Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/mgE4NAvl5a_fjijODt9d3QXoFWo.roa
File: mgE4NAvl5a_fjijODt9d3QXoFWo.roa (raw, json)
Hash identifier: U49USPjZ5W98U1upDeeRKhUCJZwO5RTn5SJ+Rro+7ys=
Subject key identifier: 9A:01:38:34:0B:E5:E5:AF:DF:8E:28:CE:0E:DF:5D:DD:05:E8:15:6A
Certificate issuer: /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial: 0194266B303C6F49F2DB4C57AB4BFCB96D16
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/mgE4NAvl5a_fjijODt9d3QXoFWo.roa
Signing time: Thu 02 Jan 2025 09:49:06 +0000
ROA not before: Thu 02 Jan 2025 09:49:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48990
IP address blocks: 158.172.128.0/21 maxlen: 21
158.172.128.0/22 maxlen: 22
158.172.132.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 13:01:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:30:3c:6f:49:f2:db:4c:57:ab:4b:fc:b9:6d:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
Validity
Not Before: Jan 2 09:49:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9a0138340be5e5afdf8e28ce0edf5ddd05e8156a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1c:36:bd:e4:d5:f8:bf:44:87:32:be:bd:c7:
9b:cc:12:90:c8:ee:b4:2f:f8:76:cd:7c:49:44:e2:
b0:48:9c:51:7a:7b:e3:31:38:1e:e1:c1:2a:c6:7f:
24:ae:fc:e9:aa:46:b1:8c:3a:47:b8:ea:f6:52:e5:
64:1b:49:02:34:09:b1:62:81:47:7c:64:1f:e1:ff:
c8:5a:77:11:db:d2:2f:62:06:48:e9:61:cc:c6:9c:
cb:e6:38:21:1e:f5:2d:f4:84:16:67:4e:c1:56:54:
d9:d2:de:99:3d:48:82:dc:0d:40:1d:64:2f:98:5f:
5a:31:fd:f8:5f:17:5a:8f:a2:51:7e:22:b6:a3:d4:
00:96:43:52:b0:0a:83:40:af:4e:c4:b9:75:74:f4:
8c:2b:bf:2f:e0:31:1c:9a:94:d4:6f:c4:67:0f:f3:
8e:77:0a:91:2f:8f:32:16:2e:02:e9:68:79:25:c9:
e2:c9:ac:6e:47:59:a4:24:18:d0:93:fb:0e:85:20:
84:06:ee:24:49:a0:86:97:22:d8:e3:ca:52:18:19:
5a:53:a3:ef:f9:b0:1a:f7:59:3e:96:d7:0c:30:87:
ee:8f:ea:18:44:73:35:2b:3b:db:95:a4:83:f4:76:
50:a3:a1:6d:34:19:57:a6:10:03:33:6a:52:bf:d9:
ee:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:01:38:34:0B:E5:E5:AF:DF:8E:28:CE:0E:DF:5D:DD:05:E8:15:6A
X509v3 Authority Key Identifier:
keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/mgE4NAvl5a_fjijODt9d3QXoFWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.172.128.0/21
Signature Algorithm: sha256WithRSAEncryption
94:c8:1e:be:cb:43:ff:dd:5c:5d:a7:ef:11:f1:f1:1e:f4:d4:
74:89:a9:2e:a5:10:9a:95:8f:c2:a0:00:e0:88:26:0a:73:cd:
e1:19:b4:7a:b7:5b:84:a4:a7:7c:42:83:a2:66:25:b8:21:61:
4d:3b:a6:46:54:72:9d:07:0f:9a:82:85:e7:82:6e:7f:68:b4:
1f:aa:5f:ea:b5:e3:b9:1b:d3:41:77:29:1b:ac:ac:0c:d2:a5:
71:6b:a2:f3:3b:72:a1:cf:1d:15:97:30:58:74:1b:48:ce:31:
fd:3a:01:f7:8b:67:29:ee:92:5a:6c:ef:db:cf:f2:de:2b:7d:
34:47:63:92:28:a6:ce:57:83:4e:81:78:92:3b:34:d5:f8:4c:
f4:e5:26:9f:28:68:d2:8b:c7:78:8f:e0:df:dc:ff:04:dc:de:
0e:64:bc:b7:ec:75:c0:ee:0c:6b:4c:c7:03:6c:db:57:82:46:
0d:8c:26:b8:44:47:e9:3c:77:f2:cb:51:ea:d1:02:a8:71:0d:
ca:1d:a9:b9:6d:0e:66:21:f7:4d:b3:62:fb:96:2f:1c:02:9f:
47:90:7e:e5:2b:b0:c2:c5:5b:9b:03:f9:8b:51:eb:50:16:d2:
63:7a:49:3e:71:08:0b:5d:41:96:94:14:9d:ee:92:2f:6b:85:
a2:81:28:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmazA8b0ny20xXq0v8uW0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUwMTAyMDk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTAxMzgzNDBiZTVlNWFmZGY4ZTI4Y2UwZWRmNWRkZDA1ZTgxNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxw2veTV+L9EhzK+vcebzBKQyO60
L/h2zXxJROKwSJxRenvjMTge4cEqxn8krvzpqkaxjDpHuOr2UuVkG0kCNAmxYoFH
fGQf4f/IWncR29IvYgZI6WHMxpzL5jghHvUt9IQWZ07BVlTZ0t6ZPUiC3A1AHWQv
mF9aMf34Xxdaj6JRfiK2o9QAlkNSsAqDQK9OxLl1dPSMK78v4DEcmpTUb8RnD/OO
dwqRL48yFi4C6Wh5JcniyaxuR1mkJBjQk/sOhSCEBu4kSaCGlyLY48pSGBlaU6Pv
+bAa91k+ltcMMIfuj+oYRHM1KzvblaSD9HZQo6FtNBlXphADM2pSv9nu3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoBODQL5eWv344ozg7fXd0F6BVqMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvbWdFNE5Bdmw1YV9mamlqT0R0OWQzUVhvRldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDnqyAMA0G
CSqGSIb3DQEBCwUAA4IBAQCUyB6+y0P/3Vxdp+8R8fEe9NR0iakupRCalY/CoADg
iCYKc83hGbR6t1uEpKd8QoOiZiW4IWFNO6ZGVHKdBw+agoXngm5/aLQfql/qteO5
G9NBdykbrKwM0qVxa6LzO3Khzx0VlzBYdBtIzjH9OgH3i2cp7pJabO/bz/LeK300
R2OSKKbOV4NOgXiSOzTV+Ez05SafKGjSi8d4j+Df3P8E3N4OZLy37HXA7gxrTMcD
bNtXgkYNjCa4REfpPHfyy1Hq0QKocQ3KHam5bQ5mIfdNs2L7li8cAp9HkH7lK7DC
xVubA/mLUetQFtJjekk+cQgLXUGWlBSd7pIva4WigSj6
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:05:09 2025 by rpki-client