Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/9h0zhhREd-POjncfc-zEp4ug01M.roa
File: 9h0zhhREd-POjncfc-zEp4ug01M.roa (raw, json)
Hash identifier: JFrWYEIaG5U63hgpJ7xXhrCvo1w1GUW7UsCloYFy5DI=
Subject key identifier: F6:1D:33:86:14:44:77:E3:CE:8E:77:1F:73:EC:C4:A7:8B:A0:D3:53
Certificate issuer: /CN=68cc325c8ad9769a1b54da296305fe0c36573775
Certificate serial: 01941F8C9E1E79EA21F1222067EA75359C6F
Authority key identifier: 68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/9h0zhhREd-POjncfc-zEp4ug01M.roa
Signing time: Wed 01 Jan 2025 01:48:16 +0000
ROA not before: Wed 01 Jan 2025 01:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31034
IP address blocks: 80.88.80.0/20 maxlen: 24
85.235.128.0/19 maxlen: 24
93.186.240.0/21 maxlen: 24
93.186.248.0/21 maxlen: 24
193.254.240.0/23 maxlen: 24
195.128.234.0/23 maxlen: 24
195.225.168.0/22 maxlen: 24
195.234.171.0/24 maxlen: 24
195.250.34.0/24 maxlen: 24
212.237.0.0/18 maxlen: 24
217.61.120.0/21 maxlen: 24
217.73.224.0/20 maxlen: 24
2a01:5940::/36 maxlen: 48
2a01:5940:1000::/36 maxlen: 48
2a02:fd40::/32 maxlen: 48
2a02:fd41::/32 maxlen: 48
2a03:cdc0::/36 maxlen: 48
2a03:cdc0:1000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl
rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.mft
rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 07:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:9e:1e:79:ea:21:f1:22:20:67:ea:75:35:9c:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68cc325c8ad9769a1b54da296305fe0c36573775
Validity
Not Before: Jan 1 01:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f61d3386144477e3ce8e771f73ecc4a78ba0d353
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:04:1f:5d:f5:49:47:5c:d6:c5:b6:4e:5f:e5:
b7:0b:11:20:f7:24:0d:2f:1e:7b:82:3c:1e:dd:09:
0e:e0:8f:5d:c1:11:82:42:5c:8e:f6:1c:1f:3e:93:
62:f2:1f:6f:01:b8:0a:3e:01:cc:65:5d:08:08:53:
ce:51:1c:dc:5b:2d:e5:4e:c4:6d:2d:52:79:02:75:
e9:2d:5b:2b:e4:73:a4:eb:ea:45:e0:04:9e:8e:99:
ce:d7:b3:1c:06:ab:c2:a6:e9:b1:a2:8c:dd:fd:f3:
00:13:5b:e5:c0:da:af:36:0b:f6:58:7e:6f:0d:41:
8c:2b:bc:fb:66:95:6d:6b:c7:75:72:b6:fb:c6:19:
7d:be:63:ad:58:ae:a5:08:69:0b:c4:5e:08:38:94:
f5:69:a9:8f:d4:89:df:69:19:02:ff:de:95:1a:df:
7b:a1:18:15:f2:94:79:4d:e7:6a:39:15:a8:af:07:
88:e2:83:ea:35:0c:9f:1f:81:27:22:d6:90:6b:92:
f5:36:90:4a:f0:ff:30:37:38:28:da:e8:b2:53:e5:
0b:82:4f:0a:3a:5e:d3:24:3c:25:4a:b8:72:d3:d5:
62:f2:f2:c6:03:e9:1e:d0:5b:2f:9c:21:1b:f5:d3:
f7:c7:f3:c3:e0:6e:f4:ab:f8:69:47:c7:91:7c:ff:
3d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:1D:33:86:14:44:77:E3:CE:8E:77:1F:73:EC:C4:A7:8B:A0:D3:53
X509v3 Authority Key Identifier:
keyid:68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/9h0zhhREd-POjncfc-zEp4ug01M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.88.80.0/20
85.235.128.0/19
93.186.240.0/20
193.254.240.0/23
195.128.234.0/23
195.225.168.0/22
195.234.171.0/24
195.250.34.0/24
212.237.0.0/18
217.61.120.0/21
217.73.224.0/20
IPv6:
2a01:5940::/35
2a02:fd40::/31
2a03:cdc0::/35
Signature Algorithm: sha256WithRSAEncryption
01:95:f4:c5:31:69:e9:eb:6e:93:c7:39:cc:15:de:1c:ab:94:
28:1b:c2:41:eb:51:8d:16:6f:b7:fd:cb:53:0c:8b:a4:b1:6d:
15:08:85:f9:db:bf:25:2b:58:02:12:2d:5e:8c:86:b7:73:b2:
3f:5f:63:4f:0c:92:18:57:35:33:e4:90:4a:a7:50:3f:45:76:
7c:d8:68:84:f1:1c:a6:a5:c1:43:a9:04:d8:75:a2:a7:4a:e8:
22:a2:2d:f8:6d:c9:29:30:a4:91:c2:9c:53:50:a8:00:b0:44:
09:df:b4:e9:95:e1:7b:40:cd:e2:71:f0:bd:26:45:0c:18:ba:
80:b0:6f:64:b7:53:ee:61:cc:36:ff:f1:e7:10:11:1b:42:cc:
f1:7b:d4:80:02:71:a0:a4:38:cf:ce:7f:4e:97:62:f6:f5:2e:
49:2f:0a:5a:73:cc:92:74:44:18:42:26:7f:28:8d:54:de:e9:
a3:2b:12:56:b9:15:e9:b2:c8:e5:52:7d:38:b5:99:ce:c0:d6:
54:b7:a3:15:81:37:d9:1c:44:a1:53:03:78:71:2c:c2:98:64:
78:33:ed:cf:8b:86:7b:d2:a2:57:1b:a3:28:4b:df:55:53:a3:
ea:10:92:eb:2d:f5:64:4c:66:00:3f:43:ff:00:76:4c:cf:be:
a2:30:f9:73
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAZQfjJ4eeeoh8SIgZ+p1NZxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2MzMjVjOGFkOTc2OWExYjU0ZGEyOTYzMDVmZTBjMzY1
NzM3NzUwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFkMzM4NjE0NDQ3N2UzY2U4ZTc3MWY3M2VjYzRhNzhiYTBkMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AQfXfVJR1zWxbZOX+W3CxEg9yQN
Lx57gjwe3QkO4I9dwRGCQlyO9hwfPpNi8h9vAbgKPgHMZV0ICFPOURzcWy3lTsRt
LVJ5AnXpLVsr5HOk6+pF4ASejpnO17McBqvCpumxoozd/fMAE1vlwNqvNgv2WH5v
DUGMK7z7ZpVta8d1crb7xhl9vmOtWK6lCGkLxF4IOJT1aamP1InfaRkC/96VGt97
oRgV8pR5TedqORWorweI4oPqNQyfH4EnItaQa5L1NpBK8P8wNzgo2uiyU+ULgk8K
Ol7TJDwlSrhy09Vi8vLGA+ke0FsvnCEb9dP3x/PD4G70q/hpR8eRfP895wIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFPYdM4YURHfjzo53H3PsxKeLoNNTMB8GA1UdIwQY
MBaAFGjMMlyK2XaaG1TaKWMF/gw2Vzd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEt
NzRjOTc5YTY1MzZlLzEvOWgwemhoUkVkLVBPam5jZmMtekVwNHVnMDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEtNzRjOTc5YTY1MzZl
LzEvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBIBAIAATBCAwQEUFhQAwQF
VeuAAwQEXbrwAwQBwf7wAwQBw4DqAwQCw+GoAwQAw+qrAwQAw/oiAwQG1O0AAwQD
2T14AwQE2UngMB0EAgACMBcDBgUqAVlAAAMFASoC/UADBgUqA83AADANBgkqhkiG
9w0BAQsFAAOCAQEAAZX0xTFp6etuk8c5zBXeHKuUKBvCQetRjRZvt/3LUwyLpLFt
FQiF+du/JStYAhItXoyGt3OyP19jTwySGFc1M+SQSqdQP0V2fNhohPEcpqXBQ6kE
2HWip0roIqIt+G3JKTCkkcKcU1CoALBECd+06ZXhe0DN4nHwvSZFDBi6gLBvZLdT
7mHMNv/x5xARG0LM8XvUgAJxoKQ4z85/Tpdi9vUuSS8KWnPMknREGEImfyiNVN7p
oysSVrkV6bLI5VJ9OLWZzsDWVLejFYE32RxEoVMDeHEswphkeDPtz4uGe9KiVxuj
KEvfVVOj6hCS6y31ZExmAD9D/wB2TM++ojD5cw==
-----END CERTIFICATE-----
Generated at Wed Apr 9 17:32:15 2025 by rpki-client