Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/fcd3c3-f495-4d21-a8b0-49061fffd02a/1/_bmYfKJFyK9blFnDt5sQ68mX470.roa
File: _bmYfKJFyK9blFnDt5sQ68mX470.roa (raw, json)
Hash identifier: /IaqLo5gnKUuY45J9bE0d2C3v3+D2fXVryN2uunSGag=
Subject key identifier: FD:B9:98:7C:A2:45:C8:AF:5B:94:59:C3:B7:9B:10:EB:C9:97:E3:BD
Certificate issuer: /CN=2d52398255290e328680d6e8c80cd918f8641784
Certificate serial: 01942067FBC04A98168A3F507E074C150138
Authority key identifier: 2D:52:39:82:55:29:0E:32:86:80:D6:E8:C8:0C:D9:18:F8:64:17:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LVI5glUpDjKGgNboyAzZGPhkF4Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/fcd3c3-f495-4d21-a8b0-49061fffd02a/1/_bmYfKJFyK9blFnDt5sQ68mX470.roa
Signing time: Wed 01 Jan 2025 05:47:53 +0000
ROA not before: Wed 01 Jan 2025 05:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56347
IP address blocks: 89.21.72.0/22 maxlen: 22
89.21.72.0/23 maxlen: 23
89.21.74.0/23 maxlen: 23
185.95.64.0/24 maxlen: 24
2a10:b200::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b6/fcd3c3-f495-4d21-a8b0-49061fffd02a/1/LVI5glUpDjKGgNboyAzZGPhkF4Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/b6/fcd3c3-f495-4d21-a8b0-49061fffd02a/1/LVI5glUpDjKGgNboyAzZGPhkF4Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/LVI5glUpDjKGgNboyAzZGPhkF4Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:fb:c0:4a:98:16:8a:3f:50:7e:07:4c:15:01:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d52398255290e328680d6e8c80cd918f8641784
Validity
Not Before: Jan 1 05:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fdb9987ca245c8af5b9459c3b79b10ebc997e3bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:21:b3:86:fe:15:13:d9:e7:70:81:d4:08:40:
8d:c7:99:19:a4:0c:e7:4a:45:a1:71:e4:9c:18:9c:
02:61:88:c8:bb:fb:04:0e:13:c8:b3:45:b4:34:01:
4b:9f:4d:20:40:39:f5:01:9d:52:6e:01:33:23:e2:
9a:95:54:cf:ac:ab:34:ea:ce:18:55:3a:3d:a9:44:
af:24:97:99:91:fd:16:b7:bf:62:b9:54:ea:ff:a5:
ac:d2:fe:f1:6b:73:f6:6b:22:73:9c:44:3b:ca:bd:
32:4d:3d:fc:79:05:71:71:e8:0f:59:74:38:2f:1b:
a0:03:12:a0:76:60:3c:fe:2c:d1:54:86:ef:ef:1d:
a8:55:1f:6d:47:77:29:38:41:06:08:71:e5:0a:3e:
d1:b5:07:2e:31:0f:1b:0d:43:25:d2:9d:6f:b9:71:
cc:4e:50:35:78:5b:b4:f1:b4:64:a9:a5:89:fa:2d:
22:e7:1a:ee:17:56:6f:e4:1b:3a:7d:99:4e:6b:bf:
18:cf:61:c4:c1:4f:d4:b7:0e:55:04:1d:71:5e:bd:
ca:67:11:0c:46:35:63:a4:09:8f:86:82:2d:61:f3:
96:dd:81:14:09:58:41:e9:af:cb:ab:62:46:6b:2c:
a0:78:db:40:b7:79:b2:b0:68:f2:7f:ba:e8:43:3f:
ca:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:B9:98:7C:A2:45:C8:AF:5B:94:59:C3:B7:9B:10:EB:C9:97:E3:BD
X509v3 Authority Key Identifier:
keyid:2D:52:39:82:55:29:0E:32:86:80:D6:E8:C8:0C:D9:18:F8:64:17:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVI5glUpDjKGgNboyAzZGPhkF4Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fcd3c3-f495-4d21-a8b0-49061fffd02a/1/_bmYfKJFyK9blFnDt5sQ68mX470.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fcd3c3-f495-4d21-a8b0-49061fffd02a/1/LVI5glUpDjKGgNboyAzZGPhkF4Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.21.72.0/22
185.95.64.0/24
IPv6:
2a10:b200::/32
Signature Algorithm: sha256WithRSAEncryption
13:92:60:48:f2:68:1b:13:c9:2d:30:ba:96:48:1f:c4:cf:a4:
06:8c:df:fc:6e:58:8b:e1:67:4a:30:28:44:a9:a3:d1:61:0b:
44:21:57:f0:9c:e2:99:2d:36:75:81:32:02:8f:7b:5b:b6:df:
51:e6:79:2d:cd:32:11:41:ab:78:0c:3f:c3:fe:d7:34:aa:98:
24:78:8f:c3:b8:33:4a:2d:5d:62:87:f1:06:24:52:0a:af:14:
11:cd:c1:65:6e:1c:bd:53:f4:6a:18:1a:a5:b1:13:1a:cd:17:
44:74:74:bb:2c:87:d2:a3:91:d7:f6:6d:d8:98:51:81:68:d1:
b7:b6:92:d9:55:03:f3:78:52:6a:e5:c6:b2:4e:f2:02:35:c0:
bc:69:33:0f:d9:17:c7:57:72:5a:90:2d:7e:56:2a:2f:23:1d:
65:93:42:d9:27:40:e8:fa:0c:ec:87:a2:2e:e6:0b:0f:a1:fa:
6e:ca:1e:14:a0:43:a6:df:6b:3e:19:d1:e1:27:a1:8c:68:91:
1a:11:06:df:21:17:d8:67:27:74:0a:af:9f:1d:43:d4:e2:8c:
e6:c3:ef:b2:97:f5:83:de:ee:93:e4:b1:63:84:53:6b:e7:4b:
3c:68:95:11:78:fa:4c:c9:71:f1:87:0f:73:a1:9d:93:31:d8:
36:dd:ff:3b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQgZ/vASpgWij9QfgdMFQE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNTIzOTgyNTUyOTBlMzI4NjgwZDZlOGM4MGNkOTE4Zjg2
NDE3ODQwHhcNMjUwMTAxMDU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGI5OTg3Y2EyNDVjOGFmNWI5NDU5YzNiNzliMTBlYmM5OTdlM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SGzhv4VE9nncIHUCECNx5kZpAzn
SkWhceScGJwCYYjIu/sEDhPIs0W0NAFLn00gQDn1AZ1SbgEzI+KalVTPrKs06s4Y
VTo9qUSvJJeZkf0Wt79iuVTq/6Ws0v7xa3P2ayJznEQ7yr0yTT38eQVxcegPWXQ4
LxugAxKgdmA8/izRVIbv7x2oVR9tR3cpOEEGCHHlCj7RtQcuMQ8bDUMl0p1vuXHM
TlA1eFu08bRkqaWJ+i0i5xruF1Zv5Bs6fZlOa78Yz2HEwU/Utw5VBB1xXr3KZxEM
RjVjpAmPhoItYfOW3YEUCVhB6a/Lq2JGayygeNtAt3mysGjyf7roQz/KvwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP25mHyiRcivW5RZw7ebEOvJl+O9MB8GA1UdIwQY
MBaAFC1SOYJVKQ4yhoDW6MgM2Rj4ZBeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZJNWdsVXBEaktHZ05ib3lBelpHUGhrRjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mY2QzYzMtZjQ5NS00ZDIxLWE4YjAt
NDkwNjFmZmZkMDJhLzEvX2JtWWZLSkZ5SzlibEZuRHQ1c1E2OG1YNDcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mY2QzYzMtZjQ5NS00ZDIxLWE4YjAtNDkwNjFmZmZkMDJh
LzEvTFZJNWdsVXBEaktHZ05ib3lBelpHUGhrRjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCWRVIAwQA
uV9AMA0EAgACMAcDBQAqELIAMA0GCSqGSIb3DQEBCwUAA4IBAQATkmBI8mgbE8kt
MLqWSB/Ez6QGjN/8bliL4WdKMChEqaPRYQtEIVfwnOKZLTZ1gTICj3tbtt9R5nkt
zTIRQat4DD/D/tc0qpgkeI/DuDNKLV1ih/EGJFIKrxQRzcFlbhy9U/RqGBqlsRMa
zRdEdHS7LIfSo5HX9m3YmFGBaNG3tpLZVQPzeFJq5cayTvICNcC8aTMP2RfHV3Ja
kC1+ViovIx1lk0LZJ0Do+gzsh6Iu5gsPofpuyh4UoEOm32s+GdHhJ6GMaJEaEQbf
IRfYZyd0Cq+fHUPU4ozmw++yl/WD3u6T5LFjhFNr50s8aJURePpMyXHxhw9zoZ2T
Mdg23f87
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:18:28 2025 by rpki-client