Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/PA8CjloTPg-68N7OnvoYD-1oLhk.roa
File: PA8CjloTPg-68N7OnvoYD-1oLhk.roa (raw, json)
Hash identifier: 4/Ym4G39HmXB13TW6+krF+Wwi7w8FIhxrF2UkWzgLLU=
Subject key identifier: 3C:0F:02:8E:5A:13:3E:0F:BA:F0:DE:CE:9E:FA:18:0F:ED:68:2E:19
Certificate issuer: /CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
Certificate serial: 01942445054500F9BE501A7DB39B1B36B9E7
Authority key identifier: B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/PA8CjloTPg-68N7OnvoYD-1oLhk.roa
Signing time: Wed 01 Jan 2025 23:48:10 +0000
ROA not before: Wed 01 Jan 2025 23:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15589
IP address blocks: 81.200.130.0/23 maxlen: 23
81.200.132.0/22 maxlen: 22
81.200.136.0/22 maxlen: 22
81.200.136.0/23 maxlen: 23
81.200.138.0/24 maxlen: 24
81.200.139.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.mft
rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:05:45:00:f9:be:50:1a:7d:b3:9b:1b:36:b9:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
Validity
Not Before: Jan 1 23:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c0f028e5a133e0fbaf0dece9efa180fed682e19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c4:55:7d:04:9d:67:44:4a:16:63:0a:5f:25:
0d:85:1a:b9:b0:e2:84:ec:f1:f6:d4:36:48:a6:70:
0f:1e:66:d3:4d:3a:75:65:2a:c6:84:19:a8:b3:10:
55:65:d7:ae:b6:53:ec:c2:42:ae:7b:bb:ca:91:c8:
a7:bf:f7:bb:16:23:af:14:11:3b:c6:e8:31:c6:4e:
b8:ae:09:86:e9:ee:85:46:b4:a6:51:2e:07:63:dc:
a7:4b:07:54:2f:b7:c7:4f:ff:da:e3:16:5b:d8:ae:
c5:70:a4:da:b4:e6:5f:f1:e9:3d:74:ba:4c:86:f1:
d7:00:ab:d6:d3:9f:d6:12:52:e2:3e:00:14:6d:69:
db:90:fd:c6:f8:eb:1e:f8:4e:e7:9b:66:f8:e0:61:
c0:eb:8b:85:75:9b:f6:8b:26:3f:76:72:f9:61:44:
2b:da:d6:b0:d4:d3:c9:fa:23:7f:4c:45:0f:0e:ca:
5f:66:12:9c:26:17:2d:9d:e9:dc:10:e3:3c:2a:ce:
93:0e:a3:30:52:1c:45:25:ed:81:e8:d9:ac:59:fc:
d4:15:81:3c:77:7d:90:d1:6e:5f:f1:7c:d6:a3:9d:
32:d9:cc:20:45:e5:45:ff:73:ee:17:7d:bf:11:63:
f8:8d:38:d9:49:52:26:d3:9a:ab:b3:ce:a7:a5:11:
8a:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:0F:02:8E:5A:13:3E:0F:BA:F0:DE:CE:9E:FA:18:0F:ED:68:2E:19
X509v3 Authority Key Identifier:
keyid:B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/PA8CjloTPg-68N7OnvoYD-1oLhk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.200.130.0-81.200.139.255
Signature Algorithm: sha256WithRSAEncryption
69:d9:36:ad:3e:c7:18:99:ca:3f:61:d0:38:18:44:d2:38:c6:
e4:a6:42:77:4d:0b:c4:8a:0e:41:21:06:58:95:19:67:76:c8:
d5:a1:41:34:8a:23:5b:4d:62:1f:f8:a4:9d:53:16:6e:d0:2d:
c5:d0:ba:17:c7:03:49:fb:5b:bd:f7:b4:b9:fd:59:d0:93:7e:
cb:6c:c9:0f:f7:72:fb:fb:9f:e1:01:62:c1:bb:73:e5:9c:a2:
f8:06:b3:33:c2:4f:e5:41:8f:10:e2:ea:a3:32:da:ed:0c:47:
dc:fe:e9:d0:00:4d:f5:74:31:17:43:8c:18:3c:11:d1:a0:34:
a9:2c:f9:41:10:c4:9b:b4:a2:85:07:76:23:ce:e4:12:2a:21:
7c:e4:fa:22:4a:4e:47:b7:68:68:2d:87:78:6d:4f:f2:97:c0:
3a:0b:6a:fc:35:81:66:25:cb:7a:ac:37:ee:95:75:21:49:1e:
17:4b:51:81:7c:50:ee:8a:06:68:7c:9c:8d:08:50:e7:6b:1c:
24:f1:8b:b7:4a:6a:08:31:89:5f:c7:e6:c4:d7:80:c0:06:d0:
29:2f:62:c8:51:05:d7:e9:b3:e5:cf:b6:ca:6a:c7:61:f4:ff:
22:fd:a6:55:fc:2e:03:f5:95:4d:b5:53:43:ab:c2:28:b7:7f:
5f:0b:0a:18
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQkRQVFAPm+UBp9s5sbNrnnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZTBmNzk4NDFjMDIxMGQ5NWI0ZWY1NmZmNjg0NDFjMmFh
OWZjMGYwHhcNMjUwMTAxMjM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzBmMDI4ZTVhMTMzZTBmYmFmMGRlY2U5ZWZhMTgwZmVkNjgyZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsRVfQSdZ0RKFmMKXyUNhRq5sOKE
7PH21DZIpnAPHmbTTTp1ZSrGhBmosxBVZdeutlPswkKue7vKkcinv/e7FiOvFBE7
xugxxk64rgmG6e6FRrSmUS4HY9ynSwdUL7fHT//a4xZb2K7FcKTatOZf8ek9dLpM
hvHXAKvW05/WElLiPgAUbWnbkP3G+Ose+E7nm2b44GHA64uFdZv2iyY/dnL5YUQr
2taw1NPJ+iN/TEUPDspfZhKcJhctnencEOM8Ks6TDqMwUhxFJe2B6NmsWfzUFYE8
d32Q0W5f8XzWo50y2cwgReVF/3PuF32/EWP4jTjZSVIm05qrs86npRGKzQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDwPAo5aEz4PuvDezp76GA/taC4ZMB8GA1UdIwQY
MBaAFLjg95hBwCENlbTvVv9oRBwqqfwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2Mt
NmVhM2NiZmQzYTg0LzEvUEE4Q2psb1RQZy02OE43T252b1lELTFvTGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2MtNmVhM2NiZmQzYTg0
LzEvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFRyIID
BAJRyIgwDQYJKoZIhvcNAQELBQADggEBAGnZNq0+xxiZyj9h0DgYRNI4xuSmQndN
C8SKDkEhBliVGWd2yNWhQTSKI1tNYh/4pJ1TFm7QLcXQuhfHA0n7W733tLn9WdCT
fstsyQ/3cvv7n+EBYsG7c+WcovgGszPCT+VBjxDi6qMy2u0MR9z+6dAATfV0MRdD
jBg8EdGgNKks+UEQxJu0ooUHdiPO5BIqIXzk+iJKTke3aGgth3htT/KXwDoLavw1
gWYly3qsN+6VdSFJHhdLUYF8UO6KBmh8nI0IUOdrHCTxi7dKaggxiV/H5sTXgMAG
0CkvYshRBdfps+XPtspqx2H0/yL9plX8LgP1lU21U0Orwii3f18LChg=
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:41:41 2025 by rpki-client