Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/gKeAQqo6LHoqnf4Vl-8HYj5MieI.roa
File: gKeAQqo6LHoqnf4Vl-8HYj5MieI.roa (raw, json)
Hash identifier: SOGNQLrBgWGkjZGYc/wKjLGsnvGnOrdebSHsTRsYQCw=
Subject key identifier: 80:A7:80:42:AA:3A:2C:7A:2A:9D:FE:15:97:EF:07:62:3E:4C:89:E2
Certificate issuer: /CN=235163d39db88816cddc597a5db5eae707d3de39
Certificate serial: 01941FFA8F51C54C793D4ADC49ABCCB8E982
Authority key identifier: 23:51:63:D3:9D:B8:88:16:CD:DC:59:7A:5D:B5:EA:E7:07:D3:DE:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I1Fj0524iBbN3Fl6XbXq5wfT3jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/gKeAQqo6LHoqnf4Vl-8HYj5MieI.roa
Signing time: Wed 01 Jan 2025 03:48:21 +0000
ROA not before: Wed 01 Jan 2025 03:48:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208250
IP address blocks: 45.150.120.0/22 maxlen: 22
45.150.120.0/24 maxlen: 24
45.150.121.0/24 maxlen: 24
45.150.122.0/24 maxlen: 24
2a0f:be00::/29 maxlen: 29
2a0f:be00::/48 maxlen: 48
2a0f:be00:1::/48 maxlen: 48
2a0f:be00:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/I1Fj0524iBbN3Fl6XbXq5wfT3jk.crl
rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/I1Fj0524iBbN3Fl6XbXq5wfT3jk.mft
rsync://rpki.ripe.net/repository/DEFAULT/I1Fj0524iBbN3Fl6XbXq5wfT3jk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 11:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:8f:51:c5:4c:79:3d:4a:dc:49:ab:cc:b8:e9:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=235163d39db88816cddc597a5db5eae707d3de39
Validity
Not Before: Jan 1 03:48:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=80a78042aa3a2c7a2a9dfe1597ef07623e4c89e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:1b:72:c3:ca:b6:4d:ec:b0:96:f7:35:69:9f:
98:77:66:1e:35:ca:2e:27:5f:67:c7:4d:fc:dd:6f:
58:98:95:7c:d8:04:a7:dc:97:a5:34:3c:23:90:88:
21:5c:80:dd:e5:ca:e9:e3:4e:9f:fb:39:f1:a2:f6:
19:7f:33:b6:ec:a3:d6:37:cd:fc:3b:f8:5d:92:ce:
95:ec:46:35:7c:c3:ed:01:d3:0b:c3:48:b8:77:1d:
ea:ce:a4:c0:69:cc:70:21:8e:1d:26:cf:89:d7:37:
ee:0b:ad:1d:88:ba:8e:51:2e:44:6c:69:75:c7:00:
ab:93:45:82:98:23:ff:a0:3d:aa:2b:a1:a8:53:c5:
e1:8b:ad:0d:24:51:13:c1:ab:41:01:67:30:44:1f:
5a:32:ec:0c:e3:67:ca:2e:d7:49:de:30:f5:e1:e0:
93:56:5e:8f:a0:3b:cd:d4:8a:c1:11:0b:0e:97:9c:
d8:7d:59:c1:88:0a:45:4a:d3:df:06:e5:11:ca:36:
50:7d:17:e7:a1:75:bc:04:23:4f:6b:e7:94:cd:6a:
9e:81:4b:bd:d5:1a:05:45:8f:31:fd:ff:e7:98:fa:
ba:dd:55:bf:cb:84:ba:36:8f:23:1d:19:9f:06:17:
40:51:3a:1d:22:05:bf:e7:78:70:c2:93:a5:78:d7:
25:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:A7:80:42:AA:3A:2C:7A:2A:9D:FE:15:97:EF:07:62:3E:4C:89:E2
X509v3 Authority Key Identifier:
keyid:23:51:63:D3:9D:B8:88:16:CD:DC:59:7A:5D:B5:EA:E7:07:D3:DE:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I1Fj0524iBbN3Fl6XbXq5wfT3jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/gKeAQqo6LHoqnf4Vl-8HYj5MieI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/d7558e-9a6c-4711-8ef8-9150296daa0a/1/I1Fj0524iBbN3Fl6XbXq5wfT3jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.120.0/22
IPv6:
2a0f:be00::/29
Signature Algorithm: sha256WithRSAEncryption
58:c6:21:2c:15:35:5f:d0:7d:de:08:d6:7c:2d:13:a7:a0:b5:
4b:aa:5d:3d:ea:f1:34:16:7e:11:ce:cb:22:87:7c:d6:4f:27:
01:b7:cd:99:f0:c7:38:9b:3f:2d:2c:bc:be:2d:0c:6d:ca:f3:
77:1d:f7:76:34:6e:a1:13:ac:32:0a:ff:6a:73:79:d8:37:c8:
a5:25:c6:8a:44:00:33:e1:a5:42:0e:18:77:c1:b3:39:dd:d8:
c7:35:05:bf:d1:89:2d:a1:ca:bf:60:ac:80:63:61:63:68:98:
ef:8f:77:b0:30:42:9c:e4:06:87:cc:e2:91:0a:9d:4e:cc:e4:
7d:e5:47:99:d7:bd:97:65:09:c7:ed:7b:03:3f:17:f7:ac:21:
50:b2:8c:b6:0a:56:c4:26:9c:18:70:10:b9:91:7a:78:04:cd:
85:c9:6c:8a:1c:6c:e6:9c:fc:d1:6a:ff:61:d6:88:74:fb:7e:
ee:f5:eb:a6:4b:5b:1b:20:fc:2d:5e:1b:41:1a:a9:86:a4:ad:
b9:52:ad:f0:f0:49:4d:ca:12:ba:85:ce:fd:c9:0b:fa:6a:b0:
0b:a0:3c:cd:65:d3:68:91:63:88:37:00:42:95:32:c6:34:7c:
a5:dd:1f:17:18:c4:ff:79:28:23:42:cb:95:20:fc:a4:1f:87:
5d:ac:1f:1d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+o9RxUx5PUrcSavMuOmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNTE2M2QzOWRiODg4MTZjZGRjNTk3YTVkYjVlYWU3MDdk
M2RlMzkwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE3ODA0MmFhM2EyYzdhMmE5ZGZlMTU5N2VmMDc2MjNlNGM4OWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRtyw8q2Teywlvc1aZ+Yd2YeNcou
J19nx0383W9YmJV82ASn3JelNDwjkIghXIDd5crp406f+znxovYZfzO27KPWN838
O/hdks6V7EY1fMPtAdMLw0i4dx3qzqTAacxwIY4dJs+J1zfuC60diLqOUS5EbGl1
xwCrk0WCmCP/oD2qK6GoU8Xhi60NJFETwatBAWcwRB9aMuwM42fKLtdJ3jD14eCT
Vl6PoDvN1IrBEQsOl5zYfVnBiApFStPfBuURyjZQfRfnoXW8BCNPa+eUzWqegUu9
1RoFRY8x/f/nmPq63VW/y4S6No8jHRmfBhdAUTodIgW/53hwwpOleNclqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFICngEKqOix6Kp3+FZfvB2I+TIniMB8GA1UdIwQY
MBaAFCNRY9OduIgWzdxZel216ucH0945MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTFGajA1MjRpQmJOM0ZsNlhiWHE1d2ZUM2prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kNzU1OGUtOWE2Yy00NzExLThlZjgt
OTE1MDI5NmRhYTBhLzEvZ0tlQVFxbzZMSG9xbmY0VmwtOEhZajVNaWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kNzU1OGUtOWE2Yy00NzExLThlZjgtOTE1MDI5NmRhYTBh
LzEvSTFGajA1MjRpQmJOM0ZsNlhiWHE1d2ZUM2prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZZ4MA0E
AgACMAcDBQMqD74AMA0GCSqGSIb3DQEBCwUAA4IBAQBYxiEsFTVf0H3eCNZ8LROn
oLVLql096vE0Fn4Rzssih3zWTycBt82Z8Mc4mz8tLLy+LQxtyvN3Hfd2NG6hE6wy
Cv9qc3nYN8ilJcaKRAAz4aVCDhh3wbM53djHNQW/0Yktocq/YKyAY2FjaJjvj3ew
MEKc5AaHzOKRCp1OzOR95UeZ172XZQnH7XsDPxf3rCFQsoy2ClbEJpwYcBC5kXp4
BM2FyWyKHGzmnPzRav9h1oh0+37u9eumS1sbIPwtXhtBGqmGpK25Uq3w8ElNyhK6
hc79yQv6arALoDzNZdNokWOINwBClTLGNHyl3R8XGMT/eSgjQsuVIPykH4ddrB8d
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:34:47 2025 by rpki-client