Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/LL8JcAdqtBuww975zCJ3NT8wbIo.roa
File: LL8JcAdqtBuww975zCJ3NT8wbIo.roa (raw, json)
Hash identifier: OazqFiciLO+01js5WnVLTxcyLBf+8JShIpJGoJGbyKE=
Subject key identifier: 2C:BF:09:70:07:6A:B4:1B:B0:C3:DE:F9:CC:22:77:35:3F:30:6C:8A
Certificate issuer: /CN=d2d891b0e328e7c856ad4b7a0764d82d856096d6
Certificate serial: 019423D758E9EAD1DCF3513FB5C69BC3C314
Authority key identifier: D2:D8:91:B0:E3:28:E7:C8:56:AD:4B:7A:07:64:D8:2D:85:60:96:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0tiRsOMo58hWrUt6B2TYLYVgltY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/LL8JcAdqtBuww975zCJ3NT8wbIo.roa
Signing time: Wed 01 Jan 2025 21:48:23 +0000
ROA not before: Wed 01 Jan 2025 21:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203280
IP address blocks: 185.140.32.0/22 maxlen: 22
185.140.32.0/24 maxlen: 24
185.140.33.0/24 maxlen: 24
185.140.34.0/24 maxlen: 24
185.140.35.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/0tiRsOMo58hWrUt6B2TYLYVgltY.crl
rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/0tiRsOMo58hWrUt6B2TYLYVgltY.mft
rsync://rpki.ripe.net/repository/DEFAULT/0tiRsOMo58hWrUt6B2TYLYVgltY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:58:e9:ea:d1:dc:f3:51:3f:b5:c6:9b:c3:c3:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d2d891b0e328e7c856ad4b7a0764d82d856096d6
Validity
Not Before: Jan 1 21:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2cbf0970076ab41bb0c3def9cc2277353f306c8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:28:67:81:35:a2:ab:25:da:5b:cc:1a:04:31:
3d:d3:1a:60:2a:f8:25:5b:e7:7d:93:d2:9c:31:19:
28:02:cf:b5:24:b8:ae:82:92:b1:6b:1d:6c:32:04:
ba:b9:5d:bb:83:51:ad:ef:f2:d4:81:5e:df:eb:ab:
63:fb:71:9c:b0:f0:f5:88:d5:af:78:5e:a4:2f:8d:
62:a6:ae:e1:01:9c:ed:22:31:fa:bd:6e:9a:8a:2a:
ae:58:9b:24:26:14:0c:8f:63:7c:d1:97:9c:d7:fe:
33:68:4d:3d:ba:45:dd:11:41:0d:d2:52:db:65:9e:
e2:2f:be:bb:17:cb:38:fa:12:d1:50:89:62:2f:0c:
eb:ca:bc:09:b8:ef:43:e9:c2:cb:27:7e:04:35:c9:
24:5c:c0:c2:bc:06:53:e9:33:10:3f:fc:e9:77:ea:
dc:b3:61:f1:0c:6e:a5:50:79:9a:df:a2:24:1d:e5:
3a:15:3f:12:20:a9:f5:a8:2c:8c:bf:16:bb:be:a0:
ae:47:91:f1:1d:38:67:9d:b1:8f:de:21:ab:c9:c6:
0f:b5:64:b7:c9:1b:10:87:7c:89:53:8e:8d:f2:2b:
65:a8:2f:42:07:8c:b3:3c:d9:45:3a:87:5e:ce:c3:
e6:3d:27:28:43:06:fc:bd:93:13:e6:9d:9c:4c:cf:
7f:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:BF:09:70:07:6A:B4:1B:B0:C3:DE:F9:CC:22:77:35:3F:30:6C:8A
X509v3 Authority Key Identifier:
keyid:D2:D8:91:B0:E3:28:E7:C8:56:AD:4B:7A:07:64:D8:2D:85:60:96:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0tiRsOMo58hWrUt6B2TYLYVgltY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/LL8JcAdqtBuww975zCJ3NT8wbIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/0tiRsOMo58hWrUt6B2TYLYVgltY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.140.32.0/22
Signature Algorithm: sha256WithRSAEncryption
ab:68:99:72:5c:6d:3c:0c:ea:e6:b3:31:e5:ab:bf:1b:c1:6c:
95:1c:60:25:62:95:5d:f3:19:aa:b6:43:e6:9d:ca:64:bd:41:
10:ca:98:8c:20:4d:7a:bb:25:d1:52:1b:8c:3e:50:4c:8b:1a:
ea:a2:3d:61:f5:36:29:e6:dd:e5:cc:60:ce:12:45:01:05:94:
00:7c:24:11:67:44:46:a9:2b:7a:a8:17:5e:29:51:bc:21:07:
06:f6:22:dd:b3:2d:99:d2:0b:96:54:34:20:75:96:e4:6d:a1:
56:37:99:9b:66:2f:ab:36:f2:e8:cc:51:41:10:b1:50:46:af:
e5:88:f3:cd:e1:28:ad:26:7d:b1:74:65:9b:b2:1e:43:01:6c:
a1:3f:71:d9:71:ea:e6:71:cb:e8:6d:39:e0:79:9f:49:d6:54:
64:a5:90:11:df:3f:c6:11:ee:6b:98:e9:53:c0:a3:53:de:49:
94:89:3c:3e:90:98:07:2e:5e:96:38:6b:09:91:e8:86:d3:ab:
d1:f3:60:d2:54:f5:7a:eb:99:53:fc:b3:42:b6:fb:8a:b1:78:
35:92:11:e4:50:49:8d:c3:6f:6a:cc:f0:88:ad:24:ff:3d:14:
be:60:29:75:45:cb:2b:ea:26:bb:fd:2c:3f:ba:c3:ae:2f:ed:
b5:ad:2e:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj11jp6tHc81E/tcabw8MUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZDg5MWIwZTMyOGU3Yzg1NmFkNGI3YTA3NjRkODJkODU2
MDk2ZDYwHhcNMjUwMTAxMjE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2JmMDk3MDA3NmFiNDFiYjBjM2RlZjljYzIyNzczNTNmMzA2YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuihngTWiqyXaW8waBDE90xpgKvgl
W+d9k9KcMRkoAs+1JLiugpKxax1sMgS6uV27g1Gt7/LUgV7f66tj+3GcsPD1iNWv
eF6kL41ipq7hAZztIjH6vW6aiiquWJskJhQMj2N80Zec1/4zaE09ukXdEUEN0lLb
ZZ7iL767F8s4+hLRUIliLwzryrwJuO9D6cLLJ34ENckkXMDCvAZT6TMQP/zpd+rc
s2HxDG6lUHma36IkHeU6FT8SIKn1qCyMvxa7vqCuR5HxHThnnbGP3iGrycYPtWS3
yRsQh3yJU46N8itlqC9CB4yzPNlFOodezsPmPScoQwb8vZMT5p2cTM9/7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCy/CXAHarQbsMPe+cwidzU/MGyKMB8GA1UdIwQY
MBaAFNLYkbDjKOfIVq1Legdk2C2FYJbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHRpUnNPTW81OGhXclV0NkIyVFlMWVZnbHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83ZmQ4NWQtMDE1Mi00ZWYyLTllYmYt
MWUyNDBiOTdkMmM0LzEvTEw4SmNBZHF0QnV3dzk3NXpDSjNOVDh3YklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83ZmQ4NWQtMDE1Mi00ZWYyLTllYmYtMWUyNDBiOTdkMmM0
LzEvMHRpUnNPTW81OGhXclV0NkIyVFlMWVZnbHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCraJlyXG08DOrmszHlq78bwWyVHGAlYpVd8xmqtkPm
ncpkvUEQypiMIE16uyXRUhuMPlBMixrqoj1h9TYp5t3lzGDOEkUBBZQAfCQRZ0RG
qSt6qBdeKVG8IQcG9iLdsy2Z0guWVDQgdZbkbaFWN5mbZi+rNvLozFFBELFQRq/l
iPPN4SitJn2xdGWbsh5DAWyhP3HZcermccvobTngeZ9J1lRkpZAR3z/GEe5rmOlT
wKNT3kmUiTw+kJgHLl6WOGsJkeiG06vR82DSVPV665lT/LNCtvuKsXg1khHkUEmN
w29qzPCIrST/PRS+YCl1Rcsr6ia7/Sw/usOuL+21rS7l
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:50 2025 by rpki-client