Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/MJmSheQwhqTa8TcshZRbeEjyzHg.roa
File: MJmSheQwhqTa8TcshZRbeEjyzHg.roa (raw, json)
Hash identifier: Gp/YgLDeJmP+HyXt6WhUwXyvRtnPi/acuut1qwHPb1I=
Subject key identifier: 30:99:92:85:E4:30:86:A4:DA:F1:37:2C:85:94:5B:78:48:F2:CC:78
Certificate issuer: /CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Certificate serial: 019427B593C9E2796782A1628E0E9C5F0F96
Authority key identifier: 0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/MJmSheQwhqTa8TcshZRbeEjyzHg.roa
Signing time: Thu 02 Jan 2025 15:49:58 +0000
ROA not before: Thu 02 Jan 2025 15:49:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 46.226.52.0/23 maxlen: 23
85.158.140.0/24 maxlen: 24
85.158.141.0/24 maxlen: 24
85.158.142.0/24 maxlen: 24
85.158.143.0/24 maxlen: 24
193.109.254.0/24 maxlen: 24
193.109.255.0/24 maxlen: 24
195.245.230.0/24 maxlen: 24
195.245.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.mft
rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 21:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:93:c9:e2:79:67:82:a1:62:8e:0e:9c:5f:0f:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Validity
Not Before: Jan 2 15:49:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30999285e43086a4daf1372c85945b7848f2cc78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:89:b7:47:34:6f:53:f8:29:37:d6:d9:55:70:
4a:bc:b0:7f:bd:62:a0:af:5c:e9:c8:fd:c1:7d:5e:
f5:6b:d2:01:39:d8:e9:4d:40:ec:1d:55:b3:d3:83:
66:54:0b:3f:55:f4:7f:77:91:b8:57:a4:8f:08:0a:
14:d6:fb:97:71:00:a6:76:5c:62:8e:7a:11:0c:7c:
59:19:6e:02:ef:b5:d1:75:5d:7d:e3:b4:a8:3d:61:
4d:ab:80:8c:86:68:1f:37:05:20:69:c3:f2:ab:c5:
06:da:3f:c5:42:ba:9f:b3:77:93:83:ad:14:e6:ec:
b8:2d:2c:ca:e6:fb:8a:8b:9b:05:b9:e8:f3:64:9f:
2a:26:57:67:60:24:50:33:cf:bb:f6:31:e8:0b:b6:
64:f9:4b:77:cb:ea:a6:b7:a6:ab:b0:a4:81:84:1a:
66:2a:2e:2f:fc:45:62:bd:04:6a:a9:e4:ce:77:f4:
01:c9:23:b1:8c:78:cc:6a:67:5b:47:7c:5d:22:b4:
94:84:76:89:cd:5e:d2:26:11:59:21:1e:e4:d2:eb:
b9:17:04:0d:09:c3:63:21:6d:c3:da:83:7d:2f:32:
f7:38:4a:2e:7c:ba:d4:c7:0a:09:c9:f8:f0:57:48:
dc:29:ff:3e:78:f4:a1:4b:09:48:03:3c:f1:28:b3:
eb:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:99:92:85:E4:30:86:A4:DA:F1:37:2C:85:94:5B:78:48:F2:CC:78
X509v3 Authority Key Identifier:
keyid:0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/MJmSheQwhqTa8TcshZRbeEjyzHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.52.0/23
85.158.140.0/22
193.109.254.0/23
195.245.230.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:1b:ae:d5:80:a5:66:e0:a0:c0:ab:91:6b:13:4d:03:2a:5f:
9b:7a:4d:24:57:9e:cc:d4:7e:93:d2:83:98:36:a5:83:88:c9:
4a:3e:55:b1:d0:c6:42:3d:87:9f:77:51:4d:41:1e:37:9d:35:
b1:7b:b0:02:a1:e9:4d:d2:43:52:e3:2c:26:ea:b3:34:cd:ad:
e7:f5:71:58:06:2f:69:0a:ab:d7:0b:24:df:37:2b:27:c3:d7:
2f:42:a4:e8:64:66:d8:21:a3:52:9c:4e:9b:83:f0:a8:da:d3:
28:01:ce:60:f6:71:77:86:50:28:42:ba:9b:68:d5:5a:61:5c:
e6:db:d3:b8:83:26:b9:ec:56:5a:55:93:fd:f0:4e:05:9c:f1:
8b:06:6f:50:0a:99:d4:b1:aa:9d:6f:62:2e:b0:2c:41:32:93:
c1:22:8d:05:c5:c9:fe:16:27:58:c7:be:bb:73:c6:fb:a2:60:
27:f8:e0:a6:8d:f1:dd:59:0d:ba:b1:ac:04:1f:78:de:3a:c5:
bf:c2:fc:3e:8d:fe:43:dd:28:6e:bf:be:22:ec:1b:70:90:83:
09:64:84:91:49:a7:62:9d:5a:b9:8f:a8:38:91:72:d8:73:87:
f2:a7:7a:7b:2e:01:a6:a2:c7:5b:e2:b0:e1:a7:f7:a6:6e:0b:
a3:ec:d6:21
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQntZPJ4nlngqFijg6cXw+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWM2ZDBkZTcwY2M1MTgwNWI2M2E1ZTIzMjc2MjI1MjVk
MDc1YjEwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk5OTI4NWU0MzA4NmE0ZGFmMTM3MmM4NTk0NWI3ODQ4ZjJjYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzom3RzRvU/gpN9bZVXBKvLB/vWKg
r1zpyP3BfV71a9IBOdjpTUDsHVWz04NmVAs/VfR/d5G4V6SPCAoU1vuXcQCmdlxi
jnoRDHxZGW4C77XRdV1947SoPWFNq4CMhmgfNwUgacPyq8UG2j/FQrqfs3eTg60U
5uy4LSzK5vuKi5sFuejzZJ8qJldnYCRQM8+79jHoC7Zk+Ut3y+qmt6arsKSBhBpm
Ki4v/EVivQRqqeTOd/QBySOxjHjMamdbR3xdIrSUhHaJzV7SJhFZIR7k0uu5FwQN
CcNjIW3D2oN9LzL3OEoufLrUxwoJyfjwV0jcKf8+ePShSwlIAzzxKLPrgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDCZkoXkMIak2vE3LIWUW3hI8sx4MB8GA1UdIwQY
MBaAFAscbQ3nDMUYBbY6XiMnYiUl0HWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAt
Zjc3NGYxZWFmYmZmLzEvTUptU2hlUXdocVRhOFRjc2haUmJlRWp5ekhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAtZjc3NGYxZWFmYmZm
LzEvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBLuI0AwQC
VZ6MAwQBwW3+AwQBw/XmMA0GCSqGSIb3DQEBCwUAA4IBAQCPG67VgKVm4KDAq5Fr
E00DKl+bek0kV57M1H6T0oOYNqWDiMlKPlWx0MZCPYefd1FNQR43nTWxe7ACoelN
0kNS4ywm6rM0za3n9XFYBi9pCqvXCyTfNysnw9cvQqToZGbYIaNSnE6bg/Co2tMo
Ac5g9nF3hlAoQrqbaNVaYVzm29O4gya57FZaVZP98E4FnPGLBm9QCpnUsaqdb2Iu
sCxBMpPBIo0Fxcn+FidYx767c8b7omAn+OCmjfHdWQ26sawEH3jeOsW/wvw+jf5D
3Shuv74i7BtwkIMJZISRSadinVq5j6g4kXLYc4fyp3p7LgGmosdb4rDhp/embguj
7NYh
-----END CERTIFICATE-----
Generated at Sat Apr 5 07:18:16 2025 by rpki-client