Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/hILMU0qMjMm6bmWNobLKh35z6fg.roa
File: hILMU0qMjMm6bmWNobLKh35z6fg.roa (raw, json)
Hash identifier: tRLWcg9XAdmGTHy58HB7PkQi1r29x3Hn5q5I5oWT1hs=
Subject key identifier: 84:82:CC:53:4A:8C:8C:C9:BA:6E:65:8D:A1:B2:CA:87:7E:73:E9:F8
Certificate issuer: /CN=a9061f2f49a6d7af9ea676bad03df1ce2f50260d
Certificate serial: 019420D5FC9F9F6EB84AA9BC2A9E594D4FF1
Authority key identifier: A9:06:1F:2F:49:A6:D7:AF:9E:A6:76:BA:D0:3D:F1:CE:2F:50:26:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/hILMU0qMjMm6bmWNobLKh35z6fg.roa
Signing time: Wed 01 Jan 2025 07:48:02 +0000
ROA not before: Wed 01 Jan 2025 07:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29056
IP address blocks: 37.143.176.0/20 maxlen: 24
85.237.0.0/19 maxlen: 24
91.143.96.0/20 maxlen: 24
109.73.144.0/20 maxlen: 24
185.15.236.0/22 maxlen: 24
185.220.252.0/22 maxlen: 24
185.222.128.0/22 maxlen: 24
185.225.144.0/22 maxlen: 24
185.228.128.0/22 maxlen: 24
185.233.144.0/22 maxlen: 24
185.236.72.0/22 maxlen: 24
193.46.248.0/24 maxlen: 24
217.29.144.0/20 maxlen: 24
2a02:758::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.crl
rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.mft
rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 19:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:fc:9f:9f:6e:b8:4a:a9:bc:2a:9e:59:4d:4f:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9061f2f49a6d7af9ea676bad03df1ce2f50260d
Validity
Not Before: Jan 1 07:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8482cc534a8c8cc9ba6e658da1b2ca877e73e9f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ae:f5:31:43:94:41:93:11:67:24:68:db:fd:
f6:69:65:68:50:7a:72:84:ad:b8:3a:aa:1e:34:8d:
34:25:f3:14:b8:16:0e:05:8d:fa:4c:16:8b:36:ea:
e9:ac:58:f8:6c:43:f5:6c:a7:f0:01:e3:af:89:52:
23:d3:e8:72:d7:b6:af:d5:56:bd:cf:0c:a9:32:51:
16:a4:29:4b:97:7f:b2:c8:56:69:5c:e7:69:14:6c:
43:82:0e:ab:50:ad:7e:0a:32:31:f9:cf:ca:bc:6b:
fb:f2:7f:fd:10:8d:ac:b0:9f:1f:d0:65:cb:27:15:
4c:53:c7:fe:13:61:13:35:8e:d3:98:a9:69:6a:6f:
d5:ca:03:dd:bb:fa:e2:ad:95:e5:93:67:49:cd:5a:
1d:75:f5:7d:46:89:f0:fd:62:36:7f:d7:b6:1e:ff:
c9:63:5b:aa:56:7e:fd:82:8b:b3:32:7a:d6:53:fe:
b7:b9:16:d5:37:cc:0f:cf:ac:fd:8c:e7:f7:d7:33:
88:d0:8d:15:5b:a4:72:37:91:e6:41:3f:a4:5e:29:
19:19:76:53:c2:25:b9:70:bd:dd:e4:2b:20:29:8c:
7b:9a:f2:5a:99:57:9e:fa:a6:b2:ec:b2:8e:c3:c2:
f1:5d:6e:87:87:cd:01:ae:43:30:08:56:dd:69:68:
2d:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:82:CC:53:4A:8C:8C:C9:BA:6E:65:8D:A1:B2:CA:87:7E:73:E9:F8
X509v3 Authority Key Identifier:
keyid:A9:06:1F:2F:49:A6:D7:AF:9E:A6:76:BA:D0:3D:F1:CE:2F:50:26:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/hILMU0qMjMm6bmWNobLKh35z6fg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.176.0/20
85.237.0.0/19
91.143.96.0/20
109.73.144.0/20
185.15.236.0/22
185.220.252.0/22
185.222.128.0/22
185.225.144.0/22
185.228.128.0/22
185.233.144.0/22
185.236.72.0/22
193.46.248.0/24
217.29.144.0/20
IPv6:
2a02:758::/32
Signature Algorithm: sha256WithRSAEncryption
23:01:f8:16:d9:35:f7:97:af:4d:01:83:15:0b:ba:30:18:c2:
5f:6c:99:1d:1e:19:8a:36:3e:78:76:8d:76:fb:5c:46:8e:8c:
9e:a9:46:7d:42:5f:cb:65:a9:92:a7:b2:92:c6:15:4c:b5:c8:
f4:72:89:ee:f0:bb:81:b9:ce:93:60:86:ce:f2:40:4f:9c:20:
6a:e3:4e:9b:6b:19:5e:c4:ca:8a:ae:d6:82:98:00:ea:d9:66:
e8:35:49:34:d4:bd:eb:e8:5a:7e:ba:77:75:fc:72:7d:fd:7f:
ff:07:b5:f5:6e:23:6f:f7:30:85:87:26:a2:2a:fa:29:e9:a9:
a7:83:eb:66:5d:74:44:77:a3:88:a6:60:d2:dc:ee:0f:4b:38:
0e:81:c5:a1:e2:3f:3c:bb:42:dd:30:6e:83:31:32:bf:d1:9a:
4d:25:a7:d2:01:68:77:4f:af:0d:a9:34:00:db:b5:2f:4b:b7:
97:c5:de:b7:92:48:46:5b:4d:b6:a3:28:6f:09:5f:a2:b6:db:
75:00:61:66:4b:7d:a7:2d:87:65:1c:6c:64:ad:bb:43:dc:05:
2c:92:70:88:34:a4:41:6c:02:0e:97:04:63:65:1d:9f:57:5f:
47:3e:a0:1c:0b:36:ca:af:ed:d9:3e:d3:44:34:c0:d5:56:73:
03:fe:2b:c3
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZQg1fyfn264Sqm8Kp5ZTU/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MDYxZjJmNDlhNmQ3YWY5ZWE2NzZiYWQwM2RmMWNlMmY1
MDI2MGQwHhcNMjUwMTAxMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDgyY2M1MzRhOGM4Y2M5YmE2ZTY1OGRhMWIyY2E4NzdlNzNlOWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyK71MUOUQZMRZyRo2/32aWVoUHpy
hK24OqoeNI00JfMUuBYOBY36TBaLNurprFj4bEP1bKfwAeOviVIj0+hy17av1Va9
zwypMlEWpClLl3+yyFZpXOdpFGxDgg6rUK1+CjIx+c/KvGv78n/9EI2ssJ8f0GXL
JxVMU8f+E2ETNY7TmKlpam/VygPdu/rirZXlk2dJzVoddfV9Ronw/WI2f9e2Hv/J
Y1uqVn79gouzMnrWU/63uRbVN8wPz6z9jOf31zOI0I0VW6RyN5HmQT+kXikZGXZT
wiW5cL3d5CsgKYx7mvJamVee+qay7LKOw8LxXW6Hh80BrkMwCFbdaWgt3QIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFISCzFNKjIzJum5ljaGyyod+c+n4MB8GA1UdIwQY
MBaAFKkGHy9JptevnqZ2utA98c4vUCYNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVFZZkwwbW0xNi1lcG5hNjBEM3h6aTlRSmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTliZTEtMWZhMi00MjUzLWJmMDEt
ZjZjMjY4NjEyZmM3LzEvaElMTVUwcU1qTW02Ym1XTm9iTEtoMzV6NmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTliZTEtMWZhMi00MjUzLWJmMDEtZjZjMjY4NjEyZmM3
LzEvcVFZZkwwbW0xNi1lcG5hNjBEM3h6aTlRSmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQEJY+wAwQF
Ve0AAwQEW49gAwQEbUmQAwQCuQ/sAwQCudz8AwQCud6AAwQCueGQAwQCueSAAwQC
uemQAwQCuexIAwQAwS74AwQE2R2QMA0EAgACMAcDBQAqAgdYMA0GCSqGSIb3DQEB
CwUAA4IBAQAjAfgW2TX3l69NAYMVC7owGMJfbJkdHhmKNj54do12+1xGjoyeqUZ9
Ql/LZamSp7KSxhVMtcj0conu8LuBuc6TYIbO8kBPnCBq406baxlexMqKrtaCmADq
2WboNUk01L3r6Fp+und1/HJ9/X//B7X1biNv9zCFhyaiKvop6amng+tmXXREd6OI
pmDS3O4PSzgOgcWh4j88u0LdMG6DMTK/0ZpNJafSAWh3T68NqTQA27UvS7eXxd63
kkhGW022oyhvCV+ittt1AGFmS32nLYdlHGxkrbtD3AUsknCINKRBbAIOlwRjZR2f
V19HPqAcCzbKr+3ZPtNENMDVVnMD/ivD
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:34:35 2025 by rpki-client