Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/488f90-224e-4634-967f-8f181d3a3e8f/1/Gh9PpfuY5LxhoKf93mfL5cK3chM.roa
File: Gh9PpfuY5LxhoKf93mfL5cK3chM.roa (raw, json)
Hash identifier: h2BIVV97ReDZkfRDJTGtHCoQkarTn+cxIbkViPsb5Nw=
Subject key identifier: 1A:1F:4F:A5:FB:98:E4:BC:61:A0:A7:FD:DE:67:CB:E5:C2:B7:72:13
Certificate issuer: /CN=8cf0b0b46a08d1e70fcbdd877ad939a0132e1269
Certificate serial: 019425FC473FBC03F3912BDCAD9FAEBA95F9
Authority key identifier: 8C:F0:B0:B4:6A:08:D1:E7:0F:CB:DD:87:7A:D9:39:A0:13:2E:12:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jPCwtGoI0ecPy92Hetk5oBMuEmk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/488f90-224e-4634-967f-8f181d3a3e8f/1/Gh9PpfuY5LxhoKf93mfL5cK3chM.roa
Signing time: Thu 02 Jan 2025 07:47:57 +0000
ROA not before: Thu 02 Jan 2025 07:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206255
IP address blocks: 185.174.196.0/24 maxlen: 24
185.174.197.0/24 maxlen: 24
185.174.198.0/24 maxlen: 24
185.174.199.0/24 maxlen: 24
2a11:b880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/488f90-224e-4634-967f-8f181d3a3e8f/1/jPCwtGoI0ecPy92Hetk5oBMuEmk.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/488f90-224e-4634-967f-8f181d3a3e8f/1/jPCwtGoI0ecPy92Hetk5oBMuEmk.mft
rsync://rpki.ripe.net/repository/DEFAULT/jPCwtGoI0ecPy92Hetk5oBMuEmk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:47:3f:bc:03:f3:91:2b:dc:ad:9f:ae:ba:95:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8cf0b0b46a08d1e70fcbdd877ad939a0132e1269
Validity
Not Before: Jan 2 07:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1a1f4fa5fb98e4bc61a0a7fdde67cbe5c2b77213
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:96:f3:5e:cd:72:c1:b4:22:97:ef:43:b0:07:
d5:a1:85:7c:3a:82:a1:ec:f7:d4:8d:c3:63:e3:11:
24:a8:7a:e7:0c:57:2b:1e:50:b3:c9:6f:a6:da:64:
27:e3:09:c7:5f:c0:3b:6d:25:06:67:6b:4c:d4:ff:
b7:14:6a:ee:2a:e7:78:72:a0:fc:33:f7:8c:19:ae:
7c:79:bd:8b:c2:83:82:76:be:fb:d9:83:fd:f2:f9:
aa:88:c5:e7:76:e3:41:7e:09:3b:72:f0:73:19:e0:
f8:40:bd:71:61:7c:c0:b4:ba:7b:69:27:71:ae:51:
f3:84:6f:2f:f1:0d:e2:0a:1a:d4:f4:29:f9:6c:81:
53:87:09:bf:39:5c:57:00:88:c1:ed:2a:ac:4c:4c:
03:bb:f4:34:51:29:74:4f:0a:8d:2d:af:6f:ef:63:
24:1c:c7:9f:ef:f6:ac:1c:38:c6:85:31:8d:bb:01:
77:b4:b7:98:37:58:c0:51:c4:60:95:c3:1f:ff:cf:
7b:9f:17:db:0e:95:b3:62:3b:3f:7e:3c:c6:42:f1:
0d:12:0e:ba:00:9f:18:09:e8:b5:8e:06:6b:53:a6:
2a:90:78:dd:1c:4d:55:29:e9:57:92:50:e2:44:87:
ce:f2:0b:bc:31:c3:de:7a:0a:20:9a:d4:4f:bf:49:
ad:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:1F:4F:A5:FB:98:E4:BC:61:A0:A7:FD:DE:67:CB:E5:C2:B7:72:13
X509v3 Authority Key Identifier:
keyid:8C:F0:B0:B4:6A:08:D1:E7:0F:CB:DD:87:7A:D9:39:A0:13:2E:12:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jPCwtGoI0ecPy92Hetk5oBMuEmk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/488f90-224e-4634-967f-8f181d3a3e8f/1/Gh9PpfuY5LxhoKf93mfL5cK3chM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/488f90-224e-4634-967f-8f181d3a3e8f/1/jPCwtGoI0ecPy92Hetk5oBMuEmk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.174.196.0/22
IPv6:
2a11:b880::/29
Signature Algorithm: sha256WithRSAEncryption
9e:9e:94:4b:22:89:2f:4b:0d:04:2d:67:9d:7b:b9:3b:29:db:
c3:c0:75:b2:ff:47:14:07:0d:db:8b:74:8f:e8:bf:b2:d5:d4:
61:c6:22:05:36:24:71:57:3d:f2:22:e1:b7:f8:5a:84:cb:b7:
0c:f1:3e:01:0a:90:48:03:b9:fb:63:33:e6:18:95:97:db:1a:
ec:0c:80:c7:af:ec:7e:9a:8e:14:50:e6:4b:60:bd:f2:43:b6:
1b:90:d8:b4:ad:67:73:16:06:b1:72:87:7b:b6:25:e1:67:f7:
8b:2b:26:64:b3:2e:b6:d2:3a:e9:a0:68:1d:68:04:cd:79:54:
09:1c:ef:3c:87:b6:66:37:06:5f:35:df:5e:95:68:d0:7d:7a:
8d:03:d0:c3:bf:2a:a6:f3:d9:96:aa:a7:38:e0:94:3e:d4:c3:
03:c9:af:87:5d:97:02:2b:c6:09:a9:bb:e1:c0:97:a3:7b:cd:
63:fe:07:f6:bf:c0:c2:47:32:d6:dc:02:a2:83:28:70:34:c3:
c4:c0:76:e8:1c:7e:78:48:63:12:a7:00:04:4c:d9:a5:2e:04:
10:3f:c1:89:4a:41:71:0d:9b:3d:b0:c9:60:9a:39:39:ca:71:
46:78:80:54:b1:a6:41:00:b5:71:34:7a:bf:3e:a6:b5:83:4a:
34:7b:d8:ed
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/Ec/vAPzkSvcrZ+uupX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZjBiMGI0NmEwOGQxZTcwZmNiZGQ4NzdhZDkzOWEwMTMy
ZTEyNjkwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTFmNGZhNWZiOThlNGJjNjFhMGE3ZmRkZTY3Y2JlNWMyYjc3MjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypbzXs1ywbQil+9DsAfVoYV8OoKh
7PfUjcNj4xEkqHrnDFcrHlCzyW+m2mQn4wnHX8A7bSUGZ2tM1P+3FGruKud4cqD8
M/eMGa58eb2LwoOCdr772YP98vmqiMXnduNBfgk7cvBzGeD4QL1xYXzAtLp7aSdx
rlHzhG8v8Q3iChrU9Cn5bIFThwm/OVxXAIjB7SqsTEwDu/Q0USl0TwqNLa9v72Mk
HMef7/asHDjGhTGNuwF3tLeYN1jAUcRglcMf/897nxfbDpWzYjs/fjzGQvENEg66
AJ8YCei1jgZrU6YqkHjdHE1VKelXklDiRIfO8gu8McPeegogmtRPv0mt5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBofT6X7mOS8YaCn/d5ny+XCt3ITMB8GA1UdIwQY
MBaAFIzwsLRqCNHnD8vdh3rZOaATLhJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalBDd3RHb0kwZWNQeTkySGV0azVvQk11RW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80ODhmOTAtMjI0ZS00NjM0LTk2N2Yt
OGYxODFkM2EzZThmLzEvR2g5UHBmdVk1THhob0tmOTNtZkw1Y0szY2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80ODhmOTAtMjI0ZS00NjM0LTk2N2YtOGYxODFkM2EzZThm
LzEvalBDd3RHb0kwZWNQeTkySGV0azVvQk11RW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua7EMA0E
AgACMAcDBQMqEbiAMA0GCSqGSIb3DQEBCwUAA4IBAQCenpRLIokvSw0ELWede7k7
KdvDwHWy/0cUBw3bi3SP6L+y1dRhxiIFNiRxVz3yIuG3+FqEy7cM8T4BCpBIA7n7
YzPmGJWX2xrsDIDHr+x+mo4UUOZLYL3yQ7YbkNi0rWdzFgaxcod7tiXhZ/eLKyZk
sy620jrpoGgdaATNeVQJHO88h7ZmNwZfNd9elWjQfXqNA9DDvyqm89mWqqc44JQ+
1MMDya+HXZcCK8YJqbvhwJeje81j/gf2v8DCRzLW3AKigyhwNMPEwHboHH54SGMS
pwAETNmlLgQQP8GJSkFxDZs9sMlgmjk5ynFGeIBUsaZBALVxNHq/Pqa1g0o0e9jt
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:30:16 2025 by rpki-client