Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/sLN0Xk8eYZ3fOkEohN2U_OcDnBE.roa
File: sLN0Xk8eYZ3fOkEohN2U_OcDnBE.roa (raw, json)
Hash identifier: hLQ2+Hv/BslGw+2RJD0A2omXlm9351c5s36b6sRZHRM=
Subject key identifier: B0:B3:74:5E:4F:1E:61:9D:DF:3A:41:28:84:DD:94:FC:E7:03:9C:11
Certificate issuer: /CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
Certificate serial: 0194B1BCB4DB923785171012B729DCC31858
Authority key identifier: 9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/sLN0Xk8eYZ3fOkEohN2U_OcDnBE.roa
Signing time: Wed 29 Jan 2025 11:05:21 +0000
ROA not before: Wed 29 Jan 2025 11:05:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 86.54.20.0/24 maxlen: 24
86.54.228.0/24 maxlen: 24
86.54.235.0/24 maxlen: 24
86.54.249.0/24 maxlen: 24
194.54.181.0/24 maxlen: 24
194.54.182.0/24 maxlen: 24
194.54.183.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl
rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.mft
rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 05:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b1:bc:b4:db:92:37:85:17:10:12:b7:29:dc:c3:18:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
Validity
Not Before: Jan 29 11:05:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b0b3745e4f1e619ddf3a412884dd94fce7039c11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:0a:d3:e9:c3:4f:5a:91:06:ed:29:02:4d:66:
f9:73:2d:65:90:55:8f:b5:7e:cb:b7:ed:1e:7b:c8:
da:58:a1:8e:e7:7e:76:2b:2b:8a:66:61:1b:52:b0:
ce:b8:9c:b0:14:6e:8d:8c:bf:56:83:59:51:1e:db:
cf:f9:1c:2a:15:8c:14:92:3b:a1:10:e3:3c:ed:ca:
a8:21:5a:c7:db:ba:da:ec:8c:1b:3d:c3:b3:5d:7b:
2b:5a:4b:ef:1b:79:b5:6d:d2:b6:af:58:12:7b:56:
96:5e:79:38:6b:73:5d:4e:0d:0e:be:ba:05:ea:48:
e9:f3:01:57:f5:e6:7f:c2:27:a1:75:c3:5c:7d:2f:
e8:76:e3:1a:e6:58:23:8a:cc:31:81:86:3c:aa:00:
bf:f3:07:d0:49:9e:1f:11:52:8a:fc:3e:2c:28:26:
64:2c:e0:e3:02:b8:f2:6d:40:10:8f:49:7d:0f:d5:
69:2c:94:26:33:b6:1f:48:2f:d7:9c:c2:3a:16:e7:
d5:fd:41:5e:21:b9:91:71:43:32:fa:00:bc:dc:79:
4d:30:b5:74:1b:44:33:7e:bf:cc:48:99:77:4e:72:
ce:26:0e:87:d5:76:3b:e7:23:9d:0b:65:39:db:4d:
21:26:d1:0f:5e:4c:fa:cd:1c:8a:9f:b1:db:c2:83:
7e:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:B3:74:5E:4F:1E:61:9D:DF:3A:41:28:84:DD:94:FC:E7:03:9C:11
X509v3 Authority Key Identifier:
keyid:9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/sLN0Xk8eYZ3fOkEohN2U_OcDnBE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.54.20.0/24
86.54.228.0/24
86.54.235.0/24
86.54.249.0/24
194.54.181.0-194.54.183.255
Signature Algorithm: sha256WithRSAEncryption
96:22:57:ec:f7:a7:c4:f7:14:69:03:02:c6:61:75:29:fa:4d:
ca:8e:09:3f:11:85:79:ef:97:6a:40:0f:bb:30:07:5c:2a:0a:
63:1a:8d:19:e7:91:35:c2:dd:72:69:04:61:5b:25:c8:ed:11:
ca:56:b2:80:2a:a9:e4:18:d0:7c:c0:42:40:50:9a:9a:cb:2b:
44:b0:34:12:4c:18:4b:a9:24:d0:be:34:74:35:d4:71:cc:24:
f3:40:7c:5a:48:e7:15:45:ff:a2:f6:aa:30:0c:66:dc:9a:3c:
d8:81:ed:ea:4a:ea:7f:6b:53:ae:dc:62:58:4c:e4:9c:58:49:
38:33:58:49:82:30:2e:a4:67:66:87:a4:07:44:0b:a1:89:0c:
63:89:1b:45:87:8e:79:dd:48:3c:be:32:1e:16:1c:39:3a:14:
e6:ef:3a:69:cd:47:74:ef:75:39:d4:34:74:a6:8b:f1:d0:65:
b6:f8:1e:7e:66:c1:00:1e:aa:64:40:0d:97:12:3d:4e:fb:ea:
83:7e:a6:e1:b0:83:3b:c1:2e:95:93:d8:2b:81:df:f7:48:4d:
32:e2:e8:8b:76:a6:e0:a1:84:ee:2c:b4:d1:e0:b7:52:c0:e8:
12:2e:1e:dd:29:40:5b:0e:da:8a:a8:dd:cc:d7:f7:b8:80:fd:
9d:7e:09:35
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZSxvLTbkjeFFxAStyncwxhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNWU3NmY5MjlkMjFiNTg2ZjQyZTMwZjdkOWIwMDM5OWIz
ZGNiZjAwHhcNMjUwMTI5MTEwNTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGIzNzQ1ZTRmMWU2MTlkZGYzYTQxMjg4NGRkOTRmY2U3MDM5YzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwrT6cNPWpEG7SkCTWb5cy1lkFWP
tX7Lt+0ee8jaWKGO5352KyuKZmEbUrDOuJywFG6NjL9Wg1lRHtvP+RwqFYwUkjuh
EOM87cqoIVrH27ra7IwbPcOzXXsrWkvvG3m1bdK2r1gSe1aWXnk4a3NdTg0OvroF
6kjp8wFX9eZ/wiehdcNcfS/oduMa5lgjiswxgYY8qgC/8wfQSZ4fEVKK/D4sKCZk
LODjArjybUAQj0l9D9VpLJQmM7YfSC/XnMI6FufV/UFeIbmRcUMy+gC83HlNMLV0
G0Qzfr/MSJl3TnLOJg6H1XY75yOdC2U5200hJtEPXkz6zRyKn7HbwoN+cwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLCzdF5PHmGd3zpBKITdlPznA5wRMB8GA1UdIwQY
MBaAFJpedvkp0htYb0LjD32bADmbPcvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAt
YjRhYWEyM2ZkYWE5LzEvc0xOMFhrOGVZWjNmT2tFb2hOMlVfT2NEbkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAtYjRhYWEyM2ZkYWE5
LzEvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAVjYUAwQA
VjbkAwQAVjbrAwQAVjb5MAwDBADCNrUDBAPCNrAwDQYJKoZIhvcNAQELBQADggEB
AJYiV+z3p8T3FGkDAsZhdSn6TcqOCT8RhXnvl2pAD7swB1wqCmMajRnnkTXC3XJp
BGFbJcjtEcpWsoAqqeQY0HzAQkBQmprLK0SwNBJMGEupJNC+NHQ11HHMJPNAfFpI
5xVF/6L2qjAMZtyaPNiB7epK6n9rU67cYlhM5JxYSTgzWEmCMC6kZ2aHpAdEC6GJ
DGOJG0WHjnndSDy+Mh4WHDk6FObvOmnNR3TvdTnUNHSmi/HQZbb4Hn5mwQAeqmRA
DZcSPU776oN+puGwgzvBLpWT2CuB3/dITTLi6It2puChhO4stNHgt1LA6BIuHt0p
QFsO2oqo3czX97iA/Z1+CTU=
-----END CERTIFICATE-----
Generated at Sat Apr 12 12:29:38 2025 by rpki-client