Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/LOhM-SBOjXIyMVDOM7rBYZ-RO5M.roa
File: LOhM-SBOjXIyMVDOM7rBYZ-RO5M.roa (raw, json)
Hash identifier: i/6kUT0z6uvrrviCjMXCQqOufeEg6EipC16MEaUFpFM=
Subject key identifier: 2C:E8:4C:F9:20:4E:8D:72:32:31:50:CE:33:BA:C1:61:9F:91:3B:93
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 0194AB627EF10483CC0CC23268D31415C824
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/LOhM-SBOjXIyMVDOM7rBYZ-RO5M.roa
Signing time: Tue 28 Jan 2025 05:29:06 +0000
ROA not before: Tue 28 Jan 2025 05:29:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.201.0/24 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ab:62:7e:f1:04:83:cc:0c:c2:32:68:d3:14:15:c8:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Jan 28 05:29:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ce84cf9204e8d72323150ce33bac1619f913b93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:0c:33:56:c4:8a:bd:f6:06:72:cd:10:0b:81:
13:5b:42:ab:f4:af:cb:bc:82:97:68:80:54:47:99:
f0:4c:74:0e:36:84:37:ba:fa:92:b8:79:7b:0b:b0:
32:95:b0:d0:c2:72:cb:6b:6d:c3:57:49:bb:98:18:
14:67:43:e6:d1:2b:58:a1:4a:db:b0:21:eb:80:f6:
66:89:0c:44:a5:96:9c:6c:f3:65:00:a2:8e:99:ff:
c7:f7:ee:0c:f8:f5:01:5e:44:e3:18:c3:15:66:37:
3d:a6:e0:5c:2f:ac:1d:c7:24:26:c4:02:06:15:1b:
14:25:40:5a:c4:0c:0e:4e:71:2d:78:c0:4d:0c:42:
0f:1f:ad:71:63:c2:da:79:56:77:b9:69:18:6d:35:
2c:e6:9a:bc:da:e2:50:78:38:66:3f:e2:e8:cd:80:
42:62:ea:90:a6:41:df:d9:a7:4c:55:e0:9f:33:ed:
47:1c:9f:b2:4e:38:4e:7b:87:39:cd:09:3a:2c:ec:
d9:4d:88:4a:6d:44:1b:4a:47:9b:90:4b:9c:3b:18:
33:cd:ff:56:57:fd:45:94:e3:48:5b:a0:6a:dc:23:
ad:2f:53:5d:f9:04:1b:2a:43:6b:84:7e:e4:fb:18:
8e:d5:5c:dd:1d:fa:35:68:cf:d2:28:d2:e0:5d:ee:
22:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:E8:4C:F9:20:4E:8D:72:32:31:50:CE:33:BA:C1:61:9F:91:3B:93
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/LOhM-SBOjXIyMVDOM7rBYZ-RO5M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.201.0/24
89.249.206.0/23
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
98:0a:e4:25:bc:28:01:75:31:4e:46:c5:07:1f:74:21:14:c5:
bc:39:af:79:d1:1e:52:56:04:ea:fc:56:4a:44:eb:8b:56:51:
8f:c3:9a:67:48:3e:99:e2:ff:56:a4:c1:b1:10:25:12:00:5f:
58:f0:3e:64:8e:8f:60:f1:b7:56:c8:c2:72:ff:cb:03:8c:ef:
36:5f:a8:2f:64:33:59:76:5f:2f:7a:d4:70:ae:e3:01:0f:1c:
f7:d2:34:5e:04:87:d8:7b:1b:e2:ce:63:96:0a:27:b1:50:4d:
4c:ec:0b:c4:d2:c0:d9:69:35:3b:47:a6:85:6c:68:21:6d:c6:
d4:f2:d7:3c:1c:7c:c6:a8:49:6b:9a:c4:58:a4:35:12:4d:2d:
7d:ee:1f:a8:a5:60:d4:ea:5b:36:b3:d0:92:5f:e9:92:3b:b3:
bd:bb:d5:82:c4:88:d4:8a:9e:a4:47:61:6d:9a:3b:59:87:b3:
ba:fb:8a:33:9d:f3:1f:fb:e5:76:23:51:9c:19:32:91:c3:b0:
43:11:04:b5:16:87:55:e9:00:72:74:c8:8d:ab:4e:85:88:34:
2f:97:3f:25:11:00:db:37:55:6e:73:6d:f2:d7:28:ac:4b:1b:
1b:4d:71:e1:fc:0c:11:11:39:55:f6:1d:29:41:44:a2:39:04:
01:5d:62:da
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZSrYn7xBIPMDMIyaNMUFcgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTI4MDUyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2U4NGNmOTIwNGU4ZDcyMzIzMTUwY2UzM2JhYzE2MTlmOTEzYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgwzVsSKvfYGcs0QC4ETW0Kr9K/L
vIKXaIBUR5nwTHQONoQ3uvqSuHl7C7AylbDQwnLLa23DV0m7mBgUZ0Pm0StYoUrb
sCHrgPZmiQxEpZacbPNlAKKOmf/H9+4M+PUBXkTjGMMVZjc9puBcL6wdxyQmxAIG
FRsUJUBaxAwOTnEteMBNDEIPH61xY8LaeVZ3uWkYbTUs5pq82uJQeDhmP+LozYBC
YuqQpkHf2adMVeCfM+1HHJ+yTjhOe4c5zQk6LOzZTYhKbUQbSkebkEucOxgzzf9W
V/1FlONIW6Bq3COtL1Nd+QQbKkNrhH7k+xiO1VzdHfo1aM/SKNLgXe4iTwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCzoTPkgTo1yMjFQzjO6wWGfkTuTMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvTE9oTS1TQk9qWEl5TVZET003ckJZWi1STzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDWfnAAwQA
WfnJAwQBWfnOAwQE1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQCYCuQlvCgBdTFORsUH
H3QhFMW8Oa950R5SVgTq/FZKROuLVlGPw5pnSD6Z4v9WpMGxECUSAF9Y8D5kjo9g
8bdWyMJy/8sDjO82X6gvZDNZdl8vetRwruMBDxz30jReBIfYexvizmOWCiexUE1M
7AvE0sDZaTU7R6aFbGghbcbU8tc8HHzGqElrmsRYpDUSTS197h+opWDU6ls2s9CS
X+mSO7O9u9WCxIjUip6kR2FtmjtZh7O6+4oznfMf++V2I1GcGTKRw7BDEQS1FodV
6QBydMiNq06FiDQvlz8lEQDbN1Vuc23y1yisSxsbTXHh/AwRETlV9h0pQUSiOQQB
XWLa
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:08:16 2025 by rpki-client