Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/EKGpGQHoAZjHd9Nvg2r3sp523lI.roa
File: EKGpGQHoAZjHd9Nvg2r3sp523lI.roa (raw, json)
Hash identifier: L5XLIobFq44kbAJ5nVhGWfhQCToybP4gMKFg8103kqQ=
Subject key identifier: 10:A1:A9:19:01:E8:01:98:C7:77:D3:6F:83:6A:F7:B2:9E:76:DE:52
Certificate issuer: /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial: 01942143CC5FDD29291B16A62D89BEBE17E3
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/EKGpGQHoAZjHd9Nvg2r3sp523lI.roa
Signing time: Wed 01 Jan 2025 09:47:58 +0000
ROA not before: Wed 01 Jan 2025 09:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62039
IP address blocks: 5.160.204.0/23 maxlen: 23
5.160.205.0/24 maxlen: 24
5.160.206.0/23 maxlen: 23
5.160.206.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:cc:5f:dd:29:29:1b:16:a6:2d:89:be:be:17:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
Validity
Not Before: Jan 1 09:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=10a1a91901e80198c777d36f836af7b29e76de52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:32:4a:2a:19:f7:9f:c6:88:9d:d6:ff:89:68:
44:66:3a:e0:0e:53:5a:c5:92:cb:09:e7:9f:52:88:
77:f3:c8:21:5f:73:81:de:65:0a:5d:58:3e:4f:75:
0a:41:a9:b4:57:f6:90:c6:b7:43:e2:44:67:11:8f:
94:79:01:48:0e:f7:08:12:1f:44:6d:97:ba:50:72:
9e:80:f9:9b:55:73:f9:3f:c2:d0:ec:e8:cd:3c:16:
ee:31:9b:c0:4e:86:8c:8a:24:07:b6:23:cc:a0:af:
0e:5f:8a:de:42:d5:61:9d:65:df:43:ff:5c:db:97:
ce:4f:3d:9a:dc:be:fc:e3:0b:b7:55:fa:0d:37:a2:
7f:25:08:cc:d1:79:f4:ac:6e:7d:3d:55:ab:e6:57:
33:d2:83:a7:1f:d2:9c:61:67:93:68:79:5c:2b:db:
ca:c8:30:ba:52:d0:cd:60:df:46:30:33:72:b2:6a:
64:4a:b1:1e:58:d6:33:fa:bb:8a:14:59:f1:91:93:
b5:44:94:4a:5d:75:fc:73:64:a0:09:26:55:a2:48:
d3:56:00:1d:35:1e:0c:e3:92:ee:d8:76:c8:56:c7:
98:83:69:29:b5:76:ec:a9:e5:3f:d2:73:f7:91:b4:
16:47:2a:9e:71:88:55:13:16:52:55:f6:e9:ca:a0:
5c:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:A1:A9:19:01:E8:01:98:C7:77:D3:6F:83:6A:F7:B2:9E:76:DE:52
X509v3 Authority Key Identifier:
keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/EKGpGQHoAZjHd9Nvg2r3sp523lI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.160.204.0/22
Signature Algorithm: sha256WithRSAEncryption
82:8c:24:b6:e2:26:58:4a:45:42:91:24:cb:2c:4b:12:27:a0:
b0:8c:41:4d:ad:16:db:7c:d9:79:a1:c1:51:0c:71:e5:d3:6a:
5d:7b:2d:95:83:3a:83:67:7c:b4:bd:e2:a7:ec:15:d8:f1:27:
dd:ba:ec:71:95:48:3b:80:4a:e7:3c:0c:08:0b:d0:9a:8c:20:
74:9d:37:af:51:c4:f1:14:ea:e6:84:98:14:2f:38:a2:91:88:
d6:16:e2:3b:11:b3:0c:51:66:c2:cd:e5:3e:e2:6f:fc:e6:e6:
a8:63:14:ac:2a:f5:45:98:27:72:e6:50:79:7d:51:ea:c7:38:
6c:d6:7e:df:76:b3:f9:a9:ae:a0:db:7c:10:86:cc:a5:c6:2b:
bc:64:ed:d1:ea:c5:d8:55:3f:14:cf:6b:bf:ac:29:55:28:cc:
a4:23:ee:eb:ce:e5:9d:94:93:6c:72:1a:0f:ce:67:77:ff:69:
08:84:fb:8b:ba:28:86:7b:39:3f:dd:4e:34:af:ea:0f:a1:04:
3a:ff:04:b6:b4:93:43:f2:6f:23:bc:55:04:82:8d:42:55:b8:
ee:17:b7:46:14:1f:b4:ad:03:07:9d:a6:4b:d9:6e:b0:61:3e:
83:de:56:72:38:b7:33:35:2c:ea:a7:6a:a9:28:c9:b2:55:b3:
62:2d:00:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8xf3SkpGxamLYm+vhfjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGExYTkxOTAxZTgwMTk4Yzc3N2QzNmY4MzZhZjdiMjllNzZkZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTJKKhn3n8aIndb/iWhEZjrgDlNa
xZLLCeefUoh388ghX3OB3mUKXVg+T3UKQam0V/aQxrdD4kRnEY+UeQFIDvcIEh9E
bZe6UHKegPmbVXP5P8LQ7OjNPBbuMZvAToaMiiQHtiPMoK8OX4reQtVhnWXfQ/9c
25fOTz2a3L784wu3VfoNN6J/JQjM0Xn0rG59PVWr5lcz0oOnH9KcYWeTaHlcK9vK
yDC6UtDNYN9GMDNysmpkSrEeWNYz+ruKFFnxkZO1RJRKXXX8c2SgCSZVokjTVgAd
NR4M45Lu2HbIVseYg2kptXbsqeU/0nP3kbQWRyqecYhVExZSVfbpyqBc6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBChqRkB6AGYx3fTb4Nq97Kedt5SMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvRUtHcEdRSG9BWmpIZDlOdmcycjNzcDUyM2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBaDMMA0G
CSqGSIb3DQEBCwUAA4IBAQCCjCS24iZYSkVCkSTLLEsSJ6CwjEFNrRbbfNl5ocFR
DHHl02pdey2VgzqDZ3y0veKn7BXY8SfduuxxlUg7gErnPAwIC9CajCB0nTevUcTx
FOrmhJgULziikYjWFuI7EbMMUWbCzeU+4m/85uaoYxSsKvVFmCdy5lB5fVHqxzhs
1n7fdrP5qa6g23wQhsylxiu8ZO3R6sXYVT8Uz2u/rClVKMykI+7rzuWdlJNschoP
zmd3/2kIhPuLuiiGezk/3U40r+oPoQQ6/wS2tJND8m8jvFUEgo1CVbjuF7dGFB+0
rQMHnaZL2W6wYT6D3lZyOLczNSzqp2qpKMmyVbNiLQDq
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:58 2025 by rpki-client