Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/2a9acf-2f1e-4c9c-b810-a047816d6283/1/Mr0WRrlMlv0_Evxeakjpwz7LiPg.roa
File: Mr0WRrlMlv0_Evxeakjpwz7LiPg.roa (raw, json)
Hash identifier: gsCCcQlF73dWTqboxZPlvCMCNzkEYN7/m7aejhTDik0=
Subject key identifier: 32:BD:16:46:B9:4C:96:FD:3F:12:FC:5E:6A:48:E9:C3:3E:CB:88:F8
Certificate issuer: /CN=448331851b3559d3cc8299f6b020ef378e2e4b04
Certificate serial: 019427B64CD62BB51F4C275E2AD7A33DE2B0
Authority key identifier: 44:83:31:85:1B:35:59:D3:CC:82:99:F6:B0:20:EF:37:8E:2E:4B:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RIMxhRs1WdPMgpn2sCDvN44uSwQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/2a9acf-2f1e-4c9c-b810-a047816d6283/1/Mr0WRrlMlv0_Evxeakjpwz7LiPg.roa
Signing time: Thu 02 Jan 2025 15:50:46 +0000
ROA not before: Thu 02 Jan 2025 15:50:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199042
IP address blocks: 176.115.168.0/21 maxlen: 21
176.115.168.0/24 maxlen: 24
176.115.169.0/24 maxlen: 24
176.115.170.0/24 maxlen: 24
176.115.171.0/24 maxlen: 24
176.115.172.0/24 maxlen: 24
176.115.173.0/24 maxlen: 24
176.115.174.0/24 maxlen: 24
176.115.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cb/2a9acf-2f1e-4c9c-b810-a047816d6283/1/RIMxhRs1WdPMgpn2sCDvN44uSwQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/cb/2a9acf-2f1e-4c9c-b810-a047816d6283/1/RIMxhRs1WdPMgpn2sCDvN44uSwQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/RIMxhRs1WdPMgpn2sCDvN44uSwQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:4c:d6:2b:b5:1f:4c:27:5e:2a:d7:a3:3d:e2:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=448331851b3559d3cc8299f6b020ef378e2e4b04
Validity
Not Before: Jan 2 15:50:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=32bd1646b94c96fd3f12fc5e6a48e9c33ecb88f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:40:82:64:8a:3e:d0:74:55:4e:05:de:72:13:
4c:44:2f:44:1a:7d:f1:02:2f:21:93:c0:23:fb:08:
66:c4:ef:ba:4d:ba:57:de:22:53:27:3a:2b:b5:9a:
f2:85:69:ce:3f:eb:bd:4a:07:65:95:f3:c1:67:5b:
b6:de:03:c4:77:23:17:d3:a4:4a:07:da:cc:ef:dc:
1d:0b:de:79:ed:0a:40:09:90:6b:2b:f8:3b:f3:5d:
44:db:5f:e6:a2:f9:41:7c:e2:83:46:80:25:f6:e5:
b2:84:78:57:bc:9b:a0:81:52:82:dc:96:fe:88:ba:
53:64:a6:91:1c:4e:93:8e:eb:de:57:c0:f5:a5:54:
a8:3f:f9:22:54:25:ca:56:c7:bf:e0:f4:a4:48:03:
11:18:05:ca:29:7f:cb:70:81:90:90:ba:ff:ec:d5:
81:22:7d:bb:ee:22:0a:c2:00:3d:71:c6:1a:01:c4:
c5:56:50:ad:89:00:60:39:b2:5b:2f:f8:13:c8:ce:
50:62:24:5c:38:64:0c:0e:1b:d0:14:68:4a:b0:bd:
33:09:ca:81:d1:bf:3e:cd:42:e1:c8:16:96:36:e4:
81:84:86:60:20:f3:6a:14:1c:47:34:1e:ee:af:59:
21:f2:c2:ee:72:a0:82:10:7d:d5:1e:33:6c:97:0c:
a8:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:BD:16:46:B9:4C:96:FD:3F:12:FC:5E:6A:48:E9:C3:3E:CB:88:F8
X509v3 Authority Key Identifier:
keyid:44:83:31:85:1B:35:59:D3:CC:82:99:F6:B0:20:EF:37:8E:2E:4B:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RIMxhRs1WdPMgpn2sCDvN44uSwQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/2a9acf-2f1e-4c9c-b810-a047816d6283/1/Mr0WRrlMlv0_Evxeakjpwz7LiPg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/2a9acf-2f1e-4c9c-b810-a047816d6283/1/RIMxhRs1WdPMgpn2sCDvN44uSwQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.115.168.0/21
Signature Algorithm: sha256WithRSAEncryption
8c:4b:c1:c3:90:11:69:e1:c6:40:d1:63:ed:bf:8b:68:0e:93:
73:d3:3e:f7:98:c3:b4:62:d3:67:f8:3a:0d:8a:b2:36:f6:9e:
f3:1e:f5:ac:9d:43:19:1d:4b:0c:41:96:6c:2e:37:1b:35:89:
00:ad:02:02:a4:fe:07:80:e2:17:e6:0e:6e:82:29:65:e8:5c:
bc:40:72:ef:be:29:a6:40:71:79:a1:74:d0:a2:f8:37:6b:ef:
cf:1c:f3:67:b5:51:0c:ce:e2:0a:b2:70:57:6e:7f:c4:9f:1a:
4f:aa:a9:9b:4e:3f:2d:73:15:d3:8c:e9:fc:1b:b4:69:f7:ea:
e5:6b:c1:e7:72:f0:cd:7e:99:ee:78:25:38:a1:e0:bb:0e:43:
df:98:2e:d8:dd:78:09:d4:77:b5:c0:6b:76:21:1e:b3:a7:fd:
6c:85:5d:d9:4e:a1:00:b2:9a:1f:62:8d:5e:45:6f:5d:24:a7:
ef:6b:10:d5:cc:03:bb:1c:50:6b:54:1f:86:5f:dd:b7:b7:06:
71:57:8c:64:5b:2f:6c:ee:2f:fc:75:ba:46:4b:36:df:c5:a8:
d8:37:a7:b5:da:80:c3:a7:01:6b:6c:85:de:eb:5c:18:98:1f:
aa:7b:84:0a:fc:9a:3b:58:58:02:ee:92:9d:ef:0e:8b:a0:34:
86:fa:a1:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntkzWK7UfTCdeKtejPeKwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ODMzMTg1MWIzNTU5ZDNjYzgyOTlmNmIwMjBlZjM3OGUy
ZTRiMDQwHhcNMjUwMTAyMTU1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJkMTY0NmI5NGM5NmZkM2YxMmZjNWU2YTQ4ZTljMzNlY2I4OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ECCZIo+0HRVTgXechNMRC9EGn3x
Ai8hk8Aj+whmxO+6TbpX3iJTJzortZryhWnOP+u9SgdllfPBZ1u23gPEdyMX06RK
B9rM79wdC9557QpACZBrK/g7811E21/movlBfOKDRoAl9uWyhHhXvJuggVKC3Jb+
iLpTZKaRHE6TjuveV8D1pVSoP/kiVCXKVse/4PSkSAMRGAXKKX/LcIGQkLr/7NWB
In277iIKwgA9ccYaAcTFVlCtiQBgObJbL/gTyM5QYiRcOGQMDhvQFGhKsL0zCcqB
0b8+zULhyBaWNuSBhIZgIPNqFBxHNB7ur1kh8sLucqCCEH3VHjNslwyoaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDK9Fka5TJb9PxL8XmpI6cM+y4j4MB8GA1UdIwQY
MBaAFESDMYUbNVnTzIKZ9rAg7zeOLksEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUklNeGhSczFXZFBNZ3BuMnNDRHZONDR1U3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8yYTlhY2YtMmYxZS00YzljLWI4MTAt
YTA0NzgxNmQ2MjgzLzEvTXIwV1JybE1sdjBfRXZ4ZWFranB3ejdMaVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8yYTlhY2YtMmYxZS00YzljLWI4MTAtYTA0NzgxNmQ2Mjgz
LzEvUklNeGhSczFXZFBNZ3BuMnNDRHZONDR1U3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHOoMA0G
CSqGSIb3DQEBCwUAA4IBAQCMS8HDkBFp4cZA0WPtv4toDpNz0z73mMO0YtNn+DoN
irI29p7zHvWsnUMZHUsMQZZsLjcbNYkArQICpP4HgOIX5g5ugill6Fy8QHLvvimm
QHF5oXTQovg3a+/PHPNntVEMzuIKsnBXbn/EnxpPqqmbTj8tcxXTjOn8G7Rp9+rl
a8HncvDNfpnueCU4oeC7DkPfmC7Y3XgJ1He1wGt2IR6zp/1shV3ZTqEAspofYo1e
RW9dJKfvaxDVzAO7HFBrVB+GX923twZxV4xkWy9s7i/8dbpGSzbfxajYN6e12oDD
pwFrbIXe61wYmB+qe4QK/Jo7WFgC7pKd7w6LoDSG+qHP
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:58:20 2025 by rpki-client