Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/fY3YUzeQR4J5mSVlYztPydyoN5Q.roa
File: fY3YUzeQR4J5mSVlYztPydyoN5Q.roa (raw, json)
Hash identifier: mNZawaVbKUAZ9lV1chbhqIOQeYk5Gz7JPB6mT6lLW4o=
Subject key identifier: 7D:8D:D8:53:37:90:47:82:79:99:25:65:63:3B:4F:C9:DC:A8:37:94
Certificate issuer: /CN=861c67bdb6d8c230fcdb427a9f71b80135872fc2
Certificate serial: 019420D61C6718B4FA90DB6625D588FEB1D6
Authority key identifier: 86:1C:67:BD:B6:D8:C2:30:FC:DB:42:7A:9F:71:B8:01:35:87:2F:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hhxnvbbYwjD820J6n3G4ATWHL8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/fY3YUzeQR4J5mSVlYztPydyoN5Q.roa
Signing time: Wed 01 Jan 2025 07:48:10 +0000
ROA not before: Wed 01 Jan 2025 07:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41960
IP address blocks: 185.17.60.0/22 maxlen: 24
185.238.52.0/22 maxlen: 24
185.241.76.0/22 maxlen: 24
193.221.114.0/24 maxlen: 24
195.140.240.0/22 maxlen: 24
2a03:e0c0::/32 maxlen: 48
2a0c:2680::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/hhxnvbbYwjD820J6n3G4ATWHL8I.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/hhxnvbbYwjD820J6n3G4ATWHL8I.mft
rsync://rpki.ripe.net/repository/DEFAULT/hhxnvbbYwjD820J6n3G4ATWHL8I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 23:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:1c:67:18:b4:fa:90:db:66:25:d5:88:fe:b1:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=861c67bdb6d8c230fcdb427a9f71b80135872fc2
Validity
Not Before: Jan 1 07:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d8dd8533790478279992565633b4fc9dca83794
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:27:ac:aa:58:31:e0:f8:3d:b9:c4:1e:5e:eb:
65:4d:8f:d5:dd:42:e8:f4:13:50:6f:0f:df:86:77:
34:8c:d1:9b:5d:a6:56:d5:09:b8:f0:70:fc:0f:21:
65:9f:2d:4a:d5:24:4f:ba:87:91:d3:b9:a3:20:30:
55:fc:f2:e8:f6:ec:e0:32:95:df:8b:0d:39:9c:77:
06:c1:51:e6:8d:b5:a6:8a:29:b2:be:b9:be:33:a5:
b1:6b:a2:96:f4:65:31:c5:a6:8f:17:b1:79:44:54:
fb:18:38:2a:a1:05:b4:f9:0e:ec:16:2d:f9:b2:2e:
19:1c:cb:15:48:70:6d:27:bd:6f:08:a7:d2:8d:4f:
94:98:b7:db:e2:23:5f:fd:c7:84:c8:9b:7a:3a:e7:
f4:83:bf:7f:1a:75:2d:91:5e:84:24:e5:21:b0:31:
64:e5:f7:42:3c:27:1c:fe:87:9d:59:17:d6:28:f0:
44:02:f5:99:f2:5a:48:87:18:10:44:62:78:49:86:
42:38:fd:a2:b9:de:8f:b4:81:67:81:f5:bf:26:83:
ad:0d:be:ad:8c:ad:55:32:3b:34:fa:90:43:fe:7d:
0f:0d:5f:58:81:be:05:64:c8:33:ec:f7:5d:7a:72:
bc:40:a8:dd:92:9e:37:af:3c:74:b3:d5:9f:23:10:
63:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:8D:D8:53:37:90:47:82:79:99:25:65:63:3B:4F:C9:DC:A8:37:94
X509v3 Authority Key Identifier:
keyid:86:1C:67:BD:B6:D8:C2:30:FC:DB:42:7A:9F:71:B8:01:35:87:2F:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhxnvbbYwjD820J6n3G4ATWHL8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/fY3YUzeQR4J5mSVlYztPydyoN5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/hhxnvbbYwjD820J6n3G4ATWHL8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.17.60.0/22
185.238.52.0/22
185.241.76.0/22
193.221.114.0/24
195.140.240.0/22
IPv6:
2a03:e0c0::/32
2a0c:2680::/29
Signature Algorithm: sha256WithRSAEncryption
25:38:0f:c0:ec:f1:6d:b1:af:98:a6:9b:2f:81:b1:f0:71:89:
4a:e4:2a:8d:a4:0e:a8:2c:34:f8:fe:0c:ef:ce:31:b7:a3:5b:
06:ea:83:27:a4:aa:23:f9:8e:95:87:21:27:ef:f1:7c:a7:0f:
b6:70:30:ab:20:f2:bc:54:79:ff:56:b5:01:53:6a:12:7f:c9:
72:d5:60:71:d0:5b:e8:d4:d9:8e:2a:6d:39:d4:c8:cb:e0:4f:
69:f7:bf:26:94:ab:8d:1c:85:48:38:59:a0:04:b0:fe:25:2e:
2d:15:48:c3:24:48:8d:e4:c5:74:57:2a:88:6f:11:e3:ec:d5:
5a:71:e4:19:26:f3:f3:b9:66:f5:60:e0:76:90:60:46:7c:76:
98:62:40:4a:81:ff:c9:31:a2:11:b0:34:13:f2:5c:99:4f:31:
5b:e6:4d:2a:cc:59:3c:d1:ef:23:36:dd:41:80:a0:41:8e:14:
8b:bd:a7:6d:b5:68:84:12:30:92:79:33:33:9a:a0:9d:72:76:
c2:2f:fa:6a:62:78:0d:b9:04:d4:d8:58:8c:65:65:83:4e:6b:
91:ec:37:98:4f:ff:d5:8a:ce:6d:b9:9d:d1:9c:85:78:d0:af:
d7:b9:c5:a4:ea:db:d6:61:8b:71:96:2e:cc:04:ef:9c:a0:98:
03:48:a2:2d
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQg1hxnGLT6kNtmJdWI/rHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MWM2N2JkYjZkOGMyMzBmY2RiNDI3YTlmNzFiODAxMzU4
NzJmYzIwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDhkZDg1MzM3OTA0NzgyNzk5OTI1NjU2MzNiNGZjOWRjYTgzNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyesqlgx4Pg9ucQeXutlTY/V3ULo
9BNQbw/fhnc0jNGbXaZW1Qm48HD8DyFlny1K1SRPuoeR07mjIDBV/PLo9uzgMpXf
iw05nHcGwVHmjbWmiimyvrm+M6Wxa6KW9GUxxaaPF7F5RFT7GDgqoQW0+Q7sFi35
si4ZHMsVSHBtJ71vCKfSjU+UmLfb4iNf/ceEyJt6Ouf0g79/GnUtkV6EJOUhsDFk
5fdCPCcc/oedWRfWKPBEAvWZ8lpIhxgQRGJ4SYZCOP2iud6PtIFngfW/JoOtDb6t
jK1VMjs0+pBD/n0PDV9Ygb4FZMgz7PddenK8QKjdkp43rzx0s9WfIxBjzQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFH2N2FM3kEeCeZklZWM7T8ncqDeUMB8GA1UdIwQY
MBaAFIYcZ7222MIw/NtCep9xuAE1hy/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGh4bnZiYll3akQ4MjBKNm4zRzRBVFdITDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC84YTExNWItMzg1OS00NzU5LTg1YWUt
ZmI4NTNjNjUzMzRhLzEvZlkzWVV6ZVFSNEo1bVNWbFl6dFB5ZHlvTjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC84YTExNWItMzg1OS00NzU5LTg1YWUtZmI4NTNjNjUzMzRh
LzEvaGh4bnZiYll3akQ4MjBKNm4zRzRBVFdITDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQCuRE8AwQC
ue40AwQCufFMAwQAwd1yAwQCw4zwMBQEAgACMA4DBQAqA+DAAwUDKgwmgDANBgkq
hkiG9w0BAQsFAAOCAQEAJTgPwOzxbbGvmKabL4Gx8HGJSuQqjaQOqCw0+P4M784x
t6NbBuqDJ6SqI/mOlYchJ+/xfKcPtnAwqyDyvFR5/1a1AVNqEn/JctVgcdBb6NTZ
jiptOdTIy+BPafe/JpSrjRyFSDhZoASw/iUuLRVIwyRIjeTFdFcqiG8R4+zVWnHk
GSbz87lm9WDgdpBgRnx2mGJASoH/yTGiEbA0E/JcmU8xW+ZNKsxZPNHvIzbdQYCg
QY4Ui72nbbVohBIwknkzM5qgnXJ2wi/6amJ4DbkE1NhYjGVlg05rkew3mE//1YrO
bbmd0ZyFeNCv17nFpOrb1mGLcZYuzATvnKCYA0iiLQ==
-----END CERTIFICATE-----
Generated at Tue Apr 8 06:42:37 2025 by rpki-client