Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/ctfmZD0DW9qLyBcmD6so3A9jsHU.roa
File: ctfmZD0DW9qLyBcmD6so3A9jsHU.roa (raw, json)
Hash identifier: aC0ussEPUWct/6A8nTu63p7949dtbgKcUheJu2lhu0Q=
Subject key identifier: 72:D7:E6:64:3D:03:5B:DA:8B:C8:17:26:0F:AB:28:DC:0F:63:B0:75
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 019420D652B1C25EC877C2B6B21A4B3FAEC8
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/ctfmZD0DW9qLyBcmD6so3A9jsHU.roa
Signing time: Wed 01 Jan 2025 07:48:24 +0000
ROA not before: Wed 01 Jan 2025 07:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 945
IP address blocks: 84.247.59.0/24 maxlen: 24
192.200.192.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:52:b1:c2:5e:c8:77:c2:b6:b2:1a:4b:3f:ae:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Jan 1 07:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72d7e6643d035bda8bc817260fab28dc0f63b075
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:d1:e6:d1:77:1a:b9:93:ea:d1:ff:5e:86:75:
67:01:19:dd:f7:d2:d4:6f:e0:29:42:b4:5e:c5:f6:
e1:19:81:0f:58:08:40:b4:68:6b:4e:13:58:d2:44:
cf:1f:0c:42:32:7c:50:2e:73:96:7f:6a:6b:91:a2:
dd:8e:3d:5f:8b:79:25:5a:e5:e2:bd:23:39:2b:07:
5d:39:ea:20:d4:44:7e:a5:91:e3:21:5a:4a:5a:a1:
51:78:32:ca:11:04:51:fd:33:07:24:6f:68:f3:82:
e6:ff:bf:6a:4d:bb:b1:c6:5f:8a:55:11:c6:4b:79:
b1:79:ec:92:b0:f3:30:c5:cb:4a:be:5a:ad:e3:06:
58:3d:4e:bd:fa:8d:05:f1:d4:7d:72:07:21:dd:ee:
8d:5b:97:e5:d2:f6:94:5b:ef:ba:59:0e:4c:1b:42:
92:56:d9:44:25:41:c9:f5:27:12:cf:9c:fc:77:a7:
6e:a6:10:41:c4:f5:95:de:13:99:45:76:6f:38:d2:
06:38:b9:77:9f:82:12:b6:d7:6f:76:ea:45:8e:10:
c7:87:67:6a:32:04:3c:27:f6:34:1a:45:0b:92:e0:
1b:e7:02:45:49:fe:28:e2:b0:45:b8:0b:8b:62:09:
3a:b1:6f:41:22:1b:d5:3b:2c:ba:fa:6b:a6:e7:77:
c8:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:D7:E6:64:3D:03:5B:DA:8B:C8:17:26:0F:AB:28:DC:0F:63:B0:75
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/ctfmZD0DW9qLyBcmD6so3A9jsHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.59.0/24
192.200.192.0/19
Signature Algorithm: sha256WithRSAEncryption
93:a7:f6:91:9f:35:5e:45:c8:8f:0c:e3:b6:ec:11:6a:cb:6c:
77:0b:d0:55:3a:5b:7d:2e:ff:1a:e8:da:78:26:8b:97:7b:66:
e0:4c:47:75:50:aa:db:a3:c3:96:03:b7:25:ce:63:59:b8:ad:
1f:f4:2a:ea:db:ac:60:4b:11:0e:76:ef:40:eb:0b:cb:a2:62:
95:6f:44:d0:b9:75:1d:22:8e:18:58:fe:56:8b:9c:40:33:a4:
c6:b4:a4:05:09:4c:7b:13:a2:52:19:7d:0b:88:41:6b:eb:d1:
c8:f5:da:da:4c:49:18:1e:b8:65:31:02:53:a3:0d:1f:b6:ba:
f5:5a:22:b6:28:3f:64:af:f5:21:8b:08:52:17:16:fa:e9:a5:
58:35:09:84:dd:26:c9:53:58:1d:a1:fe:20:3d:44:2c:15:67:
92:e4:91:f9:4c:c3:23:6e:d9:e8:f8:11:5c:08:b2:9c:3d:a5:
02:d2:3c:28:16:fa:96:d2:a7:76:db:ca:54:10:01:38:74:e9:
51:98:bc:9f:da:2d:60:b0:c4:6f:02:f2:93:8b:9c:7b:06:fe:
ce:83:63:13:50:bc:8f:53:fd:13:6c:4f:47:06:ab:43:8f:06:
83:3f:56:1e:83:4c:64:73:f5:f3:41:6f:50:a9:9f:4f:76:3e:
93:11:c0:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1lKxwl7Id8K2shpLP67IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQ3ZTY2NDNkMDM1YmRhOGJjODE3MjYwZmFiMjhkYzBmNjNiMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NHm0XcauZPq0f9ehnVnARnd99LU
b+ApQrRexfbhGYEPWAhAtGhrThNY0kTPHwxCMnxQLnOWf2prkaLdjj1fi3klWuXi
vSM5KwddOeog1ER+pZHjIVpKWqFReDLKEQRR/TMHJG9o84Lm/79qTbuxxl+KVRHG
S3mxeeySsPMwxctKvlqt4wZYPU69+o0F8dR9cgch3e6NW5fl0vaUW++6WQ5MG0KS
VtlEJUHJ9ScSz5z8d6duphBBxPWV3hOZRXZvONIGOLl3n4ISttdvdupFjhDHh2dq
MgQ8J/Y0GkULkuAb5wJFSf4o4rBFuAuLYgk6sW9BIhvVOyy6+mum53fI2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHLX5mQ9A1vai8gXJg+rKNwPY7B1MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvY3RmbVpEMERXOXFMeUJjbUQ2c28zQTlqc0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPc7AwQF
wMjAMA0GCSqGSIb3DQEBCwUAA4IBAQCTp/aRnzVeRciPDOO27BFqy2x3C9BVOlt9
Lv8a6Np4JouXe2bgTEd1UKrbo8OWA7clzmNZuK0f9Crq26xgSxEOdu9A6wvLomKV
b0TQuXUdIo4YWP5Wi5xAM6TGtKQFCUx7E6JSGX0LiEFr69HI9draTEkYHrhlMQJT
ow0ftrr1WiK2KD9kr/UhiwhSFxb66aVYNQmE3SbJU1gdof4gPUQsFWeS5JH5TMMj
btno+BFcCLKcPaUC0jwoFvqW0qd228pUEAE4dOlRmLyf2i1gsMRvAvKTi5x7Bv7O
g2MTULyPU/0TbE9HBqtDjwaDP1Yeg0xkc/XzQW9QqZ9Pdj6TEcDD
-----END CERTIFICATE-----
Generated at Wed Feb 5 04:46:13 2025 by rpki-client