Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HJCG7wX6bVTSlFU6A-_QZepXnjE.roa
File: HJCG7wX6bVTSlFU6A-_QZepXnjE.roa (raw, json)
Hash identifier: qWy9uu0ocSaGyE7cbor3VB0J4b8YD+Adt+XSdLNm834=
Subject key identifier: 1C:90:86:EF:05:FA:6D:54:D2:94:55:3A:03:EF:D0:65:EA:57:9E:31
Certificate issuer: /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial: 0194221FBE14B70BC7B9AB86DBBE37A6AD61
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HJCG7wX6bVTSlFU6A-_QZepXnjE.roa
Signing time: Wed 01 Jan 2025 13:48:13 +0000
ROA not before: Wed 01 Jan 2025 13:48:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12912
IP address blocks: 78.133.128.0/17 maxlen: 17
85.219.128.0/17 maxlen: 17
89.174.0.0/16 maxlen: 16
94.42.0.0/16 maxlen: 16
94.42.175.0/24 maxlen: 24
157.25.0.0/16 maxlen: 16
195.94.192.0/19 maxlen: 19
217.8.160.0/19 maxlen: 19
217.153.0.0/16 maxlen: 16
2001:4190::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 13:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:be:14:b7:0b:c7:b9:ab:86:db:be:37:a6:ad:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Validity
Not Before: Jan 1 13:48:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c9086ef05fa6d54d294553a03efd065ea579e31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:f9:08:85:fe:c3:40:c6:dd:ea:8e:33:5d:5a:
8c:2b:5a:bd:5e:48:5d:e8:50:04:da:26:fd:6e:ca:
db:7a:73:9e:41:8d:72:61:00:a5:2d:09:15:ac:60:
83:16:28:18:3c:b4:5e:72:4d:6a:66:70:fa:54:a7:
c0:f6:e2:40:dc:37:88:51:31:be:63:03:a3:a7:d0:
85:ee:7a:f1:d1:04:18:05:ad:68:d3:4d:b1:aa:dc:
16:35:84:ff:be:e5:dc:c5:88:90:33:a7:19:0b:c3:
be:51:98:bf:1f:df:80:7a:18:6d:a7:9e:b1:61:2a:
a8:5b:3a:1a:0f:24:96:c2:26:bc:b7:eb:38:21:02:
86:f8:8d:a5:40:c1:a2:07:ef:fe:e6:5e:19:5e:fb:
84:63:b6:9b:0f:81:d5:1d:23:3c:a0:ce:8b:10:c8:
bb:bc:86:a6:02:b9:65:bf:17:1b:70:5a:77:71:ea:
9c:d0:43:d5:91:7d:c2:aa:c9:de:f1:63:45:51:1d:
8c:52:08:af:fe:b6:c4:4a:7e:38:b6:ad:ab:f0:d6:
aa:50:f8:d6:95:04:ab:34:40:3a:58:3e:13:3d:1f:
16:e2:9a:0e:c3:50:cb:f9:86:3b:66:33:05:aa:ef:
c6:b7:9f:aa:bd:09:d5:bd:81:ae:f6:eb:a1:82:e9:
7c:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:90:86:EF:05:FA:6D:54:D2:94:55:3A:03:EF:D0:65:EA:57:9E:31
X509v3 Authority Key Identifier:
keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HJCG7wX6bVTSlFU6A-_QZepXnjE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.133.128.0/17
85.219.128.0/17
89.174.0.0/16
94.42.0.0/16
157.25.0.0/16
195.94.192.0/19
217.8.160.0/19
217.153.0.0/16
IPv6:
2001:4190::/32
Signature Algorithm: sha256WithRSAEncryption
17:17:c0:4e:a2:55:7d:31:ce:56:b5:b3:d2:44:7f:b0:d1:98:
60:2c:42:9c:4e:eb:41:f9:3e:90:2c:b1:85:b9:46:3b:2c:8c:
87:22:0d:71:20:3d:9a:2c:f4:35:1b:aa:21:07:da:1f:1b:46:
e1:62:8f:97:5e:eb:be:88:95:db:a2:1e:89:cc:8e:13:15:a3:
1c:8e:23:97:ae:93:0d:d5:8d:cd:71:5e:be:fe:ec:39:7a:69:
63:c2:64:ea:43:ce:e1:ba:05:49:e9:c0:a3:b5:30:f6:ca:16:
32:e1:b4:d6:4b:43:7f:ec:6f:ef:21:d5:ca:e3:8e:44:6e:8a:
39:29:b3:4a:59:4c:97:1c:e7:5d:37:e4:d4:07:4c:65:69:75:
91:a7:e9:bc:59:35:c3:26:29:20:99:2e:1d:e4:d0:be:46:f3:
16:8a:2e:fd:f7:b7:05:22:93:20:9a:84:53:d0:6b:89:dd:0f:
45:a2:8f:97:22:ef:91:02:a0:98:24:b1:69:08:ca:b9:a1:cb:
79:97:2c:95:fe:d5:9f:c9:27:13:4a:48:fc:20:9d:11:5b:03:
0d:f5:2d:02:43:96:b2:99:8b:8f:19:e2:d3:70:6a:2f:9f:4c:
81:87:3c:7a:b4:71:87:7e:4e:69:94:e9:1e:5a:0b:ac:dd:d6:
87:9a:5d:7d
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZQiH74UtwvHuauG2743pq1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzkwODZlZjA1ZmE2ZDU0ZDI5NDU1M2EwM2VmZDA2NWVhNTc5ZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/kIhf7DQMbd6o4zXVqMK1q9Xkhd
6FAE2ib9bsrbenOeQY1yYQClLQkVrGCDFigYPLReck1qZnD6VKfA9uJA3DeIUTG+
YwOjp9CF7nrx0QQYBa1o002xqtwWNYT/vuXcxYiQM6cZC8O+UZi/H9+Aehhtp56x
YSqoWzoaDySWwia8t+s4IQKG+I2lQMGiB+/+5l4ZXvuEY7abD4HVHSM8oM6LEMi7
vIamArllvxcbcFp3ceqc0EPVkX3Cqsne8WNFUR2MUgiv/rbESn44tq2r8NaqUPjW
lQSrNEA6WD4TPR8W4poOw1DL+YY7ZjMFqu/Gt5+qvQnVvYGu9uuhgul8HwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFByQhu8F+m1U0pRVOgPv0GXqV54xMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvSEpDRzd3WDZiVlRTbEZVNkEtX1FaZXBYbmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQHToWAAwQH
VduAAwMAWa4DAwBeKgMDAJ0ZAwQFw17AAwQF2QigAwMA2ZkwDQQCAAIwBwMFACAB
QZAwDQYJKoZIhvcNAQELBQADggEBABcXwE6iVX0xzla1s9JEf7DRmGAsQpxO60H5
PpAssYW5RjssjIciDXEgPZos9DUbqiEH2h8bRuFij5de676IlduiHonMjhMVoxyO
I5eukw3Vjc1xXr7+7Dl6aWPCZOpDzuG6BUnpwKO1MPbKFjLhtNZLQ3/sb+8h1crj
jkRuijkps0pZTJcc51035NQHTGVpdZGn6bxZNcMmKSCZLh3k0L5G8xaKLv33twUi
kyCahFPQa4ndD0Wij5ci75ECoJgksWkIyrmhy3mXLJX+1Z/JJxNKSPwgnRFbAw31
LQJDlrKZi48Z4tNwai+fTIGHPHq0cYd+TmmU6R5aC6zd1oeaXX0=
-----END CERTIFICATE-----
Generated at Mon Apr 7 17:00:55 2025 by rpki-client