Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/Mc3-W1zeku0X5cBFpf2q2Rn4I84.roa
File: Mc3-W1zeku0X5cBFpf2q2Rn4I84.roa (raw, json)
Hash identifier: sbJ542HmG4Uuavy4d7gZervrEM5rcRvFP/8t5YUQ2Tw=
Subject key identifier: 31:CD:FE:5B:5C:DE:92:ED:17:E5:C0:45:A5:FD:AA:D9:19:F8:23:CE
Certificate issuer: /CN=94962e2afa7748f45265d89fd15624b584e72466
Certificate serial: 019427B4B2ACEA8CEFD7682B3EB4149C6717
Authority key identifier: 94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/Mc3-W1zeku0X5cBFpf2q2Rn4I84.roa
Signing time: Thu 02 Jan 2025 15:49:01 +0000
ROA not before: Thu 02 Jan 2025 15:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207611
IP address blocks: 131.220.0.0/16 maxlen: 17
193.23.254.0/24 maxlen: 32
193.30.3.0/24 maxlen: 24
2a00:5ba0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.mft
rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:28:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b4:b2:ac:ea:8c:ef:d7:68:2b:3e:b4:14:9c:67:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94962e2afa7748f45265d89fd15624b584e72466
Validity
Not Before: Jan 2 15:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=31cdfe5b5cde92ed17e5c045a5fdaad919f823ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:38:35:a6:37:0a:fc:8d:a8:be:9b:c6:5f:b5:
f7:bf:3b:84:ad:4d:36:ef:51:ab:cc:54:e6:3d:b0:
7a:f5:d1:d4:72:2d:a5:a6:97:4f:f9:ec:63:30:bb:
87:92:17:d4:f0:0d:34:5b:9c:72:c9:c5:9b:79:d8:
3b:1b:69:e8:d1:73:84:ae:fd:a0:80:96:f8:b3:3d:
45:99:21:e6:6e:15:6b:b3:ba:d9:42:b9:0f:f8:f4:
8a:04:e0:b1:ca:43:a8:a8:fc:51:cf:88:fa:c5:be:
18:5d:e6:d5:92:31:13:f1:1d:6e:54:e2:b7:94:fb:
f4:e2:36:ff:cc:16:e4:de:35:ca:fb:02:47:67:6f:
ec:7c:85:d2:ae:60:a5:73:8b:de:86:fc:dd:96:f7:
0c:ed:58:32:cf:00:58:f1:44:1e:38:f0:d0:7c:65:
f6:a8:17:fd:e5:a3:1a:a5:cd:ab:f2:41:5c:28:f0:
02:43:9a:7a:58:59:ec:c7:5b:86:50:76:de:f6:74:
81:8f:3f:07:73:22:2a:0c:18:c6:76:9f:cf:46:3a:
c6:b2:77:45:e2:4f:15:36:eb:f3:47:8c:ee:62:13:
da:f9:3e:a7:3c:4b:f5:cb:de:1e:3d:00:44:f8:ba:
8b:47:03:d1:69:26:bb:4c:7a:ed:94:04:34:cd:98:
bf:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:CD:FE:5B:5C:DE:92:ED:17:E5:C0:45:A5:FD:AA:D9:19:F8:23:CE
X509v3 Authority Key Identifier:
keyid:94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/Mc3-W1zeku0X5cBFpf2q2Rn4I84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.220.0.0/16
193.23.254.0/24
193.30.3.0/24
IPv6:
2a00:5ba0::/29
Signature Algorithm: sha256WithRSAEncryption
79:ad:11:c7:d2:f4:a0:ec:cc:01:e6:7a:2d:10:60:1a:00:19:
7e:1e:da:a9:2c:86:d6:49:77:cf:2a:b3:db:e0:eb:a1:bb:51:
94:68:69:f5:99:1c:09:fe:ac:cd:99:0d:1d:b5:9c:4c:fd:27:
f6:42:db:af:2d:bd:da:34:0e:07:46:7e:be:24:7a:f6:c6:eb:
be:7a:94:f5:67:32:1c:66:c2:7d:9b:a7:1b:47:e7:07:ed:68:
4d:ad:ad:d8:dc:8e:46:b2:94:d8:70:9c:4f:d8:80:37:75:ad:
d0:cc:0c:86:5d:78:95:64:fa:1b:01:8c:96:2c:2c:04:36:66:
f6:43:81:87:0c:1e:6e:0f:31:d9:37:61:da:ec:b5:7f:d9:5e:
ec:38:0f:c3:d7:f6:db:20:02:1a:00:2e:15:b5:ca:70:a8:28:
70:7d:3b:3c:a5:e6:a4:75:94:19:7e:09:d5:cf:87:53:af:d7:
62:e8:23:34:58:78:aa:20:64:29:a3:ba:9f:e4:94:61:8c:71:
bd:45:a4:b1:86:4b:fd:8a:02:7f:65:fb:2d:fa:b9:37:d9:5a:
13:56:69:69:d9:77:ac:cc:40:5e:a3:fb:55:a1:44:49:a2:55:
79:c9:60:b3:09:71:f6:38:c8:4e:55:a7:c0:1d:57:71:4d:48:
a1:7f:d4:cc
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQntLKs6ozv12grPrQUnGcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTYyZTJhZmE3NzQ4ZjQ1MjY1ZDg5ZmQxNTYyNGI1ODRl
NzI0NjYwHhcNMjUwMTAyMTU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWNkZmU1YjVjZGU5MmVkMTdlNWMwNDVhNWZkYWFkOTE5ZjgyM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTg1pjcK/I2ovpvGX7X3vzuErU02
71GrzFTmPbB69dHUci2lppdP+exjMLuHkhfU8A00W5xyycWbedg7G2no0XOErv2g
gJb4sz1FmSHmbhVrs7rZQrkP+PSKBOCxykOoqPxRz4j6xb4YXebVkjET8R1uVOK3
lPv04jb/zBbk3jXK+wJHZ2/sfIXSrmClc4vehvzdlvcM7VgyzwBY8UQeOPDQfGX2
qBf95aMapc2r8kFcKPACQ5p6WFnsx1uGUHbe9nSBjz8HcyIqDBjGdp/PRjrGsndF
4k8VNuvzR4zuYhPa+T6nPEv1y94ePQBE+LqLRwPRaSa7THrtlAQ0zZi/WQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFDHN/ltc3pLtF+XARaX9qtkZ+CPOMB8GA1UdIwQY
MBaAFJSWLir6d0j0UmXYn9FWJLWE5yRmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2It
Y2Q0MDNiZGVlNGRmLzEvTWMzLVcxemVrdTBYNWNCRnBmMnEyUm40STg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2ItY2Q0MDNiZGVlNGRm
LzEvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwMAg9wDBADB
F/4DBADBHgMwDQQCAAIwBwMFAyoAW6AwDQYJKoZIhvcNAQELBQADggEBAHmtEcfS
9KDszAHmei0QYBoAGX4e2qkshtZJd88qs9vg66G7UZRoafWZHAn+rM2ZDR21nEz9
J/ZC268tvdo0DgdGfr4kevbG6756lPVnMhxmwn2bpxtH5wftaE2trdjcjkaylNhw
nE/YgDd1rdDMDIZdeJVk+hsBjJYsLAQ2ZvZDgYcMHm4PMdk3YdrstX/ZXuw4D8PX
9tsgAhoALhW1ynCoKHB9Ozyl5qR1lBl+CdXPh1Ov12LoIzRYeKogZCmjup/klGGM
cb1FpLGGS/2KAn9l+y36uTfZWhNWaWnZd6zMQF6j+1WhREmiVXnJYLMJcfY4yE5V
p8AdV3FNSKF/1Mw=
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:53:30 2025 by rpki-client