Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/zTq6cqLbZBiRPZ7jFpyiF-kS2nU.roa
File: zTq6cqLbZBiRPZ7jFpyiF-kS2nU.roa (raw, json)
Hash identifier: 58LUL/KkVIlVDMCj1/N1vyBYpPzDWYfUKAfSIQ9KHh4=
Subject key identifier: CD:3A:BA:72:A2:DB:64:18:91:3D:9E:E3:16:9C:A2:17:E9:12:DA:75
Certificate issuer: /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial: 0195321C2F2FBB2EE00EAD2E08F1CEB9073E
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/zTq6cqLbZBiRPZ7jFpyiF-kS2nU.roa
Signing time: Sun 23 Feb 2025 09:21:02 +0000
ROA not before: Sun 23 Feb 2025 09:21:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40676
IP address blocks: 31.220.14.0/24 maxlen: 24
45.12.52.0/23 maxlen: 23
45.12.91.0/24 maxlen: 24
185.238.249.0/24 maxlen: 24
185.238.251.0/24 maxlen: 24
193.9.45.0/24 maxlen: 24
2a14:640:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 03:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:32:1c:2f:2f:bb:2e:e0:0e:ad:2e:08:f1:ce:b9:07:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Validity
Not Before: Feb 23 09:21:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cd3aba72a2db6418913d9ee3169ca217e912da75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:b9:be:14:17:1c:5a:16:62:b7:7e:da:05:78:
28:e3:ab:e4:30:d5:8c:cc:6f:c2:51:9d:69:71:98:
c2:95:d0:f0:d4:b8:60:fa:31:1d:c5:62:36:de:9a:
cc:0e:fc:cc:42:50:d7:d6:32:52:b2:b1:7f:6d:22:
45:55:ba:03:58:64:63:40:9d:24:09:28:f5:c8:b7:
b1:74:ef:d3:c3:e2:f3:45:86:9c:ad:c4:be:4c:af:
f2:1a:c7:ee:6c:71:ae:8f:31:55:0c:bb:6d:a0:fe:
1c:eb:a6:89:37:61:43:2d:cb:73:87:3e:bd:8e:ee:
24:64:8a:b4:3f:46:ae:8f:04:77:c1:c7:fb:cc:f4:
8d:8f:a7:e6:6b:33:2a:0a:e2:ba:77:0c:a3:70:67:
4b:36:28:b0:59:79:74:af:a0:55:34:a1:61:99:c0:
96:9b:64:ab:96:c1:5d:63:28:d8:1d:c0:17:89:23:
28:2c:0e:b5:01:a2:ff:a7:69:77:24:14:98:f7:ec:
8d:e5:69:e3:cf:b0:78:7d:55:dc:70:29:bd:a5:b4:
6f:a2:59:9c:f2:49:7a:3d:60:44:2d:67:6a:68:a9:
95:d8:af:1d:44:8a:c7:27:7d:2f:d8:08:0d:15:32:
0a:76:1e:50:61:60:ec:f7:89:b0:d8:00:8b:df:a2:
1f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:3A:BA:72:A2:DB:64:18:91:3D:9E:E3:16:9C:A2:17:E9:12:DA:75
X509v3 Authority Key Identifier:
keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/zTq6cqLbZBiRPZ7jFpyiF-kS2nU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.14.0/24
45.12.52.0/23
45.12.91.0/24
185.238.249.0/24
185.238.251.0/24
193.9.45.0/24
IPv6:
2a14:640:2::/48
Signature Algorithm: sha256WithRSAEncryption
35:01:f8:db:67:0a:54:49:b2:5e:2b:8f:4d:85:83:fb:4e:52:
bf:e3:8e:ed:ec:a1:98:58:cd:9c:30:b2:d1:cc:96:2c:8e:af:
64:7a:30:8b:62:b6:27:4f:46:c5:dc:03:3f:0c:42:3e:b0:14:
e0:35:60:ba:95:55:6b:60:5c:df:26:4b:f1:26:11:f9:c6:65:
e3:77:8c:12:2c:8c:62:d5:99:d7:a4:c5:87:62:9c:a0:1c:5f:
b6:36:fd:7f:f8:67:50:db:9c:9f:c1:e7:54:46:d0:4b:a6:58:
0a:e1:34:e8:e0:86:63:3d:d6:e5:02:0e:36:45:4c:bf:e7:80:
45:29:66:5d:13:51:41:e1:e9:85:59:cc:4a:4b:ea:fc:07:c6:
44:2f:6c:63:f3:37:58:68:a5:fa:8d:eb:87:ca:80:83:d3:80:
40:38:1c:94:6c:34:7d:27:0a:6c:e0:65:d2:d9:03:6f:85:eb:
32:13:62:fe:86:08:4b:1e:c9:b0:32:60:08:2d:52:aa:d6:d4:
36:0c:38:6f:0a:d5:3d:02:ef:ee:ff:f6:cd:98:18:26:70:6d:
40:55:28:83:2a:a6:4d:1e:a1:a1:c2:50:1f:d0:f8:bb:0f:7f:
3e:41:55:26:7e:6c:6d:5c:16:39:e8:b6:ac:06:ae:b5:4d:d8:
bc:9b:df:7a
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZUyHC8vuy7gDq0uCPHOuQc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwMjIzMDkyMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDNhYmE3MmEyZGI2NDE4OTEzZDllZTMxNjljYTIxN2U5MTJkYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLm+FBccWhZit37aBXgo46vkMNWM
zG/CUZ1pcZjCldDw1Lhg+jEdxWI23prMDvzMQlDX1jJSsrF/bSJFVboDWGRjQJ0k
CSj1yLexdO/Tw+LzRYacrcS+TK/yGsfubHGujzFVDLttoP4c66aJN2FDLctzhz69
ju4kZIq0P0aujwR3wcf7zPSNj6fmazMqCuK6dwyjcGdLNiiwWXl0r6BVNKFhmcCW
m2SrlsFdYyjYHcAXiSMoLA61AaL/p2l3JBSY9+yN5Wnjz7B4fVXccCm9pbRvolmc
8kl6PWBELWdqaKmV2K8dRIrHJ30v2AgNFTIKdh5QYWDs94mw2ACL36IfOQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFM06unKi22QYkT2e4xacohfpEtp1MB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvelRxNmNxTGJaQmlSUFo3akZweWlGLWtTMm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQAH9wOAwQB
LQw0AwQALQxbAwQAue75AwQAue77AwQAwQktMA8EAgACMAkDBwAqFAZAAAIwDQYJ
KoZIhvcNAQELBQADggEBADUB+NtnClRJsl4rj02Fg/tOUr/jju3soZhYzZwwstHM
liyOr2R6MItitidPRsXcAz8MQj6wFOA1YLqVVWtgXN8mS/EmEfnGZeN3jBIsjGLV
mdekxYdinKAcX7Y2/X/4Z1DbnJ/B51RG0EumWArhNOjghmM91uUCDjZFTL/ngEUp
Zl0TUUHh6YVZzEpL6vwHxkQvbGPzN1hopfqN64fKgIPTgEA4HJRsNH0nCmzgZdLZ
A2+F6zITYv6GCEseybAyYAgtUqrW1DYMOG8K1T0C7+7/9s2YGCZwbUBVKIMqpk0e
oaHCUB/Q+LsPfz5BVSZ+bG1cFjnotqwGrrVN2Lyb33o=
-----END CERTIFICATE-----
Generated at Sun Apr 13 11:20:31 2025 by rpki-client