Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/hBvLKP5ixrQ0yB2qI1fJnI3xUfo.roa
File: hBvLKP5ixrQ0yB2qI1fJnI3xUfo.roa (raw, json)
Hash identifier: i0IaWEblK+pRuW5nqjbRL2Vkq0LREWGYkXklug1G2BI=
Subject key identifier: 84:1B:CB:28:FE:62:C6:B4:34:C8:1D:AA:23:57:C9:9C:8D:F1:51:FA
Certificate issuer: /CN=096e293ba380dcc75f00106443668f51002555b7
Certificate serial: 01941F8C9F03A29CD3A6D593C2D8195DA8DD
Authority key identifier: 09:6E:29:3B:A3:80:DC:C7:5F:00:10:64:43:66:8F:51:00:25:55:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CW4pO6OA3MdfABBkQ2aPUQAlVbc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/hBvLKP5ixrQ0yB2qI1fJnI3xUfo.roa
Signing time: Wed 01 Jan 2025 01:48:16 +0000
ROA not before: Wed 01 Jan 2025 01:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60435
IP address blocks: 45.157.4.0/24 maxlen: 24
45.157.5.0/24 maxlen: 24
45.157.6.0/24 maxlen: 24
185.29.16.0/24 maxlen: 24
185.29.17.0/24 maxlen: 24
185.29.18.0/24 maxlen: 24
185.29.19.0/24 maxlen: 24
193.242.154.0/24 maxlen: 24
2a00:a360::/32 maxlen: 32
2a00:a362::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/CW4pO6OA3MdfABBkQ2aPUQAlVbc.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/CW4pO6OA3MdfABBkQ2aPUQAlVbc.mft
rsync://rpki.ripe.net/repository/DEFAULT/CW4pO6OA3MdfABBkQ2aPUQAlVbc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 13:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:9f:03:a2:9c:d3:a6:d5:93:c2:d8:19:5d:a8:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=096e293ba380dcc75f00106443668f51002555b7
Validity
Not Before: Jan 1 01:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=841bcb28fe62c6b434c81daa2357c99c8df151fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:39:fd:1e:a2:39:fd:ac:c7:ca:84:db:a0:05:
78:de:fd:13:03:df:db:53:8d:8e:9a:8a:20:5a:6c:
50:78:e4:d9:da:de:e5:8e:d8:ed:83:52:03:40:fd:
b0:01:73:8c:0d:53:a5:47:eb:d1:47:13:2b:e1:f8:
90:db:23:17:04:64:6d:d8:27:41:7b:48:dd:23:9f:
bb:79:30:e8:8c:71:21:b6:41:41:0a:c8:17:b1:a9:
a1:a7:9d:ab:a8:a7:b3:98:b8:7e:9e:bf:b5:84:bb:
4e:1a:67:49:d7:3d:87:ad:ea:d9:ee:7c:39:94:fb:
eb:25:4f:d6:02:95:41:4b:04:ec:60:bb:04:2d:74:
28:9e:84:a3:08:1b:c3:b8:3e:18:6b:e8:f5:cc:1d:
2c:40:b6:79:ff:a3:2f:20:6c:ff:65:5e:d5:9d:cf:
65:5c:e2:a6:03:35:2f:a0:95:6c:81:5c:d3:2c:35:
f4:53:23:ce:09:8d:cf:a5:72:fb:ed:24:95:73:eb:
10:9b:55:67:84:7a:e4:b9:09:1d:a3:df:49:05:f1:
11:54:92:2a:4e:33:76:54:df:b0:7a:3d:ab:ae:24:
6d:33:27:24:07:a2:cd:60:59:70:be:15:70:ef:7e:
8f:6d:6a:7e:2e:08:8d:83:f1:6e:25:52:d5:fd:e1:
46:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:1B:CB:28:FE:62:C6:B4:34:C8:1D:AA:23:57:C9:9C:8D:F1:51:FA
X509v3 Authority Key Identifier:
keyid:09:6E:29:3B:A3:80:DC:C7:5F:00:10:64:43:66:8F:51:00:25:55:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CW4pO6OA3MdfABBkQ2aPUQAlVbc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/hBvLKP5ixrQ0yB2qI1fJnI3xUfo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bdaeb7-52d5-49ff-9a4b-df05d489da17/1/CW4pO6OA3MdfABBkQ2aPUQAlVbc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.4.0-45.157.6.255
185.29.16.0/22
193.242.154.0/24
IPv6:
2a00:a360::/32
2a00:a362::/32
Signature Algorithm: sha256WithRSAEncryption
71:61:0f:a2:3c:40:b1:56:02:ae:e0:de:86:d8:86:b1:d9:07:
6f:47:67:d7:5b:58:09:28:83:a5:34:61:29:d6:e3:25:ee:f5:
8a:67:2c:56:96:bf:e9:25:0d:cc:df:0c:6d:58:c6:f0:8c:49:
3f:e9:62:51:35:72:ff:b1:1e:b7:c2:db:ff:e9:a6:14:fd:31:
6e:0d:39:63:ed:57:e3:0d:61:ef:12:e6:ad:9f:ab:80:56:6c:
0d:b0:58:3e:d9:04:7b:08:b7:91:ef:6e:c4:97:26:7c:57:24:
7c:ad:7b:c5:14:a2:34:05:fa:c9:2d:a8:0b:0d:f3:fe:92:08:
a3:7c:74:9f:8c:02:78:22:df:8a:f9:92:0c:26:63:22:e2:53:
f6:e9:61:51:21:f3:2f:55:8c:85:4b:1c:f5:a7:87:4f:d3:65:
4e:d0:21:cb:fa:05:f9:77:c1:15:6c:31:58:f4:3b:0f:0d:a2:
cb:ad:07:90:8d:b6:e2:0d:6d:ec:64:a3:e2:3e:c6:cd:2c:a4:
58:c7:2c:45:0f:5c:56:b1:61:6e:20:7f:39:b1:da:71:1c:64:
73:87:78:cc:48:c7:0c:d9:6c:a6:f2:cf:89:29:16:e8:e6:1c:
4d:e2:06:3a:c9:60:ae:fd:94:d5:ab:00:37:8c:fe:bd:f1:3b:
60:0d:f9:ea
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQfjJ8DopzTptWTwtgZXajdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NmUyOTNiYTM4MGRjYzc1ZjAwMTA2NDQzNjY4ZjUxMDAy
NTU1YjcwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDFiY2IyOGZlNjJjNmI0MzRjODFkYWEyMzU3Yzk5YzhkZjE1MWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTn9HqI5/azHyoTboAV43v0TA9/b
U42OmoogWmxQeOTZ2t7ljtjtg1IDQP2wAXOMDVOlR+vRRxMr4fiQ2yMXBGRt2CdB
e0jdI5+7eTDojHEhtkFBCsgXsamhp52rqKezmLh+nr+1hLtOGmdJ1z2HrerZ7nw5
lPvrJU/WApVBSwTsYLsELXQonoSjCBvDuD4Ya+j1zB0sQLZ5/6MvIGz/ZV7Vnc9l
XOKmAzUvoJVsgVzTLDX0UyPOCY3PpXL77SSVc+sQm1VnhHrkuQkdo99JBfERVJIq
TjN2VN+wej2rriRtMyckB6LNYFlwvhVw736PbWp+LgiNg/FuJVLV/eFGZQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIQbyyj+Ysa0NMgdqiNXyZyN8VH6MB8GA1UdIwQY
MBaAFAluKTujgNzHXwAQZENmj1EAJVW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1c0cE82T0EzTWRmQUJCa1EyYVBVUUFsVmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iZGFlYjctNTJkNS00OWZmLTlhNGIt
ZGYwNWQ0ODlkYTE3LzEvaEJ2TEtQNWl4clEweUIycUkxZkpuSTN4VWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iZGFlYjctNTJkNS00OWZmLTlhNGItZGYwNWQ0ODlkYTE3
LzEvQ1c0cE82T0EzTWRmQUJCa1EyYVBVUUFsVmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAgBAIAATAaMAwDBAItnQQD
BAAtnQYDBAK5HRADBADB8powFAQCAAIwDgMFACoAo2ADBQAqAKNiMA0GCSqGSIb3
DQEBCwUAA4IBAQBxYQ+iPECxVgKu4N6G2Iax2QdvR2fXW1gJKIOlNGEp1uMl7vWK
ZyxWlr/pJQ3M3wxtWMbwjEk/6WJRNXL/sR63wtv/6aYU/TFuDTlj7VfjDWHvEuat
n6uAVmwNsFg+2QR7CLeR727ElyZ8VyR8rXvFFKI0BfrJLagLDfP+kgijfHSfjAJ4
It+K+ZIMJmMi4lP26WFRIfMvVYyFSxz1p4dP02VO0CHL+gX5d8EVbDFY9DsPDaLL
rQeQjbbiDW3sZKPiPsbNLKRYxyxFD1xWsWFuIH85sdpxHGRzh3jMSMcM2Wym8s+J
KRbo5hxN4gY6yWCu/ZTVqwA3jP698TtgDfnq
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:11:25 2025 by rpki-client