Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/xDqVZVtr_9EDZVCNYlX0mCSaras.roa
File: xDqVZVtr_9EDZVCNYlX0mCSaras.roa (raw, json)
Hash identifier: caUW0pjP9cTTEhVK0Pma740AnxF0QCHN6wxQ3vthDWA=
Subject key identifier: C4:3A:95:65:5B:6B:FF:D1:03:65:50:8D:62:55:F4:98:24:9A:AD:AB
Certificate issuer: /CN=bb22cf4c71a95911bd6046d05c0a8ba1646c9ead
Certificate serial: 01941F8C692C4EDA15138F332CC8601B7BAE
Authority key identifier: BB:22:CF:4C:71:A9:59:11:BD:60:46:D0:5C:0A:8B:A1:64:6C:9E:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/xDqVZVtr_9EDZVCNYlX0mCSaras.roa
Signing time: Wed 01 Jan 2025 01:48:03 +0000
ROA not before: Wed 01 Jan 2025 01:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198721
IP address blocks: 85.209.112.0/22 maxlen: 24
91.238.116.0/22 maxlen: 24
94.140.28.0/22 maxlen: 24
185.29.204.0/22 maxlen: 24
185.199.112.0/22 maxlen: 24
188.214.0.0/22 maxlen: 24
2a00:a9a0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.mft
rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:69:2c:4e:da:15:13:8f:33:2c:c8:60:1b:7b:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bb22cf4c71a95911bd6046d05c0a8ba1646c9ead
Validity
Not Before: Jan 1 01:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c43a95655b6bffd10365508d6255f498249aadab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:aa:b3:01:05:46:60:5a:31:5f:4a:36:65:f7:
b3:aa:7b:7f:44:a3:3f:80:d4:73:f0:5b:08:25:9b:
e8:ab:d5:3c:88:29:ff:ef:e5:56:7b:30:bd:ec:ec:
96:09:de:5f:d7:df:e1:6a:dd:23:64:5e:ce:be:97:
77:54:1f:81:b9:ac:50:7f:6e:a9:55:24:c5:88:3d:
1e:13:6a:d0:f8:b6:bb:f5:1b:f3:de:37:00:31:da:
63:a1:b1:7e:4e:a8:6f:ae:95:e8:36:d8:2c:20:08:
f5:a2:26:0a:d9:1c:5e:e8:0d:d5:b9:20:61:c3:b5:
a5:7f:cc:26:55:04:89:ba:e1:9f:1b:b0:f8:93:f9:
d0:2f:38:9c:61:c3:67:51:64:1a:d2:6d:fe:dc:aa:
06:56:91:03:ef:e4:6d:7f:4d:af:6c:a4:59:b8:2b:
b7:f5:25:c9:99:76:78:8b:99:a9:46:f9:f1:87:9f:
25:8c:a0:11:ac:b4:cb:47:86:db:e8:55:52:ef:e6:
f0:d9:0b:79:42:39:f3:b0:bf:29:02:fa:a8:28:2f:
d3:19:82:e5:63:3d:c7:91:8e:76:25:e5:3b:f8:c3:
72:19:a2:ac:72:56:4d:de:dc:11:a0:29:64:5f:0a:
83:0e:e0:a1:51:8f:eb:0e:b4:dc:2a:2d:72:2a:70:
81:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:3A:95:65:5B:6B:FF:D1:03:65:50:8D:62:55:F4:98:24:9A:AD:AB
X509v3 Authority Key Identifier:
keyid:BB:22:CF:4C:71:A9:59:11:BD:60:46:D0:5C:0A:8B:A1:64:6C:9E:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/xDqVZVtr_9EDZVCNYlX0mCSaras.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.112.0/22
91.238.116.0/22
94.140.28.0/22
185.29.204.0/22
185.199.112.0/22
188.214.0.0/22
IPv6:
2a00:a9a0::/32
Signature Algorithm: sha256WithRSAEncryption
4e:4d:70:6d:59:f1:2d:d5:d0:43:22:b1:5e:36:81:51:c1:a3:
48:cc:c5:59:6a:9e:03:b1:4a:0c:a3:81:80:7c:4f:e3:00:dc:
00:21:6b:fe:20:81:20:f3:e0:58:a9:b9:3b:b4:22:0f:e2:5c:
e6:ee:ca:40:79:63:e3:7f:00:7a:07:7e:cc:df:2c:0b:e3:ec:
3e:05:25:62:d1:85:62:77:91:5a:f3:91:de:85:96:c4:08:5f:
f8:ad:54:82:4b:c7:d3:9d:fa:75:18:38:a3:97:19:ee:0f:ab:
c7:f5:51:9f:cd:83:1a:7a:7c:a7:c2:c9:e6:47:16:cb:55:8b:
29:b9:c3:f3:20:05:96:18:39:2e:3f:90:d6:01:cd:6d:71:6b:
98:43:1b:6d:2e:02:9e:c8:ba:3d:b3:ab:63:bf:bc:f7:96:e2:
6e:30:a8:7d:c5:3b:41:f8:b8:ba:dd:0d:a9:bc:83:7d:c7:9d:
bd:b6:8d:f8:38:da:24:cb:cc:d3:83:e2:fb:d0:aa:b4:c2:68:
15:bb:3e:a0:c3:81:51:69:86:96:fd:bf:bd:26:8a:b7:0b:b3:
bc:c3:b9:25:a2:42:36:30:13:35:b7:f5:3d:31:53:ef:81:54:
14:a8:61:64:0d:8e:06:ad:37:f3:ed:50:1e:55:32:3b:dc:1d:
e7:86:0d:49
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQfjGksTtoVE48zLMhgG3uuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMjJjZjRjNzFhOTU5MTFiZDYwNDZkMDVjMGE4YmExNjQ2
YzllYWQwHhcNMjUwMTAxMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDNhOTU2NTViNmJmZmQxMDM2NTUwOGQ2MjU1ZjQ5ODI0OWFhZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKqzAQVGYFoxX0o2Zfezqnt/RKM/
gNRz8FsIJZvoq9U8iCn/7+VWezC97OyWCd5f19/hat0jZF7Ovpd3VB+BuaxQf26p
VSTFiD0eE2rQ+La79Rvz3jcAMdpjobF+TqhvrpXoNtgsIAj1oiYK2Rxe6A3VuSBh
w7Wlf8wmVQSJuuGfG7D4k/nQLzicYcNnUWQa0m3+3KoGVpED7+Rtf02vbKRZuCu3
9SXJmXZ4i5mpRvnxh58ljKARrLTLR4bb6FVS7+bw2Qt5QjnzsL8pAvqoKC/TGYLl
Yz3HkY52JeU7+MNyGaKsclZN3twRoClkXwqDDuChUY/rDrTcKi1yKnCBqQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMQ6lWVba//RA2VQjWJV9Jgkmq2rMB8GA1UdIwQY
MBaAFLsiz0xxqVkRvWBG0FwKi6FkbJ6tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXlMUFRIR3BXUkc5WUViUVhBcUxvV1JzbnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hZTgyNWYtNmY1NC00M2VhLTliODMt
YmJhZWM3NTA1ZDk3LzEveERxVlpWdHJfOUVEWlZDTllsWDBtQ1NhcmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hZTgyNWYtNmY1NC00M2VhLTliODMtYmJhZWM3NTA1ZDk3
LzEvdXlMUFRIR3BXUkc5WUViUVhBcUxvV1JzbnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCVdFwAwQC
W+50AwQCXowcAwQCuR3MAwQCucdwAwQCvNYAMA0EAgACMAcDBQAqAKmgMA0GCSqG
SIb3DQEBCwUAA4IBAQBOTXBtWfEt1dBDIrFeNoFRwaNIzMVZap4DsUoMo4GAfE/j
ANwAIWv+IIEg8+BYqbk7tCIP4lzm7spAeWPjfwB6B37M3ywL4+w+BSVi0YVid5Fa
85HehZbECF/4rVSCS8fTnfp1GDijlxnuD6vH9VGfzYMaenynwsnmRxbLVYspucPz
IAWWGDkuP5DWAc1tcWuYQxttLgKeyLo9s6tjv7z3luJuMKh9xTtB+Li63Q2pvIN9
x529to34ONoky8zTg+L70Kq0wmgVuz6gw4FRaYaW/b+9Joq3C7O8w7klokI2MBM1
t/U9MVPvgVQUqGFkDY4GrTfz7VAeVTI73B3nhg1J
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:07:09 2025 by rpki-client