Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/MghkPZ3l1Mt5EpONpLu4boLVfIM.roa
File: MghkPZ3l1Mt5EpONpLu4boLVfIM.roa (raw, json)
Hash identifier: 4PywlPrXiO64YW8z7+xrLPHcnjRQHH/ovXTQM30bxGk=
Subject key identifier: 32:08:64:3D:9D:E5:D4:CB:79:12:93:8D:A4:BB:B8:6E:82:D5:7C:83
Certificate issuer: /CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Certificate serial: 019422FC2C49D00A7EA997BB69AC3AF1F168
Authority key identifier: C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/MghkPZ3l1Mt5EpONpLu4boLVfIM.roa
Signing time: Wed 01 Jan 2025 17:48:59 +0000
ROA not before: Wed 01 Jan 2025 17:48:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15703
IP address blocks: 80.247.192.0/19 maxlen: 24
87.233.0.0/16 maxlen: 24
193.28.152.0/24 maxlen: 24
213.193.192.0/21 maxlen: 24
213.193.208.0/21 maxlen: 24
213.193.209.0/24 maxlen: 24
213.193.212.0/24 maxlen: 24
213.193.216.0/22 maxlen: 24
213.193.220.0/22 maxlen: 24
213.193.232.0/21 maxlen: 24
213.193.232.0/24 maxlen: 24
213.193.240.0/21 maxlen: 24
213.193.250.0/23 maxlen: 24
213.193.252.0/23 maxlen: 24
213.193.254.0/23 maxlen: 24
213.239.128.0/18 maxlen: 24
2001:990::/32 maxlen: 32
2001:9a8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl
rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.mft
rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 08:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:2c:49:d0:0a:7e:a9:97:bb:69:ac:3a:f1:f1:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Validity
Not Before: Jan 1 17:48:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3208643d9de5d4cb7912938da4bbb86e82d57c83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:76:80:1a:5b:e3:a0:48:56:ba:b7:b8:42:40:
13:a7:9b:5d:da:d0:f0:80:16:ce:19:94:72:ae:60:
2c:2d:7d:15:96:1f:96:00:f7:92:8e:a7:be:fa:92:
78:8c:71:59:85:0a:cd:94:49:b9:98:60:69:60:f4:
d6:cb:ca:23:91:78:db:1a:d0:3c:76:77:7d:6d:35:
23:c3:80:f6:ee:22:c3:c5:cf:5b:71:a8:11:54:ba:
96:ef:18:84:b9:d7:1c:4e:7b:ca:2a:50:50:b0:b8:
18:04:29:f1:3f:6f:b4:2f:74:8b:b3:70:14:82:a5:
db:21:f7:e1:db:9d:ea:cd:87:b5:23:b2:90:e3:42:
da:9f:5e:89:46:ea:96:c8:6e:b1:24:27:39:08:07:
ca:2d:c4:8f:0a:d2:99:36:80:a0:30:bb:d2:93:f2:
9f:7a:75:b7:bb:c9:5c:43:f2:26:be:00:b6:7f:e3:
de:2a:2c:ce:34:4b:06:37:ca:46:aa:81:9a:ad:b7:
26:1f:90:16:36:b7:01:b8:cc:fe:94:a3:8d:50:88:
bf:c0:80:f5:7f:05:69:26:8a:36:9e:8b:a5:1f:28:
c5:34:9c:d8:1c:6e:bb:c9:35:e2:dc:09:f5:38:d1:
27:ca:8e:7d:48:7c:55:da:51:99:e2:96:9f:46:64:
49:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:08:64:3D:9D:E5:D4:CB:79:12:93:8D:A4:BB:B8:6E:82:D5:7C:83
X509v3 Authority Key Identifier:
keyid:C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/MghkPZ3l1Mt5EpONpLu4boLVfIM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.247.192.0/19
87.233.0.0/16
193.28.152.0/24
213.193.192.0/21
213.193.208.0/20
213.193.232.0-213.193.247.255
213.193.250.0-213.193.255.255
213.239.128.0/18
IPv6:
2001:990::/32
2001:9a8::/32
Signature Algorithm: sha256WithRSAEncryption
5b:ee:9d:e4:65:38:cc:d2:10:30:fc:50:a5:12:ca:4f:97:02:
a2:cb:b3:19:64:a5:aa:f4:b0:ec:1b:16:80:a2:26:23:69:3c:
ae:0e:b1:86:dd:10:48:f9:42:33:e4:30:61:b9:9c:b0:04:e5:
4c:e0:23:45:6f:48:0b:c0:5a:15:39:56:70:14:db:18:4c:aa:
a6:88:aa:dc:89:2b:da:48:57:e4:72:e2:c8:0a:d4:3d:86:be:
92:f0:46:c4:fe:78:6d:e3:b5:fd:a2:9b:52:70:4a:b7:c3:e0:
a8:e6:5d:2a:12:8e:bd:4e:18:0d:7e:df:c8:2a:99:d5:9d:72:
4e:63:4f:bd:d1:27:63:8c:c2:a3:76:d5:b2:33:64:6c:26:68:
46:73:37:ef:e6:5f:83:df:bb:3d:4d:46:31:33:7b:06:05:7a:
cf:c5:2b:07:24:3f:db:ef:e1:77:e1:de:9f:69:a9:ee:70:de:
d7:5b:d3:2a:ee:9a:f8:f4:75:ab:fa:ed:2b:a0:02:99:3f:db:
7b:48:fb:2f:ae:99:e2:51:de:74:54:2b:1f:a0:f6:fb:56:e8:
de:e5:48:02:f3:a4:39:b2:5a:f6:70:f9:8d:86:08:66:3e:00:
a1:39:2c:6f:6f:be:c4:75:0a:a9:e5:a8:7c:fa:f9:93:bb:6f:
1f:9a:0c:e6
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQi/CxJ0Ap+qZe7aaw68fFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzM1ODY4MmRmM2RmOGJkYzcwMjQ1MDdmOTJlY2ZjNWFl
MDk3YmIwHhcNMjUwMTAxMTc0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjA4NjQzZDlkZTVkNGNiNzkxMjkzOGRhNGJiYjg2ZTgyZDU3YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHaAGlvjoEhWure4QkATp5td2tDw
gBbOGZRyrmAsLX0Vlh+WAPeSjqe++pJ4jHFZhQrNlEm5mGBpYPTWy8ojkXjbGtA8
dnd9bTUjw4D27iLDxc9bcagRVLqW7xiEudccTnvKKlBQsLgYBCnxP2+0L3SLs3AU
gqXbIffh253qzYe1I7KQ40Lan16JRuqWyG6xJCc5CAfKLcSPCtKZNoCgMLvSk/Kf
enW3u8lcQ/ImvgC2f+PeKizONEsGN8pGqoGarbcmH5AWNrcBuMz+lKONUIi/wID1
fwVpJoo2noulHyjFNJzYHG67yTXi3An1ONEnyo59SHxV2lGZ4pafRmRJNwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDIIZD2d5dTLeRKTjaS7uG6C1XyDMB8GA1UdIwQY
MBaAFMJzWGgt89+L3HAkUH+S7Pxa4Je7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDct
ZTg4NDY1YzQ2MTg2LzEvTWdoa1BaM2wxTXQ1RXBPTnBMdTRib0xWZklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDctZTg4NDY1YzQ2MTg2
LzEvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQFUPfAAwMA
V+kDBADBHJgDBAPVwcADBATVwdAwDAMEA9XB6AMEA9XB8DALAwQB1cH6AwMB1cAD
BAbV74AwFAQCAAIwDgMFACABCZADBQAgAQmoMA0GCSqGSIb3DQEBCwUAA4IBAQBb
7p3kZTjM0hAw/FClEspPlwKiy7MZZKWq9LDsGxaAoiYjaTyuDrGG3RBI+UIz5DBh
uZywBOVM4CNFb0gLwFoVOVZwFNsYTKqmiKrciSvaSFfkcuLICtQ9hr6S8EbE/nht
47X9optScEq3w+Co5l0qEo69ThgNft/IKpnVnXJOY0+90SdjjMKjdtWyM2RsJmhG
czfv5l+D37s9TUYxM3sGBXrPxSsHJD/b7+F34d6faanucN7XW9Mq7pr49HWr+u0r
oAKZP9t7SPsvrpniUd50VCsfoPb7Vuje5UgC86Q5slr2cPmNhghmPgChOSxvb77E
dQqp5ah8+vmTu28fmgzm
-----END CERTIFICATE-----
Generated at Tue Apr 15 17:06:29 2025 by rpki-client