Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/vfgX0QM1-x_CfmwOuFEwuDR0qtE.roa
File: vfgX0QM1-x_CfmwOuFEwuDR0qtE.roa (raw, json)
Hash identifier: VmApxfvV1fKRc5LBTSdDtZW6mm+Y06ANpvyiPSheTug=
Subject key identifier: BD:F8:17:D1:03:35:FB:1F:C2:7E:6C:0E:B8:51:30:B8:34:74:AA:D1
Certificate issuer: /CN=29184647248b55523999cbb7fe5b20a99fe73be3
Certificate serial: 019421B259C53BECF895F055B2BA65836D01
Authority key identifier: 29:18:46:47:24:8B:55:52:39:99:CB:B7:FE:5B:20:A9:9F:E7:3B:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KRhGRySLVVI5mcu3_lsgqZ_nO-M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/vfgX0QM1-x_CfmwOuFEwuDR0qtE.roa
Signing time: Wed 01 Jan 2025 11:48:44 +0000
ROA not before: Wed 01 Jan 2025 11:48:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20514
IP address blocks: 185.166.32.0/22 maxlen: 24
217.151.192.0/20 maxlen: 20
217.151.192.0/21 maxlen: 21
217.151.207.0/24 maxlen: 24
2a03:c300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/KRhGRySLVVI5mcu3_lsgqZ_nO-M.crl
rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/KRhGRySLVVI5mcu3_lsgqZ_nO-M.mft
rsync://rpki.ripe.net/repository/DEFAULT/KRhGRySLVVI5mcu3_lsgqZ_nO-M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Feb 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:59:c5:3b:ec:f8:95:f0:55:b2:ba:65:83:6d:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29184647248b55523999cbb7fe5b20a99fe73be3
Validity
Not Before: Jan 1 11:48:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bdf817d10335fb1fc27e6c0eb85130b83474aad1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:21:03:df:24:fd:d1:c1:c5:70:b6:79:60:5e:
d2:97:06:1f:e9:e8:cb:81:2a:73:68:08:bf:08:c4:
c6:3f:0c:94:58:11:b3:1e:c2:ad:5b:b4:f3:b7:31:
43:47:bc:8d:76:45:ae:e4:3d:18:b5:1a:f0:85:72:
14:88:da:1c:4c:11:7b:2f:10:82:69:c8:16:71:41:
d7:7c:9f:58:5d:95:2f:5a:cd:2d:d3:3a:62:cf:bc:
64:65:32:58:6d:44:49:4c:de:ee:32:03:3f:5a:41:
46:78:51:f4:89:af:ed:ea:8d:03:37:b0:a7:5a:7a:
bc:d4:9f:e3:64:69:37:99:6b:b2:72:80:f6:af:c6:
68:9e:2e:b3:51:a6:81:1a:7d:3a:b4:13:10:2f:fa:
36:28:a1:bb:66:15:56:c4:5b:a5:96:28:23:05:1d:
9c:fb:07:2a:57:ce:b9:05:e9:82:61:8c:a9:7a:45:
04:27:5e:7d:50:7c:c6:a5:63:07:95:18:91:4a:4e:
1e:86:1d:47:61:05:28:55:d6:fa:d5:8e:0d:6d:61:
2c:2f:40:48:91:69:aa:39:3b:4a:3e:94:32:c8:e6:
87:26:d1:66:d6:5b:41:47:b6:be:ba:24:5a:b1:77:
04:14:21:71:47:a2:cb:36:c0:c6:94:30:2f:05:5a:
41:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:F8:17:D1:03:35:FB:1F:C2:7E:6C:0E:B8:51:30:B8:34:74:AA:D1
X509v3 Authority Key Identifier:
keyid:29:18:46:47:24:8B:55:52:39:99:CB:B7:FE:5B:20:A9:9F:E7:3B:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KRhGRySLVVI5mcu3_lsgqZ_nO-M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/vfgX0QM1-x_CfmwOuFEwuDR0qtE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/KRhGRySLVVI5mcu3_lsgqZ_nO-M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.32.0/22
217.151.192.0/20
IPv6:
2a03:c300::/32
Signature Algorithm: sha256WithRSAEncryption
33:36:cc:bd:39:bb:a0:17:87:1d:b0:df:fb:16:33:31:4a:dc:
dd:41:1f:3d:2f:3a:73:3a:a3:20:57:f5:f4:93:4f:29:95:e8:
71:9a:93:b0:19:2d:12:36:af:59:99:b7:7c:e2:b6:3d:c8:38:
56:5e:54:15:5f:44:1d:e6:b0:cc:11:16:50:13:63:df:4a:74:
28:53:63:11:f4:30:63:80:a7:de:bc:e4:f7:0b:57:13:d4:4f:
22:83:d3:ad:9a:01:2d:00:08:14:bd:d0:4e:68:55:11:01:56:
87:89:d5:b2:91:e3:1a:98:08:75:f4:b7:7a:df:9b:25:bd:7c:
6b:b7:b5:79:e8:a9:f8:e2:86:f3:50:02:47:ca:a4:0f:72:2b:
18:d1:fd:7c:0c:f3:4a:cf:d8:c1:3d:7d:64:60:93:4b:b8:53:
a6:00:87:63:d9:c2:e2:52:81:52:e0:7f:5f:0b:cd:b0:fc:90:
52:40:f1:a4:df:7b:4a:63:8b:96:58:48:ea:44:ea:76:29:6f:
2f:d2:ff:d2:06:9f:59:d0:1f:85:a2:0b:3c:16:2d:74:10:60:
07:d0:41:6f:1b:e7:f1:97:52:2f:2b:06:69:94:fa:fc:ba:c0:
e7:72:6c:26:8f:82:85:5e:56:89:c6:14:72:b0:5a:53:fc:86:
bb:73:82:96
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhslnFO+z4lfBVsrplg20BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MTg0NjQ3MjQ4YjU1NTIzOTk5Y2JiN2ZlNWIyMGE5OWZl
NzNiZTMwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY4MTdkMTAzMzVmYjFmYzI3ZTZjMGViODUxMzBiODM0NzRhYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySED3yT90cHFcLZ5YF7SlwYf6ejL
gSpzaAi/CMTGPwyUWBGzHsKtW7TztzFDR7yNdkWu5D0YtRrwhXIUiNocTBF7LxCC
acgWcUHXfJ9YXZUvWs0t0zpiz7xkZTJYbURJTN7uMgM/WkFGeFH0ia/t6o0DN7Cn
Wnq81J/jZGk3mWuycoD2r8Zoni6zUaaBGn06tBMQL/o2KKG7ZhVWxFulligjBR2c
+wcqV865BemCYYypekUEJ159UHzGpWMHlRiRSk4ehh1HYQUoVdb61Y4NbWEsL0BI
kWmqOTtKPpQyyOaHJtFm1ltBR7a+uiRasXcEFCFxR6LLNsDGlDAvBVpBmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFL34F9EDNfsfwn5sDrhRMLg0dKrRMB8GA1UdIwQY
MBaAFCkYRkcki1VSOZnLt/5bIKmf5zvjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1JoR1J5U0xWVkk1bWN1M19sc2dxWl9uTy1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS81NjAzNmItMjNkOC00YjM3LWI1NDYt
OGZjMjM3M2ZjMjZlLzEvdmZnWDBRTTEteF9DZm13T3VGRXd1RFIwcXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS81NjAzNmItMjNkOC00YjM3LWI1NDYtOGZjMjM3M2ZjMjZl
LzEvS1JoR1J5U0xWVkk1bWN1M19sc2dxWl9uTy1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuaYgAwQE
2ZfAMA0EAgACMAcDBQAqA8MAMA0GCSqGSIb3DQEBCwUAA4IBAQAzNsy9ObugF4cd
sN/7FjMxStzdQR89LzpzOqMgV/X0k08plehxmpOwGS0SNq9Zmbd84rY9yDhWXlQV
X0Qd5rDMERZQE2PfSnQoU2MR9DBjgKfevOT3C1cT1E8ig9OtmgEtAAgUvdBOaFUR
AVaHidWykeMamAh19Ld635slvXxrt7V56Kn44obzUAJHyqQPcisY0f18DPNKz9jB
PX1kYJNLuFOmAIdj2cLiUoFS4H9fC82w/JBSQPGk33tKY4uWWEjqROp2KW8v0v/S
Bp9Z0B+Fogs8Fi10EGAH0EFvG+fxl1IvKwZplPr8usDncmwmj4KFXlaJxhRysFpT
/Ia7c4KW
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:45:58 2025 by rpki-client