Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/87a863-da6f-4981-9378-b2cd4e58100e/1/AHAEcpQC5M7HA3lpCyAUPO_2dfI.roa
File: AHAEcpQC5M7HA3lpCyAUPO_2dfI.roa (raw, json)
Hash identifier: QyNnsqD7JTUcYd/+hLfrA6pGFz4v5bZK87dfCrHLd18=
Subject key identifier: 00:70:04:72:94:02:E4:CE:C7:03:79:69:0B:20:14:3C:EF:F6:75:F2
Certificate issuer: /CN=91b3f5d6f43e83071fa77e6d3ebbb79352f961b5
Certificate serial: 019421B19C0A9BA79AF8557C7D534380A8DA
Authority key identifier: 91:B3:F5:D6:F4:3E:83:07:1F:A7:7E:6D:3E:BB:B7:93:52:F9:61:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kbP11vQ-gwcfp35tPru3k1L5YbU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/87a863-da6f-4981-9378-b2cd4e58100e/1/AHAEcpQC5M7HA3lpCyAUPO_2dfI.roa
Signing time: Wed 01 Jan 2025 11:47:55 +0000
ROA not before: Wed 01 Jan 2025 11:47:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209835
IP address blocks: 2.59.232.0/22 maxlen: 22
2.59.232.0/24 maxlen: 24
2.59.233.0/24 maxlen: 24
2.59.234.0/24 maxlen: 24
2.59.235.0/24 maxlen: 24
2a09:fc40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/87a863-da6f-4981-9378-b2cd4e58100e/1/kbP11vQ-gwcfp35tPru3k1L5YbU.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/87a863-da6f-4981-9378-b2cd4e58100e/1/kbP11vQ-gwcfp35tPru3k1L5YbU.mft
rsync://rpki.ripe.net/repository/DEFAULT/kbP11vQ-gwcfp35tPru3k1L5YbU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 13:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:9c:0a:9b:a7:9a:f8:55:7c:7d:53:43:80:a8:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=91b3f5d6f43e83071fa77e6d3ebbb79352f961b5
Validity
Not Before: Jan 1 11:47:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=007004729402e4cec70379690b20143ceff675f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:d8:eb:4d:89:10:40:69:a6:98:0c:f5:bb:60:
62:09:f7:ee:b1:69:1a:4e:76:32:cf:d7:2d:62:77:
eb:f0:af:93:98:da:69:a1:fe:f8:8f:e0:1d:f6:93:
68:d5:67:5b:5d:10:85:27:c7:07:9e:f6:58:8b:6d:
0f:dc:82:34:a4:6b:0a:fa:cd:cd:f4:96:33:68:8b:
38:e8:1e:29:f6:a1:c5:15:9b:d6:fc:52:73:43:88:
6f:2a:53:cd:a3:59:7a:8e:73:7d:7f:8a:62:54:65:
55:de:3d:b1:65:33:a8:66:20:63:f0:54:5c:49:d8:
a4:40:7e:1c:24:f1:f6:05:22:44:cb:45:79:39:52:
be:45:4d:98:67:38:12:64:79:ef:c8:ed:50:74:5a:
4b:37:d4:2b:b6:da:db:e5:70:fc:8a:c6:6f:78:41:
63:90:2d:d6:38:61:91:1a:59:60:47:27:27:86:e0:
65:cd:b7:60:27:99:15:6b:1e:21:29:8b:af:d8:88:
c8:04:e8:d2:ab:2f:2c:dc:f0:ee:d0:15:48:f5:e2:
e5:4d:bc:93:21:61:5c:2e:0d:f5:4d:d5:61:49:4e:
6d:45:d5:0b:c9:6e:e6:01:bd:6e:9a:73:30:7d:99:
32:8e:6b:fb:62:96:f4:f3:41:fe:76:37:19:de:66:
94:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:70:04:72:94:02:E4:CE:C7:03:79:69:0B:20:14:3C:EF:F6:75:F2
X509v3 Authority Key Identifier:
keyid:91:B3:F5:D6:F4:3E:83:07:1F:A7:7E:6D:3E:BB:B7:93:52:F9:61:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kbP11vQ-gwcfp35tPru3k1L5YbU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/87a863-da6f-4981-9378-b2cd4e58100e/1/AHAEcpQC5M7HA3lpCyAUPO_2dfI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/87a863-da6f-4981-9378-b2cd4e58100e/1/kbP11vQ-gwcfp35tPru3k1L5YbU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.232.0/22
IPv6:
2a09:fc40::/29
Signature Algorithm: sha256WithRSAEncryption
05:11:be:b3:6f:a1:65:3b:ff:35:7f:2d:13:2e:16:3e:0c:4a:
c9:52:08:43:5a:25:40:c6:ff:1e:f6:e4:cf:92:d3:ac:b9:87:
4f:46:8b:e8:7c:3a:ea:98:ff:b8:9e:5c:4f:26:34:33:7f:0d:
38:c8:da:a7:02:00:e5:51:c8:58:33:a3:7c:83:d0:62:07:3b:
92:ee:98:35:81:99:ea:e5:7d:63:c2:df:d7:0e:e7:05:ce:1e:
43:c4:b5:f8:11:be:68:17:01:0e:be:be:a2:99:ba:04:9c:97:
64:c4:ef:4d:d8:e5:42:39:e1:44:f4:9c:72:3c:9f:8e:17:2e:
60:31:63:ae:87:54:32:42:e2:1c:e6:c7:17:2f:1e:40:60:22:
b3:d0:76:2d:7b:f1:84:e8:a0:24:bc:55:88:b9:fc:43:e6:c4:
e7:cc:db:da:ef:1c:df:ac:f8:17:f6:40:47:52:5c:fa:35:b9:
ed:4c:e8:39:7a:34:e4:cf:3c:57:2b:05:7a:c3:6f:f2:4d:94:
1f:9a:64:f5:e3:de:65:36:01:8f:15:9f:d8:7b:83:d9:59:2f:
70:34:89:0b:c3:0c:66:7b:03:85:83:c9:17:14:3c:77:c7:ff:
e3:bf:1b:47:7e:1b:84:59:d0:99:fb:54:f2:7b:49:e6:db:0a:
69:47:57:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsZwKm6ea+FV8fVNDgKjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYjNmNWQ2ZjQzZTgzMDcxZmE3N2U2ZDNlYmJiNzkzNTJm
OTYxYjUwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDcwMDQ3Mjk0MDJlNGNlYzcwMzc5NjkwYjIwMTQzY2VmZjY3NWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9jrTYkQQGmmmAz1u2BiCffusWka
TnYyz9ctYnfr8K+TmNppof74j+Ad9pNo1WdbXRCFJ8cHnvZYi20P3II0pGsK+s3N
9JYzaIs46B4p9qHFFZvW/FJzQ4hvKlPNo1l6jnN9f4piVGVV3j2xZTOoZiBj8FRc
SdikQH4cJPH2BSJEy0V5OVK+RU2YZzgSZHnvyO1QdFpLN9Qrttrb5XD8isZveEFj
kC3WOGGRGllgRycnhuBlzbdgJ5kVax4hKYuv2IjIBOjSqy8s3PDu0BVI9eLlTbyT
IWFcLg31TdVhSU5tRdULyW7mAb1umnMwfZkyjmv7Ypb080H+djcZ3maUIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFABwBHKUAuTOxwN5aQsgFDzv9nXyMB8GA1UdIwQY
MBaAFJGz9db0PoMHH6d+bT67t5NS+WG1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2JQMTF2US1nd2NmcDM1dFBydTNrMUw1WWJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84N2E4NjMtZGE2Zi00OTgxLTkzNzgt
YjJjZDRlNTgxMDBlLzEvQUhBRWNwUUM1TTdIQTNscEN5QVVQT18yZGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84N2E4NjMtZGE2Zi00OTgxLTkzNzgtYjJjZDRlNTgxMDBl
LzEva2JQMTF2US1nd2NmcDM1dFBydTNrMUw1WWJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjvoMA0E
AgACMAcDBQMqCfxAMA0GCSqGSIb3DQEBCwUAA4IBAQAFEb6zb6FlO/81fy0TLhY+
DErJUghDWiVAxv8e9uTPktOsuYdPRovofDrqmP+4nlxPJjQzfw04yNqnAgDlUchY
M6N8g9BiBzuS7pg1gZnq5X1jwt/XDucFzh5DxLX4Eb5oFwEOvr6imboEnJdkxO9N
2OVCOeFE9JxyPJ+OFy5gMWOuh1QyQuIc5scXLx5AYCKz0HYte/GE6KAkvFWIufxD
5sTnzNva7xzfrPgX9kBHUlz6NbntTOg5ejTkzzxXKwV6w2/yTZQfmmT1495lNgGP
FZ/Ye4PZWS9wNIkLwwxmewOFg8kXFDx3x//jvxtHfhuEWdCZ+1Tye0nm2wppR1dL
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:06:37 2025 by rpki-client