Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/r7-k0f-z2OlArTZoSJ6zSYon5xM.roa
File: r7-k0f-z2OlArTZoSJ6zSYon5xM.roa (raw, json)
Hash identifier: QUZGO8/mjv/Qdw+503/pGshPdbDCDrat1f+az31SAAc=
Subject key identifier: AF:BF:A4:D1:FF:B3:D8:E9:40:AD:36:68:48:9E:B3:49:8A:27:E7:13
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019601B65A2CC26D1C6ED71031A75AEE2AB2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/r7-k0f-z2OlArTZoSJ6zSYon5xM.roa
Signing time: Fri 04 Apr 2025 16:50:49 +0000
ROA not before: Fri 04 Apr 2025 16:50:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
193.23.196.0/23 maxlen: 24
193.23.199.0/24 maxlen: 24
193.23.216.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 01:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:01:b6:5a:2c:c2:6d:1c:6e:d7:10:31:a7:5a:ee:2a:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 4 16:50:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afbfa4d1ffb3d8e940ad3668489eb3498a27e713
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:ec:ac:11:21:04:03:2a:3c:26:f7:8b:54:7c:
f5:20:88:d7:85:a9:c5:29:9b:b1:89:1a:34:67:c0:
3a:57:de:ae:5e:09:07:fb:49:18:69:91:2f:3e:dd:
d2:34:7f:9a:a1:9c:92:12:22:d0:f5:f9:9e:7e:40:
fb:e6:7a:a3:2a:35:26:9d:bc:e3:23:27:07:86:db:
64:b3:19:2c:80:f2:86:b4:fd:3f:2f:51:61:7e:f4:
53:02:94:49:2a:d7:0e:55:a8:ef:85:03:22:0c:ed:
81:13:b8:6c:ff:c5:95:79:8d:c9:9d:b4:e6:6c:5b:
af:06:9f:cc:93:c8:20:77:d7:2f:e9:15:3a:e0:2c:
33:87:9e:7d:08:bd:bb:26:d7:20:e2:ab:81:49:3f:
d2:01:ba:c3:d9:5a:81:4f:95:3a:d3:ff:d0:09:5f:
92:91:54:dd:5f:00:68:3f:3f:ec:ec:ed:33:27:14:
7c:7a:b7:c2:f4:70:f6:e5:51:15:28:89:b8:99:a8:
b2:13:9c:ec:2c:fa:9f:ad:a6:4a:e3:44:e8:9d:90:
c5:f7:d4:01:f3:2e:30:77:8e:8d:95:4f:52:53:da:
5b:5c:03:5d:a3:ac:05:79:91:f4:d8:0a:c3:bd:84:
75:80:12:23:a5:37:ba:4b:51:75:01:4a:46:33:f9:
f0:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:BF:A4:D1:FF:B3:D8:E9:40:AD:36:68:48:9E:B3:49:8A:27:E7:13
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/r7-k0f-z2OlArTZoSJ6zSYon5xM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.124.0/22
185.216.104.0/22
193.23.196.0/23
193.23.199.0/24
193.23.216.0/24
Signature Algorithm: sha256WithRSAEncryption
33:56:55:cf:48:9b:ef:11:ec:91:62:cd:d8:03:11:ab:40:e9:
12:ab:ad:6d:13:ab:7d:f1:fd:df:21:91:14:08:11:a4:8b:f1:
99:9c:b3:93:97:09:9f:ea:8f:34:c0:49:7a:b6:35:fb:15:3c:
55:2e:9c:32:22:9b:cc:a3:46:71:41:37:d6:81:27:45:ef:70:
75:10:b5:50:15:f3:ec:d1:8e:87:13:9b:b1:45:ff:68:39:69:
98:70:02:7d:26:1c:6c:3e:9c:9d:c1:ca:af:d0:2b:3f:67:4b:
39:a2:05:56:3f:3b:ce:c5:26:c9:c8:76:f0:1e:f2:2d:6c:be:
8d:d4:20:1e:1d:7b:52:b9:05:88:7e:4a:3a:3d:d6:01:2e:ff:
fb:0a:32:8f:49:88:7d:d5:c7:65:9f:46:67:8d:d9:06:ae:b4:
5c:f7:73:91:24:21:1c:47:8c:51:24:0e:25:04:34:ed:11:96:
9c:fc:9a:68:fe:75:dc:25:2e:a9:25:ea:53:ba:64:18:ba:97:
42:6b:a8:88:39:18:f3:63:13:c8:38:cc:52:f6:9b:ff:26:f7:
0d:bc:22:61:81:8d:b5:a5:72:a0:fa:03:1a:e3:ff:62:2a:37:
7e:9d:73:f2:b0:df:a5:3f:87:f3:b2:f0:aa:8b:4d:40:25:7a:
ca:96:99:43
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZYBtloswm0cbtcQMada7iqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDA0MTY1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJmYTRkMWZmYjNkOGU5NDBhZDM2Njg0ODllYjM0OThhMjdlNzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+ysESEEAyo8JveLVHz1IIjXhanF
KZuxiRo0Z8A6V96uXgkH+0kYaZEvPt3SNH+aoZySEiLQ9fmefkD75nqjKjUmnbzj
IycHhttksxksgPKGtP0/L1FhfvRTApRJKtcOVajvhQMiDO2BE7hs/8WVeY3JnbTm
bFuvBp/Mk8ggd9cv6RU64Cwzh559CL27Jtcg4quBST/SAbrD2VqBT5U60//QCV+S
kVTdXwBoPz/s7O0zJxR8erfC9HD25VEVKIm4maiyE5zsLPqfraZK40TonZDF99QB
8y4wd46NlU9SU9pbXANdo6wFeZH02ArDvYR1gBIjpTe6S1F1AUpGM/nwlwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFK+/pNH/s9jpQK02aEies0mKJ+cTMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcjctazBmLXoyT2xBclRab1NKNnpTWW9uNXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCQLx8AwQC
udhoAwQBwRfEAwQAwRfHAwQAwRfYMA0GCSqGSIb3DQEBCwUAA4IBAQAzVlXPSJvv
EeyRYs3YAxGrQOkSq61tE6t98f3fIZEUCBGki/GZnLOTlwmf6o80wEl6tjX7FTxV
LpwyIpvMo0ZxQTfWgSdF73B1ELVQFfPs0Y6HE5uxRf9oOWmYcAJ9JhxsPpydwcqv
0Cs/Z0s5ogVWPzvOxSbJyHbwHvItbL6N1CAeHXtSuQWIfko6PdYBLv/7CjKPSYh9
1cdln0ZnjdkGrrRc93ORJCEcR4xRJA4lBDTtEZac/Jpo/nXcJS6pJepTumQYupdC
a6iIORjzYxPIOMxS9pv/JvcNvCJhgY21pXKg+gMa4/9iKjd+nXPysN+lP4fzsvCq
i01AJXrKlplD
-----END CERTIFICATE-----
Generated at Sat Apr 5 09:42:29 2025 by rpki-client