Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/1YWYnMlB7bNjXZ-mR2gEvtLN3Bc.roa
File: 1YWYnMlB7bNjXZ-mR2gEvtLN3Bc.roa (raw, json)
Hash identifier: iv4yYaqxX9/BpncOJNi6FP4hgIeS1SbHKqiyIfxcth4=
Subject key identifier: D5:85:98:9C:C9:41:ED:B3:63:5D:9F:A6:47:68:04:BE:D2:CD:DC:17
Certificate issuer: /CN=90620638ca1d835650e08ddcf363f10789b53057
Certificate serial: 0194228DC2F87AB0AF6785785DBB8778E52A
Authority key identifier: 90:62:06:38:CA:1D:83:56:50:E0:8D:DC:F3:63:F1:07:89:B5:30:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/1YWYnMlB7bNjXZ-mR2gEvtLN3Bc.roa
Signing time: Wed 01 Jan 2025 15:48:23 +0000
ROA not before: Wed 01 Jan 2025 15:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 87.237.216.0/21 maxlen: 21
185.55.220.0/22 maxlen: 22
206.195.32.0/19 maxlen: 19
2a04:5780::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.crl
rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.mft
rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 15:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:c2:f8:7a:b0:af:67:85:78:5d:bb:87:78:e5:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90620638ca1d835650e08ddcf363f10789b53057
Validity
Not Before: Jan 1 15:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d585989cc941edb3635d9fa6476804bed2cddc17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:f3:51:d9:64:93:ae:ff:ca:52:d1:e0:9b:58:
9d:97:29:70:97:11:4a:0d:01:6f:c0:a1:7c:15:3c:
a3:dc:c3:f4:67:e1:9a:64:c0:04:a2:ac:5c:8a:3d:
38:8b:5d:b1:c3:b3:25:8f:db:fe:78:2e:dc:d7:c2:
4f:91:11:b1:46:5d:61:1a:fb:e8:1e:7e:63:ab:62:
72:37:d5:89:d8:1c:43:26:45:c1:8e:d7:86:ee:dd:
9e:b1:f3:2f:63:1f:b5:75:71:88:b4:03:c9:9f:2f:
a5:d3:25:d3:88:28:ea:bb:79:ee:d1:cc:5c:e1:fe:
73:42:0a:53:13:28:71:a8:69:ee:b1:66:99:59:de:
7d:8f:63:bd:0c:93:44:b4:d7:6b:36:9d:57:45:c2:
80:63:7c:ba:b5:a3:da:66:f6:22:d7:0a:0c:4c:cf:
8c:86:ef:0e:0e:e7:aa:0d:32:4e:dd:16:87:1e:59:
f3:b1:64:66:9f:bf:d5:f6:b8:5b:63:c8:3f:e4:24:
4c:89:d8:d4:f7:c7:93:90:57:0f:0f:8f:dd:7f:64:
b8:d9:58:72:28:1c:9a:ed:50:df:b4:74:a4:34:84:
d1:9e:75:cd:23:f2:23:f0:3a:28:f0:31:cd:6f:7b:
53:b0:7f:dd:82:c2:c2:d9:8b:cb:17:f0:2d:b9:53:
35:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:85:98:9C:C9:41:ED:B3:63:5D:9F:A6:47:68:04:BE:D2:CD:DC:17
X509v3 Authority Key Identifier:
keyid:90:62:06:38:CA:1D:83:56:50:E0:8D:DC:F3:63:F1:07:89:B5:30:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/1YWYnMlB7bNjXZ-mR2gEvtLN3Bc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.237.216.0/21
185.55.220.0/22
206.195.32.0/19
IPv6:
2a04:5780::/29
Signature Algorithm: sha256WithRSAEncryption
a7:10:9b:c1:7a:5c:a5:b3:0c:71:38:d8:ea:2f:29:6b:e9:07:
cc:e3:84:4c:d4:5b:8f:80:30:9d:1b:30:28:49:53:d1:c1:fa:
0d:f8:29:93:51:60:69:37:37:5d:98:dd:51:f6:b4:b7:b4:22:
6b:e3:a8:0f:6c:e4:86:6d:c2:e9:a4:3a:07:13:ed:00:2b:e9:
ba:c3:47:51:70:20:45:a8:de:31:1f:d0:7b:9d:8b:f0:c1:59:
5c:68:9b:e8:0c:80:a5:0e:c9:e1:bd:6b:4f:85:d8:f6:e5:cd:
5e:6c:c6:da:e6:6d:ca:16:b2:84:ed:a6:b5:6f:44:76:44:dd:
77:b2:d9:95:f1:f8:42:a7:03:fe:18:ce:4c:86:8d:c9:c5:a2:
f8:13:b1:90:b6:62:d0:a1:97:b6:3f:97:82:a7:1d:50:ac:13:
54:83:c0:7a:b9:21:46:b9:bc:b5:8a:bc:65:4d:28:5c:f4:9c:
bc:8e:b2:cd:5d:94:05:84:b3:f8:41:1c:3f:99:71:be:20:df:
34:a7:48:09:aa:23:c4:3f:8e:52:2d:05:4a:a3:fb:b5:6e:5d:
b0:29:4e:e5:31:e1:34:ee:40:b9:93:de:d1:83:a4:76:47:d8:
03:b0:ff:43:ab:45:ba:e9:45:73:16:00:74:d1:4a:a6:b8:10:
8d:f1:0e:00
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQijcL4erCvZ4V4XbuHeOUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjIwNjM4Y2ExZDgzNTY1MGUwOGRkY2YzNjNmMTA3ODli
NTMwNTcwHhcNMjUwMTAxMTU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg1OTg5Y2M5NDFlZGIzNjM1ZDlmYTY0NzY4MDRiZWQyY2RkYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPNR2WSTrv/KUtHgm1idlylwlxFK
DQFvwKF8FTyj3MP0Z+GaZMAEoqxcij04i12xw7Mlj9v+eC7c18JPkRGxRl1hGvvo
Hn5jq2JyN9WJ2BxDJkXBjteG7t2esfMvYx+1dXGItAPJny+l0yXTiCjqu3nu0cxc
4f5zQgpTEyhxqGnusWaZWd59j2O9DJNEtNdrNp1XRcKAY3y6taPaZvYi1woMTM+M
hu8ODueqDTJO3RaHHlnzsWRmn7/V9rhbY8g/5CRMidjU98eTkFcPD4/df2S42Vhy
KBya7VDftHSkNITRnnXNI/Ij8Doo8DHNb3tTsH/dgsLC2YvLF/AtuVM1KwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNWFmJzJQe2zY12fpkdoBL7SzdwXMB8GA1UdIwQY
MBaAFJBiBjjKHYNWUOCN3PNj8QeJtTBXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dJR09Nb2RnMVpRNEkzYzgyUHhCNG0xTUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80MWFmMmQtZjNkZS00NWQ1LTk0MWMt
YzQzYWM0MjllNTNmLzEvMVlXWW5NbEI3Yk5qWFotbVIyZ0V2dExOM0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80MWFmMmQtZjNkZS00NWQ1LTk0MWMtYzQzYWM0MjllNTNm
LzEva0dJR09Nb2RnMVpRNEkzYzgyUHhCNG0xTUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDV+3YAwQC
uTfcAwQFzsMgMA0EAgACMAcDBQMqBFeAMA0GCSqGSIb3DQEBCwUAA4IBAQCnEJvB
elylswxxONjqLylr6QfM44RM1FuPgDCdGzAoSVPRwfoN+CmTUWBpNzddmN1R9rS3
tCJr46gPbOSGbcLppDoHE+0AK+m6w0dRcCBFqN4xH9B7nYvwwVlcaJvoDIClDsnh
vWtPhdj25c1ebMba5m3KFrKE7aa1b0R2RN13stmV8fhCpwP+GM5Mho3JxaL4E7GQ
tmLQoZe2P5eCpx1QrBNUg8B6uSFGuby1irxlTShc9Jy8jrLNXZQFhLP4QRw/mXG+
IN80p0gJqiPEP45SLQVKo/u1bl2wKU7lMeE07kC5k97Rg6R2R9gDsP9Dq0W66UVz
FgB00UqmuBCN8Q4A
-----END CERTIFICATE-----
Generated at Thu Apr 10 20:21:59 2025 by rpki-client