Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/cdbb49-57c5-454f-9b05-e65292158f43/1/t4J82APsmp_R6OEftpBkDV2egNw.roa
File: t4J82APsmp_R6OEftpBkDV2egNw.roa (raw, json)
Hash identifier: 8zX3Us/+jsPS0B0DI0Wm7LbIZB+zrk1lXmg8uqQiqvY=
Subject key identifier: B7:82:7C:D8:03:EC:9A:9F:D1:E8:E1:1F:B6:90:64:0D:5D:9E:80:DC
Certificate issuer: /CN=7aa812372b83a5e0c9fca15a552bb63638a3827d
Certificate serial: 01942067D789886EDF4EFF39AD8BB0A975D0
Authority key identifier: 7A:A8:12:37:2B:83:A5:E0:C9:FC:A1:5A:55:2B:B6:36:38:A3:82:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eqgSNyuDpeDJ_KFaVSu2Njijgn0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/cdbb49-57c5-454f-9b05-e65292158f43/1/t4J82APsmp_R6OEftpBkDV2egNw.roa
Signing time: Wed 01 Jan 2025 05:47:43 +0000
ROA not before: Wed 01 Jan 2025 05:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35399
IP address blocks: 87.236.56.0/21 maxlen: 21
87.236.56.0/22 maxlen: 22
87.236.56.0/24 maxlen: 24
87.236.57.0/24 maxlen: 24
87.236.58.0/24 maxlen: 24
87.236.59.0/24 maxlen: 24
87.236.60.0/22 maxlen: 22
87.236.60.0/24 maxlen: 24
87.236.61.0/24 maxlen: 24
87.236.62.0/24 maxlen: 24
87.236.63.0/24 maxlen: 24
2a03:b300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/cdbb49-57c5-454f-9b05-e65292158f43/1/eqgSNyuDpeDJ_KFaVSu2Njijgn0.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/cdbb49-57c5-454f-9b05-e65292158f43/1/eqgSNyuDpeDJ_KFaVSu2Njijgn0.mft
rsync://rpki.ripe.net/repository/DEFAULT/eqgSNyuDpeDJ_KFaVSu2Njijgn0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:d7:89:88:6e:df:4e:ff:39:ad:8b:b0:a9:75:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7aa812372b83a5e0c9fca15a552bb63638a3827d
Validity
Not Before: Jan 1 05:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b7827cd803ec9a9fd1e8e11fb690640d5d9e80dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ae:48:d5:fa:89:20:d3:96:58:ca:fb:4e:13:
f8:8f:3c:4e:d4:f5:72:8f:ed:7e:7f:ba:2a:f0:93:
a5:c0:20:6a:67:c7:ec:66:34:c5:bf:6a:3b:86:83:
4c:c3:f5:a8:e8:80:77:b6:f1:af:6f:ff:63:e9:73:
ab:6f:49:6f:a0:36:c0:e5:15:e5:fe:77:8f:22:10:
51:fb:74:85:ea:78:ae:ce:74:07:03:4d:ab:af:ce:
06:54:5c:bf:04:3a:b6:9c:7f:48:61:8e:49:11:a8:
f0:9d:74:af:5a:b1:41:9a:ce:96:b1:cd:4c:3f:13:
78:e2:f7:59:0b:85:85:96:fb:2e:fd:4b:47:4d:20:
33:48:56:fd:e0:a4:0a:71:7a:e7:a1:58:86:55:3f:
eb:4d:82:5c:6c:2e:e0:95:6a:e7:61:f0:0c:36:cb:
5d:f5:da:68:ca:aa:e4:04:bd:d6:79:9f:7c:33:2e:
ea:44:9b:5a:f6:53:19:ab:52:1e:0a:b9:8f:4e:2d:
35:4d:2a:7b:27:0c:3c:7f:b0:19:12:e0:7a:c9:22:
b4:a2:2d:19:62:48:b0:04:af:a6:fc:ba:6f:29:a4:
9d:6f:18:c9:af:88:af:18:71:34:5c:dc:83:9a:1d:
a7:91:3d:08:4b:b4:2a:bd:ad:de:08:b1:02:b4:15:
2d:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:82:7C:D8:03:EC:9A:9F:D1:E8:E1:1F:B6:90:64:0D:5D:9E:80:DC
X509v3 Authority Key Identifier:
keyid:7A:A8:12:37:2B:83:A5:E0:C9:FC:A1:5A:55:2B:B6:36:38:A3:82:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eqgSNyuDpeDJ_KFaVSu2Njijgn0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/cdbb49-57c5-454f-9b05-e65292158f43/1/t4J82APsmp_R6OEftpBkDV2egNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/cdbb49-57c5-454f-9b05-e65292158f43/1/eqgSNyuDpeDJ_KFaVSu2Njijgn0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.236.56.0/21
IPv6:
2a03:b300::/32
Signature Algorithm: sha256WithRSAEncryption
89:d9:df:98:45:4a:29:08:fe:d7:b1:b9:b9:60:0e:56:1b:b7:
0c:87:18:e6:50:a3:67:b2:b6:ae:00:70:ac:aa:4f:8a:b8:39:
71:dc:fe:2c:2b:e9:2f:9f:4e:50:dd:29:f1:82:05:0e:5a:86:
70:f8:1f:af:7d:e2:d6:fa:15:67:9c:62:d8:f3:96:a6:41:eb:
bd:0b:a2:7b:fd:25:ae:fa:06:25:66:47:0b:5f:10:99:7b:16:
48:bf:f2:ad:60:25:55:61:99:12:40:fa:03:87:b6:4a:10:f0:
9a:82:56:d4:61:30:1a:b5:f4:9c:df:47:1a:49:01:8e:18:8d:
3e:dc:ad:62:d5:b8:4f:55:44:95:db:5f:7f:f8:04:5d:d9:c4:
e3:71:18:4c:7f:82:c9:7b:e8:c6:23:8e:d3:a6:ef:dd:7b:f6:
7b:6e:78:3b:44:5a:40:29:00:63:69:85:1e:fc:70:12:2e:91:
88:4f:42:e9:91:2e:fa:46:4b:76:d9:b0:28:cd:f6:fc:fe:50:
c4:d9:43:1c:3d:81:75:b2:73:6a:59:bc:4c:71:93:e2:59:1c:
2b:4e:a7:ea:2c:70:ef:8e:99:c3:26:3b:d8:40:5c:e3:ad:ba:
c2:c4:da:ce:24:a4:7c:dd:82:95:74:58:18:cd:e7:cd:ee:a5:
da:6c:48:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ9eJiG7fTv85rYuwqXXQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYTgxMjM3MmI4M2E1ZTBjOWZjYTE1YTU1MmJiNjM2Mzhh
MzgyN2QwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzgyN2NkODAzZWM5YTlmZDFlOGUxMWZiNjkwNjQwZDVkOWU4MGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs65I1fqJINOWWMr7ThP4jzxO1PVy
j+1+f7oq8JOlwCBqZ8fsZjTFv2o7hoNMw/Wo6IB3tvGvb/9j6XOrb0lvoDbA5RXl
/nePIhBR+3SF6niuznQHA02rr84GVFy/BDq2nH9IYY5JEajwnXSvWrFBms6Wsc1M
PxN44vdZC4WFlvsu/UtHTSAzSFb94KQKcXrnoViGVT/rTYJcbC7glWrnYfAMNstd
9dpoyqrkBL3WeZ98My7qRJta9lMZq1IeCrmPTi01TSp7Jww8f7AZEuB6ySK0oi0Z
YkiwBK+m/LpvKaSdbxjJr4ivGHE0XNyDmh2nkT0IS7Qqva3eCLECtBUt0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLeCfNgD7Jqf0ejhH7aQZA1dnoDcMB8GA1UdIwQY
MBaAFHqoEjcrg6XgyfyhWlUrtjY4o4J9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXFnU055dURwZURKX0tGYVZTdTJOamlqZ24wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9jZGJiNDktNTdjNS00NTRmLTliMDUt
ZTY1MjkyMTU4ZjQzLzEvdDRKODJBUHNtcF9SNk9FZnRwQmtEVjJlZ053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9jZGJiNDktNTdjNS00NTRmLTliMDUtZTY1MjkyMTU4ZjQz
LzEvZXFnU055dURwZURKX0tGYVZTdTJOamlqZ24wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDV+w4MA0E
AgACMAcDBQAqA7MAMA0GCSqGSIb3DQEBCwUAA4IBAQCJ2d+YRUopCP7Xsbm5YA5W
G7cMhxjmUKNnsrauAHCsqk+KuDlx3P4sK+kvn05Q3SnxggUOWoZw+B+vfeLW+hVn
nGLY85amQeu9C6J7/SWu+gYlZkcLXxCZexZIv/KtYCVVYZkSQPoDh7ZKEPCaglbU
YTAatfSc30caSQGOGI0+3K1i1bhPVUSV219/+ARd2cTjcRhMf4LJe+jGI47Tpu/d
e/Z7bng7RFpAKQBjaYUe/HASLpGIT0LpkS76Rkt22bAozfb8/lDE2UMcPYF1snNq
WbxMcZPiWRwrTqfqLHDvjpnDJjvYQFzjrbrCxNrOJKR83YKVdFgYzefN7qXabEjq
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:04:10 2025 by rpki-client