Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/b4ad9c-0d0b-4c3d-8533-dbf62fc5beb0/1/YLZ4R2cXRiV8ZGqHdVbiXZ3u-6Q.roa
File: YLZ4R2cXRiV8ZGqHdVbiXZ3u-6Q.roa (raw, json)
Hash identifier: cdselfx58yv16hOyAN0xxLi2jgGKa8b7Sqm03lityB0=
Subject key identifier: 60:B6:78:47:67:17:46:25:7C:64:6A:87:75:56:E2:5D:9D:EE:FB:A4
Certificate issuer: /CN=58ec149761a5d84b8c49e2c9936bbb748033fe66
Certificate serial: 019420D599164B6047CAF428F53B428132A0
Authority key identifier: 58:EC:14:97:61:A5:D8:4B:8C:49:E2:C9:93:6B:BB:74:80:33:FE:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WOwUl2Gl2EuMSeLJk2u7dIAz_mY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/b4ad9c-0d0b-4c3d-8533-dbf62fc5beb0/1/YLZ4R2cXRiV8ZGqHdVbiXZ3u-6Q.roa
Signing time: Wed 01 Jan 2025 07:47:36 +0000
ROA not before: Wed 01 Jan 2025 07:47:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3278
IP address blocks: 194.180.0.0/22 maxlen: 22
194.180.0.0/24 maxlen: 24
194.180.1.0/24 maxlen: 24
194.180.2.0/24 maxlen: 24
194.180.3.0/24 maxlen: 24
194.180.4.0/23 maxlen: 23
194.180.4.0/24 maxlen: 24
194.180.5.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c2/b4ad9c-0d0b-4c3d-8533-dbf62fc5beb0/1/WOwUl2Gl2EuMSeLJk2u7dIAz_mY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c2/b4ad9c-0d0b-4c3d-8533-dbf62fc5beb0/1/WOwUl2Gl2EuMSeLJk2u7dIAz_mY.mft
rsync://rpki.ripe.net/repository/DEFAULT/WOwUl2Gl2EuMSeLJk2u7dIAz_mY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:99:16:4b:60:47:ca:f4:28:f5:3b:42:81:32:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58ec149761a5d84b8c49e2c9936bbb748033fe66
Validity
Not Before: Jan 1 07:47:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=60b67847671746257c646a877556e25d9deefba4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:67:d8:0d:c1:4c:a0:a5:e5:46:6b:1b:55:94:
d6:b8:26:ee:7d:c5:d1:58:d2:77:4e:95:1f:72:40:
1d:d0:3c:3a:a1:fc:d3:c3:7d:ce:e5:f4:18:9b:c7:
d3:2e:bd:4c:cf:38:c0:85:60:c7:42:ba:46:63:31:
eb:27:33:25:58:3b:22:10:9c:30:32:a2:8f:94:7c:
01:e1:f8:44:9b:50:34:eb:d6:87:0d:f7:46:c0:84:
c2:e5:a2:34:a8:da:50:e2:de:6a:bb:df:53:4e:d5:
b6:77:01:13:01:3e:a4:39:2a:6f:e2:b9:fb:e9:aa:
70:19:30:48:43:11:0c:69:81:c9:de:cc:6c:df:b9:
06:3b:a8:57:88:aa:f6:09:fb:d7:23:8c:df:b6:4e:
b4:f0:9a:60:2c:69:e6:e3:b4:2b:17:fc:c6:46:24:
00:f5:0d:86:ee:8c:27:23:fc:36:80:4a:31:e6:d3:
81:45:ba:f8:19:bc:3a:67:c7:32:2c:a3:9f:63:18:
12:d7:5d:28:5b:22:72:6b:0c:af:89:65:3b:c4:42:
d4:c1:65:29:1c:11:bc:84:c4:5d:7d:d4:82:40:58:
9a:a8:31:5c:2d:78:2b:3e:70:7f:e1:31:d8:1f:5b:
c3:44:45:bb:92:f3:0c:5b:f4:d0:3c:fe:d0:78:ab:
bd:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:B6:78:47:67:17:46:25:7C:64:6A:87:75:56:E2:5D:9D:EE:FB:A4
X509v3 Authority Key Identifier:
keyid:58:EC:14:97:61:A5:D8:4B:8C:49:E2:C9:93:6B:BB:74:80:33:FE:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WOwUl2Gl2EuMSeLJk2u7dIAz_mY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/b4ad9c-0d0b-4c3d-8533-dbf62fc5beb0/1/YLZ4R2cXRiV8ZGqHdVbiXZ3u-6Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/b4ad9c-0d0b-4c3d-8533-dbf62fc5beb0/1/WOwUl2Gl2EuMSeLJk2u7dIAz_mY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.180.0.0-194.180.5.255
Signature Algorithm: sha256WithRSAEncryption
66:72:c4:a0:6a:56:7f:21:ff:1d:32:73:b8:8f:d1:64:63:f0:
19:69:c9:4f:dd:e6:76:39:5b:57:17:b8:65:38:91:b2:f8:4e:
4f:b6:23:f0:d2:46:5b:47:49:24:27:5f:04:e6:45:49:dc:04:
27:b0:eb:61:2b:90:3e:96:03:a5:f7:31:cd:c7:eb:24:fe:60:
0c:3f:a8:99:71:b3:43:ce:e0:be:8a:da:23:7b:58:5b:5b:3d:
dd:82:53:47:d2:a4:c9:0b:f5:41:74:10:cc:ea:4e:aa:7c:54:
d7:2e:17:08:a5:22:00:19:93:df:c4:f4:ec:11:ab:59:4b:7a:
55:67:a1:74:31:12:d1:8c:88:1c:eb:0a:f9:17:66:f9:78:68:
b0:e3:c0:1f:fd:70:d8:96:d8:28:62:1e:78:e0:42:49:ce:87:
ac:3c:1f:75:62:78:2c:2f:ff:70:c8:ec:2e:a1:4a:29:15:5c:
b1:18:fd:4d:92:a4:4b:32:b9:42:12:08:54:d3:6c:28:c9:38:
56:30:ec:c0:73:83:63:77:ff:fa:96:44:72:41:52:bd:8a:c2:
c0:6b:34:a8:7e:bf:2b:b1:0d:0e:35:d5:a4:d7:c8:51:fe:45:
60:94:96:84:d9:3a:b7:41:58:45:2a:99:05:62:cf:bd:58:50:
f4:1f:7f:f2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQg1ZkWS2BHyvQo9TtCgTKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZWMxNDk3NjFhNWQ4NGI4YzQ5ZTJjOTkzNmJiYjc0ODAz
M2ZlNjYwHhcNMjUwMTAxMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGI2Nzg0NzY3MTc0NjI1N2M2NDZhODc3NTU2ZTI1ZDlkZWVmYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmfYDcFMoKXlRmsbVZTWuCbufcXR
WNJ3TpUfckAd0Dw6ofzTw33O5fQYm8fTLr1MzzjAhWDHQrpGYzHrJzMlWDsiEJww
MqKPlHwB4fhEm1A069aHDfdGwITC5aI0qNpQ4t5qu99TTtW2dwETAT6kOSpv4rn7
6apwGTBIQxEMaYHJ3sxs37kGO6hXiKr2CfvXI4zftk608JpgLGnm47QrF/zGRiQA
9Q2G7ownI/w2gEox5tOBRbr4Gbw6Z8cyLKOfYxgS110oWyJyawyviWU7xELUwWUp
HBG8hMRdfdSCQFiaqDFcLXgrPnB/4THYH1vDREW7kvMMW/TQPP7QeKu9dwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFGC2eEdnF0YlfGRqh3VW4l2d7vukMB8GA1UdIwQY
MBaAFFjsFJdhpdhLjEniyZNru3SAM/5mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV093VWwyR2wyRXVNU2VMSmsydTdkSUF6X21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iNGFkOWMtMGQwYi00YzNkLTg1MzMt
ZGJmNjJmYzViZWIwLzEvWUxaNFIyY1hSaVY4WkdxSGRWYmlYWjN1LTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iNGFkOWMtMGQwYi00YzNkLTg1MzMtZGJmNjJmYzViZWIw
LzEvV093VWwyR2wyRXVNU2VMSmsydTdkSUF6X21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwLCtAME
AcK0BDANBgkqhkiG9w0BAQsFAAOCAQEAZnLEoGpWfyH/HTJzuI/RZGPwGWnJT93m
djlbVxe4ZTiRsvhOT7Yj8NJGW0dJJCdfBOZFSdwEJ7DrYSuQPpYDpfcxzcfrJP5g
DD+omXGzQ87gvoraI3tYW1s93YJTR9KkyQv1QXQQzOpOqnxU1y4XCKUiABmT38T0
7BGrWUt6VWehdDES0YyIHOsK+Rdm+XhosOPAH/1w2JbYKGIeeOBCSc6HrDwfdWJ4
LC//cMjsLqFKKRVcsRj9TZKkSzK5QhIIVNNsKMk4VjDswHODY3f/+pZEckFSvYrC
wGs0qH6/K7ENDjXVpNfIUf5FYJSWhNk6t0FYRSqZBWLPvVhQ9B9/8g==
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:53:58 2025 by rpki-client