Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/Y56Gciif-2amsx2dXrP9fHRusqQ.roa
File: Y56Gciif-2amsx2dXrP9fHRusqQ.roa (raw, json)
Hash identifier: fDWZnk5W7B7Ljpur47rgBYvk4mpvoSPiiS1+UZWUXFA=
Subject key identifier: 63:9E:86:72:28:9F:FB:66:A6:B3:1D:9D:5E:B3:FD:7C:74:6E:B2:A4
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 019427B574062F3C2AC33F5FF41E1AFCF19B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/Y56Gciif-2amsx2dXrP9fHRusqQ.roa
Signing time: Thu 02 Jan 2025 15:49:50 +0000
ROA not before: Thu 02 Jan 2025 15:49:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215623
IP address blocks: 31.15.20.0/24 maxlen: 24
31.15.21.0/24 maxlen: 24
31.15.22.0/24 maxlen: 24
31.15.23.0/24 maxlen: 24
192.162.66.0/24 maxlen: 24
192.162.67.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:74:06:2f:3c:2a:c3:3f:5f:f4:1e:1a:fc:f1:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Jan 2 15:49:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=639e8672289ffb66a6b31d9d5eb3fd7c746eb2a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:64:d3:d3:22:09:07:07:9d:9c:e0:61:85:49:
6c:c4:1c:3e:04:5f:5e:03:1b:6a:d9:3e:41:7b:d6:
9e:09:15:73:bb:a2:53:54:ce:d4:ce:7d:72:f6:a4:
5f:fd:87:e0:bb:95:2f:82:e4:4d:a6:28:3f:a3:01:
9a:0c:31:df:2c:ba:55:a3:ba:92:f1:f2:dd:9b:5f:
19:a4:e8:38:38:98:d3:4e:35:3e:43:e5:a8:7f:2c:
d9:b6:47:3d:b3:1f:ca:21:d0:6e:83:89:31:73:53:
c7:da:94:74:bc:15:e0:ba:af:a2:05:29:4d:23:20:
2b:5d:dd:83:8f:47:ec:21:3e:7a:14:77:89:89:4f:
c2:b8:97:54:ce:5d:7a:aa:7c:21:c7:74:54:75:37:
c7:90:c4:da:67:02:16:f2:ef:4e:bf:90:33:d5:95:
c5:c4:38:bf:dc:f9:bd:2c:ca:3a:2f:dc:58:a9:48:
7c:75:32:59:41:3e:a3:6c:0c:d0:40:d8:45:34:96:
4b:3b:5e:0e:15:dc:b7:35:7e:9c:b4:dc:38:3c:ba:
7f:a1:4f:ba:f1:a1:8c:66:58:7e:7b:99:1a:50:9b:
7f:74:cd:bc:44:80:83:12:17:c2:15:70:aa:79:d8:
ea:d9:c4:65:60:73:c2:47:83:96:7b:26:94:b7:b5:
04:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:9E:86:72:28:9F:FB:66:A6:B3:1D:9D:5E:B3:FD:7C:74:6E:B2:A4
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/Y56Gciif-2amsx2dXrP9fHRusqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.15.20.0/22
192.162.66.0/23
Signature Algorithm: sha256WithRSAEncryption
bf:de:b5:94:c2:4f:e2:5d:7f:0e:76:0e:25:27:6d:e6:fd:ff:
c1:f5:4a:bb:87:c2:c1:bf:5c:e7:79:86:a2:2a:22:b4:eb:33:
58:91:c5:a0:e9:ae:2e:a8:9e:ac:9e:59:72:2b:81:e3:f9:95:
fb:b6:93:ea:75:93:17:8f:3a:71:f6:0f:fe:aa:a0:ee:76:3a:
aa:dc:a8:31:e2:0e:30:5d:0f:4a:46:5f:4d:43:73:81:be:e3:
d4:f4:58:92:92:62:df:6d:29:c2:b6:cb:38:27:ea:89:38:65:
84:e5:12:0c:64:f3:55:f7:69:9d:05:69:4e:60:89:a8:22:88:
fa:e1:64:f1:56:66:5f:b9:57:9b:41:d4:44:8e:14:2b:e9:2f:
b1:28:27:0c:a0:d3:0f:aa:83:48:25:1f:d3:32:0c:59:af:ed:
72:6e:5c:92:a7:1d:17:e9:3e:a8:80:dd:05:f2:22:d3:1a:2e:
8e:39:b1:89:bc:24:fe:28:9f:86:97:1a:7f:c8:bc:39:cc:b7:
48:6f:d8:94:43:a9:0b:f9:d1:a7:7b:a4:17:82:60:54:36:44:
8b:ad:00:9a:7c:a2:92:fa:ab:cd:18:0a:39:63:b2:c3:48:94:
e5:5a:30:bb:68:c0:49:0c:61:d9:81:ea:22:22:67:0f:aa:4f:
94:37:59:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntXQGLzwqwz9f9B4a/PGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzllODY3MjI4OWZmYjY2YTZiMzFkOWQ1ZWIzZmQ3Yzc0NmViMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmTT0yIJBwednOBhhUlsxBw+BF9e
Axtq2T5Be9aeCRVzu6JTVM7Uzn1y9qRf/Yfgu5UvguRNpig/owGaDDHfLLpVo7qS
8fLdm18ZpOg4OJjTTjU+Q+WofyzZtkc9sx/KIdBug4kxc1PH2pR0vBXguq+iBSlN
IyArXd2Dj0fsIT56FHeJiU/CuJdUzl16qnwhx3RUdTfHkMTaZwIW8u9Ov5Az1ZXF
xDi/3Pm9LMo6L9xYqUh8dTJZQT6jbAzQQNhFNJZLO14OFdy3NX6ctNw4PLp/oU+6
8aGMZlh+e5kaUJt/dM28RICDEhfCFXCqedjq2cRlYHPCR4OWeyaUt7UEUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGOehnIon/tmprMdnV6z/Xx0brKkMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvWTU2R2NpaWYtMmFtc3gyZFhyUDlmSFJ1c3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCHw8UAwQB
wKJCMA0GCSqGSIb3DQEBCwUAA4IBAQC/3rWUwk/iXX8Odg4lJ23m/f/B9Uq7h8LB
v1zneYaiKiK06zNYkcWg6a4uqJ6snllyK4Hj+ZX7tpPqdZMXjzpx9g/+qqDudjqq
3Kgx4g4wXQ9KRl9NQ3OBvuPU9FiSkmLfbSnCtss4J+qJOGWE5RIMZPNV92mdBWlO
YImoIoj64WTxVmZfuVebQdREjhQr6S+xKCcMoNMPqoNIJR/TMgxZr+1yblySpx0X
6T6ogN0F8iLTGi6OObGJvCT+KJ+Glxp/yLw5zLdIb9iUQ6kL+dGne6QXgmBUNkSL
rQCafKKS+qvNGAo5Y7LDSJTlWjC7aMBJDGHZgeoiImcPqk+UN1kw
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:10:56 2025 by rpki-client