Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-kb4hmxMAktf4yYaTtNVFR4VnGM.roa
File: 1-kb4hmxMAktf4yYaTtNVFR4VnGM.roa (raw, json)
Hash identifier: Is673hjFs+Vhwv7WU2gQiJKw7iusXjoS6iS4OthWLzs=
Subject key identifier: FA:46:F8:86:6C:4C:02:4B:5F:E3:26:1A:4E:D3:55:15:1E:15:9C:63
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019515A2C1A3D397B1AEC6FC34855B65B91A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-kb4hmxMAktf4yYaTtNVFR4VnGM.roa
Signing time: Mon 17 Feb 2025 20:39:02 +0000
ROA not before: Mon 17 Feb 2025 20:39:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215590
IP address blocks: 37.46.20.0/22 maxlen: 24
77.239.108.0/22 maxlen: 24
87.251.16.0/22 maxlen: 24
150.241.106.0/23 maxlen: 24
150.241.115.0/24 maxlen: 24
150.241.116.0/24 maxlen: 24
150.241.123.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:15:a2:c1:a3:d3:97:b1:ae:c6:fc:34:85:5b:65:b9:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Feb 17 20:39:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fa46f8866c4c024b5fe3261a4ed355151e159c63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:75:98:51:92:92:51:4a:b2:dc:68:7c:e9:46:
8a:82:d6:5c:55:a9:d1:ae:ad:6a:eb:c4:1a:87:db:
7e:9e:6b:b3:49:54:20:00:6f:c2:b8:48:aa:46:f0:
88:88:03:2b:b9:18:3f:da:94:1d:17:27:b0:c1:ab:
04:bf:da:25:35:b7:c1:f7:fe:f7:fc:00:32:32:56:
1d:cd:5e:a8:d7:b0:5d:d0:68:da:4b:b2:66:b5:04:
86:b5:5e:1a:9a:3a:b0:77:50:a5:94:ee:ce:8e:af:
3a:e4:72:69:33:64:26:0b:83:18:5b:70:0f:5a:ed:
ac:ca:54:16:80:32:0d:e9:a1:eb:b2:42:1b:37:e2:
f4:09:d4:7d:39:04:33:ae:0a:04:3b:b5:06:f6:a2:
ad:89:be:56:b2:40:98:26:ef:a8:ae:5c:01:24:8d:
96:11:bd:d1:c6:a3:13:ec:0f:10:fd:73:38:23:58:
0c:5e:47:72:67:28:3e:8f:96:84:a3:9a:2f:16:1f:
2d:0c:4b:f3:f2:10:64:57:4a:f7:84:69:f0:ee:b8:
e3:d5:0b:d3:ed:ac:80:d8:d5:b2:28:71:de:18:55:
5c:f1:83:3c:e9:2d:1d:66:a0:c9:f8:01:f8:72:5e:
55:01:ca:49:ed:6b:1e:b3:ef:6a:af:41:45:2d:3e:
2d:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:46:F8:86:6C:4C:02:4B:5F:E3:26:1A:4E:D3:55:15:1E:15:9C:63
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-kb4hmxMAktf4yYaTtNVFR4VnGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.20.0/22
77.239.108.0/22
87.251.16.0/22
150.241.106.0/23
150.241.115.0-150.241.116.255
150.241.123.0/24
Signature Algorithm: sha256WithRSAEncryption
13:ce:81:88:a5:52:ff:da:84:08:22:f6:65:bf:06:e2:f9:2d:
6f:b6:3d:21:36:a1:bf:17:e9:da:7a:ae:07:ec:63:1f:a5:26:
80:c9:12:1f:f7:4f:72:e4:f5:20:1e:f1:99:c1:24:e2:84:e9:
2f:31:85:43:ec:12:7c:66:6b:68:5a:c7:8d:f4:24:22:e3:f2:
15:1a:65:4e:75:c3:f1:77:4a:3b:41:2d:ee:e5:ea:76:12:77:
c9:63:02:32:5f:74:e5:04:e7:06:1b:b9:7d:7d:48:a9:ce:ee:
86:14:87:52:d0:72:25:cc:a3:f8:fc:c5:69:ce:d9:31:38:50:
90:29:c6:52:15:30:c1:b2:f3:ac:fa:36:42:d6:cb:ed:b6:3b:
e5:a7:84:74:54:b8:2d:ef:d4:38:f2:1f:1a:23:fa:a5:63:2a:
63:bb:d5:a5:88:61:b4:8d:b3:b4:f9:55:31:fb:f2:48:b1:2c:
ee:5b:14:d1:db:7f:ad:69:72:5e:81:82:b7:46:ea:de:7d:e5:
ff:af:95:93:82:ea:e7:9b:63:84:bb:29:d6:96:c6:79:4f:0e:
e8:55:40:79:e3:37:e2:b9:08:98:7a:ca:6c:eb:11:9a:41:df:
90:49:a6:71:59:c7:89:08:57:a2:fe:74:aa:9b:ef:44:eb:9c:
8e:5e:f1:0a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZUVosGj05exrsb8NIVbZbkaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMjE3MjAzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTQ2Zjg4NjZjNGMwMjRiNWZlMzI2MWE0ZWQzNTUxNTFlMTU5YzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3WYUZKSUUqy3Gh86UaKgtZcVanR
rq1q68Qah9t+nmuzSVQgAG/CuEiqRvCIiAMruRg/2pQdFyewwasEv9olNbfB9/73
/AAyMlYdzV6o17Bd0GjaS7JmtQSGtV4amjqwd1CllO7Ojq865HJpM2QmC4MYW3AP
Wu2sylQWgDIN6aHrskIbN+L0CdR9OQQzrgoEO7UG9qKtib5WskCYJu+orlwBJI2W
Eb3RxqMT7A8Q/XM4I1gMXkdyZyg+j5aEo5ovFh8tDEvz8hBkV0r3hGnw7rjj1QvT
7ayA2NWyKHHeGFVc8YM86S0dZqDJ+AH4cl5VAcpJ7Wses+9qr0FFLT4tBQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFPpG+IZsTAJLX+MmGk7TVRUeFZxjMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMS1rYjRobXhNQWt0ZjR5WWFUdE5WRlI0Vm5HTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvMzhmMTI4LWVhODItNDU1NS1iNTE0LTE0Mzk2N2E4ZmUw
OC8xL0hKWS1QU0tFZlVac0ppd2doNHduZ05pRUFBTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBFBggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLAMEAiUuFAME
Ak3vbAMEAlf7EAMEAZbxajAMAwQAlvFzAwQAlvF0AwQAlvF7MA0GCSqGSIb3DQEB
CwUAA4IBAQATzoGIpVL/2oQIIvZlvwbi+S1vtj0hNqG/F+naeq4H7GMfpSaAyRIf
909y5PUgHvGZwSTihOkvMYVD7BJ8ZmtoWseN9CQi4/IVGmVOdcPxd0o7QS3u5ep2
EnfJYwIyX3TlBOcGG7l9fUipzu6GFIdS0HIlzKP4/MVpztkxOFCQKcZSFTDBsvOs
+jZC1svttjvlp4R0VLgt79Q48h8aI/qlYypju9WliGG0jbO0+VUx+/JIsSzuWxTR
23+taXJegYK3RurefeX/r5WTgurnm2OEuynWlsZ5Tw7oVUB54zfiuQiYesps6xGa
Qd+QSaZxWceJCFei/nSqm+9E65yOXvEK
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:57:42 2025 by rpki-client