Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/M4qXtzk7m1_HROVvWg529-GrNdE.roa
File: M4qXtzk7m1_HROVvWg529-GrNdE.roa (raw, json)
Hash identifier: edioIsxmBILO0oJIeA0UJ1H6nLNxCIDowpitLjgAj8U=
Subject key identifier: 33:8A:97:B7:39:3B:9B:5F:C7:44:E5:6F:5A:0E:76:F7:E1:AB:35:D1
Certificate issuer: /CN=4b2b6d2a5d4130560f617963d9fbc93442dc1ccd
Certificate serial: 01942067FAE6C92C236A34452EB4D8C9222E
Authority key identifier: 4B:2B:6D:2A:5D:41:30:56:0F:61:79:63:D9:FB:C9:34:42:DC:1C:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/M4qXtzk7m1_HROVvWg529-GrNdE.roa
Signing time: Wed 01 Jan 2025 05:47:52 +0000
ROA not before: Wed 01 Jan 2025 05:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 559
IP address blocks: 130.92.0.0/16 maxlen: 16
192.41.149.0/24 maxlen: 24
192.41.150.0/23 maxlen: 23
192.41.152.0/21 maxlen: 21
192.41.160.0/24 maxlen: 24
192.101.176.0/24 maxlen: 24
193.5.168.0/22 maxlen: 22
193.135.168.0/22 maxlen: 22
193.247.240.0/22 maxlen: 22
194.153.96.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.crl
rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.mft
rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 21:50:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:fa:e6:c9:2c:23:6a:34:45:2e:b4:d8:c9:22:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b2b6d2a5d4130560f617963d9fbc93442dc1ccd
Validity
Not Before: Jan 1 05:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=338a97b7393b9b5fc744e56f5a0e76f7e1ab35d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:e2:b9:60:5e:f7:6d:d2:f1:2f:03:32:a4:75:
6c:74:45:0a:0f:fe:fc:c6:e4:47:dd:d3:90:05:a6:
b4:79:7d:ea:df:24:b6:d3:8b:1f:aa:7f:5d:5e:6a:
97:c2:7e:75:02:ec:2a:4b:97:85:f7:17:5d:58:ec:
bf:d6:ee:55:5e:59:5f:bb:81:9c:3e:bb:77:76:e9:
29:ec:53:7f:ec:8e:10:34:dd:a1:4c:df:7e:74:ff:
88:66:a4:32:4e:43:25:73:cc:39:9f:e9:0b:ec:04:
83:e9:b7:f8:54:6d:4c:a2:ea:d9:1d:5d:42:c3:c3:
e8:d6:c3:b1:83:79:cf:08:50:9f:c4:ba:5f:6c:0c:
c8:21:d9:4e:38:67:94:7f:f4:9f:e2:69:41:5a:52:
d1:69:96:66:43:d8:c2:c9:ad:c9:36:c0:a4:b9:18:
15:c0:66:88:59:a0:77:ea:76:74:7d:32:e6:54:1f:
f5:22:1a:68:97:93:47:a9:80:2a:5e:f6:e0:e2:12:
7b:72:1f:39:f3:77:41:ac:23:9e:5d:a7:51:85:39:
26:5f:d9:df:2a:47:e8:47:24:f7:6b:ea:84:30:66:
20:6f:e2:80:23:ea:3f:c7:fb:61:66:58:ba:88:83:
3b:bb:9b:61:4e:11:74:12:74:5d:a4:c5:96:0d:31:
67:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:8A:97:B7:39:3B:9B:5F:C7:44:E5:6F:5A:0E:76:F7:E1:AB:35:D1
X509v3 Authority Key Identifier:
keyid:4B:2B:6D:2A:5D:41:30:56:0F:61:79:63:D9:FB:C9:34:42:DC:1C:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/M4qXtzk7m1_HROVvWg529-GrNdE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.92.0.0/16
192.41.149.0-192.41.160.255
192.101.176.0/24
193.5.168.0/22
193.135.168.0/22
193.247.240.0/22
194.153.96.0/24
Signature Algorithm: sha256WithRSAEncryption
b3:df:3e:5e:be:25:9d:3f:e8:03:aa:4e:8f:8d:7c:72:02:21:
0b:e1:47:fc:7b:39:d2:19:71:a2:a2:3e:31:b1:5d:05:37:c5:
b0:28:04:bd:a0:3f:35:3d:d4:76:ec:b6:3d:b2:a0:09:ce:48:
9c:f8:14:5b:08:33:77:62:b0:c7:5e:4a:eb:66:b6:de:e8:dd:
e9:41:82:b5:9d:bd:dc:37:57:3d:a0:e0:48:ec:c6:a4:66:bd:
a1:a5:5e:cd:91:43:7f:94:a8:cc:30:bf:80:96:d4:60:1b:95:
57:85:ea:f0:17:ac:28:da:aa:cd:53:ec:b5:58:07:a8:5e:ed:
cc:ef:84:f5:00:fe:0f:f3:13:af:e4:70:49:fa:21:6a:50:0c:
56:66:5d:fc:3c:e4:0d:a8:3b:6c:86:b5:0b:5a:1b:79:d4:23:
4c:35:c3:e9:35:15:ef:48:14:37:8e:82:19:83:a7:0a:ce:df:
da:5e:bc:74:04:27:39:27:9c:b5:2c:c0:5a:df:6a:53:ba:05:
30:22:fc:e4:aa:ee:cc:33:ec:30:e3:ed:5d:3f:03:cb:67:9a:
d1:4a:42:96:7f:df:76:83:5d:6f:c5:48:bb:b3:c7:5c:a6:b5:
b4:43:d2:80:72:2a:09:91:3a:08:43:23:c4:b9:0f:e3:67:83:
11:9d:b5:b8
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZQgZ/rmySwjajRFLrTYySIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMmI2ZDJhNWQ0MTMwNTYwZjYxNzk2M2Q5ZmJjOTM0NDJk
YzFjY2QwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhhOTdiNzM5M2I5YjVmYzc0NGU1NmY1YTBlNzZmN2UxYWIzNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+K5YF73bdLxLwMypHVsdEUKD/78
xuRH3dOQBaa0eX3q3yS204sfqn9dXmqXwn51AuwqS5eF9xddWOy/1u5VXllfu4Gc
Prt3dukp7FN/7I4QNN2hTN9+dP+IZqQyTkMlc8w5n+kL7ASD6bf4VG1MourZHV1C
w8Po1sOxg3nPCFCfxLpfbAzIIdlOOGeUf/Sf4mlBWlLRaZZmQ9jCya3JNsCkuRgV
wGaIWaB36nZ0fTLmVB/1Ihpol5NHqYAqXvbg4hJ7ch8583dBrCOeXadRhTkmX9nf
KkfoRyT3a+qEMGYgb+KAI+o/x/thZli6iIM7u5thThF0EnRdpMWWDTFnTwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFDOKl7c5O5tfx0Tlb1oOdvfhqzXRMB8GA1UdIwQY
MBaAFEsrbSpdQTBWD2F5Y9n7yTRC3BzNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3l0dEtsMUJNRllQWVhsajJmdkpORUxjSE0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MGVmNDEtMzFmNC00MjBkLWJhZGMt
YzU3NDE1ODUwMmM4LzEvTTRxWHR6azdtMV9IUk9WdldnNTI5LUdyTmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MGVmNDEtMzFmNC00MjBkLWJhZGMtYzU3NDE1ODUwMmM4
LzEvU3l0dEtsMUJNRllQWVhsajJmdkpORUxjSE0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAATAxAwMAglwwDAME
AMAplQMEAMApoAMEAMBlsAMEAsEFqAMEAsGHqAMEAsH38AMEAMKZYDANBgkqhkiG
9w0BAQsFAAOCAQEAs98+Xr4lnT/oA6pOj418cgIhC+FH/Hs50hlxoqI+MbFdBTfF
sCgEvaA/NT3Uduy2PbKgCc5InPgUWwgzd2Kwx15K62a23ujd6UGCtZ293DdXPaDg
SOzGpGa9oaVezZFDf5SozDC/gJbUYBuVV4Xq8BesKNqqzVPstVgHqF7tzO+E9QD+
D/MTr+RwSfohalAMVmZd/DzkDag7bIa1C1obedQjTDXD6TUV70gUN46CGYOnCs7f
2l68dAQnOSectSzAWt9qU7oFMCL85KruzDPsMOPtXT8Dy2ea0UpCln/fdoNdb8VI
u7PHXKa1tEPSgHIqCZE6CEMjxLkP42eDEZ21uA==
-----END CERTIFICATE-----
Generated at Fri Apr 11 05:24:21 2025 by rpki-client