Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/g4mdoMQ7AxJUDrtz_UzKcq2BGGE.roa
File: g4mdoMQ7AxJUDrtz_UzKcq2BGGE.roa (raw, json)
Hash identifier: 4DUzhU0iuTSUQunYJIMnvSS7wKLl3zF9lIYPHqPkajo=
Subject key identifier: 83:89:9D:A0:C4:3B:03:12:54:0E:BB:73:FD:4C:CA:72:AD:81:18:61
Certificate issuer: /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial: 019427B552C01DFB8610835551C199528E19
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/g4mdoMQ7AxJUDrtz_UzKcq2BGGE.roa
Signing time: Thu 02 Jan 2025 15:49:42 +0000
ROA not before: Thu 02 Jan 2025 15:49:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20902
IP address blocks: 46.229.0.0/20 maxlen: 24
80.73.96.0/19 maxlen: 24
80.73.96.0/20 maxlen: 24
80.73.112.0/21 maxlen: 24
80.88.64.0/20 maxlen: 24
109.239.160.0/20 maxlen: 24
194.0.184.0/24 maxlen: 24
2001:67c:2088::/48 maxlen: 48
2a00:1230::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:52:c0:1d:fb:86:10:83:55:51:c1:99:52:8e:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Validity
Not Before: Jan 2 15:49:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=83899da0c43b0312540ebb73fd4cca72ad811861
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:9f:78:cd:5a:35:f4:3c:7a:65:b3:48:3e:d6:
ec:99:f8:39:ea:6e:bd:09:41:77:4d:0b:f0:35:1d:
00:d2:80:31:36:0d:32:1e:5b:8f:6e:0b:be:e2:e1:
bb:06:07:2f:97:2f:5e:50:ad:4c:73:08:e1:c7:a1:
93:6a:0f:b4:97:16:bd:14:76:e1:fc:7f:e6:cf:55:
fe:24:cd:1e:cf:5f:49:6a:4d:f2:60:8d:5f:fe:4d:
5d:b1:14:88:f9:c4:b6:02:45:62:e6:d0:35:b2:5d:
b3:bb:91:71:a3:e1:de:da:e0:35:fc:70:15:77:0f:
58:5d:72:2c:3e:c1:86:45:46:4e:ba:40:d9:dc:df:
60:85:65:a6:b2:38:c7:95:fb:4a:50:14:cb:f0:91:
52:cb:3a:15:68:f6:10:2e:04:d2:35:65:0f:9d:9c:
d3:a1:fb:f1:86:ce:52:8c:f3:f0:06:45:3b:28:c3:
f7:95:7a:86:33:47:d0:ee:82:30:4e:aa:f2:ec:02:
34:86:9a:29:6d:a9:a9:77:82:65:44:de:a5:48:ae:
33:6f:26:58:ad:fa:54:e3:45:77:63:7f:de:80:2a:
b2:a2:dc:4f:0f:10:03:42:cf:09:5d:0f:b7:9f:bd:
68:f0:56:c1:e8:61:b3:3e:3c:e7:36:40:91:fd:bc:
2c:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:89:9D:A0:C4:3B:03:12:54:0E:BB:73:FD:4C:CA:72:AD:81:18:61
X509v3 Authority Key Identifier:
keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/g4mdoMQ7AxJUDrtz_UzKcq2BGGE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.229.0.0/20
80.73.96.0/19
80.88.64.0/20
109.239.160.0/20
194.0.184.0/24
IPv6:
2001:67c:2088::/48
2a00:1230::/29
Signature Algorithm: sha256WithRSAEncryption
a4:9d:eb:c9:e6:98:96:d1:a3:b8:10:6b:0c:60:59:d8:84:51:
75:03:e5:c5:9f:f3:4e:a3:c3:1b:5f:8c:f8:29:c1:bd:83:6c:
13:21:c9:79:13:1a:26:d9:1b:57:49:f2:48:4b:aa:e4:16:e6:
71:4e:35:fb:d3:30:27:b4:d1:82:92:7f:a9:26:40:1f:46:89:
c2:e8:2b:ad:dd:d8:22:a6:c4:35:25:ab:01:0e:21:fb:66:60:
45:31:b3:8b:c3:53:34:1b:16:7b:39:ad:24:2b:1c:ef:76:e6:
8a:1a:40:5c:d1:2b:df:ce:74:15:75:db:f8:7b:81:18:52:85:
75:88:68:d2:cf:07:22:46:1a:aa:27:f5:5d:56:c7:f8:f3:b6:
68:2f:cb:2c:6d:76:f2:91:4f:db:6a:24:98:ac:ba:ab:20:a5:
dc:57:8d:22:24:e9:9a:8c:54:2f:46:3d:38:a0:48:bd:30:dd:
60:95:98:d6:64:cf:7e:2b:f4:91:d5:69:28:65:59:cb:c2:97:
08:f0:a5:9e:e0:5d:53:3d:7d:59:1b:d7:cf:1d:01:d9:2a:a0:
98:bf:ba:5f:91:5e:ab:81:1f:a7:df:dd:5f:fa:33:ee:7e:f6:
9a:53:b9:8c:a1:93:48:d9:d3:ca:1c:09:a6:02:a2:57:cd:f5:
3f:4c:58:c5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQntVLAHfuGEINVUcGZUo4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzg5OWRhMGM0M2IwMzEyNTQwZWJiNzNmZDRjY2E3MmFkODExODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ94zVo19Dx6ZbNIPtbsmfg56m69
CUF3TQvwNR0A0oAxNg0yHluPbgu+4uG7Bgcvly9eUK1Mcwjhx6GTag+0lxa9FHbh
/H/mz1X+JM0ez19Jak3yYI1f/k1dsRSI+cS2AkVi5tA1sl2zu5Fxo+He2uA1/HAV
dw9YXXIsPsGGRUZOukDZ3N9ghWWmsjjHlftKUBTL8JFSyzoVaPYQLgTSNWUPnZzT
ofvxhs5SjPPwBkU7KMP3lXqGM0fQ7oIwTqry7AI0hpopbampd4JlRN6lSK4zbyZY
rfpU40V3Y3/egCqyotxPDxADQs8JXQ+3n71o8FbB6GGzPjznNkCR/bws6wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFIOJnaDEOwMSVA67c/1MynKtgRhhMB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvZzRtZG9NUTdBeEpVRHJ0el9VektjcTJCR0dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQELuUAAwQF
UElgAwQEUFhAAwQEbe+gAwQAwgC4MBYEAgACMBADBwAgAQZ8IIgDBQMqABIwMA0G
CSqGSIb3DQEBCwUAA4IBAQCknevJ5piW0aO4EGsMYFnYhFF1A+XFn/NOo8MbX4z4
KcG9g2wTIcl5Exom2RtXSfJIS6rkFuZxTjX70zAntNGCkn+pJkAfRonC6Cut3dgi
psQ1JasBDiH7ZmBFMbOLw1M0GxZ7Oa0kKxzvduaKGkBc0SvfznQVddv4e4EYUoV1
iGjSzwciRhqqJ/VdVsf487ZoL8ssbXbykU/baiSYrLqrIKXcV40iJOmajFQvRj04
oEi9MN1glZjWZM9+K/SR1WkoZVnLwpcI8KWe4F1TPX1ZG9fPHQHZKqCYv7pfkV6r
gR+n391f+jPufvaaU7mMoZNI2dPKHAmmAqJXzfU/TFjF
-----END CERTIFICATE-----
Generated at Sat Apr 12 10:19:11 2025 by rpki-client