Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/mx1zhwHtw-uurdoc1Rs-ub83PY4.roa
File: mx1zhwHtw-uurdoc1Rs-ub83PY4.roa (raw, json)
Hash identifier: O6YFpkOTCBT8CmU8XHKba4R6Y/9CL3lbQUtfKViPzQc=
Subject key identifier: 9B:1D:73:87:01:ED:C3:EB:AE:AD:DA:1C:D5:1B:3E:B9:BF:37:3D:8E
Certificate issuer: /CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Certificate serial: 019427B5944CD89CF769297C81CB95F0008E
Authority key identifier: 0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/mx1zhwHtw-uurdoc1Rs-ub83PY4.roa
Signing time: Thu 02 Jan 2025 15:49:58 +0000
ROA not before: Thu 02 Jan 2025 15:49:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396982
IP address blocks: 85.158.140.0/24 maxlen: 24
85.158.141.0/24 maxlen: 24
85.158.142.0/24 maxlen: 24
85.158.143.0/24 maxlen: 24
195.245.230.0/24 maxlen: 24
195.245.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.mft
rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 12:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:94:4c:d8:9c:f7:69:29:7c:81:cb:95:f0:00:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Validity
Not Before: Jan 2 15:49:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9b1d738701edc3ebaeadda1cd51b3eb9bf373d8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:45:dc:d1:d2:65:81:b6:f3:b7:80:f7:fb:56:
e2:74:25:7c:64:42:87:f4:2a:bd:23:0d:80:b0:53:
13:93:66:99:8f:51:32:52:b3:8a:92:f4:99:79:48:
41:13:01:8f:7e:e4:9e:45:f2:33:81:aa:73:59:06:
21:a1:4a:8b:6f:31:01:c2:4f:62:5f:3a:3f:d0:3b:
33:a1:d9:c5:e3:c2:aa:40:13:35:0c:94:6e:50:a8:
1e:da:1f:30:e1:7f:dc:4b:36:7c:34:26:0f:88:3e:
5b:30:fd:1b:18:15:e6:52:35:7f:90:f2:27:44:bd:
f2:80:c9:c5:0b:38:cd:fc:af:47:ab:c9:36:bf:c8:
1a:7c:49:4b:9b:32:72:4e:5b:dc:eb:1c:f2:b3:31:
6d:bc:5b:41:75:ac:6f:6c:f1:05:7b:7d:4d:cb:c3:
6f:bd:48:70:df:b0:8c:53:7b:01:94:60:1a:fb:21:
58:72:3e:74:06:c1:e0:d9:f5:82:ad:9b:2f:d0:6c:
c9:14:b2:56:68:45:6d:6f:b3:dc:68:2b:80:ff:f2:
db:7c:ca:cd:e5:cc:a7:89:f9:83:eb:7e:d5:98:a6:
cc:72:76:de:13:94:6f:21:26:d7:79:ee:26:6f:56:
70:4a:7e:26:20:7e:7b:eb:68:5a:f3:0a:ce:3c:b4:
fc:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:1D:73:87:01:ED:C3:EB:AE:AD:DA:1C:D5:1B:3E:B9:BF:37:3D:8E
X509v3 Authority Key Identifier:
keyid:0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/mx1zhwHtw-uurdoc1Rs-ub83PY4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.158.140.0/22
195.245.230.0/23
Signature Algorithm: sha256WithRSAEncryption
28:ed:02:f4:e6:35:35:d3:59:73:62:a5:bc:47:aa:a1:19:89:
c9:94:44:45:45:e8:e1:5c:a5:f3:a3:02:6d:d8:56:30:d9:7f:
e5:40:d1:7a:3f:31:d6:ea:e2:bb:8c:cc:56:30:d9:44:87:42:
e4:a7:45:55:03:cc:b3:7d:97:ed:dd:32:e2:66:3f:b8:a4:69:
10:18:54:36:24:40:ae:a6:d8:c0:8e:bb:2e:f9:87:c1:e2:09:
83:94:81:a2:b8:97:8c:b3:6e:8d:47:0f:ff:4b:f5:82:73:c8:
b3:9f:fb:fb:21:31:04:5d:15:a1:05:c9:22:7e:6c:90:b3:3c:
e9:03:1a:3b:80:9b:6d:18:80:ac:7b:ac:a4:c1:7a:fc:f4:4e:
12:f0:6e:1b:49:d6:49:90:98:93:6b:c1:38:4c:7a:ef:2c:af:
b5:e1:cb:8f:37:da:2a:bc:6c:7d:5e:ba:e7:50:77:6c:f0:b5:
97:44:e9:46:dc:35:f4:99:40:18:94:db:f3:c4:81:a4:14:22:
67:3e:54:02:9c:61:92:6e:58:4b:d1:2d:4f:06:fc:a4:06:91:
5b:cb:a6:a9:48:8a:54:fb:f0:36:74:f5:1a:a5:e1:8e:1e:c4:
02:65:3a:53:69:2c:dd:df:02:f6:f9:84:cd:ec:c3:09:a0:79:
4b:43:5f:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntZRM2Jz3aSl8gcuV8ACOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWM2ZDBkZTcwY2M1MTgwNWI2M2E1ZTIzMjc2MjI1MjVk
MDc1YjEwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjFkNzM4NzAxZWRjM2ViYWVhZGRhMWNkNTFiM2ViOWJmMzczZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEXc0dJlgbbzt4D3+1bidCV8ZEKH
9Cq9Iw2AsFMTk2aZj1EyUrOKkvSZeUhBEwGPfuSeRfIzgapzWQYhoUqLbzEBwk9i
Xzo/0DszodnF48KqQBM1DJRuUKge2h8w4X/cSzZ8NCYPiD5bMP0bGBXmUjV/kPIn
RL3ygMnFCzjN/K9Hq8k2v8gafElLmzJyTlvc6xzyszFtvFtBdaxvbPEFe31Ny8Nv
vUhw37CMU3sBlGAa+yFYcj50BsHg2fWCrZsv0GzJFLJWaEVtb7PcaCuA//LbfMrN
5cynifmD637VmKbMcnbeE5RvISbXee4mb1ZwSn4mIH5762ha8wrOPLT8cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJsdc4cB7cPrrq3aHNUbPrm/Nz2OMB8GA1UdIwQY
MBaAFAscbQ3nDMUYBbY6XiMnYiUl0HWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAt
Zjc3NGYxZWFmYmZmLzEvbXgxemh3SHR3LXV1cmRvYzFScy11YjgzUFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAtZjc3NGYxZWFmYmZm
LzEvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVZ6MAwQB
w/XmMA0GCSqGSIb3DQEBCwUAA4IBAQAo7QL05jU101lzYqW8R6qhGYnJlERFRejh
XKXzowJt2FYw2X/lQNF6PzHW6uK7jMxWMNlEh0Lkp0VVA8yzfZft3TLiZj+4pGkQ
GFQ2JECuptjAjrsu+YfB4gmDlIGiuJeMs26NRw//S/WCc8izn/v7ITEEXRWhBcki
fmyQszzpAxo7gJttGICse6ykwXr89E4S8G4bSdZJkJiTa8E4THrvLK+14cuPN9oq
vGx9XrrnUHds8LWXROlG3DX0mUAYlNvzxIGkFCJnPlQCnGGSblhL0S1PBvykBpFb
y6apSIpU+/A2dPUapeGOHsQCZTpTaSzd3wL2+YTN7MMJoHlLQ1+g
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:43 2025 by rpki-client