Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/CF82jVUVZeKpuyFYv8cM6TsLQC0.roa
File: CF82jVUVZeKpuyFYv8cM6TsLQC0.roa (raw, json)
Hash identifier: JBQmTeNOrtVCdfq+3VNtxXtIRDR/14iOJ6hQdOlG2Jg=
Subject key identifier: 08:5F:36:8D:55:15:65:E2:A9:BB:21:58:BF:C7:0C:E9:3B:0B:40:2D
Certificate issuer: /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial: 019638E71534EF3AEFA82C0AD8536C902D3C
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/CF82jVUVZeKpuyFYv8cM6TsLQC0.roa
Signing time: Tue 15 Apr 2025 10:03:10 +0000
ROA not before: Tue 15 Apr 2025 10:03:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56655
IP address blocks: 45.88.200.0/24 maxlen: 24
45.88.201.0/24 maxlen: 24
45.88.202.0/24 maxlen: 24
185.14.97.0/24 maxlen: 24
185.125.168.0/22 maxlen: 22
185.181.60.0/22 maxlen: 22
185.243.216.0/24 maxlen: 24
185.243.217.0/24 maxlen: 24
185.243.218.0/24 maxlen: 24
193.200.229.0/24 maxlen: 24
193.200.238.0/24 maxlen: 24
193.243.189.0/24 maxlen: 24
194.32.107.0/24 maxlen: 24
194.110.207.0/24 maxlen: 24
195.16.73.0/24 maxlen: 24
198.140.141.0/24 maxlen: 24
2a03:94e0::/32 maxlen: 32
2a03:94e1::/32 maxlen: 32
2a03:94e2::/32 maxlen: 32
2a03:94e3::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.mft
rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:38:e7:15:34:ef:3a:ef:a8:2c:0a:d8:53:6c:90:2d:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Validity
Not Before: Apr 15 10:03:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=085f368d551565e2a9bb2158bfc70ce93b0b402d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:81:3b:ad:fc:32:25:40:2b:45:04:ae:91:c8:
d2:a4:4e:e9:6d:4e:56:12:9d:1f:79:76:ad:60:73:
e3:b6:f6:14:8a:fb:2b:d2:b2:cd:27:9c:88:de:a4:
7a:ac:21:40:f8:0d:b0:37:bb:bc:a7:f4:69:d6:72:
a5:10:11:88:59:04:ea:b1:21:03:c1:e3:bf:8f:04:
b6:b5:85:47:77:e8:39:de:b0:43:6f:43:82:70:7a:
f9:1a:3e:8c:6f:3d:52:07:04:75:e8:c1:71:90:e5:
d3:5d:54:e6:23:94:bf:52:fc:5c:b2:d0:c6:6a:53:
ca:67:59:19:11:8b:34:94:3e:3b:5e:8e:24:df:6a:
09:74:ad:65:a6:10:9c:9d:35:b4:e1:30:85:d4:63:
e5:a8:7c:f3:a6:1e:69:cb:51:b9:82:de:0a:95:c6:
77:40:06:41:f9:1a:c4:52:a0:b5:dc:02:42:ee:95:
21:9b:a5:f8:c9:7c:13:6e:81:ce:9a:61:aa:4e:55:
30:f8:c6:5a:17:54:70:20:18:c1:bb:a7:d3:a9:fa:
09:61:45:a7:35:2a:66:39:75:ff:ff:be:98:b9:db:
ff:02:4e:0c:6c:6e:d9:1e:bd:54:16:6c:cd:43:e2:
a4:ea:77:78:88:a7:1a:e0:4f:6d:6b:bb:86:70:60:
7b:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:5F:36:8D:55:15:65:E2:A9:BB:21:58:BF:C7:0C:E9:3B:0B:40:2D
X509v3 Authority Key Identifier:
keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/CF82jVUVZeKpuyFYv8cM6TsLQC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.200.0-45.88.202.255
185.14.97.0/24
185.125.168.0/22
185.181.60.0/22
185.243.216.0-185.243.218.255
193.200.229.0/24
193.200.238.0/24
193.243.189.0/24
194.32.107.0/24
194.110.207.0/24
195.16.73.0/24
198.140.141.0/24
IPv6:
2a03:94e0::/30
Signature Algorithm: sha256WithRSAEncryption
91:ec:cc:c9:ae:39:43:8e:83:75:46:d2:61:ed:9a:12:02:4c:
24:10:b7:c7:77:a9:c2:ef:74:13:b0:86:b4:9a:dd:4f:28:33:
f6:a2:ff:38:46:32:f6:80:d8:90:8f:d8:ae:eb:b4:fa:7e:b4:
54:94:1e:a8:28:72:6d:6c:9a:0a:e1:6d:7a:63:10:ac:cd:2c:
bf:01:c1:49:7b:06:83:5a:5c:7b:98:a2:74:3c:80:17:ba:2d:
8e:32:e8:f7:a6:2b:f3:fa:f1:02:ad:59:b0:34:bc:72:61:8c:
5d:48:58:f7:05:39:c2:96:6d:bb:a9:8c:9f:14:3d:f3:18:f0:
c1:09:e7:34:f8:ad:fd:d7:36:f5:63:58:5c:da:f9:7d:2a:9b:
c2:e8:a4:9f:0f:82:cc:71:01:ba:1f:df:3c:7a:7f:fc:ec:17:
8a:e1:28:51:10:01:67:ef:68:0c:92:10:e5:fd:c2:00:6f:bc:
b7:52:31:ec:02:6f:dd:fb:36:c4:d5:38:a7:3e:d9:70:ca:24:
fc:d0:eb:2a:b0:5d:93:07:72:b8:6f:f4:7b:87:7c:1f:35:f3:
46:e5:6c:d8:24:f9:aa:35:9f:b3:ba:29:07:73:d9:91:98:f5:
cc:a7:fa:9a:b6:ab:6e:05:40:dd:f9:78:d7:0e:04:53:0c:cc:
23:de:1b:12
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAZY45xU07zrvqCwK2FNskC08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjUwNDE1MTAwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODVmMzY4ZDU1MTU2NWUyYTliYjIxNThiZmM3MGNlOTNiMGI0MDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYE7rfwyJUArRQSukcjSpE7pbU5W
Ep0feXatYHPjtvYUivsr0rLNJ5yI3qR6rCFA+A2wN7u8p/Rp1nKlEBGIWQTqsSED
weO/jwS2tYVHd+g53rBDb0OCcHr5Gj6Mbz1SBwR16MFxkOXTXVTmI5S/UvxcstDG
alPKZ1kZEYs0lD47Xo4k32oJdK1lphCcnTW04TCF1GPlqHzzph5py1G5gt4KlcZ3
QAZB+RrEUqC13AJC7pUhm6X4yXwTboHOmmGqTlUw+MZaF1RwIBjBu6fTqfoJYUWn
NSpmOXX//76Yudv/Ak4MbG7ZHr1UFmzNQ+Kk6nd4iKca4E9ta7uGcGB7zQIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFAhfNo1VFWXiqbshWL/HDOk7C0AtMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvQ0Y4MmpWVVZaZUtwdXlGWXY4Y002VHNMUUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wXgQCAAEwWDAMAwQDLVjI
AwQALVjKAwQAuQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADByOUDBADB
yO4DBADB870DBADCIGsDBADCbs8DBADDEEkDBADGjI0wDQQCAAIwBwMFAioDlOAw
DQYJKoZIhvcNAQELBQADggEBAJHszMmuOUOOg3VG0mHtmhICTCQQt8d3qcLvdBOw
hrSa3U8oM/ai/zhGMvaA2JCP2K7rtPp+tFSUHqgocm1smgrhbXpjEKzNLL8BwUl7
BoNaXHuYonQ8gBe6LY4y6PemK/P68QKtWbA0vHJhjF1IWPcFOcKWbbupjJ8UPfMY
8MEJ5zT4rf3XNvVjWFza+X0qm8LopJ8PgsxxAbof3zx6f/zsF4rhKFEQAWfvaAyS
EOX9wgBvvLdSMewCb937NsTVOKc+2XDKJPzQ6yqwXZMHcrhv9HuHfB8180blbNgk
+ao1n7O6KQdz2ZGY9cyn+pq2q24FQN35eNcOBFMMzCPeGxI=
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:06:25 2025 by rpki-client