Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/bYpyeHiVOX2l8iPl-uPkAX9zfmw.roa
File: bYpyeHiVOX2l8iPl-uPkAX9zfmw.roa (raw, json)
Hash identifier: clblsPlZTuaRgRGxz58OPeCdg4rL7htkupWPy4rOhKg=
Subject key identifier: 6D:8A:72:78:78:95:39:7D:A5:F2:23:E5:FA:E3:E4:01:7F:73:7E:6C
Certificate issuer: /CN=8ad2930d1fe1dd430491fd7b831de9c61692ade4
Certificate serial: 019420680F007C800AC5659ECE63425EA614
Authority key identifier: 8A:D2:93:0D:1F:E1:DD:43:04:91:FD:7B:83:1D:E9:C6:16:92:AD:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/itKTDR_h3UMEkf17gx3pxhaSreQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/bYpyeHiVOX2l8iPl-uPkAX9zfmw.roa
Signing time: Wed 01 Jan 2025 05:47:58 +0000
ROA not before: Wed 01 Jan 2025 05:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199276
IP address blocks: 77.247.88.0/24 maxlen: 24
77.247.89.0/24 maxlen: 24
77.247.90.0/24 maxlen: 24
77.247.91.0/24 maxlen: 24
77.247.92.0/24 maxlen: 24
77.247.93.0/24 maxlen: 24
77.247.94.0/24 maxlen: 24
77.247.95.0/24 maxlen: 24
2a13:bc00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/itKTDR_h3UMEkf17gx3pxhaSreQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/itKTDR_h3UMEkf17gx3pxhaSreQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/itKTDR_h3UMEkf17gx3pxhaSreQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:0f:00:7c:80:0a:c5:65:9e:ce:63:42:5e:a6:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8ad2930d1fe1dd430491fd7b831de9c61692ade4
Validity
Not Before: Jan 1 05:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d8a72787895397da5f223e5fae3e4017f737e6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:4e:75:cf:12:91:75:02:1f:ba:c5:74:0b:5f:
fb:6c:19:d3:61:a5:95:5c:ef:da:f6:ee:6d:28:95:
bd:41:c1:e0:4d:e3:da:31:ad:e8:ef:a9:06:a6:56:
ec:ba:e1:fb:88:78:7d:05:51:49:e7:51:25:3b:4a:
37:9c:9d:2a:38:59:9b:bd:14:68:85:3a:4a:05:c5:
3e:e8:a6:6e:a0:b7:de:8c:7f:6f:3b:11:fe:de:1d:
7a:f3:53:cd:b1:ef:89:b7:36:bb:e4:0c:d9:0b:16:
49:08:2d:09:e1:c7:ba:48:1b:ad:35:74:27:a3:56:
bf:2d:2a:2f:46:23:d7:09:6a:fd:72:b4:e9:dc:4a:
f8:b3:eb:94:f9:77:cb:52:83:36:b6:0f:3e:07:c9:
be:fa:73:ff:b8:95:e1:b8:c5:c3:dd:79:13:b9:1f:
62:4f:69:83:2b:dc:35:63:a4:59:bd:72:9c:97:11:
62:69:26:6f:b7:37:e9:df:69:10:94:47:43:4a:5d:
81:eb:95:a0:64:e5:4a:04:1c:3c:fe:3b:bb:74:14:
1e:d8:ea:bd:77:10:22:a6:e3:49:5b:14:0e:b0:21:
4e:4e:61:08:87:07:ee:71:c3:15:55:a2:ce:81:46:
99:f4:86:f9:e9:4b:3d:19:be:73:cb:32:01:34:99:
16:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:8A:72:78:78:95:39:7D:A5:F2:23:E5:FA:E3:E4:01:7F:73:7E:6C
X509v3 Authority Key Identifier:
keyid:8A:D2:93:0D:1F:E1:DD:43:04:91:FD:7B:83:1D:E9:C6:16:92:AD:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itKTDR_h3UMEkf17gx3pxhaSreQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/bYpyeHiVOX2l8iPl-uPkAX9zfmw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/be7894-0ccc-4fbd-880b-9758cb2b844e/1/itKTDR_h3UMEkf17gx3pxhaSreQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.247.88.0/21
IPv6:
2a13:bc00::/29
Signature Algorithm: sha256WithRSAEncryption
28:b7:cc:02:0a:3c:06:82:55:2f:15:c7:94:bc:62:a0:68:c8:
f1:72:a5:2a:b8:cc:e6:72:ca:5c:37:47:22:12:68:a5:a0:83:
1a:4a:ae:60:7a:2f:21:8a:99:64:f1:30:79:57:4c:ce:c5:e8:
41:7c:36:1d:24:a9:d7:eb:e9:45:e5:2f:56:9b:71:53:0c:7a:
99:ae:03:0c:c0:5e:89:08:2a:ff:8e:b8:7a:33:ca:78:bf:1b:
44:11:02:84:fc:12:2c:38:62:ee:72:27:3f:ce:0e:24:04:46:
f3:66:70:ab:44:af:74:ed:71:52:63:14:5e:b9:2f:88:6a:88:
cd:eb:e4:6c:73:3b:2a:9e:93:85:4f:42:34:93:29:70:49:90:
a4:46:d7:5c:0c:8b:77:54:0d:dd:6e:e5:4d:78:d5:68:14:fa:
32:1a:60:11:21:dd:e0:19:68:53:6f:53:80:5f:fd:1f:47:f2:
c3:03:b8:2c:eb:20:77:96:93:1e:20:35:ef:42:eb:4f:bf:57:
91:48:41:06:a9:a7:a0:66:bc:c6:1b:5a:57:99:dd:8d:3a:8d:
04:5d:1a:f7:93:6f:33:d2:3a:6a:53:ee:68:74:33:76:6c:3c:
13:25:de:53:b2:02:dd:04:0f:5e:b9:ef:fc:22:38:af:98:82:
59:8c:f1:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaA8AfIAKxWWezmNCXqYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDI5MzBkMWZlMWRkNDMwNDkxZmQ3YjgzMWRlOWM2MTY5
MmFkZTQwHhcNMjUwMTAxMDU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDhhNzI3ODc4OTUzOTdkYTVmMjIzZTVmYWUzZTQwMTdmNzM3ZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy051zxKRdQIfusV0C1/7bBnTYaWV
XO/a9u5tKJW9QcHgTePaMa3o76kGplbsuuH7iHh9BVFJ51ElO0o3nJ0qOFmbvRRo
hTpKBcU+6KZuoLfejH9vOxH+3h1681PNse+Jtza75AzZCxZJCC0J4ce6SButNXQn
o1a/LSovRiPXCWr9crTp3Er4s+uU+XfLUoM2tg8+B8m++nP/uJXhuMXD3XkTuR9i
T2mDK9w1Y6RZvXKclxFiaSZvtzfp32kQlEdDSl2B65WgZOVKBBw8/ju7dBQe2Oq9
dxAipuNJWxQOsCFOTmEIhwfuccMVVaLOgUaZ9Ib56Us9Gb5zyzIBNJkWywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG2Kcnh4lTl9pfIj5frj5AF/c35sMB8GA1UdIwQY
MBaAFIrSkw0f4d1DBJH9e4Md6cYWkq3kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRLVERSX2gzVU1Fa2YxN2d4M3B4aGFTcmVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9iZTc4OTQtMGNjYy00ZmJkLTg4MGIt
OTc1OGNiMmI4NDRlLzEvYllweWVIaVZPWDJsOGlQbC11UGtBWDl6Zm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9iZTc4OTQtMGNjYy00ZmJkLTg4MGItOTc1OGNiMmI4NDRl
LzEvaXRLVERSX2gzVU1Fa2YxN2d4M3B4aGFTcmVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDTfdYMA0E
AgACMAcDBQMqE7wAMA0GCSqGSIb3DQEBCwUAA4IBAQAot8wCCjwGglUvFceUvGKg
aMjxcqUquMzmcspcN0ciEmiloIMaSq5gei8hiplk8TB5V0zOxehBfDYdJKnX6+lF
5S9Wm3FTDHqZrgMMwF6JCCr/jrh6M8p4vxtEEQKE/BIsOGLucic/zg4kBEbzZnCr
RK907XFSYxReuS+IaojN6+RsczsqnpOFT0I0kylwSZCkRtdcDIt3VA3dbuVNeNVo
FPoyGmARId3gGWhTb1OAX/0fR/LDA7gs6yB3lpMeIDXvQutPv1eRSEEGqaegZrzG
G1pXmd2NOo0EXRr3k28z0jpqU+5odDN2bDwTJd5TsgLdBA9eue/8IjivmIJZjPEF
-----END CERTIFICATE-----
Generated at Sun Feb 2 07:57:10 2025 by rpki-client