Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/IF7POYmH2s6_XyYc1YSgmRclBfU.roa
File: IF7POYmH2s6_XyYc1YSgmRclBfU.roa (raw, json)
Hash identifier: vkWkPszh+VD/raa/NYL5vb45rCVCasfYYp1M1TBPCxY=
Subject key identifier: 20:5E:CF:39:89:87:DA:CE:BF:5F:26:1C:D5:84:A0:99:17:25:05:F5
Certificate issuer: /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial: 019425FD48452E403EABD9F04631191FC60C
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/IF7POYmH2s6_XyYc1YSgmRclBfU.roa
Signing time: Thu 02 Jan 2025 07:49:03 +0000
ROA not before: Thu 02 Jan 2025 07:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199984
IP address blocks: 185.40.84.0/24 maxlen: 24
185.40.85.0/24 maxlen: 24
2a04:8340:8340::/48 maxlen: 48
2a04:8340:8341::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl
rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.mft
rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:48:45:2e:40:3e:ab:d9:f0:46:31:19:1f:c6:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Validity
Not Before: Jan 2 07:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=205ecf398987dacebf5f261cd584a099172505f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:4a:45:64:17:35:f1:7b:a0:bc:be:d8:12:7c:
ed:91:77:4b:87:58:e6:5f:c3:87:0d:6f:db:b8:8e:
36:c8:1d:d3:71:9b:52:36:2a:b0:52:4a:20:af:47:
c6:a0:5f:87:9e:ca:47:c6:18:56:49:42:6e:6b:12:
83:be:55:75:f5:20:0e:cf:8a:48:19:32:34:53:38:
44:dd:02:a5:27:30:47:07:ca:74:d2:98:9d:d4:c6:
4e:59:55:a6:51:69:c0:35:83:bd:69:dc:5a:56:7c:
67:d8:bf:2a:14:d5:0e:bb:01:08:ed:89:a2:58:42:
a6:9d:37:88:1f:7a:cb:12:3b:ce:5f:4d:0f:ef:67:
7a:78:5d:7b:21:fd:46:a9:cd:27:9d:fc:3b:3b:91:
60:6b:5c:96:5a:76:70:11:22:96:7f:12:06:2f:a1:
f1:bd:ee:8b:1a:70:aa:bc:67:64:d9:2b:a9:4c:b1:
8c:8e:7b:24:ac:d5:32:d6:e6:68:0c:ec:14:15:ac:
f2:d5:46:94:2c:01:83:1e:a6:15:65:4c:81:64:c9:
cc:7a:37:7a:39:d6:21:99:f8:e6:38:66:fc:f7:63:
a7:71:26:8f:94:b4:f6:36:51:76:8a:87:79:c3:df:
49:d2:74:fa:b5:cc:8b:d4:a8:ac:51:6d:7d:e0:6e:
b9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:5E:CF:39:89:87:DA:CE:BF:5F:26:1C:D5:84:A0:99:17:25:05:F5
X509v3 Authority Key Identifier:
keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/IF7POYmH2s6_XyYc1YSgmRclBfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.40.84.0/23
IPv6:
2a04:8340:8340::/47
Signature Algorithm: sha256WithRSAEncryption
61:31:fc:88:eb:1b:f8:7a:8c:93:3e:0e:af:c5:e1:4a:70:03:
cc:04:6c:08:23:be:13:67:7b:cb:ee:62:ea:51:a5:e3:f4:2f:
3e:2f:34:73:f6:3c:b5:84:b8:20:fb:fd:19:85:7a:3e:03:bd:
55:1a:a6:c1:29:80:77:9e:b1:90:1e:51:57:61:86:74:b6:3f:
ad:62:2f:42:44:d9:58:5e:6c:ea:9c:3c:4a:fe:76:6c:65:f0:
fa:79:78:ad:d2:00:d7:2a:43:d4:30:11:3b:f8:e5:b0:c3:38:
62:c1:86:64:1b:bd:89:8f:fa:d5:71:f0:81:c9:b1:8f:6f:7c:
04:03:63:ab:3a:28:7e:c8:6e:13:09:be:59:32:c1:2a:cb:32:
5b:13:df:9f:2c:98:a5:cb:84:07:d3:c3:cf:91:c1:f9:73:03:
12:11:e6:a7:2c:25:37:5f:8b:81:58:29:4e:20:07:c5:3e:06:
f9:a7:e0:8c:a2:84:a4:22:a5:43:c8:13:9e:86:a0:4d:ef:0c:
07:03:11:05:e5:71:7d:37:6a:2a:e4:45:ab:cf:66:be:17:93:
1f:66:6d:ff:84:35:6e:1f:84:b7:08:00:2c:c6:44:a3:20:b8:
34:05:27:23:ae:f9:49:de:7d:af:e1:42:b5:97:bf:9f:0f:df:
2f:19:fd:70
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/UhFLkA+q9nwRjEZH8YMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjUwMTAyMDc0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDVlY2YzOTg5ODdkYWNlYmY1ZjI2MWNkNTg0YTA5OTE3MjUwNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUpFZBc18XugvL7YEnztkXdLh1jm
X8OHDW/buI42yB3TcZtSNiqwUkogr0fGoF+HnspHxhhWSUJuaxKDvlV19SAOz4pI
GTI0UzhE3QKlJzBHB8p00pid1MZOWVWmUWnANYO9adxaVnxn2L8qFNUOuwEI7Ymi
WEKmnTeIH3rLEjvOX00P72d6eF17If1Gqc0nnfw7O5Fga1yWWnZwESKWfxIGL6Hx
ve6LGnCqvGdk2SupTLGMjnskrNUy1uZoDOwUFazy1UaULAGDHqYVZUyBZMnMejd6
OdYhmfjmOGb892OncSaPlLT2NlF2iod5w99J0nT6tcyL1KisUW194G65vwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCBezzmJh9rOv18mHNWEoJkXJQX1MB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEvSUY3UE9ZbUgyczZfWHlZYzFZU2dtUmNsQmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuShUMA8E
AgACMAkDBwEqBINAg0AwDQYJKoZIhvcNAQELBQADggEBAGEx/IjrG/h6jJM+Dq/F
4UpwA8wEbAgjvhNne8vuYupRpeP0Lz4vNHP2PLWEuCD7/RmFej4DvVUapsEpgHee
sZAeUVdhhnS2P61iL0JE2VhebOqcPEr+dmxl8Pp5eK3SANcqQ9QwETv45bDDOGLB
hmQbvYmP+tVx8IHJsY9vfAQDY6s6KH7IbhMJvlkywSrLMlsT358smKXLhAfTw8+R
wflzAxIR5qcsJTdfi4FYKU4gB8U+Bvmn4IyihKQipUPIE56GoE3vDAcDEQXlcX03
airkRavPZr4Xkx9mbf+ENW4fhLcIACzGRKMguDQFJyOu+Unefa/hQrWXv58P3y8Z
/XA=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:41:16 2025 by rpki-client