Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/U8yyp-JTHsc4PzNj0KNOVG9KECs.roa
File: U8yyp-JTHsc4PzNj0KNOVG9KECs.roa (raw, json)
Hash identifier: XL8cza6Y6dTsPDS6Eb2/zXU0zrVRVcGlEc/rkfzZaj0=
Subject key identifier: 53:CC:B2:A7:E2:53:1E:C7:38:3F:33:63:D0:A3:4E:54:6F:4A:10:2B
Certificate issuer: /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial: 019420D63E6414D8EF71E70A75E96B46F3C5
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/U8yyp-JTHsc4PzNj0KNOVG9KECs.roa
Signing time: Wed 01 Jan 2025 07:48:18 +0000
ROA not before: Wed 01 Jan 2025 07:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30781
IP address blocks: 5.63.24.0/21 maxlen: 21
91.190.168.0/21 maxlen: 21
185.85.76.0/22 maxlen: 22
2a02:798::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.mft
rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 15:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:3e:64:14:d8:ef:71:e7:0a:75:e9:6b:46:f3:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
Validity
Not Before: Jan 1 07:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=53ccb2a7e2531ec7383f3363d0a34e546f4a102b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:5e:52:9b:09:bb:d5:f6:bc:cf:88:08:dc:91:
3b:e8:6d:a2:9c:b7:8a:7c:14:bf:f3:7f:9f:d1:93:
11:ee:e1:2f:69:ae:99:5b:91:88:07:49:bc:9f:ec:
1b:9f:93:4b:f0:55:7c:a3:91:95:ff:4a:ad:b6:e7:
f7:4a:f4:38:36:6a:be:f1:9a:46:a0:a8:2e:aa:a3:
8a:9d:3d:27:aa:18:e7:42:c0:55:7d:c7:63:f2:c3:
14:c5:2e:98:fd:52:3d:66:dc:75:39:cb:65:2d:ea:
60:07:3b:7f:73:8a:2b:3a:b2:0a:8f:61:6f:29:d4:
16:7f:25:b6:7d:41:5e:5d:bf:17:80:4e:76:d6:32:
b3:30:78:4f:5d:27:6e:16:d3:ff:3d:b2:a9:00:82:
01:d8:06:b8:8a:72:89:d4:28:cc:da:41:07:3d:4f:
39:5a:65:b8:56:8d:01:82:47:49:98:78:06:ca:e3:
a5:36:35:66:0d:19:9f:7f:30:96:e2:5e:f9:88:46:
1b:b8:12:bc:e5:e9:54:0c:eb:70:74:f4:77:68:4e:
99:d9:0e:85:ae:c0:42:c6:2c:61:75:a4:52:ec:2a:
18:2b:b3:4f:d2:2a:b8:b6:a4:be:a2:69:88:ce:d8:
de:7f:25:44:51:55:db:30:f7:25:f6:3e:9f:21:d7:
8c:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:CC:B2:A7:E2:53:1E:C7:38:3F:33:63:D0:A3:4E:54:6F:4A:10:2B
X509v3 Authority Key Identifier:
keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/U8yyp-JTHsc4PzNj0KNOVG9KECs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.24.0/21
91.190.168.0/21
185.85.76.0/22
IPv6:
2a02:798::/32
Signature Algorithm: sha256WithRSAEncryption
19:fe:88:2f:61:5e:d4:36:62:1c:d3:ed:57:51:8d:ff:06:49:
11:04:9c:ff:f5:23:5a:fb:f5:75:52:29:11:bb:18:72:b2:84:
83:8a:0e:30:99:fa:67:24:aa:42:be:83:8c:27:a6:b7:67:d6:
a7:c3:46:65:a8:92:d9:b7:ea:cb:6d:ac:f6:f9:0d:f8:f7:86:
8d:30:36:e8:89:41:0c:8c:42:b1:48:a8:72:a0:38:7d:5f:ee:
aa:bb:58:23:44:78:98:b5:79:28:d6:16:49:fb:67:68:c6:7d:
2a:aa:7e:94:db:b2:2c:03:57:69:97:55:ec:1c:d4:23:24:51:
10:f7:93:c2:33:d5:9b:55:19:2f:ad:64:fa:b2:95:54:83:79:
02:c5:8c:f4:22:80:02:b8:50:8c:2d:c6:c4:c0:e7:80:a6:ac:
d7:24:5c:67:fd:77:3e:f7:62:75:80:85:c2:bd:38:57:cf:a1:
6e:db:31:61:7d:94:d1:8b:28:78:0e:f1:54:08:56:72:f3:89:
07:d2:81:50:27:28:e6:33:72:f1:ae:64:f8:e8:75:3b:3e:e5:
e2:fd:c0:44:bd:60:d4:f2:11:53:00:23:34:ec:16:fc:71:85:
81:62:26:15:df:fe:11:04:63:4a:07:ee:a6:97:00:99:e1:51:
92:ee:e9:70
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQg1j5kFNjvcecKdelrRvPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjUwMTAxMDc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NjYjJhN2UyNTMxZWM3MzgzZjMzNjNkMGEzNGU1NDZmNGExMDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl5Smwm71fa8z4gI3JE76G2inLeK
fBS/83+f0ZMR7uEvaa6ZW5GIB0m8n+wbn5NL8FV8o5GV/0qttuf3SvQ4Nmq+8ZpG
oKguqqOKnT0nqhjnQsBVfcdj8sMUxS6Y/VI9Ztx1OctlLepgBzt/c4orOrIKj2Fv
KdQWfyW2fUFeXb8XgE521jKzMHhPXSduFtP/PbKpAIIB2Aa4inKJ1CjM2kEHPU85
WmW4Vo0BgkdJmHgGyuOlNjVmDRmffzCW4l75iEYbuBK85elUDOtwdPR3aE6Z2Q6F
rsBCxixhdaRS7CoYK7NP0iq4tqS+ommIztjefyVEUVXbMPcl9j6fIdeMBQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFPMsqfiUx7HOD8zY9CjTlRvShArMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvVTh5eXAtSlRIc2M0UHpOajBLTk9WRzlLRUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQAZ/ogv
YV7UNmIc0+1XUY3/BkkRBJz/9SNa+/V1UikRuxhysoSDig4wmfpnJKpCvoOMJ6a3
Z9anw0ZlqJLZt+rLbaz2+Q3494aNMDboiUEMjEKxSKhyoDh9X+6qu1gjRHiYtXko
1hZJ+2doxn0qqn6U27IsA1dpl1XsHNQjJFEQ95PCM9WbVRkvrWT6spVUg3kCxYz0
IoACuFCMLcbEwOeApqzXJFxn/Xc+92J1gIXCvThXz6Fu2zFhfZTRiyh4DvFUCFZy
84kH0oFQJyjmM3LxrmT46HU7PuXi/cBEvWDU8hFTACM07Bb8cYWBYiYV3/4RBGNK
B+6mlwCZ4VGS7ulw
-----END CERTIFICATE-----
Generated at Sun Apr 6 00:46:24 2025 by rpki-client