Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/sFFOUDvWTzfSymlwSYpDyp4rZVo.roa
File: sFFOUDvWTzfSymlwSYpDyp4rZVo.roa (raw, json)
Hash identifier: hd1EPhU6XZRPUxka9ECqkCcKF9k2GizgSrw0eDBr9g4=
Subject key identifier: B0:51:4E:50:3B:D6:4F:37:D2:CA:69:70:49:8A:43:CA:9E:2B:65:5A
Certificate issuer: /CN=3cde2470c8563949487a3e78743c544c99ec8a64
Certificate serial: 0194266C1E9C1998CADAF0A5D6479E8E34A0
Authority key identifier: 3C:DE:24:70:C8:56:39:49:48:7A:3E:78:74:3C:54:4C:99:EC:8A:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PN4kcMhWOUlIej54dDxUTJnsimQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/sFFOUDvWTzfSymlwSYpDyp4rZVo.roa
Signing time: Thu 02 Jan 2025 09:50:07 +0000
ROA not before: Thu 02 Jan 2025 09:50:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30857
IP address blocks: 86.111.192.0/22 maxlen: 22
86.111.192.0/24 maxlen: 24
86.111.193.0/24 maxlen: 24
86.111.194.0/24 maxlen: 24
86.111.195.0/24 maxlen: 24
86.111.196.0/23 maxlen: 23
86.111.196.0/24 maxlen: 24
86.111.197.0/24 maxlen: 24
2001:67c:130::/48 maxlen: 48
2001:67c:18c8::/47 maxlen: 47
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/PN4kcMhWOUlIej54dDxUTJnsimQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/PN4kcMhWOUlIej54dDxUTJnsimQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/PN4kcMhWOUlIej54dDxUTJnsimQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:1e:9c:19:98:ca:da:f0:a5:d6:47:9e:8e:34:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3cde2470c8563949487a3e78743c544c99ec8a64
Validity
Not Before: Jan 2 09:50:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b0514e503bd64f37d2ca6970498a43ca9e2b655a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:f2:4f:e3:a5:aa:17:29:e4:6e:c9:c9:36:a4:
48:89:29:0f:67:66:3e:67:d0:8d:dd:4b:63:9f:4f:
42:f6:5c:9f:2f:21:62:11:3e:e9:a0:45:f5:b0:01:
49:32:f3:04:99:8a:25:c8:b6:ff:b8:6f:55:17:40:
82:40:59:14:2c:9a:88:60:a8:c7:eb:40:20:50:41:
1e:53:f5:9a:aa:e7:c6:20:f1:0d:97:06:7e:a1:00:
93:bc:bf:02:fb:bb:b4:de:85:02:03:8f:f5:93:41:
93:20:95:25:93:ba:2f:ec:04:c1:4c:6d:f4:81:62:
38:da:ed:a7:28:04:7f:48:e1:d5:32:87:19:9d:c4:
3f:f1:09:dc:87:79:4c:ec:26:68:a1:37:ca:75:57:
4e:b0:9d:d8:15:0d:b5:80:1f:f8:ce:72:d7:3d:3f:
f5:a1:e4:65:b1:36:f0:1f:df:64:99:82:e9:57:bf:
31:db:bd:cc:21:37:5e:63:25:cc:64:7b:3e:49:b3:
3d:99:86:5a:27:3f:0b:7a:e4:46:0d:f6:9d:1d:fb:
ad:c6:ed:4a:db:a1:7f:e4:33:86:63:e0:e4:e0:c6:
4a:60:e6:6f:98:19:f0:b9:41:29:82:06:a9:85:f4:
6a:ac:01:be:f0:54:1b:83:bb:a6:cc:f4:98:e8:ba:
3d:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:51:4E:50:3B:D6:4F:37:D2:CA:69:70:49:8A:43:CA:9E:2B:65:5A
X509v3 Authority Key Identifier:
keyid:3C:DE:24:70:C8:56:39:49:48:7A:3E:78:74:3C:54:4C:99:EC:8A:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN4kcMhWOUlIej54dDxUTJnsimQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/sFFOUDvWTzfSymlwSYpDyp4rZVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/PN4kcMhWOUlIej54dDxUTJnsimQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.111.192.0-86.111.197.255
IPv6:
2001:67c:130::/48
2001:67c:18c8::/47
Signature Algorithm: sha256WithRSAEncryption
08:6b:da:33:5c:48:00:b6:f1:38:c4:7b:00:c0:0f:e3:0c:2c:
7d:90:5f:46:88:38:ce:26:98:a7:7d:cc:69:62:06:9e:83:ac:
54:a5:3c:bf:69:51:80:b7:56:f2:ee:08:6d:ee:e2:26:cf:c7:
45:5d:8e:fb:93:d0:e5:b8:e5:a4:2f:1d:59:db:29:e2:5d:61:
8c:a2:b6:5b:e2:31:66:33:69:0c:0c:1a:ca:97:9d:88:05:02:
12:22:12:f0:79:bb:b4:bf:6f:b2:e4:05:26:76:13:cc:15:8d:
a3:ba:16:96:53:12:a6:a9:50:e0:27:75:61:fa:eb:cb:ac:c5:
ee:9c:18:21:d7:ff:c8:f5:cc:41:1d:b8:23:a3:c7:0a:62:92:
80:90:51:09:fe:38:ec:ff:0f:35:8a:e2:5d:35:88:82:3c:ef:
19:36:2c:b3:6c:64:c2:a2:79:06:28:9d:11:76:f8:b3:a8:62:
2a:7d:a5:37:aa:14:98:d8:2a:74:03:f9:f9:2b:b7:38:5b:1e:
06:44:23:25:8d:79:e6:53:0a:d4:0d:d7:77:a5:39:fb:cc:0f:
2f:9b:96:27:b0:a9:ef:9c:66:93:83:88:33:7b:01:15:6d:d2:
3e:6b:f7:ed:ac:9b:7b:4c:0a:8f:7a:65:30:78:52:d7:2a:48:
6d:b0:0f:66
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQmbB6cGZjK2vCl1keejjSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZGUyNDcwYzg1NjM5NDk0ODdhM2U3ODc0M2M1NDRjOTll
YzhhNjQwHhcNMjUwMTAyMDk1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDUxNGU1MDNiZDY0ZjM3ZDJjYTY5NzA0OThhNDNjYTllMmI2NTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPJP46WqFynkbsnJNqRIiSkPZ2Y+
Z9CN3Utjn09C9lyfLyFiET7poEX1sAFJMvMEmYolyLb/uG9VF0CCQFkULJqIYKjH
60AgUEEeU/WaqufGIPENlwZ+oQCTvL8C+7u03oUCA4/1k0GTIJUlk7ov7ATBTG30
gWI42u2nKAR/SOHVMocZncQ/8Qnch3lM7CZooTfKdVdOsJ3YFQ21gB/4znLXPT/1
oeRlsTbwH99kmYLpV78x273MITdeYyXMZHs+SbM9mYZaJz8LeuRGDfadHfutxu1K
26F/5DOGY+Dk4MZKYOZvmBnwuUEpggaphfRqrAG+8FQbg7umzPSY6Lo9iQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFLBRTlA71k830sppcEmKQ8qeK2VaMB8GA1UdIwQY
MBaAFDzeJHDIVjlJSHo+eHQ8VEyZ7IpkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE40a2NNaFdPVWxJZWo1NGREeFVUSm5zaW1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9mYTc5Y2YtOGM0Yy00MDk0LWExZjUt
NDQxNzFiMmY1OTllLzEvc0ZGT1VEdldUemZTeW1sd1NZcER5cDRyWlZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9mYTc5Y2YtOGM0Yy00MDk0LWExZjUtNDQxNzFiMmY1OTll
LzEvUE40a2NNaFdPVWxJZWo1NGREeFVUSm5zaW1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAUBAIAATAOMAwDBAZWb8AD
BAFWb8QwGAQCAAIwEgMHACABBnwBMAMHASABBnwYyDANBgkqhkiG9w0BAQsFAAOC
AQEACGvaM1xIALbxOMR7AMAP4wwsfZBfRog4ziaYp33MaWIGnoOsVKU8v2lRgLdW
8u4Ibe7iJs/HRV2O+5PQ5bjlpC8dWdsp4l1hjKK2W+IxZjNpDAwaypediAUCEiIS
8Hm7tL9vsuQFJnYTzBWNo7oWllMSpqlQ4Cd1Yfrry6zF7pwYIdf/yPXMQR24I6PH
CmKSgJBRCf447P8PNYriXTWIgjzvGTYss2xkwqJ5BiidEXb4s6hiKn2lN6oUmNgq
dAP5+Su3OFseBkQjJY155lMK1A3Xd6U5+8wPL5uWJ7Cp75xmk4OIM3sBFW3SPmv3
7aybe0wKj3plMHhS1ypIbbAPZg==
-----END CERTIFICATE-----
Generated at Sun Apr 13 08:41:58 2025 by rpki-client