Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/H3v3Ir1uutigtDSCgvKQTveRQl0.roa
File: H3v3Ir1uutigtDSCgvKQTveRQl0.roa (raw, json)
Hash identifier: 4A8WQpggwPpKrs7preaxNPkzpvVHS+MZyP8Wyyn6QVw=
Subject key identifier: 1F:7B:F7:22:BD:6E:BA:D8:A0:B4:34:82:82:F2:90:4E:F7:91:42:5D
Certificate issuer: /CN=152fedb025a6cbd24868419a0cb5629d48635917
Certificate serial: 019425215A2F667A585E2A250420BDFC18A0
Authority key identifier: 15:2F:ED:B0:25:A6:CB:D2:48:68:41:9A:0C:B5:62:9D:48:63:59:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FS_tsCWmy9JIaEGaDLVinUhjWRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/H3v3Ir1uutigtDSCgvKQTveRQl0.roa
Signing time: Thu 02 Jan 2025 03:48:50 +0000
ROA not before: Thu 02 Jan 2025 03:48:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57958
IP address blocks: 164.138.232.0/21 maxlen: 21
164.138.232.0/24 maxlen: 24
164.138.233.0/24 maxlen: 24
164.138.234.0/24 maxlen: 24
164.138.235.0/24 maxlen: 24
164.138.236.0/24 maxlen: 24
164.138.237.0/24 maxlen: 24
164.138.238.0/24 maxlen: 24
164.138.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/FS_tsCWmy9JIaEGaDLVinUhjWRc.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/FS_tsCWmy9JIaEGaDLVinUhjWRc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FS_tsCWmy9JIaEGaDLVinUhjWRc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:5a:2f:66:7a:58:5e:2a:25:04:20:bd:fc:18:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=152fedb025a6cbd24868419a0cb5629d48635917
Validity
Not Before: Jan 2 03:48:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f7bf722bd6ebad8a0b4348282f2904ef791425d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c2:20:66:5e:3c:e9:e8:f2:0f:95:a2:fd:d3:
cb:64:97:62:0c:58:51:76:13:f2:6f:3e:4a:89:a6:
b5:cc:9f:5c:9a:b1:1b:22:82:0a:df:a6:98:9f:9f:
81:50:38:f0:c6:07:74:bc:75:b5:31:bf:80:39:54:
72:d7:2c:a0:9c:e1:de:39:f4:d3:ea:1a:1a:b6:ee:
d2:0c:4f:42:cd:22:9c:24:4f:2a:11:5a:73:f3:09:
b7:ba:9b:3f:58:0a:3d:f0:21:28:c6:41:8d:99:ba:
2a:1a:b7:5d:3e:81:65:90:19:c0:35:bb:ab:3f:08:
0f:59:74:cb:84:d5:6b:72:5a:6d:58:53:62:95:f4:
95:2e:b4:9f:14:d1:64:60:40:9b:23:11:75:a0:57:
a1:75:f9:1e:08:e2:cd:f5:74:78:58:eb:cb:0b:a0:
44:9c:22:ff:a9:b6:0e:ff:1c:cc:82:be:eb:e6:23:
2d:95:b2:1c:8b:36:9d:86:a2:b9:54:47:2c:67:60:
c9:0b:55:09:4e:b2:c3:18:be:c2:67:89:5a:9c:c0:
6f:ca:f2:44:2b:95:b3:ec:27:84:f4:94:76:ad:f9:
0d:9d:bb:c9:ca:a5:c6:9c:51:7b:69:02:c0:5c:6e:
48:13:09:87:5f:25:c3:bb:39:fc:f5:d0:6d:94:87:
f4:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:7B:F7:22:BD:6E:BA:D8:A0:B4:34:82:82:F2:90:4E:F7:91:42:5D
X509v3 Authority Key Identifier:
keyid:15:2F:ED:B0:25:A6:CB:D2:48:68:41:9A:0C:B5:62:9D:48:63:59:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FS_tsCWmy9JIaEGaDLVinUhjWRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/H3v3Ir1uutigtDSCgvKQTveRQl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a59b6d-0239-4211-9bbb-1a21219e9100/1/FS_tsCWmy9JIaEGaDLVinUhjWRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
164.138.232.0/21
Signature Algorithm: sha256WithRSAEncryption
20:2a:8f:e2:d3:89:fe:82:23:01:3d:f3:3f:53:02:3a:80:df:
c1:c9:cf:bd:d5:53:c3:98:be:44:a5:18:38:fc:9c:07:8e:e6:
4e:30:b5:24:15:d0:f8:81:67:04:43:cc:3e:0f:ec:a9:92:0c:
0c:ae:af:4d:04:a3:62:d9:f2:04:4f:2e:49:5a:d9:67:b8:19:
73:1c:19:e9:f1:43:9c:6c:82:85:6b:ba:0b:0d:14:8a:d0:b3:
c6:db:4a:91:2d:15:5b:80:84:61:0d:8d:9b:ba:07:ec:ee:f0:
ed:80:9e:e1:8a:5b:64:17:0c:fd:e2:43:72:82:41:b6:4a:58:
4f:6e:a2:19:01:04:8e:25:46:4f:0e:53:51:54:54:67:0d:db:
8f:93:a3:50:d3:a6:ed:51:80:16:e8:98:24:64:85:74:c2:5a:
18:c9:9d:37:6e:13:d8:a9:c1:3b:17:64:11:b6:b4:47:c6:2f:
ff:fb:7e:3b:49:a0:b2:fe:29:f3:fc:12:c4:cb:1f:8e:28:27:
3e:03:92:a5:fe:33:e2:27:60:5b:8f:f8:e4:88:9e:f7:69:bf:
98:4e:ca:82:36:11:2c:93:17:5b:12:19:20:88:71:b3:69:ce:
f6:9e:57:db:e0:67:2b:91:c1:0b:95:e2:c1:4c:a8:7e:88:31:
35:84:a2:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVovZnpYXiolBCC9/BigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MmZlZGIwMjVhNmNiZDI0ODY4NDE5YTBjYjU2MjlkNDg2
MzU5MTcwHhcNMjUwMTAyMDM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdiZjcyMmJkNmViYWQ4YTBiNDM0ODI4MmYyOTA0ZWY3OTE0MjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcIgZl486ejyD5Wi/dPLZJdiDFhR
dhPybz5Kiaa1zJ9cmrEbIoIK36aYn5+BUDjwxgd0vHW1Mb+AOVRy1yygnOHeOfTT
6hoatu7SDE9CzSKcJE8qEVpz8wm3ups/WAo98CEoxkGNmboqGrddPoFlkBnANbur
PwgPWXTLhNVrclptWFNilfSVLrSfFNFkYECbIxF1oFehdfkeCOLN9XR4WOvLC6BE
nCL/qbYO/xzMgr7r5iMtlbIcizadhqK5VEcsZ2DJC1UJTrLDGL7CZ4lanMBvyvJE
K5Wz7CeE9JR2rfkNnbvJyqXGnFF7aQLAXG5IEwmHXyXDuzn89dBtlIf03wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB979yK9brrYoLQ0goLykE73kUJdMB8GA1UdIwQY
MBaAFBUv7bAlpsvSSGhBmgy1Yp1IY1kXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNfdHNDV215OUpJYUVHYURMVmluVWhqV1JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hNTliNmQtMDIzOS00MjExLTliYmIt
MWEyMTIxOWU5MTAwLzEvSDN2M0lyMXV1dGlndERTQ2d2S1FUdmVSUWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hNTliNmQtMDIzOS00MjExLTliYmItMWEyMTIxOWU5MTAw
LzEvRlNfdHNDV215OUpJYUVHYURMVmluVWhqV1JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDpIroMA0G
CSqGSIb3DQEBCwUAA4IBAQAgKo/i04n+giMBPfM/UwI6gN/Byc+91VPDmL5EpRg4
/JwHjuZOMLUkFdD4gWcEQ8w+D+ypkgwMrq9NBKNi2fIETy5JWtlnuBlzHBnp8UOc
bIKFa7oLDRSK0LPG20qRLRVbgIRhDY2bugfs7vDtgJ7hiltkFwz94kNygkG2SlhP
bqIZAQSOJUZPDlNRVFRnDduPk6NQ06btUYAW6JgkZIV0wloYyZ03bhPYqcE7F2QR
trRHxi//+347SaCy/inz/BLEyx+OKCc+A5Kl/jPiJ2Bbj/jkiJ73ab+YTsqCNhEs
kxdbEhkgiHGzac72nlfb4GcrkcELleLBTKh+iDE1hKJy
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:14:08 2025 by rpki-client