Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/FNrF4gJ9GeSqn1QNR00c9Q4ygYg.roa
File: FNrF4gJ9GeSqn1QNR00c9Q4ygYg.roa (raw, json)
Hash identifier: 2ncm1gP0ao8l2RvVLkDskRllvyDwCE2AZXVvFGp+UKA=
Subject key identifier: 14:DA:C5:E2:02:7D:19:E4:AA:9F:54:0D:47:4D:1C:F5:0E:32:81:88
Certificate issuer: /CN=f543ea52871489d86aa9ca5ca0c297c88ab82ab6
Certificate serial: 019427B627C0478B17736CBE8A2E8B0AD277
Authority key identifier: F5:43:EA:52:87:14:89:D8:6A:A9:CA:5C:A0:C2:97:C8:8A:B8:2A:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/FNrF4gJ9GeSqn1QNR00c9Q4ygYg.roa
Signing time: Thu 02 Jan 2025 15:50:36 +0000
ROA not before: Thu 02 Jan 2025 15:50:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31724
IP address blocks: 31.170.168.0/21 maxlen: 21
89.207.64.0/21 maxlen: 21
92.246.152.0/22 maxlen: 22
94.198.232.0/21 maxlen: 21
176.221.0.0/21 maxlen: 21
178.22.192.0/21 maxlen: 21
185.8.200.0/22 maxlen: 22
185.64.208.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.mft
rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 12:00:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:27:c0:47:8b:17:73:6c:be:8a:2e:8b:0a:d2:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f543ea52871489d86aa9ca5ca0c297c88ab82ab6
Validity
Not Before: Jan 2 15:50:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=14dac5e2027d19e4aa9f540d474d1cf50e328188
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:7b:16:1c:a2:14:c4:16:c1:1d:ed:30:36:29:
47:ec:c1:8c:78:a9:48:50:ca:2c:94:84:0a:f3:21:
bd:52:fb:ae:2d:33:ab:c7:b7:75:0b:a2:92:47:c9:
f9:5b:b8:4f:f0:b0:22:54:2e:9f:2a:71:42:cb:fc:
cd:d3:ba:66:6e:5e:51:a2:5f:88:f6:0c:86:f7:eb:
e1:49:cd:d4:c7:ff:03:bc:f3:ad:de:ea:48:c7:ef:
e5:87:17:d6:bd:98:25:37:dc:f5:f9:cd:db:05:7c:
6c:e9:f2:0c:3c:b6:46:ad:67:1d:ba:dd:02:7f:59:
22:44:30:b0:4e:24:23:50:58:05:0b:57:0a:f7:b3:
73:bb:ab:da:70:c9:a0:70:27:b5:12:2a:e8:df:02:
3e:81:3a:2c:5b:44:ac:c1:bb:9e:26:80:9a:36:8a:
16:10:6f:cb:25:4e:63:ca:16:f3:c4:8a:f7:ba:f6:
6b:b5:ac:92:63:3e:aa:41:5b:fd:73:8d:5a:c2:f5:
b6:20:ef:9d:55:c8:56:6e:0e:e0:80:a2:21:2b:27:
32:3f:99:4b:1b:82:24:1e:0a:5c:70:fe:dc:2f:74:
2d:59:18:77:18:5a:e1:19:c7:38:c0:65:1e:03:c0:
86:eb:e9:82:69:8d:d9:70:69:ea:5c:03:d9:e2:bc:
b2:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:DA:C5:E2:02:7D:19:E4:AA:9F:54:0D:47:4D:1C:F5:0E:32:81:88
X509v3 Authority Key Identifier:
keyid:F5:43:EA:52:87:14:89:D8:6A:A9:CA:5C:A0:C2:97:C8:8A:B8:2A:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/FNrF4gJ9GeSqn1QNR00c9Q4ygYg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.168.0/21
89.207.64.0/21
92.246.152.0/22
94.198.232.0/21
176.221.0.0/21
178.22.192.0/21
185.8.200.0/22
185.64.208.0/22
Signature Algorithm: sha256WithRSAEncryption
33:ab:dd:12:a2:a2:0f:a8:3a:01:37:7f:00:10:6e:93:7d:95:
53:e9:79:36:a7:e0:83:73:1d:54:6e:73:12:b8:ff:b3:77:44:
cf:1a:3f:e4:06:b3:fc:f0:ae:c4:bd:83:82:78:88:84:42:9a:
ff:23:9a:28:64:7c:3f:bc:e6:1e:dc:e1:16:d6:04:a9:e5:f2:
2a:dd:72:fa:80:9d:86:94:c5:ed:8b:10:0a:8e:42:12:1e:37:
92:5d:c3:66:9a:8f:77:66:d8:41:53:70:66:9c:92:ff:aa:17:
1d:bd:d4:8b:82:1b:69:44:0f:1c:4a:7d:51:e0:69:1c:a0:7a:
d1:20:d4:6a:02:df:87:e9:11:b5:6a:3d:d1:07:85:16:2e:e3:
3b:5b:fa:e6:6f:01:41:2b:51:4d:da:93:0f:33:ab:a9:33:24:
2c:bb:d2:f5:db:b3:07:eb:57:06:df:52:2a:ca:75:2d:8f:b7:
c0:39:db:89:04:91:b0:d4:38:71:73:64:f1:2a:1c:9f:a7:03:
42:77:60:e6:02:4c:e7:c0:e4:3f:8e:17:4e:b6:bd:2a:58:e4:
e0:de:28:94:09:42:58:6f:24:22:27:8e:a4:29:95:38:6f:e9:
80:29:34:55:2d:66:01:ed:b3:3a:9e:53:fb:1f:d8:a1:69:8b:
6e:51:54:1b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQntifAR4sXc2y+ii6LCtJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NDNlYTUyODcxNDg5ZDg2YWE5Y2E1Y2EwYzI5N2M4OGFi
ODJhYjYwHhcNMjUwMTAyMTU1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRhYzVlMjAyN2QxOWU0YWE5ZjU0MGQ0NzRkMWNmNTBlMzI4MTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXsWHKIUxBbBHe0wNilH7MGMeKlI
UMoslIQK8yG9UvuuLTOrx7d1C6KSR8n5W7hP8LAiVC6fKnFCy/zN07pmbl5Rol+I
9gyG9+vhSc3Ux/8DvPOt3upIx+/lhxfWvZglN9z1+c3bBXxs6fIMPLZGrWcdut0C
f1kiRDCwTiQjUFgFC1cK97Nzu6vacMmgcCe1Eiro3wI+gTosW0SswbueJoCaNooW
EG/LJU5jyhbzxIr3uvZrtaySYz6qQVv9c41awvW2IO+dVchWbg7ggKIhKycyP5lL
G4IkHgpccP7cL3QtWRh3GFrhGcc4wGUeA8CG6+mCaY3ZcGnqXAPZ4ryykQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBTaxeICfRnkqp9UDUdNHPUOMoGIMB8GA1UdIwQY
MBaAFPVD6lKHFInYaqnKXKDCl8iKuCq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVVQcVVvY1VpZGhxcWNwY29NS1h5SXE0S3JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8xNmM0YjUtNmRkYS00YTM4LTg0OGYt
ZGZiYmVkYTIxNTk0LzEvRk5yRjRnSjlHZVNxbjFRTlIwMGM5UTR5Z1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8xNmM0YjUtNmRkYS00YTM4LTg0OGYtZGZiYmVkYTIxNTk0
LzEvOVVQcVVvY1VpZGhxcWNwY29NS1h5SXE0S3JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDH6qoAwQD
Wc9AAwQCXPaYAwQDXsboAwQDsN0AAwQDshbAAwQCuQjIAwQCuUDQMA0GCSqGSIb3
DQEBCwUAA4IBAQAzq90SoqIPqDoBN38AEG6TfZVT6Xk2p+CDcx1UbnMSuP+zd0TP
Gj/kBrP88K7EvYOCeIiEQpr/I5ooZHw/vOYe3OEW1gSp5fIq3XL6gJ2GlMXtixAK
jkISHjeSXcNmmo93ZthBU3BmnJL/qhcdvdSLghtpRA8cSn1R4GkcoHrRINRqAt+H
6RG1aj3RB4UWLuM7W/rmbwFBK1FN2pMPM6upMyQsu9L127MH61cG31IqynUtj7fA
OduJBJGw1Dhxc2TxKhyfpwNCd2DmAkznwOQ/jhdOtr0qWOTg3iiUCUJYbyQiJ46k
KZU4b+mAKTRVLWYB7bM6nlP7H9ihaYtuUVQb
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:49:21 2025 by rpki-client