Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/sCOb4vQds_pkbWhQIVEttoainJ8.roa
File: sCOb4vQds_pkbWhQIVEttoainJ8.roa (raw, json)
Hash identifier: whA1irugOnOaLSWdyAk/n4R/O9pEidjXiPOAAQiXTeo=
Subject key identifier: B0:23:9B:E2:F4:1D:B3:FA:64:6D:68:50:21:51:2D:B6:86:A2:9C:9F
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 019425218E27AE1024F4ECAEFDD456FED29C
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/sCOb4vQds_pkbWhQIVEttoainJ8.roa
Signing time: Thu 02 Jan 2025 03:49:03 +0000
ROA not before: Thu 02 Jan 2025 03:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25211
IP address blocks: 85.239.144.0/24 maxlen: 24
85.239.146.0/24 maxlen: 24
85.239.147.0/24 maxlen: 24
85.239.148.0/24 maxlen: 24
85.239.149.0/24 maxlen: 24
85.239.150.0/24 maxlen: 24
85.239.151.0/24 maxlen: 24
185.95.156.0/24 maxlen: 24
185.95.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 13:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:8e:27:ae:10:24:f4:ec:ae:fd:d4:56:fe:d2:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Jan 2 03:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b0239be2f41db3fa646d685021512db686a29c9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fc:8f:dc:b1:1e:2a:94:93:5d:98:a8:b5:26:
5b:74:da:9a:9b:71:4c:27:41:02:22:6f:e5:86:27:
5c:33:ee:f9:a1:56:c2:b7:80:ed:67:3e:d8:a3:c2:
66:12:40:dd:95:f4:f6:16:b5:2e:a9:7a:ee:bd:92:
5c:d3:42:cf:fc:5d:d0:d1:8b:2f:00:e9:76:f9:55:
ae:75:dd:6f:b0:49:d9:a0:8d:bf:11:22:b0:d0:cf:
54:c5:9c:43:61:69:b5:33:d3:75:a0:b9:d6:2a:a5:
2d:85:24:c0:3e:88:4b:29:72:9a:08:d3:e9:83:9e:
80:05:e8:ce:ec:a7:98:60:a3:d3:f3:9f:1b:43:2a:
a8:bc:fc:a1:5c:bd:cf:1f:55:94:d3:e2:33:1c:ce:
28:2d:2e:12:87:2b:cf:4a:d2:43:a3:c6:f8:4e:1b:
10:b1:1b:5e:59:45:71:87:72:48:d1:8d:35:eb:6a:
42:6e:03:a1:1b:e3:9b:c9:19:d9:de:ed:4c:fe:d0:
c9:fc:02:c1:7d:a9:a8:1f:a4:69:68:f0:80:fd:fe:
70:27:d5:ae:47:48:51:9a:6d:61:ff:f0:1e:2d:5f:
4a:39:20:ff:7b:65:7c:97:a6:99:1d:81:09:2d:2c:
5b:a5:d1:54:d3:bb:5e:22:fb:22:1c:61:fc:6d:10:
88:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:23:9B:E2:F4:1D:B3:FA:64:6D:68:50:21:51:2D:B6:86:A2:9C:9F
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/sCOb4vQds_pkbWhQIVEttoainJ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.144.0/24
85.239.146.0-85.239.151.255
185.95.156.0/24
185.95.159.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:5e:9b:c3:49:4d:e3:72:71:69:b4:5e:ca:7b:35:cc:9a:54:
49:80:fa:e0:ef:f9:d6:a5:47:88:7d:ab:de:27:9a:cf:25:f8:
a4:3e:c4:f4:78:7f:7e:af:7c:76:16:25:41:f3:5a:d9:b4:33:
91:eb:14:c0:fd:33:cc:c8:21:84:3c:35:20:ff:e9:27:2a:94:
19:66:4d:5c:de:2d:35:b2:dc:3d:95:ed:52:34:9f:24:86:5a:
b9:17:2f:f8:06:9f:c6:7b:6e:d4:66:2e:61:cb:7e:e8:85:fc:
cc:96:7d:40:17:66:01:43:64:cb:20:dd:21:d0:f4:80:ab:0b:
00:f5:56:e0:86:0b:c6:de:1a:30:22:d0:3d:91:9f:76:53:75:
f8:2a:14:9e:21:a8:03:a5:4e:d5:67:88:4f:b9:57:b2:1d:90:
4a:f9:49:6e:ca:bf:dc:e6:66:0a:ae:0a:81:02:dc:83:27:ba:
b7:58:fd:e7:58:1d:38:be:19:eb:5b:cf:17:90:79:cf:bd:c4:
34:2b:4d:31:e2:d6:6a:1f:fa:2f:cb:cd:0f:fe:4c:45:be:66:
7e:9f:07:61:de:f3:f1:04:7f:59:64:58:36:c5:32:28:d6:24:
f8:00:04:14:3e:e5:4a:63:de:ec:1a:2b:6b:1d:18:e1:12:e4:
29:ec:a3:4b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQlIY4nrhAk9Oyu/dRW/tKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMTAyMDM0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDIzOWJlMmY0MWRiM2ZhNjQ2ZDY4NTAyMTUxMmRiNjg2YTI5YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPyP3LEeKpSTXZiotSZbdNqam3FM
J0ECIm/lhidcM+75oVbCt4DtZz7Yo8JmEkDdlfT2FrUuqXruvZJc00LP/F3Q0Ysv
AOl2+VWudd1vsEnZoI2/ESKw0M9UxZxDYWm1M9N1oLnWKqUthSTAPohLKXKaCNPp
g56ABejO7KeYYKPT858bQyqovPyhXL3PH1WU0+IzHM4oLS4ShyvPStJDo8b4ThsQ
sRteWUVxh3JI0Y0162pCbgOhG+ObyRnZ3u1M/tDJ/ALBfamoH6RpaPCA/f5wJ9Wu
R0hRmm1h//AeLV9KOSD/e2V8l6aZHYEJLSxbpdFU07teIvsiHGH8bRCIZQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLAjm+L0HbP6ZG1oUCFRLbaGopyfMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvc0NPYjR2UWRzX3BrYldoUUlWRXR0b2Fpbko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAVe+QMAwD
BAFV75IDBANV75ADBAC5X5wDBAC5X58wDQYJKoZIhvcNAQELBQADggEBAHpem8NJ
TeNycWm0Xsp7NcyaVEmA+uDv+dalR4h9q94nms8l+KQ+xPR4f36vfHYWJUHzWtm0
M5HrFMD9M8zIIYQ8NSD/6ScqlBlmTVzeLTWy3D2V7VI0nySGWrkXL/gGn8Z7btRm
LmHLfuiF/MyWfUAXZgFDZMsg3SHQ9ICrCwD1VuCGC8beGjAi0D2Rn3ZTdfgqFJ4h
qAOlTtVniE+5V7IdkEr5SW7Kv9zmZgquCoEC3IMnurdY/edYHTi+GetbzxeQec+9
xDQrTTHi1mof+i/LzQ/+TEW+Zn6fB2He8/EEf1lkWDbFMijWJPgABBQ+5Upj3uwa
K2sdGOES5Cnso0s=
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:57:56 2025 by rpki-client