Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/IopWMeRqXOypB_fRacr3ZaxFtQI.roa
File: IopWMeRqXOypB_fRacr3ZaxFtQI.roa (raw, json)
Hash identifier: FppOmUQRJ7eFBYEwXngpnxhSpl+Hc5qsOfWlbbkaJzw=
Subject key identifier: 22:8A:56:31:E4:6A:5C:EC:A9:07:F7:D1:69:CA:F7:65:AC:45:B5:02
Certificate issuer: /CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Certificate serial: 019420D5DD9404C3FB20A47F31AE6662257C
Authority key identifier: 59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/IopWMeRqXOypB_fRacr3ZaxFtQI.roa
Signing time: Wed 01 Jan 2025 07:47:54 +0000
ROA not before: Wed 01 Jan 2025 07:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16236
IP address blocks: 194.104.188.0/24 maxlen: 24
194.104.189.0/24 maxlen: 24
194.104.190.0/24 maxlen: 24
194.104.191.0/24 maxlen: 24
2a00:ec20::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.mft
rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 22:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:dd:94:04:c3:fb:20:a4:7f:31:ae:66:62:25:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Validity
Not Before: Jan 1 07:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=228a5631e46a5ceca907f7d169caf765ac45b502
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f1:20:79:14:57:2e:39:d7:0c:a5:79:94:4e:
19:6b:0d:dd:76:de:32:b8:11:27:b8:03:6b:02:32:
4b:41:16:39:29:8f:a2:17:be:55:ed:75:23:09:49:
02:ee:fe:df:96:9e:cc:27:56:4f:58:e7:04:aa:41:
72:da:94:7f:8c:c9:0a:84:e0:0c:e9:5b:ad:ac:88:
c4:ef:60:28:6f:87:61:b3:dc:52:d2:32:f0:82:28:
3a:84:00:e8:09:37:82:e9:ba:46:4c:dd:a0:32:2c:
98:31:b0:ec:27:ba:a3:61:cd:8c:0a:42:0e:36:31:
0b:cc:b0:0c:97:d9:7c:99:ce:d2:82:c1:32:d4:a6:
52:2a:53:09:bd:47:9a:84:7c:61:c8:5b:e2:0d:05:
f0:b8:83:ac:ea:44:4f:a9:b5:de:3c:f5:8e:f9:6a:
80:d7:05:92:38:85:71:6c:3d:ad:f9:e8:30:ac:76:
a1:e2:41:ea:6b:b4:64:d7:86:e9:2a:f4:fa:e8:3b:
32:92:dc:0c:b0:1b:dd:eb:ab:f7:09:00:89:4c:ad:
ee:55:1f:c5:1b:43:71:8f:5a:0d:91:cf:5d:fe:52:
bc:f0:f4:68:b7:ea:23:60:c7:70:13:de:20:9f:1e:
8f:75:c1:dd:aa:fc:00:19:c1:a0:35:f4:36:09:13:
e9:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:8A:56:31:E4:6A:5C:EC:A9:07:F7:D1:69:CA:F7:65:AC:45:B5:02
X509v3 Authority Key Identifier:
keyid:59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/IopWMeRqXOypB_fRacr3ZaxFtQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.104.188.0/22
IPv6:
2a00:ec20::/32
Signature Algorithm: sha256WithRSAEncryption
78:ff:bb:3b:a0:09:49:33:64:65:ac:a7:b4:3e:86:99:0b:12:
f2:c5:99:20:a5:fa:a1:26:21:37:12:19:71:06:67:95:2f:59:
25:03:b7:56:21:ab:40:d1:c8:4e:84:c6:56:9e:57:aa:1b:29:
09:98:eb:2f:57:a5:45:5e:02:60:bb:b8:d3:a9:ce:3e:53:5b:
b2:50:3f:c8:04:f9:01:20:55:7a:b0:d2:46:b5:14:72:73:97:
28:77:7d:08:c7:cf:48:66:dc:da:ca:b4:36:3f:c4:aa:79:25:
89:81:fe:10:8b:1c:21:19:e6:62:1d:c6:a1:78:e3:a6:77:7a:
96:fd:37:a5:9c:01:a5:92:0a:30:5a:a8:58:ee:31:3d:4e:96:
9f:e9:f8:59:a0:d8:46:9d:30:c5:d9:77:62:e3:da:b6:eb:6f:
97:99:97:ff:08:15:c7:6d:25:9a:40:c3:c2:c5:2b:1b:1c:b9:
c7:0f:75:3c:d8:e4:bb:be:79:9c:ed:f1:6d:15:d0:88:96:1d:
5e:4b:ea:43:2f:d4:58:cb:4d:9c:e5:a9:b5:52:bd:21:9e:20:
b2:75:02:b0:e6:4a:7c:87:66:9e:43:0f:c9:be:0b:ea:ba:29:
07:4d:6e:df:e2:79:86:e4:bb:e5:b3:e1:a3:92:af:1d:6e:9d:
8b:fa:ce:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1d2UBMP7IKR/Ma5mYiV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NDliMzFlYmI2ZTRjYmJkMGNjNzcwY2M2ZjRkNTBmNzhm
MGViN2IwHhcNMjUwMTAxMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjhhNTYzMWU0NmE1Y2VjYTkwN2Y3ZDE2OWNhZjc2NWFjNDViNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvEgeRRXLjnXDKV5lE4Zaw3ddt4y
uBEnuANrAjJLQRY5KY+iF75V7XUjCUkC7v7flp7MJ1ZPWOcEqkFy2pR/jMkKhOAM
6VutrIjE72Aob4dhs9xS0jLwgig6hADoCTeC6bpGTN2gMiyYMbDsJ7qjYc2MCkIO
NjELzLAMl9l8mc7SgsEy1KZSKlMJvUeahHxhyFviDQXwuIOs6kRPqbXePPWO+WqA
1wWSOIVxbD2t+egwrHah4kHqa7Rk14bpKvT66DsyktwMsBvd66v3CQCJTK3uVR/F
G0Nxj1oNkc9d/lK88PRot+ojYMdwE94gnx6PdcHdqvwAGcGgNfQ2CRPpbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCKKVjHkalzsqQf30WnK92WsRbUCMB8GA1UdIwQY
MBaAFFlJsx67bky70Mx3DMb01Q948Ot7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTkt
MzE4MGFlNDI3NGYzLzEvSW9wV01lUnFYT3lwQl9mUmFjcjNaYXhGdFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTktMzE4MGFlNDI3NGYz
LzEvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwmi8MA0E
AgACMAcDBQAqAOwgMA0GCSqGSIb3DQEBCwUAA4IBAQB4/7s7oAlJM2RlrKe0PoaZ
CxLyxZkgpfqhJiE3EhlxBmeVL1klA7dWIatA0chOhMZWnleqGykJmOsvV6VFXgJg
u7jTqc4+U1uyUD/IBPkBIFV6sNJGtRRyc5cod30Ix89IZtzayrQ2P8SqeSWJgf4Q
ixwhGeZiHcaheOOmd3qW/TelnAGlkgowWqhY7jE9Tpaf6fhZoNhGnTDF2Xdi49q2
62+XmZf/CBXHbSWaQMPCxSsbHLnHD3U82OS7vnmc7fFtFdCIlh1eS+pDL9RYy02c
5am1Ur0hniCydQKw5kp8h2aeQw/JvgvquikHTW7f4nmG5Lvls+Gjkq8dbp2L+s7z
-----END CERTIFICATE-----
Generated at Sat Apr 19 06:46:45 2025 by rpki-client