Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/dc8PgnhayzDZSzqf3yg7QDbNGi8.roa
File: dc8PgnhayzDZSzqf3yg7QDbNGi8.roa (raw, json)
Hash identifier: J+tA+61lQEEvu8m1aPgIRjodULbBtcVS6a22ypCO1hM=
Subject key identifier: 75:CF:0F:82:78:5A:CB:30:D9:4B:3A:9F:DF:28:3B:40:36:CD:1A:2F
Certificate issuer: /CN=24cacceee35ff87cd678ef6a92262cefce8492df
Certificate serial: 01941F8BFE021C05A47C18820784F03A18B0
Authority key identifier: 24:CA:CC:EE:E3:5F:F8:7C:D6:78:EF:6A:92:26:2C:EF:CE:84:92:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/dc8PgnhayzDZSzqf3yg7QDbNGi8.roa
Signing time: Wed 01 Jan 2025 01:47:35 +0000
ROA not before: Wed 01 Jan 2025 01:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48944
IP address blocks: 5.23.112.0/21 maxlen: 21
95.130.56.0/21 maxlen: 21
95.130.56.0/24 maxlen: 24
95.130.57.0/24 maxlen: 24
95.130.58.0/24 maxlen: 24
95.130.59.0/24 maxlen: 24
95.130.60.0/24 maxlen: 24
95.130.61.0/24 maxlen: 24
95.130.62.0/24 maxlen: 24
95.130.63.0/24 maxlen: 24
109.72.192.0/20 maxlen: 20
109.72.192.0/21 maxlen: 21
109.72.192.0/24 maxlen: 24
109.72.193.0/24 maxlen: 24
109.72.194.0/24 maxlen: 24
109.72.195.0/24 maxlen: 24
109.72.196.0/24 maxlen: 24
109.72.197.0/24 maxlen: 24
109.72.198.0/24 maxlen: 24
109.72.199.0/24 maxlen: 24
109.72.200.0/21 maxlen: 21
109.72.200.0/24 maxlen: 24
109.72.201.0/24 maxlen: 24
109.72.202.0/24 maxlen: 24
109.72.203.0/24 maxlen: 24
109.72.204.0/24 maxlen: 24
109.72.205.0/24 maxlen: 24
109.72.206.0/24 maxlen: 24
109.72.207.0/24 maxlen: 24
109.238.176.0/20 maxlen: 20
109.238.176.0/21 maxlen: 21
109.238.184.0/21 maxlen: 21
109.238.184.0/24 maxlen: 24
176.67.64.0/20 maxlen: 20
185.11.176.0/22 maxlen: 22
185.246.4.0/22 maxlen: 22
185.246.4.0/24 maxlen: 24
185.246.5.0/24 maxlen: 24
185.246.6.0/24 maxlen: 24
185.246.7.0/24 maxlen: 24
2a02:d2c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.mft
rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8b:fe:02:1c:05:a4:7c:18:82:07:84:f0:3a:18:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=24cacceee35ff87cd678ef6a92262cefce8492df
Validity
Not Before: Jan 1 01:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=75cf0f82785acb30d94b3a9fdf283b4036cd1a2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:98:68:25:02:12:f0:9b:42:e9:f8:ff:6a:73:
a9:70:bc:11:4f:5a:3f:fd:02:39:01:74:72:6d:c8:
77:74:3d:64:d5:37:7f:a6:55:06:86:02:fc:3e:74:
c5:7a:fa:2d:8b:a8:eb:af:40:32:92:b6:52:a0:f4:
27:02:25:fb:14:55:3f:74:2c:9c:6e:23:89:f9:ce:
71:57:64:da:de:45:f6:f1:cf:50:87:11:ed:6c:37:
a1:c5:57:ac:09:41:a5:ef:76:65:9c:13:ce:36:d0:
41:e9:ef:b3:0f:42:0c:f6:3c:0f:04:73:49:82:59:
c2:35:94:63:18:06:7d:24:f5:11:3e:a6:d1:70:3e:
31:da:3c:39:54:a5:70:21:72:34:86:af:be:94:ce:
5c:21:61:34:e6:f0:73:bf:7d:06:8e:29:f2:2a:24:
a3:3f:97:59:95:2f:88:54:49:77:a6:19:cf:74:0b:
d3:67:46:ee:22:b5:7c:74:bd:ed:d3:c7:cb:39:77:
e7:42:57:8c:2c:6e:76:2e:14:fd:00:d7:93:0c:cd:
aa:74:8e:78:58:dc:f8:fa:02:84:e8:31:38:1e:0c:
9a:79:cf:ed:b3:39:0e:39:69:f4:81:ef:3e:1e:2d:
a5:71:1d:59:91:03:b5:c4:26:cb:22:f8:a2:4e:ed:
59:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:CF:0F:82:78:5A:CB:30:D9:4B:3A:9F:DF:28:3B:40:36:CD:1A:2F
X509v3 Authority Key Identifier:
keyid:24:CA:CC:EE:E3:5F:F8:7C:D6:78:EF:6A:92:26:2C:EF:CE:84:92:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/dc8PgnhayzDZSzqf3yg7QDbNGi8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.112.0/21
95.130.56.0/21
109.72.192.0/20
109.238.176.0/20
176.67.64.0/20
185.11.176.0/22
185.246.4.0/22
IPv6:
2a02:d2c0::/29
Signature Algorithm: sha256WithRSAEncryption
04:b8:19:3e:49:c7:4d:13:98:13:ee:09:e1:bf:42:b2:14:28:
71:93:27:d5:b4:4f:0f:09:cf:b3:cf:3d:f0:b7:8c:ea:73:78:
8c:67:17:6c:ae:50:ac:44:85:1c:04:55:2e:20:e5:50:3f:f8:
0b:39:ad:e9:b7:59:0d:17:12:9b:03:1f:fa:55:b9:1b:ad:88:
f4:fd:f5:39:da:2f:cb:0b:a2:7c:34:88:a6:42:1c:90:83:d9:
56:40:c0:4b:9b:65:92:46:89:da:39:ae:76:01:d6:13:09:bc:
0b:51:f8:51:84:a8:cf:ca:78:57:cc:18:05:67:88:8a:5c:d3:
d7:71:35:e9:47:0b:bf:88:da:df:2c:7d:11:11:6a:8b:86:9b:
d8:a2:b1:e1:c6:e1:80:49:e8:a5:a1:c2:2a:77:f4:d7:34:ff:
76:d4:57:9f:90:36:88:36:fd:30:88:c5:3c:cc:37:2c:77:55:
18:0d:06:e3:2d:7d:99:3d:a1:8e:b9:3e:63:e8:93:3c:06:28:
ca:18:99:92:ff:a8:dd:a4:34:38:44:fb:81:ed:77:34:6e:d4:
9d:8b:64:5e:dd:67:d9:33:c8:0d:49:f8:c8:4e:f8:9e:10:71:
ab:db:08:64:cb:a7:0b:0c:5f:a0:2a:71:e5:85:13:e0:39:a5:
15:03:14:83
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQfi/4CHAWkfBiCB4TwOhiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0Y2FjY2VlZTM1ZmY4N2NkNjc4ZWY2YTkyMjYyY2VmY2U4
NDkyZGYwHhcNMjUwMTAxMDE0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNmMGY4Mjc4NWFjYjMwZDk0YjNhOWZkZjI4M2I0MDM2Y2QxYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZhoJQIS8JtC6fj/anOpcLwRT1o/
/QI5AXRybch3dD1k1Td/plUGhgL8PnTFevoti6jrr0AykrZSoPQnAiX7FFU/dCyc
biOJ+c5xV2Ta3kX28c9QhxHtbDehxVesCUGl73ZlnBPONtBB6e+zD0IM9jwPBHNJ
glnCNZRjGAZ9JPURPqbRcD4x2jw5VKVwIXI0hq++lM5cIWE05vBzv30GjinyKiSj
P5dZlS+IVEl3phnPdAvTZ0buIrV8dL3t08fLOXfnQleMLG52LhT9ANeTDM2qdI54
WNz4+gKE6DE4Hgyaec/tszkOOWn0ge8+Hi2lcR1ZkQO1xCbLIviiTu1ZXwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFHXPD4J4Wssw2Us6n98oO0A2zRovMB8GA1UdIwQY
MBaAFCTKzO7jX/h81njvapImLO/OhJLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk1yTTd1TmYtSHpXZU85cWtpWXM3ODZFa3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82NjcwZjktNDE4ZS00Mjc1LTgwMDAt
YTI5ZWIxMzllNzlkLzEvZGM4UGduaGF5ekRaU3pxZjN5ZzdRRGJOR2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82NjcwZjktNDE4ZS00Mjc1LTgwMDAtYTI5ZWIxMzllNzlk
LzEvSk1yTTd1TmYtSHpXZU85cWtpWXM3ODZFa3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBRdwAwQD
X4I4AwQEbUjAAwQEbe6wAwQEsENAAwQCuQuwAwQCufYEMA0EAgACMAcDBQMqAtLA
MA0GCSqGSIb3DQEBCwUAA4IBAQAEuBk+ScdNE5gT7gnhv0KyFChxkyfVtE8PCc+z
zz3wt4zqc3iMZxdsrlCsRIUcBFUuIOVQP/gLOa3pt1kNFxKbAx/6VbkbrYj0/fU5
2i/LC6J8NIimQhyQg9lWQMBLm2WSRonaOa52AdYTCbwLUfhRhKjPynhXzBgFZ4iK
XNPXcTXpRwu/iNrfLH0REWqLhpvYorHhxuGASeilocIqd/TXNP921FefkDaINv0w
iMU8zDcsd1UYDQbjLX2ZPaGOuT5j6JM8BijKGJmS/6jdpDQ4RPuB7Xc0btSdi2Re
3WfZM8gNSfjITvieEHGr2whky6cLDF+gKnHlhRPgOaUVAxSD
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:23:50 2025 by rpki-client