Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/uPEejKeFHwtXb-AtaoWRNmQjDGA.roa
File: uPEejKeFHwtXb-AtaoWRNmQjDGA.roa (raw, json)
Hash identifier: v3yjbG7P5ZTU4wRZpuwJQttHEpL//NSRVp6n0qXaPGc=
Subject key identifier: B8:F1:1E:8C:A7:85:1F:0B:57:6F:E0:2D:6A:85:91:36:64:23:0C:60
Certificate issuer: /CN=68ddbef7f1cdd8ad127160f20ea0a3f6b73fa4a2
Certificate serial: 01942144145ADFC88FB86873B77343174C60
Authority key identifier: 68:DD:BE:F7:F1:CD:D8:AD:12:71:60:F2:0E:A0:A3:F6:B7:3F:A4:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/uPEejKeFHwtXb-AtaoWRNmQjDGA.roa
Signing time: Wed 01 Jan 2025 09:48:17 +0000
ROA not before: Wed 01 Jan 2025 09:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200555
IP address blocks: 2.58.188.0/22 maxlen: 24
31.14.60.0/22 maxlen: 24
89.39.216.0/21 maxlen: 24
89.42.120.0/21 maxlen: 24
185.58.208.0/22 maxlen: 24
185.58.208.0/24 maxlen: 24
185.58.209.0/24 maxlen: 24
185.58.210.0/24 maxlen: 24
185.58.211.0/24 maxlen: 24
194.146.55.0/24 maxlen: 24
194.146.63.0/24 maxlen: 24
194.146.70.0/24 maxlen: 24
194.146.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/aN2-9_HN2K0ScWDyDqCj9rc_pKI.crl
rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/aN2-9_HN2K0ScWDyDqCj9rc_pKI.mft
rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:14:5a:df:c8:8f:b8:68:73:b7:73:43:17:4c:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68ddbef7f1cdd8ad127160f20ea0a3f6b73fa4a2
Validity
Not Before: Jan 1 09:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b8f11e8ca7851f0b576fe02d6a85913664230c60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:58:1e:1c:6b:64:69:ce:60:40:0e:f2:a2:24:
15:93:15:11:46:fd:f0:11:40:59:35:b6:54:05:c7:
e4:29:f0:f7:43:e3:84:b2:23:01:ae:7e:d8:36:a3:
c5:23:60:63:b2:a9:f1:34:f1:a8:56:22:6f:d3:70:
3d:e6:d8:f3:16:6e:6f:76:ba:51:39:ec:45:bd:ff:
12:ec:bc:39:c7:6e:5a:1d:e8:5b:b2:e5:87:58:33:
7a:9c:06:52:95:22:25:7f:ae:12:ee:10:a5:02:31:
7c:23:4e:dc:2e:13:6a:77:17:78:4f:0a:f8:9e:9f:
44:4c:2c:e1:e3:19:e0:d2:94:e5:15:5d:9b:11:f9:
4f:02:39:1b:2a:32:f3:6f:7e:81:e6:e0:9c:63:f4:
c8:72:14:9c:17:8d:93:1b:5f:c0:a4:c5:31:68:59:
18:0a:b0:2c:15:cc:c3:d3:1c:e2:b1:6d:a1:f8:0c:
04:42:c0:74:51:7a:96:46:e9:d9:ce:b7:df:27:42:
2b:ec:dd:e9:3c:a1:ca:18:69:e1:b6:86:8b:14:31:
1a:f2:b5:cd:36:b1:c8:4e:cf:fc:6f:71:22:f3:f7:
27:0d:5c:dc:e4:76:9e:b9:57:c2:3b:02:8a:0c:f1:
26:c5:ea:0d:75:8a:42:f9:a4:e2:ef:16:78:1b:de:
0e:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:F1:1E:8C:A7:85:1F:0B:57:6F:E0:2D:6A:85:91:36:64:23:0C:60
X509v3 Authority Key Identifier:
keyid:68:DD:BE:F7:F1:CD:D8:AD:12:71:60:F2:0E:A0:A3:F6:B7:3F:A4:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/uPEejKeFHwtXb-AtaoWRNmQjDGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/aN2-9_HN2K0ScWDyDqCj9rc_pKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.188.0/22
31.14.60.0/22
89.39.216.0/21
89.42.120.0/21
185.58.208.0/22
194.146.55.0/24
194.146.63.0/24
194.146.70.0/24
194.146.99.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:6a:1c:4b:f5:96:39:80:06:4e:b1:f8:72:9c:e0:63:91:16:
15:54:0b:2b:68:64:a2:57:c1:4a:5e:06:bf:2c:ca:3b:07:08:
31:e7:a8:6f:40:78:c7:0a:3f:bd:36:e6:2c:69:68:90:2e:10:
8f:c1:34:a0:00:ec:94:7c:91:c9:db:c2:e0:3f:5f:82:19:9c:
6b:be:20:8a:4b:49:9f:ba:03:eb:38:c0:ae:41:44:e3:47:53:
40:a6:b6:00:2b:41:f5:c4:ab:d7:6e:42:4d:ec:5e:45:47:48:
ab:d8:3b:26:10:72:be:68:1f:f2:da:63:b2:9d:57:a9:fe:c7:
4e:d4:30:4c:fb:72:97:40:00:f4:24:38:4b:59:1c:0c:57:37:
92:9d:08:3b:dd:09:10:ef:0d:ad:b8:19:78:ab:84:cc:a2:dc:
5d:6b:16:8b:37:4c:72:5a:7c:52:02:42:c0:33:9a:d7:e5:7a:
a6:88:27:7c:ad:5d:2e:ec:d8:b8:0a:94:40:44:67:83:1d:a9:
89:bf:8e:f1:f4:ad:c9:92:ae:25:15:0e:c2:84:ce:a5:69:20:
4c:44:f0:79:27:6e:53:36:ec:f4:99:24:9b:59:14:6f:7e:49:
99:aa:85:38:9e:15:ba:98:72:df:8e:77:2d:32:2a:4b:60:c4:
81:06:7a:00
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQhRBRa38iPuGhzt3NDF0xgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZGRiZWY3ZjFjZGQ4YWQxMjcxNjBmMjBlYTBhM2Y2Yjcz
ZmE0YTIwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGYxMWU4Y2E3ODUxZjBiNTc2ZmUwMmQ2YTg1OTEzNjY0MjMwYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplgeHGtkac5gQA7yoiQVkxURRv3w
EUBZNbZUBcfkKfD3Q+OEsiMBrn7YNqPFI2BjsqnxNPGoViJv03A95tjzFm5vdrpR
OexFvf8S7Lw5x25aHehbsuWHWDN6nAZSlSIlf64S7hClAjF8I07cLhNqdxd4Twr4
np9ETCzh4xng0pTlFV2bEflPAjkbKjLzb36B5uCcY/TIchScF42TG1/ApMUxaFkY
CrAsFczD0xzisW2h+AwEQsB0UXqWRunZzrffJ0Ir7N3pPKHKGGnhtoaLFDEa8rXN
NrHITs/8b3Ei8/cnDVzc5HaeuVfCOwKKDPEmxeoNdYpC+aTi7xZ4G94OMQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLjxHoynhR8LV2/gLWqFkTZkIwxgMB8GA1UdIwQY
MBaAFGjdvvfxzditEnFg8g6go/a3P6SiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU4yLTlfSE4ySzBTY1dEeURxQ2o5cmNfcEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mMDMzZjEtMmY1ZC00NmQxLTkxOTQt
NjNmMzAxODg5NDg2LzEvdVBFZWpLZUZId3RYYi1BdGFvV1JObVFqREdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mMDMzZjEtMmY1ZC00NmQxLTkxOTQtNjNmMzAxODg5NDg2
LzEvYU4yLTlfSE4ySzBTY1dEeURxQ2o5cmNfcEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCAjq8AwQC
Hw48AwQDWSfYAwQDWSp4AwQCuTrQAwQAwpI3AwQAwpI/AwQAwpJGAwQAwpJjMA0G
CSqGSIb3DQEBCwUAA4IBAQCMahxL9ZY5gAZOsfhynOBjkRYVVAsraGSiV8FKXga/
LMo7Bwgx56hvQHjHCj+9NuYsaWiQLhCPwTSgAOyUfJHJ28LgP1+CGZxrviCKS0mf
ugPrOMCuQUTjR1NAprYAK0H1xKvXbkJN7F5FR0ir2DsmEHK+aB/y2mOynVep/sdO
1DBM+3KXQAD0JDhLWRwMVzeSnQg73QkQ7w2tuBl4q4TMotxdaxaLN0xyWnxSAkLA
M5rX5XqmiCd8rV0u7Ni4CpRARGeDHamJv47x9K3Jkq4lFQ7ChM6laSBMRPB5J25T
Nuz0mSSbWRRvfkmZqoU4nhW6mHLfjnctMipLYMSBBnoA
-----END CERTIFICATE-----
Generated at Tue Apr 22 23:31:17 2025 by rpki-client