Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/h1oyUSQHfCUnNhv3GPjMusMqBOQ.roa
File: h1oyUSQHfCUnNhv3GPjMusMqBOQ.roa (raw, json)
Hash identifier: zVnvi6OzjNH5JWYjXPv16C0I43oqAW042jfOToOeKNM=
Subject key identifier: 87:5A:32:51:24:07:7C:25:27:36:1B:F7:18:F8:CC:BA:C3:2A:04:E4
Certificate issuer: /CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
Certificate serial: 019423D6A20139F9ACF24623078000DB85A3
Authority key identifier: E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/h1oyUSQHfCUnNhv3GPjMusMqBOQ.roa
Signing time: Wed 01 Jan 2025 21:47:36 +0000
ROA not before: Wed 01 Jan 2025 21:47:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49058
IP address blocks: 95.131.176.0/21 maxlen: 32
185.25.9.0/24 maxlen: 32
185.25.10.0/23 maxlen: 32
2a00:7b60::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.mft
rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 08:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:a2:01:39:f9:ac:f2:46:23:07:80:00:db:85:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
Validity
Not Before: Jan 1 21:47:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=875a325124077c2527361bf718f8ccbac32a04e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:e2:3e:58:b2:3e:00:84:cb:7e:2b:1e:d5:ef:
65:5c:b0:67:51:93:8b:5b:48:3e:08:2d:74:41:ed:
82:15:96:f5:34:a8:e9:ab:81:de:04:9c:65:26:38:
8d:12:fa:19:93:ac:bf:4f:5b:45:d7:89:43:07:61:
07:d1:3e:bf:cb:6a:d4:f5:2a:fb:1e:aa:a8:69:04:
c7:b7:d5:e7:f5:68:63:ae:29:1c:50:71:6a:84:69:
60:36:cc:7c:e3:bd:e1:8e:0b:cc:de:98:31:4c:e3:
af:46:78:b8:9d:eb:76:7a:bb:b4:b1:a1:f8:3b:e6:
69:e4:e9:56:d8:4e:a9:1b:f6:a6:c4:bf:e8:67:58:
83:4c:95:6f:1f:db:89:0b:96:e0:0b:f3:f5:1e:e3:
e4:f5:9b:b6:38:6f:90:21:0c:1c:b4:a9:35:37:20:
a1:e8:c6:e8:ed:7c:b9:fe:6a:88:3e:43:2f:df:90:
1c:40:d6:20:d5:41:cf:be:e0:2e:c1:ff:e0:0b:42:
ce:76:42:45:96:8f:79:68:32:eb:da:99:5e:ee:0f:
34:e5:a3:d9:a5:f3:e9:90:a3:4a:fa:74:8c:af:ca:
b3:e5:07:75:f7:e2:54:73:f6:07:3e:d1:0d:38:1e:
1a:3e:bd:9c:68:6e:e7:17:09:34:bb:e2:1e:4e:5f:
61:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:5A:32:51:24:07:7C:25:27:36:1B:F7:18:F8:CC:BA:C3:2A:04:E4
X509v3 Authority Key Identifier:
keyid:E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/h1oyUSQHfCUnNhv3GPjMusMqBOQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.176.0/21
185.25.9.0-185.25.11.255
IPv6:
2a00:7b60::/32
Signature Algorithm: sha256WithRSAEncryption
7e:2d:cf:82:a5:8c:0c:48:fa:98:49:c5:c3:ca:de:14:9d:9e:
3b:87:28:67:f6:89:3d:1d:10:f7:08:78:f6:d9:b5:67:0f:7e:
e8:d3:ca:2e:fc:6f:9d:eb:fe:2b:72:d6:c1:2e:08:f1:17:b5:
21:55:cb:d9:02:45:65:4e:74:1d:c0:d6:ab:1d:d8:0e:2c:97:
21:50:45:73:28:36:95:33:94:8e:a4:38:38:31:a4:7e:ec:0a:
e9:50:7f:be:67:3e:59:5d:62:fb:e4:71:54:39:39:9a:93:31:
5b:00:9c:9d:95:80:71:2f:d5:ae:00:a2:c6:c1:dd:ac:55:30:
93:c1:b1:f9:c4:ef:bc:d8:66:b5:3f:8d:22:fe:05:41:65:e1:
44:a4:f5:c0:ea:61:f9:ed:9c:e8:6c:f0:e5:a5:26:34:dd:89:
b3:66:80:b4:56:7a:bf:35:1e:f4:1d:45:34:8b:af:29:77:50:
fe:bf:e3:f7:c2:d2:c4:ca:92:08:8f:9d:a6:11:35:bb:d4:30:
b2:73:49:58:33:9a:4f:8b:69:6d:82:c9:11:ed:3d:b7:a8:be:
70:ea:7c:fc:fa:f6:f8:de:c2:a4:14:20:ba:2d:f8:9a:11:ec:
88:53:5b:d8:57:f7:b2:9d:c2:be:74:e7:40:5f:10:2e:e8:96:
fb:0d:22:2d
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQj1qIBOfms8kYjB4AA24WjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTgzYjQwYjNmNGQ3ZDMxZmIzMzY4ZGFmYWNhMTE5OWE0
NDk4OTIwHhcNMjUwMTAxMjE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzVhMzI1MTI0MDc3YzI1MjczNjFiZjcxOGY4Y2NiYWMzMmEwNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuI+WLI+AITLfise1e9lXLBnUZOL
W0g+CC10Qe2CFZb1NKjpq4HeBJxlJjiNEvoZk6y/T1tF14lDB2EH0T6/y2rU9Sr7
HqqoaQTHt9Xn9WhjrikcUHFqhGlgNsx8473hjgvM3pgxTOOvRni4net2eru0saH4
O+Zp5OlW2E6pG/amxL/oZ1iDTJVvH9uJC5bgC/P1HuPk9Zu2OG+QIQwctKk1NyCh
6Mbo7Xy5/mqIPkMv35AcQNYg1UHPvuAuwf/gC0LOdkJFlo95aDLr2ple7g805aPZ
pfPpkKNK+nSMr8qz5Qd19+JUc/YHPtENOB4aPr2caG7nFwk0u+IeTl9haQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIdaMlEkB3wlJzYb9xj4zLrDKgTkMB8GA1UdIwQY
MBaAFOWoO0Cz9NfTH7M2ja+soRmaRJiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEt
M2QzODg2MDZkYTEyLzEvaDFveVVTUUhmQ1VuTmh2M0dQak11c01xQk9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEtM2QzODg2MDZkYTEy
LzEvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQDX4OwMAwD
BAC5GQkDBAK5GQgwDQQCAAIwBwMFACoAe2AwDQYJKoZIhvcNAQELBQADggEBAH4t
z4KljAxI+phJxcPK3hSdnjuHKGf2iT0dEPcIePbZtWcPfujTyi78b53r/ity1sEu
CPEXtSFVy9kCRWVOdB3A1qsd2A4slyFQRXMoNpUzlI6kODgxpH7sCulQf75nPlld
YvvkcVQ5OZqTMVsAnJ2VgHEv1a4AosbB3axVMJPBsfnE77zYZrU/jSL+BUFl4USk
9cDqYfntnOhs8OWlJjTdibNmgLRWer81HvQdRTSLryl3UP6/4/fC0sTKkgiPnaYR
NbvUMLJzSVgzmk+LaW2CyRHtPbeovnDqfPz69vjewqQUILot+JoR7IhTW9hX97Kd
wr5050BfEC7olvsNIi0=
-----END CERTIFICATE-----
Generated at Tue Apr 15 13:55:11 2025 by rpki-client