Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f_DGk8i9BYKFU9t9wiE1TR160pc.roa
File: f_DGk8i9BYKFU9t9wiE1TR160pc.roa (raw, json)
Hash identifier: l0OFjDr4BW779fv9lqKS/C84kG+Ut5NK5MlrP7X9WGA=
Subject key identifier: 7F:F0:C6:93:C8:BD:05:82:85:53:DB:7D:C2:21:35:4D:1D:7A:D2:97
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0195FC004190FBB31D8109B1AD1A47541C30
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f_DGk8i9BYKFU9t9wiE1TR160pc.roa
Signing time: Thu 03 Apr 2025 14:13:50 +0000
ROA not before: Thu 03 Apr 2025 14:13:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 82.152.57.0/24 maxlen: 24
82.152.58.0/24 maxlen: 24
82.152.73.0/24 maxlen: 24
82.152.75.0/24 maxlen: 24
82.152.76.0/23 maxlen: 24
82.152.79.0/24 maxlen: 24
82.152.86.0/23 maxlen: 24
82.152.88.0/24 maxlen: 24
82.152.109.0/24 maxlen: 24
82.152.226.0/24 maxlen: 24
82.152.240.0/24 maxlen: 24
82.152.243.0/24 maxlen: 24
82.153.38.0/24 maxlen: 24
82.153.56.0/24 maxlen: 24
82.153.61.0/24 maxlen: 24
82.153.83.0/24 maxlen: 24
82.153.84.0/24 maxlen: 24
82.153.152.0/24 maxlen: 24
82.153.186.0/24 maxlen: 24
82.153.201.0/24 maxlen: 24
82.153.239.0/24 maxlen: 24
89.213.43.0/24 maxlen: 24
89.213.54.0/24 maxlen: 24
89.213.98.0/24 maxlen: 24
89.213.161.0/24 maxlen: 24
89.213.232.0/23 maxlen: 24
89.213.234.0/23 maxlen: 24
89.213.236.0/23 maxlen: 24
109.176.27.0/24 maxlen: 24
109.176.32.0/21 maxlen: 24
109.176.40.0/21 maxlen: 24
109.176.48.0/21 maxlen: 24
109.176.56.0/21 maxlen: 24
109.176.201.0/24 maxlen: 24
109.176.235.0/24 maxlen: 24
213.130.130.0/24 maxlen: 24
213.130.149.0/24 maxlen: 24
213.210.41.0/24 maxlen: 24
213.218.214.0/24 maxlen: 24
213.218.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 23:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:fc:00:41:90:fb:b3:1d:81:09:b1:ad:1a:47:54:1c:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 3 14:13:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7ff0c693c8bd05828553db7dc221354d1d7ad297
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:61:f1:b0:e5:a4:9a:08:09:b3:1d:75:73:5e:
64:45:c3:59:2a:9e:68:15:b5:c8:55:20:c3:51:4a:
6d:89:81:71:8b:93:02:3e:d5:86:c7:68:2c:32:ad:
ce:42:c1:c6:c6:ee:26:fe:3e:cb:17:0a:6c:30:52:
e7:d3:91:41:89:c2:55:6e:20:5a:65:93:b6:a8:7d:
cf:24:6e:56:09:2a:00:d3:6c:4e:00:28:a7:aa:1c:
bd:51:1c:b6:4c:ac:89:7f:2c:16:5a:db:65:fd:04:
98:25:57:64:75:42:2e:d6:0b:84:ab:81:04:f0:fc:
b4:25:9b:0e:1c:1c:d8:9d:68:92:e9:65:a1:15:64:
b5:10:06:81:c2:21:58:20:3b:fd:9d:f2:c6:ad:38:
e6:ca:40:5d:51:ba:97:f5:e5:1e:91:38:63:5e:e5:
8f:e6:4f:8c:3f:25:14:e7:a1:41:9b:78:75:d5:dd:
cb:47:56:de:8a:d0:49:4c:e8:e5:69:15:a8:9b:e8:
cb:4e:85:3b:0d:2b:0a:9e:01:b0:6b:2d:c3:6d:5d:
0d:b8:7e:a6:29:01:42:0e:aa:cd:04:52:f0:fd:ef:
70:c5:07:99:d7:f9:f7:48:15:4d:a7:49:4f:8f:8f:
19:56:e3:ef:92:1c:91:ff:e4:c7:10:d4:11:28:3f:
5c:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:F0:C6:93:C8:BD:05:82:85:53:DB:7D:C2:21:35:4D:1D:7A:D2:97
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f_DGk8i9BYKFU9t9wiE1TR160pc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.57.0-82.152.58.255
82.152.73.0/24
82.152.75.0-82.152.77.255
82.152.79.0/24
82.152.86.0-82.152.88.255
82.152.109.0/24
82.152.226.0/24
82.152.240.0/24
82.152.243.0/24
82.153.38.0/24
82.153.56.0/24
82.153.61.0/24
82.153.83.0-82.153.84.255
82.153.152.0/24
82.153.186.0/24
82.153.201.0/24
82.153.239.0/24
89.213.43.0/24
89.213.54.0/24
89.213.98.0/24
89.213.161.0/24
89.213.232.0-89.213.237.255
109.176.27.0/24
109.176.32.0/19
109.176.201.0/24
109.176.235.0/24
213.130.130.0/24
213.130.149.0/24
213.210.41.0/24
213.218.214.0/24
213.218.231.0/24
Signature Algorithm: sha256WithRSAEncryption
a7:aa:73:26:cf:70:d0:c7:9b:62:67:4b:e2:24:07:53:2d:14:
d3:84:b9:2d:67:39:a4:5e:cf:cf:c8:2a:52:63:e3:51:b7:15:
c8:4d:64:c2:e8:95:6a:ee:15:ea:4b:6a:4f:48:6b:ac:90:88:
39:1d:af:9c:d0:57:14:f1:0e:7d:42:c7:49:29:23:38:68:93:
7c:d0:06:aa:ab:38:d0:5e:52:f0:bc:4a:ee:65:f0:d1:5b:b7:
7e:1c:dc:01:36:3c:d6:f8:0c:b6:d1:96:f7:41:fe:90:e5:e0:
1f:8e:6b:83:04:4d:66:9a:19:a9:4e:eb:e4:64:6c:2e:36:9e:
3a:a7:fa:09:47:81:a3:3a:5a:e6:b4:53:41:82:8b:eb:5a:bb:
f3:27:d3:fe:36:d3:80:95:3d:49:ee:68:55:af:d1:05:10:b1:
03:b0:58:8e:9f:e4:d4:3a:a9:7a:96:81:d2:ec:16:d7:63:78:
69:f1:98:e2:1e:e6:2f:6f:bd:f5:b7:0c:7c:f2:1b:d3:53:06:
9a:2f:6c:b2:07:02:3c:81:62:11:e3:7f:ef:f8:eb:5b:01:c6:
05:5d:f0:09:53:f8:2e:e7:2a:2a:d3:3f:48:10:45:96:cc:c7:
6a:68:fa:7f:f8:63:2a:20:f1:bd:ed:69:3e:08:cd:87:17:81:
38:b4:58:22
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAZX8AEGQ+7MdgQmxrRpHVBwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDAzMTQxMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmYwYzY5M2M4YmQwNTgyODU1M2RiN2RjMjIxMzU0ZDFkN2FkMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmHxsOWkmggJsx11c15kRcNZKp5o
FbXIVSDDUUptiYFxi5MCPtWGx2gsMq3OQsHGxu4m/j7LFwpsMFLn05FBicJVbiBa
ZZO2qH3PJG5WCSoA02xOACinqhy9URy2TKyJfywWWttl/QSYJVdkdUIu1guEq4EE
8Py0JZsOHBzYnWiS6WWhFWS1EAaBwiFYIDv9nfLGrTjmykBdUbqX9eUekThjXuWP
5k+MPyUU56FBm3h11d3LR1beitBJTOjlaRWom+jLToU7DSsKngGway3DbV0NuH6m
KQFCDqrNBFLw/e9wxQeZ1/n3SBVNp0lPj48ZVuPvkhyR/+THENQRKD9cMwIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFH/wxpPIvQWChVPbfcIhNU0detKXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZl9ER2s4aTlCWUtGVTl0OXdpRTFUUjE2MHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIwDAME
AFKYOQMEAFKYOgMEAFKYSTAMAwQAUphLAwQBUphMAwQAUphPMAwDBAFSmFYDBABS
mFgDBABSmG0DBABSmOIDBABSmPADBABSmPMDBABSmSYDBABSmTgDBABSmT0wDAME
AFKZUwMEAFKZVAMEAFKZmAMEAFKZugMEAFKZyQMEAFKZ7wMEAFnVKwMEAFnVNgME
AFnVYgMEAFnVoTAMAwQDWdXoAwQBWdXsAwQAbbAbAwQFbbAgAwQAbbDJAwQAbbDr
AwQA1YKCAwQA1YKVAwQA1dIpAwQA1drWAwQA1drnMA0GCSqGSIb3DQEBCwUAA4IB
AQCnqnMmz3DQx5tiZ0viJAdTLRTThLktZzmkXs/PyCpSY+NRtxXITWTC6JVq7hXq
S2pPSGuskIg5Ha+c0FcU8Q59QsdJKSM4aJN80AaqqzjQXlLwvEruZfDRW7d+HNwB
NjzW+Ay20Zb3Qf6Q5eAfjmuDBE1mmhmpTuvkZGwuNp46p/oJR4GjOlrmtFNBgovr
WrvzJ9P+NtOAlT1J7mhVr9EFELEDsFiOn+TUOql6loHS7BbXY3hp8ZjiHuYvb731
twx88hvTUwaaL2yyBwI8gWIR43/v+OtbAcYFXfAJU/gu5yoq0z9IEEWWzMdqaPp/
+GMqIPG97Wk+CM2HF4E4tFgi
-----END CERTIFICATE-----
Generated at Mon Apr 7 08:41:33 2025 by rpki-client