Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/4f9f29-a03e-4c45-82cd-18f343488286/1/sH_MU-dLONCSS2liGOTF8yFjBic.roa
File: sH_MU-dLONCSS2liGOTF8yFjBic.roa (raw, json)
Hash identifier: bC4qlhF2mIa5vONZeQi20o6xvZPm50Q6MktLj7FF2Go=
Subject key identifier: B0:7F:CC:53:E7:4B:38:D0:92:4B:69:62:18:E4:C5:F3:21:63:06:27
Certificate issuer: /CN=65a9066d5b6ac3019c2037f579d11bae1a5eea73
Certificate serial: 0194221F98C79FEC8DD4221AE6662E8ADA0B
Authority key identifier: 65:A9:06:6D:5B:6A:C3:01:9C:20:37:F5:79:D1:1B:AE:1A:5E:EA:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZakGbVtqwwGcIDf1edEbrhpe6nM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f4/4f9f29-a03e-4c45-82cd-18f343488286/1/sH_MU-dLONCSS2liGOTF8yFjBic.roa
Signing time: Wed 01 Jan 2025 13:48:03 +0000
ROA not before: Wed 01 Jan 2025 13:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47898
IP address blocks: 91.198.249.0/24 maxlen: 24
91.206.252.0/24 maxlen: 24
91.206.253.0/24 maxlen: 24
91.214.136.0/22 maxlen: 22
91.214.136.0/23 maxlen: 23
91.214.138.0/23 maxlen: 23
91.223.122.0/24 maxlen: 24
193.202.118.0/24 maxlen: 24
194.24.236.0/24 maxlen: 24
194.24.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f4/4f9f29-a03e-4c45-82cd-18f343488286/1/ZakGbVtqwwGcIDf1edEbrhpe6nM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f4/4f9f29-a03e-4c45-82cd-18f343488286/1/ZakGbVtqwwGcIDf1edEbrhpe6nM.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZakGbVtqwwGcIDf1edEbrhpe6nM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:98:c7:9f:ec:8d:d4:22:1a:e6:66:2e:8a:da:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65a9066d5b6ac3019c2037f579d11bae1a5eea73
Validity
Not Before: Jan 1 13:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b07fcc53e74b38d0924b696218e4c5f321630627
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:11:4c:e2:46:c8:46:fd:3c:3b:a4:19:cd:18:
bd:4c:97:05:96:07:09:b7:6f:b9:c0:ea:ac:d0:2e:
6f:d4:27:24:63:b1:85:50:a4:eb:f2:7b:d0:80:b4:
bf:69:03:8d:1c:c6:e8:04:1c:89:e1:92:d1:97:12:
0c:d5:f7:82:af:21:0a:35:f7:3a:4e:8b:92:d1:3c:
77:b1:7c:d1:42:df:99:63:06:1a:4b:43:85:87:5a:
a7:da:aa:e2:f5:6d:f5:a0:fa:77:0e:28:fe:b6:f1:
8a:7e:88:14:d3:9c:b9:64:38:44:07:e9:8a:81:56:
05:c8:5c:15:8d:70:d9:c8:0c:ec:20:3a:a0:b0:6f:
88:60:3d:5f:2a:12:ba:6a:f5:0f:3d:1b:00:bb:51:
78:48:dd:9e:31:0b:75:e6:9c:d5:8e:a9:6f:59:00:
4e:1f:9e:cb:6b:88:3d:41:ef:7f:83:42:33:bd:d0:
a6:e0:68:91:fa:cd:cd:21:a1:df:e2:11:fc:0b:6f:
21:a6:99:b4:6d:0f:04:31:71:ca:90:c7:4b:ca:2f:
cc:10:82:4a:65:f2:a2:0c:e2:96:07:8a:bf:1c:86:
4f:9d:9e:46:ad:68:65:1e:a7:63:a3:bb:90:c4:f5:
79:3f:94:af:70:04:71:d6:b9:63:11:6e:4d:c6:46:
f8:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:7F:CC:53:E7:4B:38:D0:92:4B:69:62:18:E4:C5:F3:21:63:06:27
X509v3 Authority Key Identifier:
keyid:65:A9:06:6D:5B:6A:C3:01:9C:20:37:F5:79:D1:1B:AE:1A:5E:EA:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZakGbVtqwwGcIDf1edEbrhpe6nM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/4f9f29-a03e-4c45-82cd-18f343488286/1/sH_MU-dLONCSS2liGOTF8yFjBic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/4f9f29-a03e-4c45-82cd-18f343488286/1/ZakGbVtqwwGcIDf1edEbrhpe6nM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.249.0/24
91.206.252.0/23
91.214.136.0/22
91.223.122.0/24
193.202.118.0/24
194.24.236.0/23
Signature Algorithm: sha256WithRSAEncryption
44:1a:df:cf:d7:f9:c6:5a:e7:b6:46:b6:98:4b:fb:b4:2b:cd:
c6:4f:1e:ee:b4:1d:3f:d5:a9:7d:ca:fc:58:96:1c:3c:ca:e1:
34:86:99:06:89:d4:08:52:24:52:af:38:7e:96:bc:7e:06:90:
09:75:24:54:10:6b:83:dc:99:99:b6:3a:c5:46:d6:f3:ca:ba:
a4:77:36:55:df:c8:20:21:2d:47:f5:cf:d0:c0:72:95:48:cd:
60:8a:43:ad:fa:78:62:6e:ec:fc:39:15:d8:5a:b3:1e:bb:24:
13:f7:ba:4e:4b:60:8e:d7:30:94:f9:f1:71:75:7b:29:50:e8:
05:d1:e8:2d:7a:29:d7:cd:58:d0:c7:ba:7d:d5:5b:2e:20:3c:
45:98:9d:5c:3f:ca:5f:9c:95:84:d5:2e:15:de:d6:6b:97:76:
01:02:0c:ab:aa:cc:7c:c3:3d:8a:53:04:87:57:7e:f2:fc:44:
a9:e9:f4:87:76:be:b4:d2:da:a0:e4:be:93:49:2a:99:c5:49:
00:98:50:ac:99:64:29:36:d0:29:a0:a7:d3:da:91:4c:19:54:
b0:4c:e9:d0:28:9a:b0:ed:27:d5:8f:c3:f4:ca:5d:b2:3b:b2:
03:30:aa:ca:96:ed:45:0a:8d:c6:c4:96:1c:e6:e2:9f:5d:ab:
2c:a4:ed:4e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQiH5jHn+yN1CIa5mYuitoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTkwNjZkNWI2YWMzMDE5YzIwMzdmNTc5ZDExYmFlMWE1
ZWVhNzMwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDdmY2M1M2U3NGIzOGQwOTI0YjY5NjIxOGU0YzVmMzIxNjMwNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRFM4kbIRv08O6QZzRi9TJcFlgcJ
t2+5wOqs0C5v1CckY7GFUKTr8nvQgLS/aQONHMboBByJ4ZLRlxIM1feCryEKNfc6
TouS0Tx3sXzRQt+ZYwYaS0OFh1qn2qri9W31oPp3Dij+tvGKfogU05y5ZDhEB+mK
gVYFyFwVjXDZyAzsIDqgsG+IYD1fKhK6avUPPRsAu1F4SN2eMQt15pzVjqlvWQBO
H57La4g9Qe9/g0IzvdCm4GiR+s3NIaHf4hH8C28hppm0bQ8EMXHKkMdLyi/MEIJK
ZfKiDOKWB4q/HIZPnZ5GrWhlHqdjo7uQxPV5P5SvcARx1rljEW5Nxkb4IQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLB/zFPnSzjQkktpYhjkxfMhYwYnMB8GA1UdIwQY
MBaAFGWpBm1basMBnCA39XnRG64aXupzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFrR2JWdHF3d0djSURmMWVkRWJyaHBlNm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC80ZjlmMjktYTAzZS00YzQ1LTgyY2Qt
MThmMzQzNDg4Mjg2LzEvc0hfTVUtZExPTkNTUzJsaUdPVEY4eUZqQmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC80ZjlmMjktYTAzZS00YzQ1LTgyY2QtMThmMzQzNDg4Mjg2
LzEvWmFrR2JWdHF3d0djSURmMWVkRWJyaHBlNm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAW8b5AwQB
W878AwQCW9aIAwQAW996AwQAwcp2AwQBwhjsMA0GCSqGSIb3DQEBCwUAA4IBAQBE
Gt/P1/nGWue2RraYS/u0K83GTx7utB0/1al9yvxYlhw8yuE0hpkGidQIUiRSrzh+
lrx+BpAJdSRUEGuD3JmZtjrFRtbzyrqkdzZV38ggIS1H9c/QwHKVSM1gikOt+nhi
buz8ORXYWrMeuyQT97pOS2CO1zCU+fFxdXspUOgF0egteinXzVjQx7p91VsuIDxF
mJ1cP8pfnJWE1S4V3tZrl3YBAgyrqsx8wz2KUwSHV37y/ESp6fSHdr600tqg5L6T
SSqZxUkAmFCsmWQpNtApoKfT2pFMGVSwTOnQKJqw7SfVj8P0yl2yO7IDMKrKlu1F
Co3GxJYc5uKfXasspO1O
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:55:12 2025 by rpki-client