Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/1dc5f4-ff5d-45d8-91cd-80532dd74d4d/1/DoDdOAUlW0tUPkZU1ktuElEn3oE.roa
File: DoDdOAUlW0tUPkZU1ktuElEn3oE.roa (raw, json)
Hash identifier: KlbVm+I0oV0L2Y/KM4GiRobC6enmDYLnzhNJQOXiNU0=
Subject key identifier: 0E:80:DD:38:05:25:5B:4B:54:3E:46:54:D6:4B:6E:12:51:27:DE:81
Certificate issuer: /CN=67c008dc0bf0ad2233f4e0d658a714a45b48a1c4
Certificate serial: 0194228D15A16D5647801ED13335A3E93998
Authority key identifier: 67:C0:08:DC:0B:F0:AD:22:33:F4:E0:D6:58:A7:14:A4:5B:48:A1:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z8AI3AvwrSIz9ODWWKcUpFtIocQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/1dc5f4-ff5d-45d8-91cd-80532dd74d4d/1/DoDdOAUlW0tUPkZU1ktuElEn3oE.roa
Signing time: Wed 01 Jan 2025 15:47:38 +0000
ROA not before: Wed 01 Jan 2025 15:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3311
IP address blocks: 185.106.244.0/24 maxlen: 24
185.106.245.0/24 maxlen: 24
185.106.246.0/24 maxlen: 24
185.106.247.0/24 maxlen: 24
185.118.120.0/24 maxlen: 24
185.118.121.0/24 maxlen: 24
185.118.122.0/24 maxlen: 24
185.118.123.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/1dc5f4-ff5d-45d8-91cd-80532dd74d4d/1/Z8AI3AvwrSIz9ODWWKcUpFtIocQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/1dc5f4-ff5d-45d8-91cd-80532dd74d4d/1/Z8AI3AvwrSIz9ODWWKcUpFtIocQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z8AI3AvwrSIz9ODWWKcUpFtIocQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 20 Apr 2025 05:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:15:a1:6d:56:47:80:1e:d1:33:35:a3:e9:39:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67c008dc0bf0ad2233f4e0d658a714a45b48a1c4
Validity
Not Before: Jan 1 15:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0e80dd3805255b4b543e4654d64b6e125127de81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:c1:18:b7:04:c9:4c:98:70:f8:dc:61:27:03:
25:92:bf:20:c6:65:f2:ca:df:44:58:09:05:22:d6:
fa:30:2e:b3:d3:a6:46:f2:ac:d0:08:19:a2:ee:0c:
fa:15:8b:8d:31:21:c9:e9:fa:bf:06:b1:8c:15:0f:
0b:43:2e:dd:5c:a1:13:78:97:8a:54:02:28:43:59:
3f:57:42:1d:ba:06:1a:f4:c8:7c:c6:c4:50:96:85:
7c:fe:86:3a:94:d2:e8:82:9a:f0:ac:d9:c4:77:2c:
c2:36:bd:fd:18:d1:95:f3:8b:49:a7:d1:4d:93:91:
ff:22:cf:f2:a1:00:7d:15:ab:04:6d:d4:59:58:9f:
11:7a:4b:f4:58:84:72:e5:05:1e:a9:4d:00:73:0c:
df:8e:7e:03:79:bf:38:21:97:a0:4f:86:97:5a:fd:
78:2d:62:bb:6e:cf:cf:e0:e0:ae:bc:2a:8a:62:a8:
97:a7:31:1a:8e:16:4f:b1:92:f1:dd:f9:43:ef:68:
b9:58:d3:0e:ed:10:cb:2c:f7:ce:95:85:17:2e:04:
72:44:71:1b:5c:6c:e1:86:8b:ca:cd:3c:a1:97:36:
a3:a0:88:da:9b:c9:16:96:19:59:4d:d7:86:13:11:
c3:9e:ff:a0:fd:be:1d:8c:68:59:01:bb:07:fe:32:
95:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:80:DD:38:05:25:5B:4B:54:3E:46:54:D6:4B:6E:12:51:27:DE:81
X509v3 Authority Key Identifier:
keyid:67:C0:08:DC:0B:F0:AD:22:33:F4:E0:D6:58:A7:14:A4:5B:48:A1:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8AI3AvwrSIz9ODWWKcUpFtIocQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/1dc5f4-ff5d-45d8-91cd-80532dd74d4d/1/DoDdOAUlW0tUPkZU1ktuElEn3oE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/1dc5f4-ff5d-45d8-91cd-80532dd74d4d/1/Z8AI3AvwrSIz9ODWWKcUpFtIocQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.106.244.0/22
185.118.120.0/22
Signature Algorithm: sha256WithRSAEncryption
32:b2:c0:7f:cb:51:d3:fe:89:6e:aa:99:be:20:1a:b0:22:82:
ae:d9:3f:85:fa:3d:47:aa:da:fe:c8:10:d0:66:34:1b:9f:96:
04:9a:4a:9d:89:d6:d5:bf:81:56:62:64:fd:32:36:8c:c6:f9:
7f:ac:7e:7a:0c:60:af:a9:fa:bf:13:8d:8c:6f:37:9b:4a:31:
e4:03:27:b6:85:2f:90:33:d0:9d:02:23:dd:dd:ad:53:a2:b8:
0a:b3:09:aa:69:98:34:4d:ee:cd:c0:00:84:e3:40:fa:12:17:
86:4b:ca:a0:61:3b:7c:97:be:3a:db:e7:5c:04:64:d8:45:26:
0f:2b:8b:23:bf:6f:8b:9e:5d:6a:44:bd:38:e1:eb:3f:e4:84:
e6:8a:a9:ce:dc:68:34:c8:23:2b:7a:e1:90:ab:70:05:58:db:
65:ad:85:e7:af:b2:fd:46:90:20:f0:c1:18:56:5a:a9:2e:ea:
96:0c:bc:36:fe:a0:0c:52:23:a8:c3:ac:83:27:16:12:14:e5:
5f:f2:e2:02:57:83:ea:ab:ea:59:fe:18:c8:73:15:0e:c8:69:
39:f1:f5:cc:66:b9:e1:0c:65:d1:53:ae:58:79:22:9c:53:5d:
bc:84:b9:82:0f:59:6e:53:bf:95:09:10:72:2a:07:8a:56:56:
e8:35:c4:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijRWhbVZHgB7RMzWj6TmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YzAwOGRjMGJmMGFkMjIzM2Y0ZTBkNjU4YTcxNGE0NWI0
OGExYzQwHhcNMjUwMTAxMTU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTgwZGQzODA1MjU1YjRiNTQzZTQ2NTRkNjRiNmUxMjUxMjdkZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MEYtwTJTJhw+NxhJwMlkr8gxmXy
yt9EWAkFItb6MC6z06ZG8qzQCBmi7gz6FYuNMSHJ6fq/BrGMFQ8LQy7dXKETeJeK
VAIoQ1k/V0IdugYa9Mh8xsRQloV8/oY6lNLogprwrNnEdyzCNr39GNGV84tJp9FN
k5H/Is/yoQB9FasEbdRZWJ8Rekv0WIRy5QUeqU0Acwzfjn4Deb84IZegT4aXWv14
LWK7bs/P4OCuvCqKYqiXpzEajhZPsZLx3flD72i5WNMO7RDLLPfOlYUXLgRyRHEb
XGzhhovKzTyhlzajoIjam8kWlhlZTdeGExHDnv+g/b4djGhZAbsH/jKVgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA6A3TgFJVtLVD5GVNZLbhJRJ96BMB8GA1UdIwQY
MBaAFGfACNwL8K0iM/Tg1linFKRbSKHEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhBSTNBdndyU0l6OU9EV1dLY1VwRnRJb2NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xZGM1ZjQtZmY1ZC00NWQ4LTkxY2Qt
ODA1MzJkZDc0ZDRkLzEvRG9EZE9BVWxXMHRVUGtaVTFrdHVFbEVuM29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xZGM1ZjQtZmY1ZC00NWQ4LTkxY2QtODA1MzJkZDc0ZDRk
LzEvWjhBSTNBdndyU0l6OU9EV1dLY1VwRnRJb2NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWr0AwQC
uXZ4MA0GCSqGSIb3DQEBCwUAA4IBAQAyssB/y1HT/oluqpm+IBqwIoKu2T+F+j1H
qtr+yBDQZjQbn5YEmkqdidbVv4FWYmT9MjaMxvl/rH56DGCvqfq/E42MbzebSjHk
Aye2hS+QM9CdAiPd3a1TorgKswmqaZg0Te7NwACE40D6EheGS8qgYTt8l7462+dc
BGTYRSYPK4sjv2+Lnl1qRL044es/5ITmiqnO3Gg0yCMreuGQq3AFWNtlrYXnr7L9
RpAg8MEYVlqpLuqWDLw2/qAMUiOow6yDJxYSFOVf8uICV4Pqq+pZ/hjIcxUOyGk5
8fXMZrnhDGXRU65YeSKcU128hLmCD1luU7+VCRByKgeKVlboNcTn
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:25:11 2025 by rpki-client