Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/8LksUd4Bc07spLD8fADCnhn7LCM.roa
File: 8LksUd4Bc07spLD8fADCnhn7LCM.roa (raw, json)
Hash identifier: Ltd+LZ1A4k2Ak2CxYsrw7bl+BSFB7+eAiWeQKA1mKH4=
Subject key identifier: F0:B9:2C:51:DE:01:73:4E:EC:A4:B0:FC:7C:00:C2:9E:19:FB:2C:23
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 019423D76F92021C74AF7ED31363B727FF46
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/8LksUd4Bc07spLD8fADCnhn7LCM.roa
Signing time: Wed 01 Jan 2025 21:48:28 +0000
ROA not before: Wed 01 Jan 2025 21:48:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205948
IP address blocks: 5.1.73.0/24 maxlen: 32
5.1.77.0/24 maxlen: 32
5.1.78.0/24 maxlen: 32
5.1.80.0/24 maxlen: 24
5.1.82.0/24 maxlen: 24
5.1.86.0/24 maxlen: 24
5.1.89.0/24 maxlen: 24
2a07:6fc0::/48 maxlen: 48
2a07:6fc0:1::/48 maxlen: 48
2a07:6fc0:452::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:6f:92:02:1c:74:af:7e:d3:13:63:b7:27:ff:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Jan 1 21:48:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0b92c51de01734eeca4b0fc7c00c29e19fb2c23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:87:be:30:0a:80:86:d5:8f:27:6e:6a:67:3f:
8d:db:98:c2:3c:57:76:44:50:75:df:45:d0:f7:bb:
5a:8e:5f:c9:83:a5:2b:64:3c:be:d3:2f:29:a2:d1:
8d:cd:b2:b0:68:f3:07:82:fb:6f:68:e9:2e:92:0e:
4d:40:d9:28:7a:98:e9:f9:a9:7e:74:80:49:fc:2f:
30:7f:f2:8a:6a:5b:71:20:67:75:2d:9e:e7:cf:03:
9b:67:07:68:87:25:59:d9:87:d2:55:83:27:d7:80:
81:fd:10:67:92:fe:b0:b1:8e:66:79:9b:71:ac:7a:
9a:01:a4:ef:89:bf:0e:eb:d7:94:41:94:8f:69:a9:
aa:5c:48:58:98:07:64:3e:0f:c6:ea:8d:35:32:75:
e0:9b:e4:22:25:e8:2f:85:a6:3d:ec:26:e8:0e:49:
c2:1b:45:3f:36:a2:13:78:5e:69:f6:2a:11:52:91:
de:b8:cd:5c:27:eb:8d:03:0c:c9:f5:a3:78:43:e7:
07:28:21:4d:03:cb:f8:e5:b4:3a:03:7c:31:b2:ce:
cb:a4:66:6b:53:58:e6:bf:eb:51:c8:5e:60:08:fd:
51:f6:43:f8:72:6d:86:79:1d:e8:e3:b1:2c:2f:01:
73:07:6c:27:12:e7:d5:b8:d4:df:0c:16:25:27:20:
cb:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:B9:2C:51:DE:01:73:4E:EC:A4:B0:FC:7C:00:C2:9E:19:FB:2C:23
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/8LksUd4Bc07spLD8fADCnhn7LCM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.73.0/24
5.1.77.0-5.1.78.255
5.1.80.0/24
5.1.82.0/24
5.1.86.0/24
5.1.89.0/24
IPv6:
2a07:6fc0::/47
2a07:6fc0:452::/48
Signature Algorithm: sha256WithRSAEncryption
85:a9:53:57:5f:cf:7e:24:23:dc:8d:52:b6:94:08:90:1a:3c:
29:a7:40:cb:99:ed:5b:2b:00:6e:55:88:ea:1e:12:ae:65:5d:
71:ba:61:20:d7:9c:84:fe:0e:8c:39:a4:ba:2f:7a:dc:fd:17:
4a:da:fe:a1:85:f8:3c:dd:8f:6d:27:a0:69:a2:fa:f1:a7:75:
1f:10:45:53:50:77:47:6b:ed:95:11:a0:fb:24:e3:c5:af:78:
52:3b:ac:db:a0:30:fc:8c:e1:18:7d:a0:a3:53:ac:47:cc:a6:
5c:b7:ca:ee:9d:10:54:ac:4c:5b:7e:53:31:c2:70:48:64:c1:
58:0e:76:4e:32:97:d8:b7:50:99:40:63:a2:d8:28:d5:58:35:
41:cb:8c:dd:54:9e:21:96:90:23:22:4b:b5:b3:2f:91:41:fe:
a0:34:0d:5f:7f:11:01:57:72:57:a7:46:94:5b:72:e4:31:a6:
b0:3a:00:2a:61:9c:38:05:66:ce:e3:5b:ae:e1:ba:02:48:ad:
d1:8b:05:11:cc:ae:e0:80:6a:ab:97:36:37:d4:7b:b3:50:a7:
02:f8:e4:98:f1:4f:62:49:5f:46:79:07:67:d7:78:95:17:23:
9a:37:e1:fd:e5:8b:fe:0a:b7:3f:19:84:09:d5:b5:ed:1a:30:
02:35:e7:3e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQj12+SAhx0r37TE2O3J/9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI5MmM1MWRlMDE3MzRlZWNhNGIwZmM3YzAwYzI5ZTE5ZmIyYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIe+MAqAhtWPJ25qZz+N25jCPFd2
RFB130XQ97tajl/Jg6UrZDy+0y8potGNzbKwaPMHgvtvaOkukg5NQNkoepjp+al+
dIBJ/C8wf/KKaltxIGd1LZ7nzwObZwdohyVZ2YfSVYMn14CB/RBnkv6wsY5meZtx
rHqaAaTvib8O69eUQZSPaamqXEhYmAdkPg/G6o01MnXgm+QiJegvhaY97CboDknC
G0U/NqITeF5p9ioRUpHeuM1cJ+uNAwzJ9aN4Q+cHKCFNA8v45bQ6A3wxss7LpGZr
U1jmv+tRyF5gCP1R9kP4cm2GeR3o47EsLwFzB2wnEufVuNTfDBYlJyDLhwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFPC5LFHeAXNO7KSw/HwAwp4Z+ywjMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvOExrc1VkNEJjMDdzcExEOGZBRENuaG43TENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAyBAIAATAsAwQABQFJMAwD
BAAFAU0DBAAFAU4DBAAFAVADBAAFAVIDBAAFAVYDBAAFAVkwGAQCAAIwEgMHASoH
b8AAAAMHACoHb8AEUjANBgkqhkiG9w0BAQsFAAOCAQEAhalTV1/PfiQj3I1StpQI
kBo8KadAy5ntWysAblWI6h4SrmVdcbphINechP4OjDmkui963P0XStr+oYX4PN2P
bSegaaL68ad1HxBFU1B3R2vtlRGg+yTjxa94Ujus26Aw/IzhGH2go1OsR8ymXLfK
7p0QVKxMW35TMcJwSGTBWA52TjKX2LdQmUBjotgo1Vg1QcuM3VSeIZaQIyJLtbMv
kUH+oDQNX38RAVdyV6dGlFty5DGmsDoAKmGcOAVmzuNbruG6Akit0YsFEcyu4IBq
q5c2N9R7s1CnAvjkmPFPYklfRnkHZ9d4lRcjmjfh/eWL/gq3PxmECdW17RowAjXn
Pg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:06:26 2025 by rpki-client