Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/J8otkOOOFhMQcKskyfSet45vpaA.roa
File: J8otkOOOFhMQcKskyfSet45vpaA.roa (raw, json)
Hash identifier: OKOZ6+uREzTIvRtmYWOfCPq5FGMam+EbPwErDVD6eGc=
Subject key identifier: 27:CA:2D:90:E3:8E:16:13:10:70:AB:24:C9:F4:9E:B7:8E:6F:A5:A0
Certificate issuer: /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial: 019423D7A5C229F071B1DFEA5678BE59DE2B
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/J8otkOOOFhMQcKskyfSet45vpaA.roa
Signing time: Wed 01 Jan 2025 21:48:42 +0000
ROA not before: Wed 01 Jan 2025 21:48:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204171
IP address blocks: 185.103.120.0/24 maxlen: 24
185.103.121.0/24 maxlen: 24
185.103.122.0/24 maxlen: 24
185.103.123.0/24 maxlen: 24
2a06:2bc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 02:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:a5:c2:29:f0:71:b1:df:ea:56:78:be:59:de:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Validity
Not Before: Jan 1 21:48:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=27ca2d90e38e16131070ab24c9f49eb78e6fa5a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:39:61:7d:3c:d1:c7:6f:7b:13:39:c3:ca:75:
70:f7:63:5a:20:ae:58:5e:2c:7b:a4:c9:1b:2e:46:
e9:ce:a8:3b:0f:3a:62:96:cc:63:79:70:ab:6e:27:
bd:cc:ad:ff:c4:5f:65:d8:95:60:99:ce:ad:f8:09:
c2:e1:e4:71:96:bf:8c:3b:bf:8a:80:1f:ce:9b:af:
bd:08:28:a5:f4:9b:a1:41:3b:b5:45:10:64:5f:ab:
ce:7c:b3:16:67:32:9a:17:73:b0:63:03:6d:ae:1c:
34:ec:4f:6c:bd:d4:b0:0c:32:76:8c:f5:5c:25:b8:
5d:39:cb:89:40:41:6c:d8:5f:72:38:eb:ce:95:e1:
01:f3:cd:9a:8a:40:47:8d:6b:cb:75:e3:7c:bb:e3:
b8:df:29:9d:18:87:07:02:b7:bf:89:23:03:43:6e:
31:78:4a:96:77:01:3a:5c:2f:b1:26:a5:58:93:aa:
f9:35:62:0b:bb:bc:15:2d:28:d0:94:6d:43:2f:fd:
33:90:01:57:bb:7d:d0:21:66:e1:8d:7a:eb:24:80:
df:de:f4:b5:2d:e7:50:1c:7d:b1:9c:81:6a:90:86:
4e:a2:b7:08:e5:6a:77:2d:d5:93:c1:17:ce:d9:ea:
44:c6:54:fe:c1:02:42:18:e6:8f:98:4c:76:f1:ec:
98:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:CA:2D:90:E3:8E:16:13:10:70:AB:24:C9:F4:9E:B7:8E:6F:A5:A0
X509v3 Authority Key Identifier:
keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/J8otkOOOFhMQcKskyfSet45vpaA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.103.120.0/22
IPv6:
2a06:2bc0::/29
Signature Algorithm: sha256WithRSAEncryption
37:f0:8a:e2:3c:c4:65:f9:e5:fc:89:fc:7a:e5:f3:6d:e6:6b:
c6:51:63:cb:c7:09:3e:12:77:5b:79:17:6d:ab:01:04:55:ba:
1d:17:7d:7c:6f:da:27:3c:f8:6a:d6:69:0a:d5:db:c2:b2:4e:
76:73:af:3d:96:5c:95:71:43:37:72:08:39:cb:38:ef:64:4f:
7d:f8:47:c2:5b:29:43:2a:f7:a8:a2:a1:63:a0:ba:bf:5b:9a:
75:ad:86:40:38:81:9f:be:b6:47:19:ed:66:8c:13:55:02:e0:
49:e3:fd:da:33:a2:15:4a:f6:e3:fb:8d:97:44:f4:04:49:84:
fa:ed:ed:6d:cc:e7:4a:27:a4:78:ef:3d:ac:ee:a0:5b:74:dc:
5a:6c:a9:41:63:fa:f7:0c:3f:e0:d2:da:4a:4d:0a:98:68:4c:
eb:46:65:76:8d:63:ef:82:d3:e0:28:31:14:fd:74:41:51:51:
b3:12:1d:2a:3f:74:86:be:ee:8f:3f:87:14:96:73:ce:54:5d:
65:23:c3:62:96:b2:1f:41:be:7b:02:f4:f4:76:31:92:39:19:
1b:00:c3:3c:aa:92:a9:37:f7:b0:b2:8b:7c:12:65:02:1a:d4:
9a:54:e9:ac:ac:76:d5:6b:45:8d:3d:08:a4:d1:ca:f6:cb:e9:
bc:51:df:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj16XCKfBxsd/qVni+Wd4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwMTAxMjE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2NhMmQ5MGUzOGUxNjEzMTA3MGFiMjRjOWY0OWViNzhlNmZhNWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzlhfTzRx297EznDynVw92NaIK5Y
Xix7pMkbLkbpzqg7DzpilsxjeXCrbie9zK3/xF9l2JVgmc6t+AnC4eRxlr+MO7+K
gB/Om6+9CCil9JuhQTu1RRBkX6vOfLMWZzKaF3OwYwNtrhw07E9svdSwDDJ2jPVc
JbhdOcuJQEFs2F9yOOvOleEB882aikBHjWvLdeN8u+O43ymdGIcHAre/iSMDQ24x
eEqWdwE6XC+xJqVYk6r5NWILu7wVLSjQlG1DL/0zkAFXu33QIWbhjXrrJIDf3vS1
LedQHH2xnIFqkIZOorcI5Wp3LdWTwRfO2epExlT+wQJCGOaPmEx28eyYFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCfKLZDjjhYTEHCrJMn0nreOb6WgMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvSjhvdGtPT09GaE1RY0tza3lmU2V0NDV2cGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWd4MA0E
AgACMAcDBQMqBivAMA0GCSqGSIb3DQEBCwUAA4IBAQA38IriPMRl+eX8ifx65fNt
5mvGUWPLxwk+EndbeRdtqwEEVbodF318b9onPPhq1mkK1dvCsk52c689llyVcUM3
cgg5yzjvZE99+EfCWylDKveooqFjoLq/W5p1rYZAOIGfvrZHGe1mjBNVAuBJ4/3a
M6IVSvbj+42XRPQESYT67e1tzOdKJ6R47z2s7qBbdNxabKlBY/r3DD/g0tpKTQqY
aEzrRmV2jWPvgtPgKDEU/XRBUVGzEh0qP3SGvu6PP4cUlnPOVF1lI8NilrIfQb57
AvT0djGSORkbAMM8qpKpN/ewsot8EmUCGtSaVOmsrHbVa0WNPQik0cr2y+m8Ud8C
-----END CERTIFICATE-----
Generated at Fri Feb 21 11:15:01 2025 by rpki-client