Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/0f71f3-7e13-4713-b232-7454a19d32d1/1/CaD8SfEdywooETv97hW1lj5NkpI.roa
File: CaD8SfEdywooETv97hW1lj5NkpI.roa (raw, json)
Hash identifier: dNHQXwrYM02G5vgMbWxu9GN4iMzITZjOe38V63Kd+Zg=
Subject key identifier: 09:A0:FC:49:F1:1D:CB:0A:28:11:3B:FD:EE:15:B5:96:3E:4D:92:92
Certificate issuer: /CN=1678b49f9ae25f1e127534b1915044ac7d0d9e73
Certificate serial: 0194228E25ECBD778B4D3B4DF1435D66A784
Authority key identifier: 16:78:B4:9F:9A:E2:5F:1E:12:75:34:B1:91:50:44:AC:7D:0D:9E:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Fni0n5riXx4SdTSxkVBErH0NnnM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/0f71f3-7e13-4713-b232-7454a19d32d1/1/CaD8SfEdywooETv97hW1lj5NkpI.roa
Signing time: Wed 01 Jan 2025 15:48:48 +0000
ROA not before: Wed 01 Jan 2025 15:48:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48095
IP address blocks: 147.78.52.0/23 maxlen: 23
147.78.54.0/23 maxlen: 23
185.223.40.0/22 maxlen: 22
185.226.80.0/22 maxlen: 22
185.249.236.0/22 maxlen: 22
193.37.52.0/23 maxlen: 23
193.37.54.0/23 maxlen: 23
193.38.240.0/23 maxlen: 23
193.38.242.0/23 maxlen: 23
194.26.176.0/22 maxlen: 22
194.55.80.0/22 maxlen: 22
194.93.36.0/23 maxlen: 23
194.93.38.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d8/0f71f3-7e13-4713-b232-7454a19d32d1/1/Fni0n5riXx4SdTSxkVBErH0NnnM.crl
rsync://rpki.ripe.net/repository/DEFAULT/d8/0f71f3-7e13-4713-b232-7454a19d32d1/1/Fni0n5riXx4SdTSxkVBErH0NnnM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Fni0n5riXx4SdTSxkVBErH0NnnM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:28:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:25:ec:bd:77:8b:4d:3b:4d:f1:43:5d:66:a7:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1678b49f9ae25f1e127534b1915044ac7d0d9e73
Validity
Not Before: Jan 1 15:48:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09a0fc49f11dcb0a28113bfdee15b5963e4d9292
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:cb:24:6a:60:11:a0:f1:64:02:64:ab:53:9c:
c4:e4:2b:ca:40:7c:e2:ea:f8:a4:2e:e4:87:d3:c3:
92:56:49:4f:df:e5:bf:b8:bb:31:fe:ca:bb:27:bb:
76:29:ee:cd:97:20:e6:d2:7f:62:29:fc:77:15:e8:
6e:27:29:79:fc:75:e1:01:e8:3f:20:b2:c5:f7:bb:
b0:d2:76:8d:87:0a:74:76:76:f3:62:84:1e:27:19:
39:36:53:f0:e7:86:d7:03:75:28:37:b0:10:53:c0:
13:6d:ac:77:64:17:3d:74:59:df:91:4e:57:04:80:
f5:03:e7:d0:3c:a9:1c:94:47:55:b3:cb:28:f6:58:
6c:6f:97:5a:6d:46:2e:74:7d:5c:6c:02:9c:90:1a:
1a:df:13:a1:79:10:71:79:6e:73:04:3b:e1:28:ab:
2f:24:09:d4:e1:b4:71:56:d3:1f:da:e4:1f:cd:73:
af:f8:1e:3e:a1:37:04:5b:07:4d:f1:eb:a4:1a:ff:
35:3b:e2:b4:cb:74:64:36:5a:11:88:93:06:a2:5b:
2c:74:16:72:d9:cc:93:c3:47:b8:88:dc:2e:4d:ca:
38:95:c7:b3:78:a1:15:87:69:13:6b:d7:e9:08:b8:
8a:43:2f:3d:62:d7:28:c7:3c:19:84:16:75:ec:f7:
16:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:A0:FC:49:F1:1D:CB:0A:28:11:3B:FD:EE:15:B5:96:3E:4D:92:92
X509v3 Authority Key Identifier:
keyid:16:78:B4:9F:9A:E2:5F:1E:12:75:34:B1:91:50:44:AC:7D:0D:9E:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fni0n5riXx4SdTSxkVBErH0NnnM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/0f71f3-7e13-4713-b232-7454a19d32d1/1/CaD8SfEdywooETv97hW1lj5NkpI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/0f71f3-7e13-4713-b232-7454a19d32d1/1/Fni0n5riXx4SdTSxkVBErH0NnnM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.78.52.0/22
185.223.40.0/22
185.226.80.0/22
185.249.236.0/22
193.37.52.0/22
193.38.240.0/22
194.26.176.0/22
194.55.80.0/22
194.93.36.0/22
Signature Algorithm: sha256WithRSAEncryption
92:b9:a7:5e:60:62:10:64:2e:3b:d1:2c:bd:fa:dc:8c:47:c9:
30:1d:c1:67:d3:d7:64:e4:2b:50:ac:a4:49:67:c6:a2:e6:15:
2d:90:cf:b4:2a:19:1e:a6:4c:a8:c6:63:be:aa:c9:90:d2:65:
f1:74:ab:89:b0:79:a9:15:fc:b7:3e:25:60:18:21:c5:48:da:
f1:73:18:71:0b:96:4d:c0:36:64:1c:da:01:6d:c7:ac:99:02:
4a:04:e0:a2:17:53:6d:93:82:48:a0:b1:30:86:2c:91:61:60:
54:4a:d3:27:04:6f:01:53:80:0a:ee:18:df:77:93:ba:e3:fe:
69:7f:90:01:ba:7b:40:05:95:8e:10:f8:86:51:7d:f2:5e:22:
7e:da:c8:7d:49:fc:8c:56:04:97:15:13:be:d1:db:84:9c:f1:
83:78:21:54:b9:2a:95:60:f1:eb:36:cd:1c:76:77:75:d2:6a:
49:14:04:f1:ad:9b:99:4d:21:a9:dd:0a:38:4c:8e:fb:15:8b:
0f:07:2d:0c:4f:63:6d:3a:e1:44:20:37:28:04:f6:ac:9a:1c:
2a:57:ff:4c:ac:59:b1:55:45:27:70:1a:df:6c:2f:8f:4b:93:
55:ab:2c:31:8f:40:82:2a:f4:14:9c:0b:e0:92:b4:e9:e4:79:
ac:41:0e:03
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQijiXsvXeLTTtN8UNdZqeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NzhiNDlmOWFlMjVmMWUxMjc1MzRiMTkxNTA0NGFjN2Qw
ZDllNzMwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWEwZmM0OWYxMWRjYjBhMjgxMTNiZmRlZTE1YjU5NjNlNGQ5MjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cskamARoPFkAmSrU5zE5CvKQHzi
6vikLuSH08OSVklP3+W/uLsx/sq7J7t2Ke7NlyDm0n9iKfx3FehuJyl5/HXhAeg/
ILLF97uw0naNhwp0dnbzYoQeJxk5NlPw54bXA3UoN7AQU8ATbax3ZBc9dFnfkU5X
BID1A+fQPKkclEdVs8so9lhsb5dabUYudH1cbAKckBoa3xOheRBxeW5zBDvhKKsv
JAnU4bRxVtMf2uQfzXOv+B4+oTcEWwdN8eukGv81O+K0y3RkNloRiJMGolssdBZy
2cyTw0e4iNwuTco4lcezeKEVh2kTa9fpCLiKQy89YtcoxzwZhBZ17PcWvQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAmg/EnxHcsKKBE7/e4VtZY+TZKSMB8GA1UdIwQY
MBaAFBZ4tJ+a4l8eEnU0sZFQRKx9DZ5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm5pMG41cmlYeDRTZFRTeGtWQkVySDBObm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8wZjcxZjMtN2UxMy00NzEzLWIyMzIt
NzQ1NGExOWQzMmQxLzEvQ2FEOFNmRWR5d29vRVR2OTdoVzFsajVOa3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8wZjcxZjMtN2UxMy00NzEzLWIyMzItNzQ1NGExOWQzMmQx
LzEvRm5pMG41cmlYeDRTZFRTeGtWQkVySDBObm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCk040AwQC
ud8oAwQCueJQAwQCufnsAwQCwSU0AwQCwSbwAwQCwhqwAwQCwjdQAwQCwl0kMA0G
CSqGSIb3DQEBCwUAA4IBAQCSuadeYGIQZC470Sy9+tyMR8kwHcFn09dk5CtQrKRJ
Z8ai5hUtkM+0KhkepkyoxmO+qsmQ0mXxdKuJsHmpFfy3PiVgGCHFSNrxcxhxC5ZN
wDZkHNoBbcesmQJKBOCiF1Ntk4JIoLEwhiyRYWBUStMnBG8BU4AK7hjfd5O64/5p
f5ABuntABZWOEPiGUX3yXiJ+2sh9SfyMVgSXFRO+0duEnPGDeCFUuSqVYPHrNs0c
dnd10mpJFATxrZuZTSGp3Qo4TI77FYsPBy0MT2NtOuFEIDcoBPasmhwqV/9MrFmx
VUUncBrfbC+PS5NVqywxj0CCKvQUnAvgkrTp5HmsQQ4D
-----END CERTIFICATE-----
Generated at Mon Apr 7 16:58:44 2025 by rpki-client