Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/tnQ5odqGfmjwtl_VRpWmuxnJVZc.roa
File: tnQ5odqGfmjwtl_VRpWmuxnJVZc.roa (raw, json)
Hash identifier: jWqwIWRjWImreknKrwhsqWkckPsMaq433dW/u+UVzTY=
Subject key identifier: B6:74:39:A1:DA:86:7E:68:F0:B6:5F:D5:46:95:A6:BB:19:C9:55:97
Certificate issuer: /CN=c5119e75200392f1a2f08be990732d8047b28b09
Certificate serial: 019427481CB129DEE2EC4A8EC42719A4ADB3
Authority key identifier: C5:11:9E:75:20:03:92:F1:A2:F0:8B:E9:90:73:2D:80:47:B2:8B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xRGedSADkvGi8IvpkHMtgEeyiwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/tnQ5odqGfmjwtl_VRpWmuxnJVZc.roa
Signing time: Thu 02 Jan 2025 13:50:24 +0000
ROA not before: Thu 02 Jan 2025 13:50:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57388
IP address blocks: 130.0.24.0/22 maxlen: 24
130.0.24.0/24 maxlen: 24
130.0.25.0/24 maxlen: 24
130.0.26.0/24 maxlen: 24
130.0.27.0/24 maxlen: 24
130.0.28.0/22 maxlen: 24
130.0.30.0/24 maxlen: 24
130.0.31.0/24 maxlen: 24
185.85.152.0/22 maxlen: 24
2a02:dd00::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/xRGedSADkvGi8IvpkHMtgEeyiwk.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/xRGedSADkvGi8IvpkHMtgEeyiwk.mft
rsync://rpki.ripe.net/repository/DEFAULT/xRGedSADkvGi8IvpkHMtgEeyiwk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 14:20:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:1c:b1:29:de:e2:ec:4a:8e:c4:27:19:a4:ad:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c5119e75200392f1a2f08be990732d8047b28b09
Validity
Not Before: Jan 2 13:50:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b67439a1da867e68f0b65fd54695a6bb19c95597
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1e:ae:08:a7:e5:50:1e:04:b9:b3:01:d7:a6:
c1:d6:73:f8:d6:29:e0:42:50:72:37:80:bf:9c:e8:
8e:ab:27:14:66:1e:04:7a:70:5b:df:d6:98:2d:67:
94:02:c1:85:84:b3:ce:66:9b:7f:50:3b:e6:5c:00:
db:9e:e5:1a:5a:5b:69:3a:41:2f:7f:3a:d9:4a:81:
d6:a8:67:e2:38:07:60:cc:61:4d:65:f2:10:ab:29:
b8:cc:68:ae:3a:ab:91:e7:af:c2:97:d5:1d:9b:5c:
4b:04:b5:47:46:8b:9b:db:6a:df:52:40:eb:0d:fc:
d6:78:bb:8a:b2:1a:c3:1b:1d:fa:ca:d6:44:9d:e2:
01:55:28:67:88:dd:d0:e0:30:e0:63:9e:41:35:f6:
a0:b6:68:5d:a2:fe:8b:a9:a8:0e:da:25:44:94:23:
0b:4f:cc:ec:a9:a4:2c:98:ac:f4:05:d0:52:7a:a6:
2f:39:92:af:a2:f9:79:81:1c:9a:59:32:c7:0f:56:
40:e1:37:7d:84:2d:8c:d6:bf:5d:0d:98:41:5e:4f:
fa:6d:32:45:45:e7:61:d4:fe:16:9a:a8:4c:db:4a:
bd:bb:a8:4a:b5:61:da:32:ac:a7:24:0e:1b:03:6e:
15:60:ee:a9:7b:f9:02:f9:74:75:87:d4:c9:b5:42:
41:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:74:39:A1:DA:86:7E:68:F0:B6:5F:D5:46:95:A6:BB:19:C9:55:97
X509v3 Authority Key Identifier:
keyid:C5:11:9E:75:20:03:92:F1:A2:F0:8B:E9:90:73:2D:80:47:B2:8B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xRGedSADkvGi8IvpkHMtgEeyiwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/tnQ5odqGfmjwtl_VRpWmuxnJVZc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/320baf-59dc-46a2-af7d-d819ced5d35a/1/xRGedSADkvGi8IvpkHMtgEeyiwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.0.24.0/21
185.85.152.0/22
IPv6:
2a02:dd00::/29
Signature Algorithm: sha256WithRSAEncryption
25:57:f9:9d:a6:b1:1c:2a:4c:ca:3a:cd:38:b0:29:6e:1b:95:
f4:fe:40:df:61:4b:13:e4:60:33:4d:db:b6:90:73:c3:c3:83:
83:e3:3b:cc:aa:fa:cd:c1:25:0d:01:78:8c:85:8b:64:1e:d1:
69:ae:11:e4:2f:df:1d:a7:14:e0:0f:de:e4:34:2b:b6:a0:11:
4f:e1:7c:63:61:3b:0e:e7:83:a2:9d:16:c2:a0:8a:e4:9c:af:
32:9e:57:b2:42:aa:38:f9:87:19:d7:b2:81:e5:c7:b0:c7:9b:
b8:e8:53:5c:4f:58:c6:f8:4d:2b:d4:50:75:08:58:48:ea:30:
df:22:78:47:ca:cd:5f:b9:5b:55:90:dc:64:0b:90:d6:1f:10:
c0:76:8c:96:a3:26:12:13:f9:b4:b6:93:5b:5a:21:a8:f5:7b:
25:2b:0b:37:61:f3:4e:84:4e:51:29:5d:2f:91:ae:34:dd:b5:
b9:c5:93:5a:49:12:24:0d:10:7f:82:a6:25:b4:35:0b:c8:32:
b8:a6:6b:cd:87:10:4a:b7:97:c9:a1:d8:40:0f:6b:88:ce:72:
ff:f9:67:50:9d:5e:0d:7e:51:c9:0e:5e:06:df:91:f0:d1:54:
6f:d0:ad:a2:ff:bd:f5:07:52:8a:d4:0d:33:c4:88:06:16:e2:
6c:ab:ae:aa
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnSByxKd7i7EqOxCcZpK2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTE5ZTc1MjAwMzkyZjFhMmYwOGJlOTkwNzMyZDgwNDdi
MjhiMDkwHhcNMjUwMTAyMTM1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc0MzlhMWRhODY3ZTY4ZjBiNjVmZDU0Njk1YTZiYjE5Yzk1NTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx6uCKflUB4EubMB16bB1nP41ing
QlByN4C/nOiOqycUZh4EenBb39aYLWeUAsGFhLPOZpt/UDvmXADbnuUaWltpOkEv
fzrZSoHWqGfiOAdgzGFNZfIQqym4zGiuOquR56/Cl9Udm1xLBLVHRoub22rfUkDr
DfzWeLuKshrDGx36ytZEneIBVShniN3Q4DDgY55BNfagtmhdov6LqagO2iVElCML
T8zsqaQsmKz0BdBSeqYvOZKvovl5gRyaWTLHD1ZA4Td9hC2M1r9dDZhBXk/6bTJF
Redh1P4WmqhM20q9u6hKtWHaMqynJA4bA24VYO6pe/kC+XR1h9TJtUJBMwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLZ0OaHahn5o8LZf1UaVprsZyVWXMB8GA1UdIwQY
MBaAFMURnnUgA5LxovCL6ZBzLYBHsosJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJHZWRTQURrdkdpOEl2cGtITXRnRWV5aXdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zMjBiYWYtNTlkYy00NmEyLWFmN2Qt
ZDgxOWNlZDVkMzVhLzEvdG5RNW9kcUdmbWp3dGxfVlJwV211eG5KVlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zMjBiYWYtNTlkYy00NmEyLWFmN2QtZDgxOWNlZDVkMzVh
LzEveFJHZWRTQURrdkdpOEl2cGtITXRnRWV5aXdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDggAYAwQC
uVWYMA0EAgACMAcDBQMqAt0AMA0GCSqGSIb3DQEBCwUAA4IBAQAlV/mdprEcKkzK
Os04sCluG5X0/kDfYUsT5GAzTdu2kHPDw4OD4zvMqvrNwSUNAXiMhYtkHtFprhHk
L98dpxTgD97kNCu2oBFP4XxjYTsO54OinRbCoIrknK8ynleyQqo4+YcZ17KB5cew
x5u46FNcT1jG+E0r1FB1CFhI6jDfInhHys1fuVtVkNxkC5DWHxDAdoyWoyYSE/m0
tpNbWiGo9XslKws3YfNOhE5RKV0vka403bW5xZNaSRIkDRB/gqYltDULyDK4pmvN
hxBKt5fJodhAD2uIznL/+WdQnV4NflHJDl4G35Hw0VRv0K2i/731B1KK1A0zxIgG
FuJsq66q
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:30:35 2025 by rpki-client