Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/CPodE3_RIBh9_-_Q9IrXnt0jBQQ.roa
File: CPodE3_RIBh9_-_Q9IrXnt0jBQQ.roa (raw, json)
Hash identifier: +FHXKf3f9JVzV+Qw7xj+2wXQmTxWPnbFGqd+rwkbcMY=
Subject key identifier: 08:FA:1D:13:7F:D1:20:18:7D:FF:EF:D0:F4:8A:D7:9E:DD:23:05:04
Certificate issuer: /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial: 019422FB69CBBB3E77E8CB696882A099919E
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/CPodE3_RIBh9_-_Q9IrXnt0jBQQ.roa
Signing time: Wed 01 Jan 2025 17:48:09 +0000
ROA not before: Wed 01 Jan 2025 17:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43519
IP address blocks: 149.20.120.0/24 maxlen: 24
149.20.121.0/24 maxlen: 24
149.20.122.0/24 maxlen: 24
149.20.123.0/24 maxlen: 24
213.248.200.0/24 maxlen: 24
213.248.201.0/24 maxlen: 24
213.248.202.0/24 maxlen: 24
213.248.203.0/24 maxlen: 24
213.248.204.0/24 maxlen: 24
213.248.205.0/24 maxlen: 24
213.248.206.0/24 maxlen: 24
213.248.207.0/24 maxlen: 24
213.248.216.0/24 maxlen: 24
213.248.217.0/24 maxlen: 24
213.248.218.0/24 maxlen: 24
213.248.219.0/24 maxlen: 24
213.248.220.0/24 maxlen: 24
213.248.221.0/24 maxlen: 24
213.248.222.0/24 maxlen: 24
213.248.223.0/24 maxlen: 24
213.248.254.0/24 maxlen: 24
2a01:618:200::/48 maxlen: 48
2a01:618:2ff::/48 maxlen: 48
2a01:618:400::/48 maxlen: 48
2a01:618:401::/48 maxlen: 48
2a01:618:402::/48 maxlen: 48
2a01:618:403::/48 maxlen: 48
2a01:618:404::/48 maxlen: 48
2a01:618:405::/48 maxlen: 48
2a01:618:406::/48 maxlen: 48
2a01:618:407::/48 maxlen: 48
2a01:618:408::/48 maxlen: 48
2a01:618:409::/48 maxlen: 48
2a01:618:4ff::/48 maxlen: 48
2a01:61e:1::/48 maxlen: 48
2a01:61e:2::/48 maxlen: 48
2a01:61e:3::/48 maxlen: 48
2a01:61e:4::/48 maxlen: 48
2a01:61e:5::/48 maxlen: 48
2a01:61e:6::/48 maxlen: 48
2a01:61e:fffc::/48 maxlen: 48
2a01:61e:fffd::/48 maxlen: 48
2a01:61e:fffe::/48 maxlen: 48
2a01:61e:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.mft
rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 01:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:69:cb:bb:3e:77:e8:cb:69:68:82:a0:99:91:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Validity
Not Before: Jan 1 17:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08fa1d137fd120187dffefd0f48ad79edd230504
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ca:db:c4:4f:ef:24:36:fa:79:22:7f:ce:af:
c5:21:a5:3f:f9:9e:13:cb:14:59:63:b6:bd:66:08:
69:1a:6d:f1:37:8f:ed:d2:0d:33:f5:48:9e:3c:1a:
ca:f0:46:7c:d3:7b:3f:bc:97:7f:89:0d:39:b4:74:
22:b7:ab:ad:64:38:9a:6b:99:c3:37:33:53:40:79:
58:b6:76:98:49:27:60:4b:13:3d:3b:a5:df:cc:b6:
88:42:83:41:5d:bc:83:2c:d8:8a:19:73:00:1e:67:
54:83:10:b5:40:22:dc:4e:e1:f2:57:fb:21:d0:7c:
7a:88:78:04:59:86:05:aa:f5:ca:1e:3d:a3:de:e1:
05:c4:54:64:ce:17:a5:c8:90:1e:33:43:bc:a6:dd:
7a:9c:e2:34:2d:f4:93:5c:2e:3e:c8:13:56:4b:7c:
06:9c:47:3c:d5:37:52:32:37:54:36:55:4c:98:72:
d7:5f:88:5b:72:62:25:a3:0b:97:20:53:9f:ec:49:
ee:d9:b4:bb:b1:50:a0:ff:83:11:e2:d9:1d:9e:fd:
bd:ad:2d:f5:69:26:c1:8f:1f:ed:6c:51:53:6f:13:
4c:54:6e:3f:86:4f:dc:28:1f:f1:24:c5:f9:17:74:
5b:39:df:91:21:cc:78:87:7f:fa:bc:c8:bc:d9:87:
70:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:FA:1D:13:7F:D1:20:18:7D:FF:EF:D0:F4:8A:D7:9E:DD:23:05:04
X509v3 Authority Key Identifier:
keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/CPodE3_RIBh9_-_Q9IrXnt0jBQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.20.120.0/22
213.248.200.0/21
213.248.216.0/21
213.248.254.0/24
IPv6:
2a01:618:200::/48
2a01:618:2ff::/48
2a01:618:400::-2a01:618:409:ffff:ffff:ffff:ffff:ffff
2a01:618:4ff::/48
2a01:61e:1::-2a01:61e:6:ffff:ffff:ffff:ffff:ffff
2a01:61e:fffc::/46
Signature Algorithm: sha256WithRSAEncryption
09:06:60:1a:79:67:3a:0e:8c:cb:02:17:8c:2a:b7:8a:8a:fd:
86:34:fb:44:78:c0:88:eb:6b:06:aa:8f:7c:37:9a:fa:b5:6e:
cb:b5:38:1d:6c:95:59:eb:e0:60:46:04:20:a4:7c:9b:33:c4:
60:ac:f8:6e:c0:63:db:66:cf:8b:50:c7:5d:ac:32:1d:62:f3:
5f:bd:e2:4a:43:1e:a5:0c:71:f2:68:6a:e5:2c:cf:6a:86:63:
65:67:49:c1:54:6b:84:3a:e2:be:ca:d1:60:c8:71:84:bd:ab:
b5:91:8c:36:b0:cb:af:6a:fe:c8:62:b9:7c:2c:c5:57:49:ef:
ea:eb:38:51:41:d5:26:fa:0b:7f:ed:1e:1f:0b:10:7c:0f:8f:
24:82:a6:1f:c0:2a:0d:fb:0b:49:14:61:17:78:40:01:c6:0c:
69:c9:95:4b:e8:c2:63:1a:dd:e2:db:b3:87:d0:df:27:19:21:
84:07:e6:79:97:6a:50:6b:55:fc:87:1f:ee:ce:7f:3a:f5:d9:
c6:8a:24:df:0e:4f:1a:61:f0:03:05:25:45:51:4d:9e:9d:27:
2d:2b:a8:23:b4:d0:95:d2:39:e7:ba:8a:ef:03:8f:00:92:2e:
c1:20:2c:73:24:7b:dd:77:2c:ab:b5:ec:a5:ba:ab:9e:43:f9:
00:42:6c:2f
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZQi+2nLuz536MtpaIKgmZGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjUwMTAxMTc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGZhMWQxMzdmZDEyMDE4N2RmZmVmZDBmNDhhZDc5ZWRkMjMwNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsrbxE/vJDb6eSJ/zq/FIaU/+Z4T
yxRZY7a9ZghpGm3xN4/t0g0z9UiePBrK8EZ803s/vJd/iQ05tHQit6utZDiaa5nD
NzNTQHlYtnaYSSdgSxM9O6XfzLaIQoNBXbyDLNiKGXMAHmdUgxC1QCLcTuHyV/sh
0Hx6iHgEWYYFqvXKHj2j3uEFxFRkzhelyJAeM0O8pt16nOI0LfSTXC4+yBNWS3wG
nEc81TdSMjdUNlVMmHLXX4hbcmIlowuXIFOf7Enu2bS7sVCg/4MR4tkdnv29rS31
aSbBjx/tbFFTbxNMVG4/hk/cKB/xJMX5F3RbOd+RIcx4h3/6vMi82YdwrwIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFAj6HRN/0SAYff/v0PSK157dIwUEMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvQ1BvZEUzX1JJQmg5Xy1fUTlJclhudDBqQlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwHgQCAAEwGAMEApUUeAME
A9X4yAMEA9X42AMEANX4/jBRBAIAAjBLAwcAKgEGGAIAAwcAKgEGGAL/MBEDBgIq
AQYYBAMHASoBBhgECAMHACoBBhgE/zASAwcAKgEGHgABAwcAKgEGHgAGAwcCKgEG
Hv/8MA0GCSqGSIb3DQEBCwUAA4IBAQAJBmAaeWc6DozLAheMKreKiv2GNPtEeMCI
62sGqo98N5r6tW7LtTgdbJVZ6+BgRgQgpHybM8RgrPhuwGPbZs+LUMddrDIdYvNf
veJKQx6lDHHyaGrlLM9qhmNlZ0nBVGuEOuK+ytFgyHGEvau1kYw2sMuvav7IYrl8
LMVXSe/q6zhRQdUm+gt/7R4fCxB8D48kgqYfwCoN+wtJFGEXeEABxgxpyZVL6MJj
Gt3i27OH0N8nGSGEB+Z5l2pQa1X8hx/uzn869dnGiiTfDk8aYfADBSVFUU2enSct
K6gjtNCV0jnnuorvA48Aki7BICxzJHvddyyrteyluqueQ/kAQmwv
-----END CERTIFICATE-----
Generated at Mon Apr 7 09:38:54 2025 by rpki-client