Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/XFCoTFAZ3KfAR1P_1a3xaKLIipA.roa
File: XFCoTFAZ3KfAR1P_1a3xaKLIipA.roa (raw, json)
Hash identifier: tHkTVZ0U3L5FGmSNyvjm8iSt+fIxv8Im36qIEB/UGXo=
Subject key identifier: 5C:50:A8:4C:50:19:DC:A7:C0:47:53:FF:D5:AD:F1:68:A2:C8:8A:90
Certificate issuer: /CN=bfd7bbfcc2b8fab66a581b8227ca0ac817fa146b
Certificate serial: 019422FC22DC9F089A6FB481F8BB8C8DD45D
Authority key identifier: BF:D7:BB:FC:C2:B8:FA:B6:6A:58:1B:82:27:CA:0A:C8:17:FA:14:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/XFCoTFAZ3KfAR1P_1a3xaKLIipA.roa
Signing time: Wed 01 Jan 2025 17:48:56 +0000
ROA not before: Wed 01 Jan 2025 17:48:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42043
IP address blocks: 185.88.152.0/24 maxlen: 24
185.88.153.0/24 maxlen: 24
185.88.154.0/24 maxlen: 24
185.88.155.0/24 maxlen: 24
193.186.32.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.mft
rsync://rpki.ripe.net/repository/DEFAULT/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:22:dc:9f:08:9a:6f:b4:81:f8:bb:8c:8d:d4:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfd7bbfcc2b8fab66a581b8227ca0ac817fa146b
Validity
Not Before: Jan 1 17:48:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c50a84c5019dca7c04753ffd5adf168a2c88a90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:1e:ab:50:ef:12:f4:51:38:97:ab:91:10:bb:
bd:2e:29:3a:c6:41:fa:d8:e0:e8:a6:c3:51:51:0b:
0d:26:90:85:9f:39:67:b5:3b:e2:a1:ff:cf:e0:21:
5d:9b:15:97:08:17:57:59:d5:7b:3f:16:53:56:b1:
d7:e9:bd:6f:6f:4c:19:a6:3a:80:4d:c6:5f:44:42:
ba:37:29:2c:a6:d2:08:ec:fd:e4:8e:ec:7b:1b:4c:
56:e4:81:98:10:ec:2b:5c:ec:4d:af:13:52:28:fe:
dc:74:06:e5:c4:a5:53:a8:c1:c9:25:82:8b:80:2a:
c5:9b:de:c2:3f:dd:84:99:e0:76:cb:ac:2b:80:02:
22:61:17:93:f8:0a:ba:e2:82:5b:13:b8:05:8e:62:
33:ea:2a:c2:85:3e:44:a3:23:64:19:2a:c7:37:d2:
3e:db:f2:91:5f:f3:75:56:ed:03:fc:a8:24:3a:ea:
02:8c:50:fe:88:6f:31:85:c1:89:e5:52:b2:35:a8:
5b:e1:02:bb:7a:e8:a8:17:91:ac:74:d8:7c:35:ea:
54:13:76:d1:ea:19:37:47:7d:af:00:71:d4:e2:c1:
0f:c7:06:29:0c:61:3b:82:62:df:f8:72:60:ac:4a:
da:ef:91:0c:fe:da:53:97:56:96:ed:9f:1f:18:37:
5b:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:50:A8:4C:50:19:DC:A7:C0:47:53:FF:D5:AD:F1:68:A2:C8:8A:90
X509v3 Authority Key Identifier:
keyid:BF:D7:BB:FC:C2:B8:FA:B6:6A:58:1B:82:27:CA:0A:C8:17:FA:14:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/XFCoTFAZ3KfAR1P_1a3xaKLIipA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/82fb05-61e6-4335-b167-36aed87e3388/1/v9e7_MK4-rZqWBuCJ8oKyBf6FGs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.88.152.0/22
193.186.32.0/24
Signature Algorithm: sha256WithRSAEncryption
35:6b:8f:49:6e:fd:bf:e8:84:98:e6:99:1a:48:1d:fb:89:73:
33:e3:90:bc:6e:6d:07:b2:30:d7:4e:b2:e0:db:b2:dd:d8:ba:
59:a4:1c:8b:9d:51:02:03:82:b5:3b:0b:29:3d:c7:d4:11:66:
40:48:27:5f:ed:ab:9a:ef:a6:2c:ae:15:46:15:b7:01:a1:12:
cc:d5:8b:aa:cb:42:68:36:9c:52:87:c9:b7:b6:31:5d:2d:86:
3d:5e:d0:e5:83:4b:b4:e3:b7:e3:51:e3:1e:e2:4f:cd:28:51:
f4:a2:cb:0e:e8:0c:4d:8d:d6:28:a8:f7:31:89:23:7a:c0:ba:
68:56:df:f6:29:4b:63:64:32:38:79:81:cd:8d:c3:19:f4:03:
77:29:36:de:12:25:0e:51:35:5a:2c:c4:0e:6c:52:c2:74:96:
5b:58:3b:f0:99:7b:bb:3b:47:ce:5b:4c:5e:46:1f:3d:0e:1a:
8c:2e:c4:bb:e6:73:a0:70:b5:da:bd:84:a5:ce:09:15:6f:59:
92:a1:00:52:09:64:8a:e3:9d:f4:06:0b:36:a3:48:ee:bf:df:
85:15:64:3d:72:ff:b0:fe:6c:1c:c9:f6:00:26:5b:41:f1:bd:
14:2e:6f:ce:0a:30:f1:3b:d1:c4:de:6e:5c:34:bd:c4:e1:bc:
a0:26:d4:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/CLcnwiab7SB+LuMjdRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDdiYmZjYzJiOGZhYjY2YTU4MWI4MjI3Y2EwYWM4MTdm
YTE0NmIwHhcNMjUwMTAxMTc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUwYTg0YzUwMTlkY2E3YzA0NzUzZmZkNWFkZjE2OGEyYzg4YTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7x6rUO8S9FE4l6uRELu9Lik6xkH6
2ODopsNRUQsNJpCFnzlntTviof/P4CFdmxWXCBdXWdV7PxZTVrHX6b1vb0wZpjqA
TcZfREK6NyksptII7P3kjux7G0xW5IGYEOwrXOxNrxNSKP7cdAblxKVTqMHJJYKL
gCrFm97CP92EmeB2y6wrgAIiYReT+Aq64oJbE7gFjmIz6irChT5EoyNkGSrHN9I+
2/KRX/N1Vu0D/KgkOuoCjFD+iG8xhcGJ5VKyNahb4QK7euioF5GsdNh8NepUE3bR
6hk3R32vAHHU4sEPxwYpDGE7gmLf+HJgrEra75EM/tpTl1aW7Z8fGDdbWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFxQqExQGdynwEdT/9Wt8WiiyIqQMB8GA1UdIwQY
MBaAFL/Xu/zCuPq2algbgifKCsgX+hRrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjllN19NSzQtclpxV0J1Q0o4b0t5QmY2RkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84MmZiMDUtNjFlNi00MzM1LWIxNjct
MzZhZWQ4N2UzMzg4LzEvWEZDb1RGQVozS2ZBUjFQXzFhM3hhS0xJaXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84MmZiMDUtNjFlNi00MzM1LWIxNjctMzZhZWQ4N2UzMzg4
LzEvdjllN19NSzQtclpxV0J1Q0o4b0t5QmY2RkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuViYAwQA
wbogMA0GCSqGSIb3DQEBCwUAA4IBAQA1a49Jbv2/6ISY5pkaSB37iXMz45C8bm0H
sjDXTrLg27Ld2LpZpByLnVECA4K1OwspPcfUEWZASCdf7aua76YsrhVGFbcBoRLM
1Yuqy0JoNpxSh8m3tjFdLYY9XtDlg0u047fjUeMe4k/NKFH0ossO6AxNjdYoqPcx
iSN6wLpoVt/2KUtjZDI4eYHNjcMZ9AN3KTbeEiUOUTVaLMQObFLCdJZbWDvwmXu7
O0fOW0xeRh89DhqMLsS75nOgcLXavYSlzgkVb1mSoQBSCWSK4530Bgs2o0juv9+F
FWQ9cv+w/mwcyfYAJltB8b0ULm/OCjDxO9HE3m5cNL3E4bygJtSj
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:43:05 2025 by rpki-client