Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/lc03wXBALXEPocpcfjm6P-yAsN0.roa
File: lc03wXBALXEPocpcfjm6P-yAsN0.roa (raw, json)
Hash identifier: hU68bUabKrfbjp5BXZ3aDNdEQaqOiciUFeryRAbO9Qw=
Subject key identifier: 95:CD:37:C1:70:40:2D:71:0F:A1:CA:5C:7E:39:BA:3F:EC:80:B0:DD
Certificate issuer: /CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
Certificate serial: 0194228D6C9F4D1C39C1BFDD85F7C2FF99C5
Authority key identifier: E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/lc03wXBALXEPocpcfjm6P-yAsN0.roa
Signing time: Wed 01 Jan 2025 15:48:01 +0000
ROA not before: Wed 01 Jan 2025 15:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51248
IP address blocks: 5.43.224.0/21 maxlen: 24
158.255.32.0/21 maxlen: 24
158.255.39.0/24 maxlen: 24
176.74.216.0/21 maxlen: 24
185.8.56.0/22 maxlen: 24
188.124.56.0/21 maxlen: 24
193.161.84.0/22 maxlen: 24
2a03:1840::/48 maxlen: 64
2a03:1840:1::/48 maxlen: 64
2a03:1840:2::/48 maxlen: 64
2a03:1840:3::/48 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.mft
rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:6c:9f:4d:1c:39:c1:bf:dd:85:f7:c2:ff:99:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
Validity
Not Before: Jan 1 15:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95cd37c170402d710fa1ca5c7e39ba3fec80b0dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d0:17:d3:ec:c5:85:4c:9b:8b:82:4e:e3:82:
69:64:51:cd:93:5d:f9:b8:64:8b:79:65:c6:c6:be:
5a:4f:91:af:78:e3:26:06:b2:25:e0:1a:b8:8f:81:
d3:14:7a:4b:a4:7a:9f:33:99:0d:12:d6:98:90:1c:
a9:37:44:c3:e6:69:c8:41:40:2e:b3:cf:ec:c6:c2:
db:04:af:bb:11:a9:d2:c4:5f:32:fd:47:a2:eb:19:
2d:dd:b7:9c:72:cc:f3:6c:52:32:5e:3e:6b:d8:64:
8f:f1:af:7b:76:ba:cf:d2:7a:5e:24:a7:80:ae:e0:
fc:b3:30:a0:ea:08:69:75:80:c0:cf:b2:b1:ab:10:
84:e1:89:94:b0:38:be:56:11:00:df:32:ec:39:93:
69:9a:cb:14:8d:05:c5:b2:dc:ff:ea:e1:54:a3:87:
6e:2c:0f:2a:d1:31:ee:67:d5:95:2d:b0:82:67:c4:
73:c2:31:d4:5f:fd:c7:7f:c5:40:d0:f7:0a:d9:2a:
f3:c8:93:28:d1:99:a3:52:e0:f8:7d:d4:1c:ca:f2:
d6:a4:b1:2c:70:69:35:ba:9f:5f:d4:7e:34:ee:6d:
c2:62:c6:77:f2:88:ea:35:e5:5f:a4:bc:d5:bb:62:
95:c8:19:93:6d:65:3b:f6:8f:5f:44:3d:9b:c9:ea:
0a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:CD:37:C1:70:40:2D:71:0F:A1:CA:5C:7E:39:BA:3F:EC:80:B0:DD
X509v3 Authority Key Identifier:
keyid:E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/lc03wXBALXEPocpcfjm6P-yAsN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.43.224.0/21
158.255.32.0/21
176.74.216.0/21
185.8.56.0/22
188.124.56.0/21
193.161.84.0/22
IPv6:
2a03:1840::/46
Signature Algorithm: sha256WithRSAEncryption
9d:57:43:bd:5a:28:ea:75:b8:42:22:17:8f:87:ae:ce:3c:38:
a9:41:8e:f2:e9:64:0a:82:5d:52:a0:f4:e3:91:c7:8d:9c:1a:
fe:e4:6a:39:ce:1b:91:1e:8c:bf:47:ae:09:68:6c:7a:94:91:
fa:df:df:d1:eb:ee:02:c4:b1:0e:ce:ca:2c:bb:a2:23:e7:da:
73:59:13:b5:60:55:18:be:21:55:7c:c9:0b:90:e5:71:dc:dc:
9f:25:fe:17:48:6b:7e:d3:fc:a6:a7:e2:83:6b:46:b8:b9:0e:
18:51:90:4a:ad:ba:b3:24:6a:2f:3f:51:81:ad:08:ba:28:04:
2b:2a:d9:5e:30:fc:da:e3:a2:4e:1f:d5:46:96:ae:2c:a4:4a:
28:d1:57:2c:a8:87:9b:af:38:b5:0d:ba:3a:10:42:1a:3d:99:
9d:c6:a4:ba:8f:a7:86:1a:5f:ea:34:70:47:46:1b:40:dd:cd:
c1:70:93:d4:a7:58:f5:48:e9:8f:3a:f9:8d:48:f1:28:7f:0f:
4f:94:22:97:87:cc:4c:bb:9e:cc:9f:79:49:d1:0c:68:a2:c4:
64:77:22:c0:58:6f:91:47:a1:81:7d:96:39:46:bc:8a:a9:25:
bc:b3:6d:56:00:2b:f9:f1:0b:8a:8f:bf:78:7d:ef:c0:14:42:
e3:50:4a:ed
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZQijWyfTRw5wb/dhffC/5nFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZTRkYzk2OGVkNTI5MzVhMDRkZWUzYjIyOWMyMWNhOWJm
ZGJkN2UwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWNkMzdjMTcwNDAyZDcxMGZhMWNhNWM3ZTM5YmEzZmVjODBiMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotAX0+zFhUybi4JO44JpZFHNk135
uGSLeWXGxr5aT5GveOMmBrIl4Bq4j4HTFHpLpHqfM5kNEtaYkBypN0TD5mnIQUAu
s8/sxsLbBK+7EanSxF8y/Uei6xkt3beccszzbFIyXj5r2GSP8a97drrP0npeJKeA
ruD8szCg6ghpdYDAz7KxqxCE4YmUsDi+VhEA3zLsOZNpmssUjQXFstz/6uFUo4du
LA8q0THuZ9WVLbCCZ8RzwjHUX/3Hf8VA0PcK2SrzyJMo0ZmjUuD4fdQcyvLWpLEs
cGk1up9f1H407m3CYsZ38ojqNeVfpLzVu2KVyBmTbWU79o9fRD2byeoK8QIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFJXNN8FwQC1xD6HKXH45uj/sgLDdMB8GA1UdIwQY
MBaAFOnk3JaO1Sk1oE3uOyKcIcqb/b1+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEt
NmM3ODU2ZWY3YjMxLzEvbGMwM3dYQkFMWEVQb2NwY2ZqbTZQLXlBc04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEtNmM3ODU2ZWY3YjMx
LzEvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQDBSvgAwQD
nv8gAwQDsErYAwQCuQg4AwQDvHw4AwQCwaFUMA8EAgACMAkDBwIqAxhAAAAwDQYJ
KoZIhvcNAQELBQADggEBAJ1XQ71aKOp1uEIiF4+Hrs48OKlBjvLpZAqCXVKg9OOR
x42cGv7kajnOG5EejL9HrglobHqUkfrf39Hr7gLEsQ7Oyiy7oiPn2nNZE7VgVRi+
IVV8yQuQ5XHc3J8l/hdIa37T/Kan4oNrRri5DhhRkEqturMkai8/UYGtCLooBCsq
2V4w/Nrjok4f1UaWriykSijRVyyoh5uvOLUNujoQQho9mZ3GpLqPp4YaX+o0cEdG
G0DdzcFwk9SnWPVI6Y86+Y1I8Sh/D0+UIpeHzEy7nsyfeUnRDGiixGR3IsBYb5FH
oYF9ljlGvIqpJbyzbVYAK/nxC4qPv3h978AUQuNQSu0=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:41:00 2025 by rpki-client