Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/jCf5g0MNk7dChvixSvofxX26UqQ.roa
File: jCf5g0MNk7dChvixSvofxX26UqQ.roa (raw, json)
Hash identifier: EtFQAu+QfH/I3yhnfzxyM188HrZPVxzTPSpuxFHhJDw=
Subject key identifier: 8C:27:F9:83:43:0D:93:B7:42:86:F8:B1:4A:FA:1F:C5:7D:BA:52:A4
Certificate issuer: /CN=066369e2705cb433db0658ab666d08b67b1551dc
Certificate serial: 01951453AC9D5C51283F289C6DF587B49D43
Authority key identifier: 06:63:69:E2:70:5C:B4:33:DB:06:58:AB:66:6D:08:B6:7B:15:51:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BmNp4nBctDPbBlirZm0ItnsVUdw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/jCf5g0MNk7dChvixSvofxX26UqQ.roa
Signing time: Mon 17 Feb 2025 14:33:02 +0000
ROA not before: Mon 17 Feb 2025 14:33:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3301
IP address blocks: 5.179.112.0/21 maxlen: 24
31.216.32.0/21 maxlen: 24
81.91.0.0/20 maxlen: 24
176.57.88.0/22 maxlen: 24
185.21.144.0/22 maxlen: 24
185.27.240.0/22 maxlen: 24
193.108.0.0/21 maxlen: 24
213.180.64.0/19 maxlen: 24
2a00:5860::/32 maxlen: 48
2a03:2f80::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/BmNp4nBctDPbBlirZm0ItnsVUdw.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/BmNp4nBctDPbBlirZm0ItnsVUdw.mft
rsync://rpki.ripe.net/repository/DEFAULT/BmNp4nBctDPbBlirZm0ItnsVUdw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 17:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:14:53:ac:9d:5c:51:28:3f:28:9c:6d:f5:87:b4:9d:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=066369e2705cb433db0658ab666d08b67b1551dc
Validity
Not Before: Feb 17 14:33:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8c27f983430d93b74286f8b14afa1fc57dba52a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:85:9d:d4:1c:b9:a3:61:62:f3:a1:83:04:b9:
74:24:97:00:67:ce:36:4d:bb:5c:b3:e4:3e:91:04:
9f:db:46:85:25:f8:20:10:2b:2a:79:2a:e9:e0:96:
4b:a8:fd:87:05:73:37:21:be:98:74:35:9d:e2:e8:
38:39:50:0d:aa:46:9f:b9:cc:06:2f:0a:c3:25:85:
1a:00:4c:f0:76:b7:a6:99:7f:0b:58:a5:ef:24:be:
f5:88:fb:7b:0e:ce:f3:56:e1:ec:93:90:df:db:a3:
ec:07:ca:a9:3f:89:bd:4e:87:82:e4:2f:0f:f4:fe:
52:2b:5b:f7:ae:11:9b:47:e4:0c:47:3e:43:33:f6:
b0:41:71:ac:48:ee:b9:ad:74:ac:d5:36:46:17:b7:
92:c7:ae:01:76:6e:c2:e3:4d:4b:b6:11:30:28:86:
1c:3c:79:18:da:c5:c9:80:71:76:c1:99:6f:6a:a3:
67:88:7c:04:23:2a:11:fc:d8:7d:3a:8a:8b:fa:bf:
7b:4b:30:76:e3:5f:0d:49:a1:43:cf:1c:fe:f9:20:
ba:06:99:c4:7e:c6:6e:a0:08:5f:07:67:8b:02:60:
b2:1e:cc:a2:65:f7:b3:5e:ae:20:3c:a3:71:2c:3f:
b1:75:a0:5a:6b:81:8f:6c:74:12:fa:b9:36:fe:f4:
d3:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:27:F9:83:43:0D:93:B7:42:86:F8:B1:4A:FA:1F:C5:7D:BA:52:A4
X509v3 Authority Key Identifier:
keyid:06:63:69:E2:70:5C:B4:33:DB:06:58:AB:66:6D:08:B6:7B:15:51:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BmNp4nBctDPbBlirZm0ItnsVUdw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/jCf5g0MNk7dChvixSvofxX26UqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/BmNp4nBctDPbBlirZm0ItnsVUdw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.179.112.0/21
31.216.32.0/21
81.91.0.0/20
176.57.88.0/22
185.21.144.0/22
185.27.240.0/22
193.108.0.0/21
213.180.64.0/19
IPv6:
2a00:5860::/32
2a03:2f80::/32
Signature Algorithm: sha256WithRSAEncryption
1f:76:14:16:75:87:c4:5e:d2:1a:b0:1c:b1:84:db:82:1f:d0:
0d:e6:5b:8b:37:a5:82:24:b5:c7:9d:47:15:07:7f:cd:34:07:
8d:7e:e3:16:0a:a3:7b:e8:9f:43:5c:ab:38:eb:3e:fe:43:8b:
c6:da:e9:ca:95:f8:b2:f7:2e:55:54:c5:6b:6d:f6:5c:39:22:
a7:d1:67:13:b7:2a:4f:02:83:80:52:96:94:84:74:18:7a:64:
6c:13:33:82:bb:67:ff:a9:58:97:3d:f8:c7:96:5b:a5:0d:bb:
e6:07:34:2e:fa:f7:d2:b3:4c:24:9f:6b:36:7d:ad:98:f0:c1:
f6:8d:ce:0d:c3:27:92:10:8a:47:5f:5c:a5:be:98:bb:23:71:
d0:4b:5c:bc:d8:98:45:96:7d:0c:b8:09:43:fa:2d:4b:6c:49:
75:95:55:f7:5f:da:7a:c7:bd:ae:94:97:46:31:ba:52:0a:f5:
c5:79:5d:56:ee:60:80:ad:91:86:e1:71:de:69:ab:6a:b9:e3:
a3:9e:3a:a7:cf:1d:97:4e:29:6e:3f:ed:b7:dc:eb:56:3e:92:
da:31:a2:1a:c6:bc:fc:9a:a7:07:58:08:5d:2a:83:53:2e:16:
d6:7b:9e:bf:81:b9:d4:13:ae:3c:f0:5f:70:b3:b2:c0:d1:f7:
5f:72:3b:fa
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZUUU6ydXFEoPyicbfWHtJ1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NjM2OWUyNzA1Y2I0MzNkYjA2NThhYjY2NmQwOGI2N2Ix
NTUxZGMwHhcNMjUwMjE3MTQzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzI3Zjk4MzQzMGQ5M2I3NDI4NmY4YjE0YWZhMWZjNTdkYmE1MmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YWd1By5o2Fi86GDBLl0JJcAZ842
Tbtcs+Q+kQSf20aFJfggECsqeSrp4JZLqP2HBXM3Ib6YdDWd4ug4OVANqkafucwG
LwrDJYUaAEzwdremmX8LWKXvJL71iPt7Ds7zVuHsk5Df26PsB8qpP4m9ToeC5C8P
9P5SK1v3rhGbR+QMRz5DM/awQXGsSO65rXSs1TZGF7eSx64Bdm7C401LthEwKIYc
PHkY2sXJgHF2wZlvaqNniHwEIyoR/Nh9OoqL+r97SzB2418NSaFDzxz++SC6BpnE
fsZuoAhfB2eLAmCyHsyiZfezXq4gPKNxLD+xdaBaa4GPbHQS+rk2/vTTlwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIwn+YNDDZO3Qob4sUr6H8V9ulKkMB8GA1UdIwQY
MBaAFAZjaeJwXLQz2wZYq2ZtCLZ7FVHcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm1OcDRuQmN0RFBiQmxpclptMEl0bnNWVWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC82NGU0OWEtNWZlMS00NWMyLTgzMTAt
MzRhOWU5OGE1Zjg2LzEvakNmNWcwTU5rN2RDaHZpeFN2b2Z4WDI2VXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC82NGU0OWEtNWZlMS00NWMyLTgzMTAtMzRhOWU5OGE1Zjg2
LzEvQm1OcDRuQmN0RFBiQmxpclptMEl0bnNWVWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDBbNwAwQD
H9ggAwQEUVsAAwQCsDlYAwQCuRWQAwQCuRvwAwQDwWwAAwQF1bRAMBQEAgACMA4D
BQAqAFhgAwUAKgMvgDANBgkqhkiG9w0BAQsFAAOCAQEAH3YUFnWHxF7SGrAcsYTb
gh/QDeZbizelgiS1x51HFQd/zTQHjX7jFgqje+ifQ1yrOOs+/kOLxtrpypX4svcu
VVTFa232XDkip9FnE7cqTwKDgFKWlIR0GHpkbBMzgrtn/6lYlz34x5ZbpQ275gc0
Lvr30rNMJJ9rNn2tmPDB9o3ODcMnkhCKR19cpb6YuyNx0EtcvNiYRZZ9DLgJQ/ot
S2xJdZVV91/aese9rpSXRjG6Ugr1xXldVu5ggK2RhuFx3mmrarnjo546p88dl04p
bj/tt9zrVj6S2jGiGsa8/JqnB1gIXSqDUy4W1nuev4G51BOuPPBfcLOywNH3X3I7
+g==
-----END CERTIFICATE-----
Generated at Mon Apr 14 03:39:29 2025 by rpki-client