f:fa:1f:1f:93:96:7d:5f:2d:ff:f1:
38:6f:c1:78:f0:32:9d:7b:85:4f:f8:9f:b6:78:e2:
78:81:64:5b:e5:36:34:64:74:09:6c:b8:17:67:80:
8f:86:02:de:18:05:71:00:9f:3e:06:8e:2b:66:10:
e1:0c:f1:6d:6a:03:24:2b:fb:f9:60:a4:bc:a1:87:
6c:9d:15:37:8c:45:c2:19:7a:bb:07:e0:1d:8f:fa:
d7:4e:9e:8f:49:92:8e:fc:a4:e6:61:4b:cf:ae:b0:
39:b6:f8:7c:37:f9:29:e0:a5:40:d3:cd:3d:44:1d:
53:5d:32:42:14:d0:c1:6e:e9:34:a8:7d:39:b9:75:
b8:b9:53:c3:69:60:dc:16:e2:87:5c:ac:4d:a1:f8:
ad:b0:82:48:4a:95:d9:d8:7d:f8:8f:87:4f:6d:97:
80:7f:a5:c5:eb:e0:c6:77:5b:25:ab:9b:73:4d:f6:
70:f5:43:47:f4:af:ec:66:05:94:7a:1a:f5:ce:43:
fa:f2:63:99:9f:8a:26:91:55:38:52:68:84:2b:88:
0f:94:6c:92:6b:a5:89:ac:00:d2:42:7b:d1:c2:54:
76:1a:07:2a:21:f5:8d:8f:18:d7:b5:a7:bc:ea:d2:
91:77:01:92:a1:fd:9a:38:e6:e0:78:33:df:e2:2a:
d0:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:C7:D4:1B:97:94:B1:29:B1:23:8F:DE:5C:09:62:6B:EF:37:92:DF
X509v3 Authority Key Identifier:
keyid:71:05:1B:0E:2C:E9:A4:C9:E6:12:1E:98:3D:16:5F:EA:B8:7E:C3:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cQUbDizppMnmEh6YPRZf6rh-w1Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e51583-f55c-493b-b950-736ab83494ac/1/ksfUG5eUsSmxI4_eXAlia-83kt8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e51583-f55c-493b-b950-736ab83494ac/1/cQUbDizppMnmEh6YPRZf6rh-w1Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.172.0/22
IPv6:
2a09:35c0:100::-2a09:35c0:2ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4b:f5:46:a7:73:f4:6e:48:ed:01:0e:47:8c:bb:f1:63:e1:68:
80:bf:44:0b:4a:e5:0e:1e:a7:08:39:80:2c:37:26:89:78:e1:
94:19:98:4c:90:ff:77:b1:00:c4:57:dc:6f:22:9c:75:32:be:
15:ca:c4:55:4b:25:06:16:1a:16:6c:8f:da:d1:29:2b:8b:1d:
cb:7f:8d:91:e5:23:e0:36:4b:02:f6:f7:c5:e1:aa:d8:a5:ab:
38:59:95:7c:fe:04:ff:78:ad:cf:f9:31:1f:0b:28:b7:99:25:
f4:0f:58:1b:89:d4:46:1b:3c:2b:35:56:95:db:b3:30:10:57:
45:08:ea:62:54:9e:23:b6:8d:9d:66:46:16:db:46:8c:5a:ff:
05:f5:99:be:8f:14:ec:6b:e6:ad:40:31:4a:9f:4a:6b:48:84:
3b:06:9d:ce:2f:af:cb:77:72:c1:05:2f:08:d7:70:94:fd:73:
ac:de:5b:c0:0d:d8:9f:91:0d:ee:11:ff:c7:2a:6b:97:19:d3:
db:4c:08:28:93:1b:9f:cc:4f:dc:0c:df:98:a0:e0:56:bb:06:
8a:3c:23:8c:0a:46:6d:15:57:51:3d:f9:3a:16:26:8b:b2:1a:
d9:04:53:64:ab:ee:11:94:ed:16:df:77:ca:95:e8:8a:4c:83:
b1:2f:f1:db
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQl/czFlW4WwAY2WN5Ee0W/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMDUxYjBlMmNlOWE0YzllNjEyMWU5ODNkMTY1ZmVhYjg3
ZWMzNTQwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM3ZDQxYjk3OTRiMTI5YjEyMzhmZGU1YzA5NjI2YmVmMzc5MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutH7b/ofH5OWfV8t//E4b8F48DKd
e4VP+J+2eOJ4gWRb5TY0ZHQJbLgXZ4CPhgLeGAVxAJ8+Bo4rZhDhDPFtagMkK/v5
YKS8oYdsnRU3jEXCGXq7B+Adj/rXTp6PSZKO/KTmYUvPrrA5tvh8N/kp4KVA0809
RB1TXTJCFNDBbuk0qH05uXW4uVPDaWDcFuKHXKxNofitsIJISpXZ2H34j4dPbZeA
f6XF6+DGd1slq5tzTfZw9UNH9K/sZgWUehr1zkP68mOZn4omkVU4UmiEK4gPlGyS
a6WJrADSQnvRwlR2GgcqIfWNjxjXtae86tKRdwGSof2aOObgeDPf4irQqQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJLH1BuXlLEpsSOP3lwJYmvvN5LfMB8GA1UdIwQY
MBaAFHEFGw4s6aTJ5hIemD0WX+q4fsNUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1FVYkRpenBwTW5tRWg2WVBSWmY2cmgtdzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lNTE1ODMtZjU1Yy00OTNiLWI5NTAt
NzM2YWI4MzQ5NGFjLzEva3NmVUc1ZVVzU214STRfZVhBbGlhLTgza3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lNTE1ODMtZjU1Yy00OTNiLWI5NTAtNzM2YWI4MzQ5NGFj
LzEvY1FVYkRpenBwTW5tRWg2WVBSWmY2cmgtdzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQCmFmsMBgE
AgACMBIwEAMGACoJNcABAwYAKgk1wAIwDQYJKoZIhvcNAQELBQADggEBAEv1Rqdz
9G5I7QEOR4y78WPhaIC/RAtK5Q4epwg5gCw3Jol44ZQZmEyQ/3exAMRX3G8inHUy
vhXKxFVLJQYWGhZsj9rRKSuLHct/jZHlI+A2SwL298XhqtilqzhZlXz+BP94rc/5
MR8LKLeZJfQPWBuJ1EYbPCs1VpXbszAQV0UI6mJUniO2jZ1mRhbbRoxa/wX1mb6P
FOxr5q1AMUqfSmtIhDsGnc4vr8t3csEFLwjXcJT9c6zeW8AN2J+RDe4R/8cqa5cZ
09tMCCiTG5/MT9wM35ig4Fa7Boo8I4wKRm0VV1E9+ToWJouyGtkEU2Sr7hGU7Rbf
d8qV6IpMg7Ev8ds=
-----END CERTIFICATE-----
Generated at Mon Apr 14 21:04:27 2025 by rpki-client