Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/Rj6LyhmuYOVWqVkzjLxE3-yzKYI.roa
File: Rj6LyhmuYOVWqVkzjLxE3-yzKYI.roa (raw, json)
Hash identifier: hnTztba+lIL8dBqmzjJSK96VaZ7aTD4lLM3WLko0IFQ=
Subject key identifier: 46:3E:8B:CA:19:AE:60:E5:56:A9:59:33:8C:BC:44:DF:EC:B3:29:82
Certificate issuer: /CN=8d66032e08894118d7998c5c060ca46eb3871338
Certificate serial: 019421440E99BC716034A47CA0EA43C74DC3
Authority key identifier: 8D:66:03:2E:08:89:41:18:D7:99:8C:5C:06:0C:A4:6E:B3:87:13:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jWYDLgiJQRjXmYxcBgykbrOHEzg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/Rj6LyhmuYOVWqVkzjLxE3-yzKYI.roa
Signing time: Wed 01 Jan 2025 09:48:15 +0000
ROA not before: Wed 01 Jan 2025 09:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48152
IP address blocks: 185.169.146.0/23 maxlen: 23
217.70.224.0/22 maxlen: 24
217.70.228.0/22 maxlen: 22
217.70.232.0/22 maxlen: 22
217.70.236.0/22 maxlen: 22
217.148.240.0/22 maxlen: 22
217.148.244.0/22 maxlen: 22
217.148.248.0/22 maxlen: 22
217.148.252.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/jWYDLgiJQRjXmYxcBgykbrOHEzg.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/jWYDLgiJQRjXmYxcBgykbrOHEzg.mft
rsync://rpki.ripe.net/repository/DEFAULT/jWYDLgiJQRjXmYxcBgykbrOHEzg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 21:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:0e:99:bc:71:60:34:a4:7c:a0:ea:43:c7:4d:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d66032e08894118d7998c5c060ca46eb3871338
Validity
Not Before: Jan 1 09:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=463e8bca19ae60e556a959338cbc44dfecb32982
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:2f:a4:56:0c:70:0e:66:f2:ae:f6:c8:c6:25:
a7:5c:98:57:ff:ff:c1:29:12:63:ec:9d:b3:7b:af:
ec:2f:84:1c:c7:cf:cb:e7:cd:aa:6b:16:37:cb:cc:
0a:43:3d:aa:99:3a:9f:d8:6c:33:07:ea:27:ca:4e:
56:0a:38:3c:7a:61:b6:a2:f4:f3:29:c3:be:04:f6:
8b:12:27:b5:d7:c1:5e:d0:6d:6a:6f:7b:9f:04:90:
05:82:ab:56:f4:da:6a:8f:a7:05:1a:d0:88:33:66:
19:6c:6f:cd:7b:c4:8b:b3:50:0c:eb:ff:6b:64:45:
0f:79:4b:ea:88:3c:0c:23:d4:42:b1:e2:cc:1d:3c:
d2:90:8f:07:bf:05:61:00:a7:33:64:be:a3:9c:69:
30:e6:29:9e:cc:fc:83:c2:6e:b1:5b:1e:ce:77:77:
2b:56:13:bd:2d:3a:bf:05:45:41:a5:12:87:64:09:
31:29:0d:86:ca:57:f6:7b:61:b7:02:b1:e6:b0:29:
bd:db:e0:1a:68:b7:8a:4a:7a:e2:e2:b4:b5:b4:bb:
1d:5e:c8:6b:1d:d3:9b:d4:80:fe:3e:85:eb:90:c6:
5b:5d:57:91:77:da:5f:a0:9d:09:0f:2d:55:ed:d9:
09:f0:54:f0:36:bb:3f:4a:9e:78:b8:8d:98:87:3f:
27:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:3E:8B:CA:19:AE:60:E5:56:A9:59:33:8C:BC:44:DF:EC:B3:29:82
X509v3 Authority Key Identifier:
keyid:8D:66:03:2E:08:89:41:18:D7:99:8C:5C:06:0C:A4:6E:B3:87:13:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWYDLgiJQRjXmYxcBgykbrOHEzg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/Rj6LyhmuYOVWqVkzjLxE3-yzKYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/jWYDLgiJQRjXmYxcBgykbrOHEzg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.169.146.0/23
217.70.224.0/20
217.148.240.0/20
Signature Algorithm: sha256WithRSAEncryption
66:0b:09:e1:db:f5:ea:09:16:ca:cd:79:9b:27:aa:17:52:62:
ba:53:c8:19:08:58:37:e0:56:e0:f0:26:6c:d8:ce:62:1d:91:
72:33:df:74:b6:4a:08:0a:b9:42:3d:a4:57:84:5d:eb:1a:14:
99:d2:16:d1:ff:38:1e:76:37:9b:d0:e6:0e:8f:90:8f:47:a1:
2b:a3:dc:9e:90:bd:5b:45:64:a3:25:a4:6c:97:6d:ea:f1:1d:
ff:fa:61:07:fc:47:ab:81:c9:88:44:44:a1:87:a6:62:fd:85:
c9:5c:db:ed:84:ff:a8:c8:85:ac:4d:14:d2:46:96:17:5b:33:
dd:6b:63:c0:e7:c1:52:18:b7:f4:0c:98:a5:bc:38:fc:13:cd:
c0:e8:b2:d8:ef:94:a3:2e:30:12:e7:19:03:79:84:7c:9f:15:
6b:64:a9:af:80:cb:79:2f:be:b6:7b:3d:67:1d:10:4a:d2:2e:
a7:63:87:8b:07:ce:e0:a6:05:61:b6:6c:ae:d7:76:f3:5b:18:
1b:7c:30:fb:0f:be:15:be:d8:d6:19:09:15:76:19:72:d7:e0:
e0:58:83:5a:8d:24:76:73:5d:0e:1e:e5:ab:64:ca:68:e8:41:
f7:0a:cc:44:e1:71:44:6d:91:7c:08:4e:87:a4:32:48:16:f1:
a4:31:43:07
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRA6ZvHFgNKR8oOpDx03DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjYwMzJlMDg4OTQxMThkNzk5OGM1YzA2MGNhNDZlYjM4
NzEzMzgwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjNlOGJjYTE5YWU2MGU1NTZhOTU5MzM4Y2JjNDRkZmVjYjMyOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi+kVgxwDmbyrvbIxiWnXJhX///B
KRJj7J2ze6/sL4Qcx8/L582qaxY3y8wKQz2qmTqf2GwzB+onyk5WCjg8emG2ovTz
KcO+BPaLEie118Fe0G1qb3ufBJAFgqtW9Npqj6cFGtCIM2YZbG/Ne8SLs1AM6/9r
ZEUPeUvqiDwMI9RCseLMHTzSkI8HvwVhAKczZL6jnGkw5imezPyDwm6xWx7Od3cr
VhO9LTq/BUVBpRKHZAkxKQ2Gylf2e2G3ArHmsCm92+AaaLeKSnri4rS1tLsdXshr
HdOb1ID+PoXrkMZbXVeRd9pfoJ0JDy1V7dkJ8FTwNrs/Sp54uI2Yhz8n1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEY+i8oZrmDlVqlZM4y8RN/ssymCMB8GA1UdIwQY
MBaAFI1mAy4IiUEY15mMXAYMpG6zhxM4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldZRExnaUpRUmpYbVl4Y0JneWtick9IRXpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84NzJkYzctN2MwMS00ZTY2LTg0NGUt
NTk5ZDFjYTZhNWZkLzEvUmo2THlobXVZT1ZXcVZrempMeEUzLXl6S1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84NzJkYzctN2MwMS00ZTY2LTg0NGUtNTk5ZDFjYTZhNWZk
LzEvaldZRExnaUpRUmpYbVl4Y0JneWtick9IRXpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuamSAwQE
2UbgAwQE2ZTwMA0GCSqGSIb3DQEBCwUAA4IBAQBmCwnh2/XqCRbKzXmbJ6oXUmK6
U8gZCFg34Fbg8CZs2M5iHZFyM990tkoICrlCPaRXhF3rGhSZ0hbR/zgedjeb0OYO
j5CPR6Ero9yekL1bRWSjJaRsl23q8R3/+mEH/EergcmIREShh6Zi/YXJXNvthP+o
yIWsTRTSRpYXWzPda2PA58FSGLf0DJilvDj8E83A6LLY75SjLjAS5xkDeYR8nxVr
ZKmvgMt5L762ez1nHRBK0i6nY4eLB87gpgVhtmyu13bzWxgbfDD7D74VvtjWGQkV
dhly1+DgWINajSR2c10OHuWrZMpo6EH3CsxE4XFEbZF8CE6HpDJIFvGkMUMH
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:12:24 2025 by rpki-client