Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/j7tAtkU7X16dxo0q2axkpmgR2Jg.roa
File: j7tAtkU7X16dxo0q2axkpmgR2Jg.roa (raw, json)
Hash identifier: ee9X5e2Gsq7S7vtFMXjQ62kSEkjJdHkxbRMmxnYqFY4=
Subject key identifier: 8F:BB:40:B6:45:3B:5F:5E:9D:C6:8D:2A:D9:AC:64:A6:68:11:D8:98
Certificate issuer: /CN=b2d8ad027a9674edc936e78c5d4d1b64964d8440
Certificate serial: 0194206857C8FC4E4B814159EDDADA9FFDFF
Authority key identifier: B2:D8:AD:02:7A:96:74:ED:C9:36:E7:8C:5D:4D:1B:64:96:4D:84:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/stitAnqWdO3JNueMXU0bZJZNhEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/j7tAtkU7X16dxo0q2axkpmgR2Jg.roa
Signing time: Wed 01 Jan 2025 05:48:16 +0000
ROA not before: Wed 01 Jan 2025 05:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198895
IP address blocks: 45.140.133.0/24 maxlen: 24
46.229.241.0/24 maxlen: 24
46.229.242.0/24 maxlen: 24
188.65.167.0/24 maxlen: 24
193.16.149.0/24 maxlen: 24
2a13:2580::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/stitAnqWdO3JNueMXU0bZJZNhEA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/stitAnqWdO3JNueMXU0bZJZNhEA.mft
rsync://rpki.ripe.net/repository/DEFAULT/stitAnqWdO3JNueMXU0bZJZNhEA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:57:c8:fc:4e:4b:81:41:59:ed:da:da:9f:fd:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b2d8ad027a9674edc936e78c5d4d1b64964d8440
Validity
Not Before: Jan 1 05:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8fbb40b6453b5f5e9dc68d2ad9ac64a66811d898
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c1:46:9d:c0:29:f3:f0:81:7d:8e:1f:f1:cb:
2c:2c:22:3b:9a:b0:c5:33:b6:2c:03:a1:4f:b5:f4:
6e:ec:d4:ab:15:63:af:26:ea:cd:04:c7:cc:cb:67:
28:f4:41:0b:4c:66:7f:08:f9:7a:51:95:cd:b7:48:
b5:a9:f9:de:57:b8:97:d7:66:9e:a6:3b:b0:44:c3:
23:ef:81:7a:a7:a1:24:53:d8:3f:01:45:38:0a:4f:
ee:56:1e:b2:01:80:af:a4:5c:4b:4d:06:50:94:17:
b0:15:f9:c7:78:63:0b:4f:f2:39:5e:d9:bb:1a:9b:
12:96:6a:fd:a1:be:d2:ea:46:cc:97:a6:35:35:28:
9b:4c:16:e8:19:3a:d2:40:b9:ee:ca:9f:93:21:10:
4d:6a:e9:72:27:59:80:7e:b2:7e:ca:2b:db:6b:53:
39:c1:56:81:36:6c:b5:40:d7:ea:99:4f:83:f0:41:
63:9e:26:c8:10:1d:c5:76:15:80:41:d0:2f:95:1e:
ab:63:d7:1d:34:5c:75:34:9b:2e:8c:13:87:17:9d:
50:39:54:87:8e:1a:5f:ac:f4:2d:8e:9b:d6:6e:46:
11:d6:b3:25:5b:2c:7e:c8:68:88:c0:1a:c6:96:d3:
a2:c6:17:55:d0:90:b6:f1:3b:bb:a3:4f:d2:82:b9:
0a:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:BB:40:B6:45:3B:5F:5E:9D:C6:8D:2A:D9:AC:64:A6:68:11:D8:98
X509v3 Authority Key Identifier:
keyid:B2:D8:AD:02:7A:96:74:ED:C9:36:E7:8C:5D:4D:1B:64:96:4D:84:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/stitAnqWdO3JNueMXU0bZJZNhEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/j7tAtkU7X16dxo0q2axkpmgR2Jg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/stitAnqWdO3JNueMXU0bZJZNhEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.140.133.0/24
46.229.241.0-46.229.242.255
188.65.167.0/24
193.16.149.0/24
IPv6:
2a13:2580::/29
Signature Algorithm: sha256WithRSAEncryption
1d:f3:5a:da:eb:e1:b9:42:87:28:47:1c:fb:a7:60:b6:51:8c:
5c:5f:a5:34:72:3e:22:b6:c2:2e:17:10:4b:12:47:69:0f:fe:
e4:7c:b4:10:52:8e:ae:d0:0e:85:ba:76:47:b9:27:ae:5b:3f:
dc:86:b4:08:1c:c2:f0:f6:46:a9:32:9d:ee:09:88:a4:57:69:
5c:12:3d:98:96:56:8a:0b:e6:e5:51:3a:c7:a5:8e:b1:f7:53:
f6:a0:3a:8f:33:e9:ee:66:99:57:38:20:e7:48:ca:7a:1d:49:
db:5d:90:f1:8c:1b:10:7f:a5:27:5e:99:fe:9d:c5:c8:46:a3:
26:f8:af:70:08:2d:d9:e6:c8:49:d5:f9:6a:5c:d9:b2:4b:d9:
da:2d:85:e9:c3:92:3a:66:da:40:d8:f0:98:38:7c:13:75:2e:
b6:9f:de:3f:7e:ac:0c:59:56:6b:f1:69:4e:29:09:39:91:b6:
20:01:f6:1f:90:13:48:cc:07:d2:88:44:75:e1:99:b3:47:d7:
bf:c7:85:21:07:36:e0:ad:ea:5e:fe:44:df:73:ea:7d:a1:aa:
b6:06:3f:63:73:e8:98:f8:4c:d8:7d:40:9e:71:32:7f:3b:a0:
64:74:95:6c:10:6c:4e:c9:32:fc:d1:e6:e7:8c:34:ec:58:6c:
95:cc:83:a4
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZQgaFfI/E5LgUFZ7dran/3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZDhhZDAyN2E5Njc0ZWRjOTM2ZTc4YzVkNGQxYjY0OTY0
ZDg0NDAwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmJiNDBiNjQ1M2I1ZjVlOWRjNjhkMmFkOWFjNjRhNjY4MTFkODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcFGncAp8/CBfY4f8cssLCI7mrDF
M7YsA6FPtfRu7NSrFWOvJurNBMfMy2co9EELTGZ/CPl6UZXNt0i1qfneV7iX12ae
pjuwRMMj74F6p6EkU9g/AUU4Ck/uVh6yAYCvpFxLTQZQlBewFfnHeGMLT/I5Xtm7
GpsSlmr9ob7S6kbMl6Y1NSibTBboGTrSQLnuyp+TIRBNaulyJ1mAfrJ+yivba1M5
wVaBNmy1QNfqmU+D8EFjnibIEB3FdhWAQdAvlR6rY9cdNFx1NJsujBOHF51QOVSH
jhpfrPQtjpvWbkYR1rMlWyx+yGiIwBrGltOixhdV0JC28Tu7o0/SgrkKIwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFI+7QLZFO19encaNKtmsZKZoEdiYMB8GA1UdIwQY
MBaAFLLYrQJ6lnTtyTbnjF1NG2SWTYRAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3RpdEFucVdkTzNKTnVlTVhVMGJaSlpOaEVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84OGM5ZDctZTM3Ny00ODc0LTk4Njgt
NzE1MjQ3YzNkY2RjLzEvajd0QXRrVTdYMTZkeG8wcTJheGtwbWdSMkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84OGM5ZDctZTM3Ny00ODc0LTk4NjgtNzE1MjQ3YzNkY2Rj
LzEvc3RpdEFucVdkTzNKTnVlTVhVMGJaSlpOaEVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQALYyFMAwD
BAAu5fEDBAAu5fIDBAC8QacDBADBEJUwDQQCAAIwBwMFAyoTJYAwDQYJKoZIhvcN
AQELBQADggEBAB3zWtrr4blChyhHHPunYLZRjFxfpTRyPiK2wi4XEEsSR2kP/uR8
tBBSjq7QDoW6dke5J65bP9yGtAgcwvD2Rqkyne4JiKRXaVwSPZiWVooL5uVROsel
jrH3U/agOo8z6e5mmVc4IOdIynodSdtdkPGMGxB/pSdemf6dxchGoyb4r3AILdnm
yEnV+Wpc2bJL2dothenDkjpm2kDY8Jg4fBN1Lraf3j9+rAxZVmvxaU4pCTmRtiAB
9h+QE0jMB9KIRHXhmbNH17/HhSEHNuCt6l7+RN9z6n2hqrYGP2Nz6Jj4TNh9QJ5x
Mn87oGR0lWwQbE7JMvzR5ueMNOxYbJXMg6Q=
-----END CERTIFICATE-----
Generated at Tue Apr 22 14:24:48 2025 by rpki-client