Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/7vjowzcPet99DpSwRMSRoDCwwzU.roa
File: 7vjowzcPet99DpSwRMSRoDCwwzU.roa (raw, json)
Hash identifier: X+UxdfFDiClGq5vQ6ru5h4wKAEV+wpHwdLPZ+uKZ1dI=
Subject key identifier: EE:F8:E8:C3:37:0F:7A:DF:7D:0E:94:B0:44:C4:91:A0:30:B0:C3:35
Certificate issuer: /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial: 0194236A27AB24FFFFE282D844D3D20A1C30
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/7vjowzcPet99DpSwRMSRoDCwwzU.roa
Signing time: Wed 01 Jan 2025 19:49:06 +0000
ROA not before: Wed 01 Jan 2025 19:49:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5537
IP address blocks: 89.111.128.0/18 maxlen: 18
89.111.144.0/20 maxlen: 20
89.111.148.0/24 maxlen: 24
89.111.160.0/20 maxlen: 20
89.111.176.0/20 maxlen: 24
89.111.177.0/24 maxlen: 24
2a01:d8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:27:ab:24:ff:ff:e2:82:d8:44:d3:d2:0a:1c:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Validity
Not Before: Jan 1 19:49:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=eef8e8c3370f7adf7d0e94b044c491a030b0c335
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a8:6a:71:5c:98:18:99:2a:c9:6d:e4:7c:6a:
4b:9d:26:1c:47:ee:bc:4a:4f:e8:28:1a:c2:33:c9:
d6:24:c8:a2:b7:d8:37:ac:ac:8a:46:99:e8:a2:eb:
c8:0e:b0:b9:24:89:41:e6:36:87:3d:40:2f:78:da:
bd:71:c4:9e:51:51:95:3a:fd:80:ff:c1:e5:c4:68:
42:17:f2:53:40:dd:f0:80:f6:7b:6c:6f:e8:a6:7b:
da:f2:9b:9e:65:a2:c1:20:9a:df:83:c9:f7:c0:d3:
2e:5a:88:0a:a7:c5:82:c9:0f:91:75:87:1f:c1:2f:
bc:4b:2e:f7:5d:4e:a5:0d:90:c7:53:62:0d:cd:c7:
a0:53:c5:10:f0:d1:58:40:cc:16:e8:05:3a:3c:41:
c4:e7:49:2e:4e:b9:c7:4e:a8:db:d4:a4:5a:13:11:
3a:57:d0:00:3a:86:01:17:58:f3:99:6c:df:b3:dc:
f6:5e:1d:44:d5:42:18:5c:a4:fe:e2:e4:c5:9b:94:
45:7b:a4:e9:89:e4:b1:f1:e9:98:92:06:44:7c:3b:
de:d2:bd:d2:9d:a1:35:7e:1d:2f:3b:41:8d:9e:bd:
fb:02:13:2e:18:98:7b:02:e1:84:e4:bf:31:b2:fa:
4f:17:69:57:8b:17:47:d3:2e:a4:6c:b4:64:7c:72:
96:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:F8:E8:C3:37:0F:7A:DF:7D:0E:94:B0:44:C4:91:A0:30:B0:C3:35
X509v3 Authority Key Identifier:
keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/7vjowzcPet99DpSwRMSRoDCwwzU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.111.128.0/18
IPv6:
2a01:d8::/32
Signature Algorithm: sha256WithRSAEncryption
67:4b:9b:ee:f9:88:fa:37:08:dc:12:1c:b1:3e:9f:3d:78:b7:
c0:2e:24:06:c3:e6:72:2b:ea:9c:f4:64:bc:b6:e4:6d:11:12:
13:14:1c:d8:4c:d4:0f:c4:e8:a1:bd:08:b2:87:db:c7:a2:51:
c3:4b:fc:8c:ec:48:f9:de:9b:9c:56:0c:07:65:91:aa:dd:3a:
73:4c:f5:f4:0e:69:14:83:7c:7d:2c:66:bc:4e:dd:25:b4:f9:
0e:0a:6d:40:fb:23:a7:f1:1f:5c:e9:f5:7a:2c:fe:e3:81:d4:
63:2a:ce:fe:9c:90:d3:d7:87:c5:40:0e:4d:b3:7d:c7:fc:fb:
ef:6a:f2:3f:22:f3:ff:20:c9:00:51:5d:1d:d8:54:ff:92:e2:
1a:a0:0f:9e:e5:ac:fd:79:38:1d:13:95:14:f5:2f:c2:bb:27:
7a:e9:09:63:a3:6d:5a:d3:4d:c4:eb:c3:a4:45:39:a6:b5:82:
9e:fa:98:46:e5:42:93:29:e4:de:18:4b:00:f7:69:3f:7a:47:
9f:13:f5:8d:b6:3c:a2:6b:57:31:85:31:45:a0:06:97:1d:ba:
6c:6d:0e:58:e2:cb:01:a1:bc:d8:b8:a5:18:5f:e7:d8:86:c5:
51:44:6e:e3:af:de:35:b6:3c:a4:16:7f:6c:25:92:88:03:55:
0b:a9:87:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaierJP//4oLYRNPSChwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWY4ZThjMzM3MGY3YWRmN2QwZTk0YjA0NGM0OTFhMDMwYjBjMzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6hqcVyYGJkqyW3kfGpLnSYcR+68
Sk/oKBrCM8nWJMiit9g3rKyKRpnoouvIDrC5JIlB5jaHPUAveNq9ccSeUVGVOv2A
/8HlxGhCF/JTQN3wgPZ7bG/opnva8pueZaLBIJrfg8n3wNMuWogKp8WCyQ+RdYcf
wS+8Sy73XU6lDZDHU2INzcegU8UQ8NFYQMwW6AU6PEHE50kuTrnHTqjb1KRaExE6
V9AAOoYBF1jzmWzfs9z2Xh1E1UIYXKT+4uTFm5RFe6TpieSx8emYkgZEfDve0r3S
naE1fh0vO0GNnr37AhMuGJh7AuGE5L8xsvpPF2lXixdH0y6kbLRkfHKWGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO746MM3D3rffQ6UsETEkaAwsMM1MB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvN3Zqb3d6Y1BldDk5RHBTd1JNU1JvREN3d3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGWW+AMA0E
AgACMAcDBQAqAQDYMA0GCSqGSIb3DQEBCwUAA4IBAQBnS5vu+Yj6NwjcEhyxPp89
eLfALiQGw+ZyK+qc9GS8tuRtERITFBzYTNQPxOihvQiyh9vHolHDS/yM7Ej53puc
VgwHZZGq3TpzTPX0DmkUg3x9LGa8Tt0ltPkOCm1A+yOn8R9c6fV6LP7jgdRjKs7+
nJDT14fFQA5Ns33H/PvvavI/IvP/IMkAUV0d2FT/kuIaoA+e5az9eTgdE5UU9S/C
uyd66Qljo21a003E68OkRTmmtYKe+phG5UKTKeTeGEsA92k/ekefE/WNtjyia1cx
hTFFoAaXHbpsbQ5Y4ssBobzYuKUYX+fYhsVRRG7jr941tjykFn9sJZKIA1ULqYf1
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:01:24 2025 by rpki-client