Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/xEzkfssYjKevzeoOO5X4YoPlUEM.roa
File: xEzkfssYjKevzeoOO5X4YoPlUEM.roa (raw, json)
Hash identifier: XVhmZzjA2lTx9NfBnhkKpr5elG5hNpASyKi7U0uFnvQ=
Subject key identifier: C4:4C:E4:7E:CB:18:8C:A7:AF:CD:EA:0E:3B:95:F8:62:83:E5:50:43
Certificate issuer: /CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Certificate serial: 0194228E1DAB4CDC0505702C4D35433EDFD5
Authority key identifier: 42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/xEzkfssYjKevzeoOO5X4YoPlUEM.roa
Signing time: Wed 01 Jan 2025 15:48:46 +0000
ROA not before: Wed 01 Jan 2025 15:48:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197580
IP address blocks: 46.245.136.0/21 maxlen: 21
83.174.148.0/22 maxlen: 22
83.174.152.0/21 maxlen: 21
185.42.208.0/22 maxlen: 22
185.254.216.0/22 maxlen: 22
2a01:6320::/32 maxlen: 32
2a05:dec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 18:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:1d:ab:4c:dc:05:05:70:2c:4d:35:43:3e:df:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Validity
Not Before: Jan 1 15:48:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c44ce47ecb188ca7afcdea0e3b95f86283e55043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:1a:e9:57:2a:af:d7:54:3e:65:d0:ad:f5:bb:
08:a6:05:4d:9b:8e:63:29:04:ea:87:44:14:79:b3:
38:0b:70:cf:50:dc:9e:7c:76:62:18:dc:07:2e:76:
9b:01:b9:2a:8a:f4:d0:da:e0:c1:0e:a3:c0:52:ad:
a4:a1:24:cf:65:2a:e7:b5:fe:e7:44:e9:cd:e4:87:
c6:59:9c:bf:0d:a1:6c:e1:27:a6:84:32:5a:2e:4c:
b9:17:d8:bb:0f:ed:e3:e8:09:e0:a4:41:cf:c2:1a:
a5:93:19:e4:44:6c:43:e9:c3:18:4f:90:7c:3e:1e:
a6:f6:ec:2e:b3:b7:3f:92:cd:db:64:14:05:33:e8:
8f:bf:f7:32:30:0b:e8:cc:f6:e7:fc:95:57:d0:7b:
aa:96:7d:18:b9:dd:52:b7:ef:ee:6d:c7:3f:76:d9:
b4:af:70:85:89:28:7b:b2:c2:46:46:4e:4f:42:27:
a1:e7:f5:a0:ec:ae:26:a5:7b:20:82:56:a9:f3:67:
ea:82:b4:e8:a3:88:2c:ed:e6:d0:be:9d:ca:7b:f1:
88:48:a7:3e:44:c9:5f:79:a3:66:84:c2:b1:77:0a:
3d:70:14:25:55:3e:b2:1d:83:4f:53:fd:0e:e3:c1:
d4:18:dc:e4:11:00:cf:2e:e8:12:4f:07:17:b3:c9:
bc:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:4C:E4:7E:CB:18:8C:A7:AF:CD:EA:0E:3B:95:F8:62:83:E5:50:43
X509v3 Authority Key Identifier:
keyid:42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/xEzkfssYjKevzeoOO5X4YoPlUEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.245.136.0/21
83.174.148.0-83.174.159.255
185.42.208.0/22
185.254.216.0/22
IPv6:
2a01:6320::/32
2a05:dec0::/29
Signature Algorithm: sha256WithRSAEncryption
11:df:b0:f8:cc:bd:2f:06:ed:aa:f4:8b:7d:97:a2:52:48:dc:
f7:4c:08:f4:7e:ec:82:96:2a:c9:39:94:de:36:31:62:48:a2:
c7:53:92:5a:0f:8e:93:3a:b1:ff:9f:08:29:c2:1e:c7:36:c3:
58:15:bf:bc:fb:3d:09:27:4d:3a:8f:9e:79:b6:73:2e:ef:fd:
ec:4a:f1:49:3d:4b:1a:b2:e6:3b:c0:a2:d4:db:16:ee:d8:dd:
10:68:6d:9e:b2:5c:a3:29:51:82:d3:d2:9a:9a:44:16:32:52:
2c:17:e0:15:75:d0:0f:dc:8c:dc:7f:25:56:e5:4b:40:0c:2e:
3a:fa:bd:9b:51:a8:dc:eb:7b:82:0c:ed:a2:a4:99:e8:14:f6:
d0:b3:a3:3c:b4:66:16:5a:98:eb:83:e3:0b:cf:a0:8e:e5:0c:
b1:78:01:99:63:ce:2e:0a:2e:f7:af:8d:68:1a:b1:55:26:9d:
0c:1c:5a:4a:e4:e8:15:0e:dd:26:d9:17:06:64:99:70:36:c7:
79:d4:a0:2c:fe:57:fc:79:a7:d7:4c:9b:30:7a:f2:86:45:2c:
19:57:77:d6:bd:dd:2c:ca:91:7d:1d:28:af:33:1d:88:60:a9:
5b:fd:c0:52:21:37:c5:e7:5d:d1:8f:71:0a:7f:43:01:95:e0:
e8:2e:47:35
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQijh2rTNwFBXAsTTVDPt/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWJhZTk4OTg5OGQ5NDAyNDI0YWFkYWZiYjQ3YzNhNmQ0
YzI1YjMwHhcNMjUwMTAxMTU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRjZTQ3ZWNiMTg4Y2E3YWZjZGVhMGUzYjk1Zjg2MjgzZTU1MDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hrpVyqv11Q+ZdCt9bsIpgVNm45j
KQTqh0QUebM4C3DPUNyefHZiGNwHLnabAbkqivTQ2uDBDqPAUq2koSTPZSrntf7n
ROnN5IfGWZy/DaFs4SemhDJaLky5F9i7D+3j6AngpEHPwhqlkxnkRGxD6cMYT5B8
Ph6m9uwus7c/ks3bZBQFM+iPv/cyMAvozPbn/JVX0Huqln0Yud1St+/ubcc/dtm0
r3CFiSh7ssJGRk5PQieh5/Wg7K4mpXsgglap82fqgrToo4gs7ebQvp3Ke/GISKc+
RMlfeaNmhMKxdwo9cBQlVT6yHYNPU/0O48HUGNzkEQDPLugSTwcXs8m8EQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMRM5H7LGIynr83qDjuV+GKD5VBDMB8GA1UdIwQY
MBaAFEIbrpiYmNlAJCSq2vu0fDptTCWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUt
NjdlZmNiM2Q4NmZlLzEveEV6a2Zzc1lqS2V2emVvT081WDRZb1BsVUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUtNjdlZmNiM2Q4NmZl
LzEvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgAwQDLvWIMAwD
BAJTrpQDBAVTroADBAK5KtADBAK5/tgwFAQCAAIwDgMFACoBYyADBQMqBd7AMA0G
CSqGSIb3DQEBCwUAA4IBAQAR37D4zL0vBu2q9It9l6JSSNz3TAj0fuyClirJOZTe
NjFiSKLHU5JaD46TOrH/nwgpwh7HNsNYFb+8+z0JJ006j555tnMu7/3sSvFJPUsa
suY7wKLU2xbu2N0QaG2eslyjKVGC09KamkQWMlIsF+AVddAP3IzcfyVW5UtADC46
+r2bUajc63uCDO2ipJnoFPbQs6M8tGYWWpjrg+MLz6CO5QyxeAGZY84uCi73r41o
GrFVJp0MHFpK5OgVDt0m2RcGZJlwNsd51KAs/lf8eafXTJswevKGRSwZV3fWvd0s
ypF9HSivMx2IYKlb/cBSITfF513Rj3EKf0MBleDoLkc1
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:12:39 2025 by rpki-client