Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/32WtKH3EfM7-S6v7tTmyQcU-a9s.roa
File: 32WtKH3EfM7-S6v7tTmyQcU-a9s.roa (raw, json)
Hash identifier: Fn/80HetfWjEwrwQy2saw9cqkA9VjrY/6O3eDGyjCbw=
Subject key identifier: DF:65:AD:28:7D:C4:7C:CE:FE:4B:AB:FB:B5:39:B2:41:C5:3E:6B:DB
Certificate issuer: /CN=2dfef2b839ad07786833b1bedca8b0b19203e111
Certificate serial: 01942669D5C31A5D5F467C0E8B72C1435822
Authority key identifier: 2D:FE:F2:B8:39:AD:07:78:68:33:B1:BE:DC:A8:B0:B1:92:03:E1:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/32WtKH3EfM7-S6v7tTmyQcU-a9s.roa
Signing time: Thu 02 Jan 2025 09:47:37 +0000
ROA not before: Thu 02 Jan 2025 09:47:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44335
IP address blocks: 109.234.217.0/24 maxlen: 24
109.234.218.0/24 maxlen: 24
195.93.200.0/23 maxlen: 23
2a00:1c08::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:69:d5:c3:1a:5d:5f:46:7c:0e:8b:72:c1:43:58:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2dfef2b839ad07786833b1bedca8b0b19203e111
Validity
Not Before: Jan 2 09:47:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df65ad287dc47ccefe4babfbb539b241c53e6bdb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:03:a3:6e:9c:4d:3d:6c:9a:3d:81:1f:92:c3:
fa:bf:a0:9f:8c:6b:88:34:c5:21:2c:b8:2c:c7:e2:
ed:cb:c6:19:53:66:04:fe:3d:0c:97:90:d4:4c:10:
52:14:77:9b:0e:92:cd:d3:79:da:f5:38:93:11:49:
0c:ed:15:b3:fe:6f:b4:1b:65:f8:e3:d0:88:d9:b9:
c2:d8:35:16:9b:27:f5:92:95:be:17:91:43:48:c6:
65:bc:d0:b9:dc:06:4d:bb:54:c1:52:e4:50:37:96:
e8:01:50:94:9a:3a:b2:df:02:75:bf:62:05:e2:2f:
3d:3b:48:ad:a6:5f:91:99:8d:a2:e1:11:ab:32:1b:
08:e1:23:4b:43:dd:cc:d9:38:73:02:d0:86:f1:c8:
bc:8a:0d:48:44:dc:73:35:6e:c3:a6:80:0e:b2:1e:
5f:14:2a:ae:66:8e:65:20:d5:60:27:6b:b8:79:02:
b4:44:c4:77:40:f7:44:58:28:d1:03:a7:bd:fd:de:
6f:fb:8c:31:6f:8f:16:5d:db:30:0e:75:40:82:62:
75:55:af:85:b9:52:07:77:e6:1c:b9:72:2c:5c:bb:
91:8b:87:39:5d:92:90:6b:db:24:95:b1:78:21:1d:
5d:9c:b2:f8:a6:7b:a5:2a:72:da:e2:a5:04:fd:21:
23:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:65:AD:28:7D:C4:7C:CE:FE:4B:AB:FB:B5:39:B2:41:C5:3E:6B:DB
X509v3 Authority Key Identifier:
keyid:2D:FE:F2:B8:39:AD:07:78:68:33:B1:BE:DC:A8:B0:B1:92:03:E1:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/32WtKH3EfM7-S6v7tTmyQcU-a9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.234.217.0-109.234.218.255
195.93.200.0/23
IPv6:
2a00:1c08::/32
Signature Algorithm: sha256WithRSAEncryption
2e:4e:61:d0:43:53:fb:46:c9:77:35:95:c9:a9:96:4a:68:cd:
f1:f8:ef:00:07:b5:83:b7:a0:00:22:e0:3b:e4:45:7f:21:51:
d8:30:e5:2e:b3:ab:dd:be:eb:79:49:2a:9e:95:60:45:99:15:
44:9a:55:6f:10:b8:97:1f:cb:14:4f:16:07:69:67:be:dd:5f:
fe:d6:a4:21:22:6e:3d:d3:45:45:c3:dc:a3:91:69:62:04:1d:
3a:07:90:d3:95:d0:fa:fb:b0:ed:de:48:ae:0a:f2:f8:a7:7a:
61:6e:42:d6:16:f3:4f:43:f4:fc:83:41:90:32:3b:2b:fc:1d:
7f:03:82:06:3f:ff:bb:9c:9c:17:81:17:06:f3:bd:7f:69:2b:
ca:03:64:62:7d:03:3a:b0:c9:54:2c:70:e2:f7:25:d6:dd:41:
04:8e:56:61:17:02:65:1e:be:ac:83:06:ca:fe:3b:a7:68:c9:
80:89:68:34:ba:9d:6a:c1:d1:79:3a:0c:44:54:26:90:c9:ec:
8b:20:0a:dc:5c:0a:61:b4:9c:b3:02:b6:ae:8d:50:16:85:21:
fa:fd:85:24:33:e4:d2:18:87:48:ec:4e:41:64:3b:3b:7a:5d:
30:be:59:80:0a:36:df:f1:de:31:57:e0:80:c8:e5:5c:d3:3c:
fa:2b:48:8e
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQmadXDGl1fRnwOi3LBQ1giMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZmVmMmI4MzlhZDA3Nzg2ODMzYjFiZWRjYThiMGIxOTIw
M2UxMTEwHhcNMjUwMTAyMDk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjY1YWQyODdkYzQ3Y2NlZmU0YmFiZmJiNTM5YjI0MWM1M2U2YmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wOjbpxNPWyaPYEfksP6v6CfjGuI
NMUhLLgsx+Lty8YZU2YE/j0Ml5DUTBBSFHebDpLN03na9TiTEUkM7RWz/m+0G2X4
49CI2bnC2DUWmyf1kpW+F5FDSMZlvNC53AZNu1TBUuRQN5boAVCUmjqy3wJ1v2IF
4i89O0itpl+RmY2i4RGrMhsI4SNLQ93M2ThzAtCG8ci8ig1IRNxzNW7DpoAOsh5f
FCquZo5lINVgJ2u4eQK0RMR3QPdEWCjRA6e9/d5v+4wxb48WXdswDnVAgmJ1Va+F
uVIHd+YcuXIsXLuRi4c5XZKQa9sklbF4IR1dnLL4pnulKnLa4qUE/SEjZwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFN9lrSh9xHzO/kur+7U5skHFPmvbMB8GA1UdIwQY
MBaAFC3+8rg5rQd4aDOxvtyosLGSA+ERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGY3eXVEbXRCM2hvTTdHLTNLaXdzWklENFJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8wMzU3ZTgtM2VhMC00OTY4LTllZjkt
N2Q3MDUxOWI3NmRhLzEvMzJXdEtIM0VmTTctUzZ2N3RUbXlRY1UtYTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8wMzU3ZTgtM2VhMC00OTY4LTllZjktN2Q3MDUxOWI3NmRh
LzEvTGY3eXVEbXRCM2hvTTdHLTNLaXdzWklENFJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBABt6tkD
BABt6toDBAHDXcgwDQQCAAIwBwMFACoAHAgwDQYJKoZIhvcNAQELBQADggEBAC5O
YdBDU/tGyXc1lcmplkpozfH47wAHtYO3oAAi4DvkRX8hUdgw5S6zq92+63lJKp6V
YEWZFUSaVW8QuJcfyxRPFgdpZ77dX/7WpCEibj3TRUXD3KORaWIEHToHkNOV0Pr7
sO3eSK4K8vinemFuQtYW809D9PyDQZAyOyv8HX8DggY//7ucnBeBFwbzvX9pK8oD
ZGJ9AzqwyVQscOL3JdbdQQSOVmEXAmUevqyDBsr+O6doyYCJaDS6nWrB0Xk6DERU
JpDJ7IsgCtxcCmG0nLMCtq6NUBaFIfr9hSQz5NIYh0jsTkFkOzt6XTC+WYAKNt/x
3jFX4IDI5VzTPPorSI4=
-----END CERTIFICATE-----
Generated at Sun Feb 2 07:57:49 2025 by rpki-client