Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/543221-f267-4731-a7ad-987173b9e987/1/mCm-KBIMQ6gtgsW9oEUxZqdGcRM.roa
File: mCm-KBIMQ6gtgsW9oEUxZqdGcRM.roa (raw, json)
Hash identifier: ItOlCehgUekOH/ud/IMp3e9dVCyKMOt54wV1YDUzoCg=
Subject key identifier: 98:29:BE:28:12:0C:43:A8:2D:82:C5:BD:A0:45:31:66:A7:46:71:13
Certificate issuer: /CN=b220d91b4e9d70f034fa16a16a887d4255792ade
Certificate serial: 0194266B73A3EAC523207068EED031EF871D
Authority key identifier: B2:20:D9:1B:4E:9D:70:F0:34:FA:16:A1:6A:88:7D:42:55:79:2A:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/siDZG06dcPA0-hahaoh9QlV5Kt4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/543221-f267-4731-a7ad-987173b9e987/1/mCm-KBIMQ6gtgsW9oEUxZqdGcRM.roa
Signing time: Thu 02 Jan 2025 09:49:23 +0000
ROA not before: Thu 02 Jan 2025 09:49:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42010
IP address blocks: 5.28.48.0/21 maxlen: 24
91.103.184.0/21 maxlen: 24
128.65.96.0/21 maxlen: 21
128.65.96.0/24 maxlen: 24
128.65.97.0/24 maxlen: 24
128.65.98.0/23 maxlen: 23
128.65.100.0/22 maxlen: 22
185.91.20.0/22 maxlen: 24
185.135.168.0/23 maxlen: 23
185.135.170.0/23 maxlen: 23
2a03:7f80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cb/543221-f267-4731-a7ad-987173b9e987/1/siDZG06dcPA0-hahaoh9QlV5Kt4.crl
rsync://rpki.ripe.net/repository/DEFAULT/cb/543221-f267-4731-a7ad-987173b9e987/1/siDZG06dcPA0-hahaoh9QlV5Kt4.mft
rsync://rpki.ripe.net/repository/DEFAULT/siDZG06dcPA0-hahaoh9QlV5Kt4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:73:a3:ea:c5:23:20:70:68:ee:d0:31:ef:87:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b220d91b4e9d70f034fa16a16a887d4255792ade
Validity
Not Before: Jan 2 09:49:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9829be28120c43a82d82c5bda0453166a7467113
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:9e:76:6e:a8:77:6b:96:91:12:4c:43:4e:66:
c1:80:d9:a4:49:6e:83:f8:78:e1:ef:c6:82:98:d3:
db:cc:9f:c1:9c:a5:5c:01:45:a6:ee:c1:6b:f7:1a:
6a:e8:df:ab:b8:73:34:1f:e5:4a:c8:97:61:bc:43:
24:93:83:a7:4f:10:80:9c:f9:1a:e5:52:b9:19:f1:
1b:77:c4:d3:3f:f6:dd:ad:d6:ec:ce:66:a5:8a:48:
46:d1:01:d2:73:82:7d:73:99:2f:84:a7:b5:92:c2:
5a:0b:de:73:f5:a5:d6:b6:fd:c6:6f:57:cd:27:8d:
e1:4e:8f:ed:50:ba:d4:53:8b:63:1e:f5:bb:79:3b:
15:16:c5:5a:5c:65:84:a3:11:3a:54:2f:7d:67:f2:
65:98:22:81:eb:3f:4f:dd:21:27:5d:13:4a:b5:2e:
b4:3c:7d:3f:40:b5:8e:3f:c3:ee:5c:9f:98:d3:1c:
e7:e2:e2:8c:51:e8:23:86:e4:b0:3e:cc:c8:09:52:
b8:c2:6b:ce:40:32:08:9b:35:8e:c7:96:3d:ba:52:
73:02:92:c2:c2:be:3a:7d:f9:8a:4b:6a:ee:79:01:
60:3d:96:50:68:42:4a:38:e1:07:a4:41:65:02:0d:
d7:ee:56:0d:cc:53:cf:0b:de:32:c5:53:df:24:e3:
d2:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:29:BE:28:12:0C:43:A8:2D:82:C5:BD:A0:45:31:66:A7:46:71:13
X509v3 Authority Key Identifier:
keyid:B2:20:D9:1B:4E:9D:70:F0:34:FA:16:A1:6A:88:7D:42:55:79:2A:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/siDZG06dcPA0-hahaoh9QlV5Kt4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/543221-f267-4731-a7ad-987173b9e987/1/mCm-KBIMQ6gtgsW9oEUxZqdGcRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/543221-f267-4731-a7ad-987173b9e987/1/siDZG06dcPA0-hahaoh9QlV5Kt4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.28.48.0/21
91.103.184.0/21
128.65.96.0/21
185.91.20.0/22
185.135.168.0/22
IPv6:
2a03:7f80::/32
Signature Algorithm: sha256WithRSAEncryption
90:f9:95:81:c7:e4:a8:a0:2f:a6:79:15:0c:e4:26:bf:7c:2f:
55:dc:96:d3:85:d3:21:a7:b5:b0:b0:94:0e:0e:e2:c6:9d:cb:
be:00:2b:35:48:82:b2:c9:95:ee:67:8f:cc:67:e4:8d:82:33:
b1:38:fa:79:15:1a:55:36:c6:7c:16:31:b8:be:b6:76:fa:30:
60:d3:c2:c9:56:56:87:82:0c:e4:bf:9d:9e:ac:26:cf:f2:07:
fe:d4:b0:01:33:91:15:2c:51:8b:61:4a:5e:fb:2a:fe:26:2d:
29:3a:ec:8e:b6:21:1a:63:a5:2d:fb:58:fc:ee:b2:53:f9:e1:
9c:6f:b0:b6:c0:45:58:4b:d3:53:56:15:90:9c:30:c2:99:43:
83:04:6d:56:4c:a0:19:1d:0d:09:c4:dc:de:b7:84:dd:47:e3:
2a:c2:15:f5:c1:b6:99:d7:f2:f1:10:c1:de:79:bd:60:c7:c6:
51:0e:f3:82:b8:dc:8f:a2:15:74:32:5e:d1:5a:a3:67:65:4d:
95:c0:4b:16:e9:24:ef:5e:3c:89:8e:64:c6:33:c0:b4:06:31:
99:d7:2a:54:cd:35:e4:27:5f:bc:55:15:c0:91:59:57:15:7b:
86:3f:41:41:9e:0a:0f:a3:0a:5a:70:23:a0:ab:0c:6d:69:54:
98:11:2f:bc
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQma3Oj6sUjIHBo7tAx74cdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMjBkOTFiNGU5ZDcwZjAzNGZhMTZhMTZhODg3ZDQyNTU3
OTJhZGUwHhcNMjUwMTAyMDk0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODI5YmUyODEyMGM0M2E4MmQ4MmM1YmRhMDQ1MzE2NmE3NDY3MTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz552bqh3a5aREkxDTmbBgNmkSW6D
+Hjh78aCmNPbzJ/BnKVcAUWm7sFr9xpq6N+ruHM0H+VKyJdhvEMkk4OnTxCAnPka
5VK5GfEbd8TTP/bdrdbszmalikhG0QHSc4J9c5kvhKe1ksJaC95z9aXWtv3Gb1fN
J43hTo/tULrUU4tjHvW7eTsVFsVaXGWEoxE6VC99Z/JlmCKB6z9P3SEnXRNKtS60
PH0/QLWOP8PuXJ+Y0xzn4uKMUegjhuSwPszICVK4wmvOQDIImzWOx5Y9ulJzApLC
wr46ffmKS2rueQFgPZZQaEJKOOEHpEFlAg3X7lYNzFPPC94yxVPfJOPSNwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJgpvigSDEOoLYLFvaBFMWanRnETMB8GA1UdIwQY
MBaAFLIg2RtOnXDwNPoWoWqIfUJVeSreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2lEWkcwNmRjUEEwLWhhaGFvaDlRbFY1S3Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81NDMyMjEtZjI2Ny00NzMxLWE3YWQt
OTg3MTczYjllOTg3LzEvbUNtLUtCSU1RNmd0Z3NXOW9FVXhacWRHY1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81NDMyMjEtZjI2Ny00NzMxLWE3YWQtOTg3MTczYjllOTg3
LzEvc2lEWkcwNmRjUEEwLWhhaGFvaDlRbFY1S3Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBRwwAwQD
W2e4AwQDgEFgAwQCuVsUAwQCuYeoMA0EAgACMAcDBQAqA3+AMA0GCSqGSIb3DQEB
CwUAA4IBAQCQ+ZWBx+SooC+meRUM5Ca/fC9V3JbThdMhp7WwsJQODuLGncu+ACs1
SIKyyZXuZ4/MZ+SNgjOxOPp5FRpVNsZ8FjG4vrZ2+jBg08LJVlaHggzkv52erCbP
8gf+1LABM5EVLFGLYUpe+yr+Ji0pOuyOtiEaY6Ut+1j87rJT+eGcb7C2wEVYS9NT
VhWQnDDCmUODBG1WTKAZHQ0JxNzet4TdR+MqwhX1wbaZ1/LxEMHeeb1gx8ZRDvOC
uNyPohV0Ml7RWqNnZU2VwEsW6STvXjyJjmTGM8C0BjGZ1ypUzTXkJ1+8VRXAkVlX
FXuGP0FBngoPowpacCOgqwxtaVSYES+8
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:57:24 2025 by rpki-client