Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/f8eb9c-5b99-4cef-93f0-48f151b5231f/1/mFdOLgpY75BCI6HwFdhbm64m2HU.roa
File: mFdOLgpY75BCI6HwFdhbm64m2HU.roa (raw, json)
Hash identifier: dTVNpH8dt8wvAbtnwcqlrtySsedQZdW+bUyu+40b16A=
Subject key identifier: 98:57:4E:2E:0A:58:EF:90:42:23:A1:F0:15:D8:5B:9B:AE:26:D8:75
Certificate issuer: /CN=cb10243f98636faa0fb6c5ae6bad9b0abad23438
Certificate serial: 019422E101C10859FB3C7630DF972C171B2D
Authority key identifier: CB:10:24:3F:98:63:6F:AA:0F:B6:C5:AE:6B:AD:9B:0A:BA:D2:34:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yxAkP5hjb6oPtsWua62bCrrSNDg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/f8eb9c-5b99-4cef-93f0-48f151b5231f/1/mFdOLgpY75BCI6HwFdhbm64m2HU.roa
Signing time: Wed 01 Jan 2025 17:19:18 +0000
ROA not before: Wed 01 Jan 2025 17:19:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60372
IP address blocks: 185.4.252.0/24 maxlen: 24
185.4.253.0/24 maxlen: 24
185.4.253.192/27 maxlen: 27
185.4.254.0/24 maxlen: 24
185.4.255.0/24 maxlen: 24
185.4.255.112/29 maxlen: 29
185.156.212.0/24 maxlen: 24
185.156.212.8/29 maxlen: 29
185.156.212.24/29 maxlen: 29
185.156.213.0/24 maxlen: 24
185.156.214.0/24 maxlen: 24
185.156.215.0/24 maxlen: 24
2a02:7740::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/f8eb9c-5b99-4cef-93f0-48f151b5231f/1/yxAkP5hjb6oPtsWua62bCrrSNDg.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/f8eb9c-5b99-4cef-93f0-48f151b5231f/1/yxAkP5hjb6oPtsWua62bCrrSNDg.mft
rsync://rpki.ripe.net/repository/DEFAULT/yxAkP5hjb6oPtsWua62bCrrSNDg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:e1:01:c1:08:59:fb:3c:76:30:df:97:2c:17:1b:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb10243f98636faa0fb6c5ae6bad9b0abad23438
Validity
Not Before: Jan 1 17:19:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=98574e2e0a58ef904223a1f015d85b9bae26d875
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fe:a7:38:75:3f:af:ab:f7:7b:95:0d:4c:61:57:
ea:ff:af:b8:21:08:20:36:65:67:d1:e2:fd:64:b4:
4e:c8:03:f0:7e:10:de:2a:e9:6c:ee:8c:09:15:ed:
88:86:94:70:8f:0c:11:7f:b7:3d:c9:b6:86:bd:5d:
10:4a:f4:cd:cc:54:42:c4:50:4d:8f:16:02:92:47:
df:ff:53:9d:98:9b:7e:3e:15:fd:ad:3b:93:0b:de:
c9:9b:85:6e:88:bb:8b:fb:07:f7:5c:6e:a3:c1:ef:
d7:b5:ef:c8:05:bb:d8:f5:e9:c9:8a:5b:c0:93:76:
3b:05:a8:94:f9:e6:90:b2:a1:9e:1c:4c:fd:c2:ff:
e0:66:fd:72:f2:5c:ed:d2:86:09:cb:58:c7:4e:75:
b8:1a:51:a0:a3:d0:4e:bb:b7:fb:0f:df:54:d1:df:
ca:e8:9a:67:2c:ee:1b:2b:62:ba:7c:0e:30:a5:f6:
b8:a9:1e:57:bd:24:df:76:32:43:62:11:2f:d9:fb:
11:1d:0e:5a:39:5d:99:26:a3:96:6c:7d:41:2e:93:
5d:2c:e4:dd:52:2a:66:ee:fb:b9:d5:cc:9e:d0:e0:
aa:8f:5c:64:e4:ab:70:7c:41:89:8c:68:ba:4b:35:
a5:04:20:05:18:b4:d0:79:c2:b5:e3:fe:a4:6e:ce:
40:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:57:4E:2E:0A:58:EF:90:42:23:A1:F0:15:D8:5B:9B:AE:26:D8:75
X509v3 Authority Key Identifier:
keyid:CB:10:24:3F:98:63:6F:AA:0F:B6:C5:AE:6B:AD:9B:0A:BA:D2:34:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yxAkP5hjb6oPtsWua62bCrrSNDg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/f8eb9c-5b99-4cef-93f0-48f151b5231f/1/mFdOLgpY75BCI6HwFdhbm64m2HU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/f8eb9c-5b99-4cef-93f0-48f151b5231f/1/yxAkP5hjb6oPtsWua62bCrrSNDg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.4.252.0/22
185.156.212.0/22
IPv6:
2a02:7740::/32
Signature Algorithm: sha256WithRSAEncryption
aa:e2:41:47:c3:a7:f3:af:46:bf:bf:db:87:2d:d1:fa:f3:01:
bb:48:e0:ee:dd:9e:53:7c:ee:a8:e9:a3:1e:58:e5:77:82:f3:
e8:28:4c:88:59:90:b4:81:8b:15:e5:3c:28:8d:ce:c0:db:72:
0c:70:53:87:07:d7:cb:2f:e5:54:cf:74:e2:e7:a8:43:c4:bc:
9a:da:55:a7:f9:a8:60:d8:40:d4:8a:fe:60:f4:50:98:86:f8:
d7:27:c4:e7:fd:45:c9:95:65:4f:b5:d3:d9:1c:f2:c1:2a:33:
b1:8f:67:6d:ef:34:63:b2:46:da:26:99:c9:2a:bf:3c:e6:5f:
f1:eb:c0:e6:84:c3:51:cf:40:e6:99:8a:18:92:e8:37:ff:0a:
3c:76:fe:f9:fb:aa:a3:9f:75:bd:ab:27:d7:56:a0:a5:29:78:
f0:d4:ac:92:83:7d:e1:c6:59:6c:ed:25:5f:94:eb:e4:60:db:
2e:66:ae:12:67:4d:ff:d7:a5:29:8d:df:42:89:0d:f6:a8:23:
c2:e6:f6:4b:d7:2a:dd:aa:ed:0b:b2:06:2d:48:1a:a7:62:6c:
aa:5c:17:98:eb:df:20:24:2c:6a:3d:87:1b:ff:d3:08:1e:09:
d8:09:eb:7e:3c:b2:72:3e:2d:82:b1:3e:3b:3d:d7:78:93:6e:
78:06:ae:64
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQi4QHBCFn7PHYw35csFxstMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMTAyNDNmOTg2MzZmYWEwZmI2YzVhZTZiYWQ5YjBhYmFk
MjM0MzgwHhcNMjUwMTAxMTcxOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU3NGUyZTBhNThlZjkwNDIyM2ExZjAxNWQ4NWI5YmFlMjZkODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/qc4dT+vq/d7lQ1MYVfq/6+4IQgg
NmVn0eL9ZLROyAPwfhDeKuls7owJFe2IhpRwjwwRf7c9ybaGvV0QSvTNzFRCxFBN
jxYCkkff/1OdmJt+PhX9rTuTC97Jm4VuiLuL+wf3XG6jwe/Xte/IBbvY9enJilvA
k3Y7BaiU+eaQsqGeHEz9wv/gZv1y8lzt0oYJy1jHTnW4GlGgo9BOu7f7D99U0d/K
6JpnLO4bK2K6fA4wpfa4qR5XvSTfdjJDYhEv2fsRHQ5aOV2ZJqOWbH1BLpNdLOTd
Uipm7vu51cye0OCqj1xk5KtwfEGJjGi6SzWlBCAFGLTQecK14/6kbs5AEQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJhXTi4KWO+QQiOh8BXYW5uuJth1MB8GA1UdIwQY
MBaAFMsQJD+YY2+qD7bFrmutmwq60jQ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXhBa1A1aGpiNm9QdHNXdWE2MmJDcnJTTkRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9mOGViOWMtNWI5OS00Y2VmLTkzZjAt
NDhmMTUxYjUyMzFmLzEvbUZkT0xncFk3NUJDSTZId0ZkaGJtNjRtMkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9mOGViOWMtNWI5OS00Y2VmLTkzZjAtNDhmMTUxYjUyMzFm
LzEveXhBa1A1aGpiNm9QdHNXdWE2MmJDcnJTTkRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQT8AwQC
uZzUMA0EAgACMAcDBQAqAndAMA0GCSqGSIb3DQEBCwUAA4IBAQCq4kFHw6fzr0a/
v9uHLdH68wG7SODu3Z5TfO6o6aMeWOV3gvPoKEyIWZC0gYsV5Twojc7A23IMcFOH
B9fLL+VUz3Ti56hDxLya2lWn+ahg2EDUiv5g9FCYhvjXJ8Tn/UXJlWVPtdPZHPLB
KjOxj2dt7zRjskbaJpnJKr885l/x68DmhMNRz0DmmYoYkug3/wo8dv75+6qjn3W9
qyfXVqClKXjw1KySg33hxlls7SVflOvkYNsuZq4SZ03/16Upjd9CiQ32qCPC5vZL
1yrdqu0LsgYtSBqnYmyqXBeY698gJCxqPYcb/9MIHgnYCet+PLJyPi2CsT47Pdd4
k254Bq5k
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:54:41 2025 by rpki-client