Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/v1niVRfcrs8T21RTW4lodcjtPkA.roa
File: v1niVRfcrs8T21RTW4lodcjtPkA.roa (raw, json)
Hash identifier: B5iFGrWjjnnikyiDEsIMYosOsTwZbBAev5jBdU9v0Z4=
Subject key identifier: BF:59:E2:55:17:DC:AE:CF:13:DB:54:53:5B:89:68:75:C8:ED:3E:40
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019422200EB48CD04827278B4FC56DD94EBC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/v1niVRfcrs8T21RTW4lodcjtPkA.roa
Signing time: Wed 01 Jan 2025 13:48:33 +0000
ROA not before: Wed 01 Jan 2025 13:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13335
IP address blocks: 203.159.80.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:0e:b4:8c:d0:48:27:27:8b:4f:c5:6d:d9:4e:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bf59e25517dcaecf13db54535b896875c8ed3e40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:9d:2a:0a:45:b8:bd:3c:7f:c0:98:ff:e5:24:
d8:1f:41:4a:83:61:5a:8b:3e:ef:a2:a9:40:79:31:
c6:8f:8e:9b:72:e2:22:97:a7:a4:82:26:d3:01:4b:
b7:9e:a4:64:7f:ed:d9:fe:51:22:ba:7a:24:82:c9:
69:9f:c2:58:64:ab:bd:03:0e:48:a3:c0:3e:49:0f:
e3:bd:c2:29:f9:e8:07:b3:28:27:f8:6e:d2:31:f4:
63:42:61:3b:99:96:b1:46:80:97:d7:56:00:92:88:
4b:db:54:3e:c0:99:14:d6:72:d1:1e:6e:ca:19:fb:
b3:73:a7:0c:a8:4b:da:2f:91:0d:96:3e:ab:96:b3:
94:6a:59:ce:7b:04:82:94:0e:8f:77:3d:49:96:cf:
a7:84:7e:08:7b:c6:58:89:25:d8:f9:a3:67:ff:e2:
de:ce:1b:1f:9f:dc:d3:3c:d4:c6:b3:00:a5:0d:5d:
af:d1:ee:f0:18:62:ea:8a:91:3a:77:c3:2b:84:6f:
26:18:5f:af:69:42:2c:12:92:21:43:c1:65:1b:87:
c3:ab:5c:11:09:f6:97:fe:45:33:cd:c2:d3:bc:0f:
5e:bd:f5:fa:29:50:ae:cf:4e:c6:6b:24:52:85:38:
98:db:f7:50:9f:0b:a0:bb:e9:ed:04:63:8c:7e:da:
46:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:59:E2:55:17:DC:AE:CF:13:DB:54:53:5B:89:68:75:C8:ED:3E:40
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/v1niVRfcrs8T21RTW4lodcjtPkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
203.159.80.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:b5:21:ef:7b:fb:e8:d0:b6:77:6d:13:8c:c9:da:84:4a:4b:
07:9b:c1:2d:85:8f:8d:51:29:ae:ad:20:df:b1:80:a8:b0:48:
22:8f:52:56:69:c2:4b:ba:cf:a4:a8:8b:9c:54:68:4f:9b:7d:
76:0f:bd:b3:8a:71:c1:ad:c5:fe:76:90:05:63:dd:58:e6:0e:
a6:9b:4d:a0:30:88:25:ad:de:61:72:b0:18:19:e5:c9:1e:ea:
98:a0:46:a7:e4:59:43:d4:2f:8b:a2:bc:67:88:2e:e2:8f:ef:
2f:a2:7e:84:c9:67:00:02:cb:f5:71:53:58:46:73:b4:9e:67:
f6:86:c5:ee:3c:c1:49:ca:6f:28:94:57:05:60:8c:1b:6f:5f:
bb:47:50:18:82:f1:e7:5b:62:42:d6:40:c7:2b:1c:b7:1c:24:
98:2e:4d:f1:e1:ec:23:75:5e:2b:40:cb:9b:4e:5c:36:c0:42:
5a:ce:fb:17:68:eb:1a:a8:9d:0c:b7:26:77:0a:62:fd:22:e0:
79:76:60:c0:e6:2b:17:39:83:90:0c:10:67:ca:c5:78:4a:12:
29:c4:da:72:c4:35:fd:1f:34:74:61:d3:93:f3:91:f1:0c:e5:
61:c9:c5:d9:96:b7:b9:85:72:e6:0d:db:a9:f7:c7:89:9b:eb:
0f:c2:b2:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIA60jNBIJyeLT8Vt2U68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU5ZTI1NTE3ZGNhZWNmMTNkYjU0NTM1Yjg5Njg3NWM4ZWQzZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Z0qCkW4vTx/wJj/5STYH0FKg2Fa
iz7voqlAeTHGj46bcuIil6ekgibTAUu3nqRkf+3Z/lEiunokgslpn8JYZKu9Aw5I
o8A+SQ/jvcIp+egHsygn+G7SMfRjQmE7mZaxRoCX11YAkohL21Q+wJkU1nLRHm7K
Gfuzc6cMqEvaL5ENlj6rlrOUalnOewSClA6Pdz1Jls+nhH4Ie8ZYiSXY+aNn/+Le
zhsfn9zTPNTGswClDV2v0e7wGGLqipE6d8MrhG8mGF+vaUIsEpIhQ8FlG4fDq1wR
CfaX/kUzzcLTvA9evfX6KVCuz07GayRShTiY2/dQnwugu+ntBGOMftpG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9Z4lUX3K7PE9tUU1uJaHXI7T5AMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdjFuaVZSZmNyczhUMjFSVFc0bG9kY2p0UGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy59QMA0G
CSqGSIb3DQEBCwUAA4IBAQA/tSHve/vo0LZ3bROMydqESksHm8EthY+NUSmurSDf
sYCosEgij1JWacJLus+kqIucVGhPm312D72zinHBrcX+dpAFY91Y5g6mm02gMIgl
rd5hcrAYGeXJHuqYoEan5FlD1C+LorxniC7ij+8von6EyWcAAsv1cVNYRnO0nmf2
hsXuPMFJym8olFcFYIwbb1+7R1AYgvHnW2JC1kDHKxy3HCSYLk3x4ewjdV4rQMub
Tlw2wEJazvsXaOsaqJ0MtyZ3CmL9IuB5dmDA5isXOYOQDBBnysV4ShIpxNpyxDX9
HzR0YdOT85HxDOVhycXZlre5hXLmDdup98eJm+sPwrJI
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:49:56 2025 by rpki-client