Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/fBRkISIiSfpTsidTZxHnsdEmVts.roa
File: fBRkISIiSfpTsidTZxHnsdEmVts.roa (raw, json)
Hash identifier: /SO0eDVgDID8eQKHxi92MtPkHivhnmAfmnA7rz2sOnU=
Subject key identifier: 7C:14:64:21:22:22:49:FA:53:B2:27:53:67:11:E7:B1:D1:26:56:DB
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 0194266C514A452E2F4E9FDD93A36F7F26A8
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/fBRkISIiSfpTsidTZxHnsdEmVts.roa
Signing time: Thu 02 Jan 2025 09:50:20 +0000
ROA not before: Thu 02 Jan 2025 09:50:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8249
IP address blocks: 185.35.120.0/22 maxlen: 22
195.144.192.0/19 maxlen: 19
195.144.192.0/20 maxlen: 20
195.144.208.0/22 maxlen: 22
195.144.214.0/23 maxlen: 23
195.144.216.0/23 maxlen: 23
195.144.218.0/24 maxlen: 24
195.144.220.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:51:4a:45:2e:2f:4e:9f:dd:93:a3:6f:7f:26:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jan 2 09:50:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7c146421222249fa53b227536711e7b1d12656db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:1c:6a:90:fa:15:b8:00:94:41:43:42:11:04:
1c:df:59:5e:df:a7:88:9d:e2:88:2b:d8:36:7c:ee:
21:f1:98:66:71:a5:37:62:fd:eb:e5:0e:76:4c:8d:
d3:3c:57:83:09:ed:f3:c6:75:49:c2:40:f5:8b:3e:
a2:18:ff:dc:5b:09:2d:75:90:af:a5:28:ad:73:0e:
3d:81:4c:01:c7:32:fc:08:0e:cd:0f:bc:34:33:8e:
a5:b7:a7:cf:e1:a9:c4:8b:8c:83:7a:3f:08:28:9a:
62:ec:9a:6a:ea:ea:70:4f:b3:e7:74:25:19:61:ca:
70:53:e0:e2:61:11:e9:0c:43:15:eb:be:97:4b:b2:
9f:1d:13:4f:4d:b3:4a:58:34:88:9c:db:16:99:f4:
68:2c:6d:58:42:31:18:11:8b:fc:6f:2c:83:59:e3:
c0:dd:fe:b5:59:e6:6a:18:6c:17:e3:86:4c:56:5f:
e1:53:55:32:58:ea:44:d8:11:e9:93:61:8f:2c:96:
e8:2a:f7:d4:37:6f:8b:66:9e:a1:81:dd:58:ad:b5:
97:17:54:3c:8f:5e:3d:43:a5:16:39:38:cf:64:04:
7b:af:97:8d:cb:8c:10:ff:23:65:1e:a6:00:05:54:
da:62:fe:5c:a7:eb:e5:f3:5e:0d:9a:9a:8b:9d:16:
58:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:14:64:21:22:22:49:FA:53:B2:27:53:67:11:E7:B1:D1:26:56:DB
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/fBRkISIiSfpTsidTZxHnsdEmVts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.35.120.0/22
195.144.192.0/19
Signature Algorithm: sha256WithRSAEncryption
59:e9:7e:71:6b:38:89:83:af:7a:c4:eb:5d:05:00:0d:5a:0f:
23:3b:30:e0:c4:97:b0:6b:ad:8f:bc:1b:3c:ae:02:25:5b:5f:
48:8b:d7:03:ee:27:9c:3d:93:c7:d1:0c:a8:5a:b1:34:a5:ab:
e9:8a:cf:fc:b8:70:77:db:eb:e3:8b:5a:ba:a8:b8:e4:92:ab:
d2:57:0c:4b:e2:07:43:13:15:6b:35:6c:f6:ba:d1:45:f4:b1:
84:69:95:09:6b:3d:78:81:e7:e2:8f:84:3f:03:bb:14:7b:a3:
0d:2d:4f:47:63:74:11:c7:03:49:2d:5f:bb:79:9b:36:24:cd:
63:55:0a:3b:48:ff:94:73:db:0b:d4:43:4d:ba:52:b4:31:8f:
b8:9c:aa:d7:ba:36:d4:9d:d0:c8:3f:22:c0:73:c6:87:88:b4:
6f:12:3c:bf:8b:3d:9a:d7:aa:1c:d6:33:ce:8e:0e:45:07:6b:
24:82:48:97:79:a7:8f:91:47:61:69:97:e5:0f:1f:ac:a8:c2:
6a:90:83:11:77:ed:ed:5b:c9:0f:b8:90:50:65:3a:75:44:54:
b7:65:71:f6:eb:55:ea:fb:36:5c:92:1b:98:81:5e:9a:33:76:
a6:38:63:fd:94:6b:2f:3e:ab:6c:f8:46:45:02:f8:59:e5:b1:
4d:4e:cc:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmbFFKRS4vTp/dk6NvfyaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzE0NjQyMTIyMjI0OWZhNTNiMjI3NTM2NzExZTdiMWQxMjY1NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RxqkPoVuACUQUNCEQQc31le36eI
neKIK9g2fO4h8ZhmcaU3Yv3r5Q52TI3TPFeDCe3zxnVJwkD1iz6iGP/cWwktdZCv
pSitcw49gUwBxzL8CA7ND7w0M46lt6fP4anEi4yDej8IKJpi7Jpq6upwT7PndCUZ
YcpwU+DiYRHpDEMV676XS7KfHRNPTbNKWDSInNsWmfRoLG1YQjEYEYv8byyDWePA
3f61WeZqGGwX44ZMVl/hU1UyWOpE2BHpk2GPLJboKvfUN2+LZp6hgd1YrbWXF1Q8
j149Q6UWOTjPZAR7r5eNy4wQ/yNlHqYABVTaYv5cp+vl814NmpqLnRZY+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHwUZCEiIkn6U7InU2cR57HRJlbbMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvZkJSa0lTSWlTZnBUc2lkVFp4SG5zZEVtVnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSN4AwQF
w5DAMA0GCSqGSIb3DQEBCwUAA4IBAQBZ6X5xaziJg696xOtdBQANWg8jOzDgxJew
a62PvBs8rgIlW19Ii9cD7iecPZPH0QyoWrE0pavpis/8uHB32+vji1q6qLjkkqvS
VwxL4gdDExVrNWz2utFF9LGEaZUJaz14gefij4Q/A7sUe6MNLU9HY3QRxwNJLV+7
eZs2JM1jVQo7SP+Uc9sL1ENNulK0MY+4nKrXujbUndDIPyLAc8aHiLRvEjy/iz2a
16oc1jPOjg5FB2skgkiXeaePkUdhaZflDx+sqMJqkIMRd+3tW8kPuJBQZTp1RFS3
ZXH261Xq+zZckhuYgV6aM3amOGP9lGsvPqts+EZFAvhZ5bFNTszc
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:44:24 2025 by rpki-client