Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/S8E-qbm1BXEqIdetmmA1nZNgj7U.roa
File: S8E-qbm1BXEqIdetmmA1nZNgj7U.roa (raw, json)
Hash identifier: 3uwA4cyu+agvPaXd967UOebPOsNVk53AsWpnmfz8XsE=
Subject key identifier: 4B:C1:3E:A9:B9:B5:05:71:2A:21:D7:AD:9A:60:35:9D:93:60:8F:B5
Certificate issuer: /CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Certificate serial: 019421B20EC8DFA0A71DEAEFEBE575F48025
Authority key identifier: 1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/S8E-qbm1BXEqIdetmmA1nZNgj7U.roa
Signing time: Wed 01 Jan 2025 11:48:24 +0000
ROA not before: Wed 01 Jan 2025 11:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48284
IP address blocks: 5.199.176.0/21 maxlen: 21
88.133.240.0/21 maxlen: 30
94.125.72.0/21 maxlen: 21
109.70.192.0/21 maxlen: 21
109.235.224.0/21 maxlen: 21
130.255.104.0/21 maxlen: 21
185.35.208.0/22 maxlen: 22
212.237.168.0/21 maxlen: 21
2a02:778::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.mft
rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 11:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:0e:c8:df:a0:a7:1d:ea:ef:eb:e5:75:f4:80:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Validity
Not Before: Jan 1 11:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4bc13ea9b9b505712a21d7ad9a60359d93608fb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7a:cd:0d:92:e3:f7:2d:ce:ae:7f:e0:ca:08:
7c:8e:7a:f1:4f:15:90:0d:9c:b9:6a:f1:38:b8:4b:
a9:69:6f:9b:75:cd:9d:3e:8e:98:a8:c3:7d:74:c0:
2c:f8:f5:03:b1:c3:ca:df:9c:09:05:34:dd:4d:ae:
bd:e9:f4:be:68:5e:b0:db:d0:2d:5b:eb:3c:4d:db:
51:5d:0e:ab:4c:11:15:c9:e7:67:a6:39:a6:7c:06:
91:68:15:2a:9d:ba:9f:3c:ad:ea:06:5e:3b:8c:80:
37:e6:4c:58:f0:0e:58:07:06:dd:1a:19:a8:2f:22:
01:d0:85:57:04:b3:48:3d:9d:c2:d5:68:a5:f8:d6:
b4:b9:f1:be:1e:f6:a8:79:aa:40:cf:af:44:d3:3d:
36:ae:cd:b8:08:29:24:d7:e1:90:56:d9:61:15:51:
8e:76:9e:6c:22:5d:57:31:1e:86:2e:0b:c6:9e:1b:
d9:7d:0c:68:e3:d0:19:a1:6c:f9:09:d3:73:a9:c5:
70:1e:ca:b2:df:f5:a6:a4:d1:01:ea:71:71:a0:7b:
d2:2d:1d:2c:72:a6:9f:c5:be:9a:f9:db:1a:ec:1e:
f3:69:fe:0c:95:cd:e6:69:8c:dc:ee:2e:48:a4:40:
58:13:51:aa:82:63:8c:c0:49:7a:c7:09:2f:44:03:
a2:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:C1:3E:A9:B9:B5:05:71:2A:21:D7:AD:9A:60:35:9D:93:60:8F:B5
X509v3 Authority Key Identifier:
keyid:1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/S8E-qbm1BXEqIdetmmA1nZNgj7U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.199.176.0/21
88.133.240.0/21
94.125.72.0/21
109.70.192.0/21
109.235.224.0/21
130.255.104.0/21
185.35.208.0/22
212.237.168.0/21
IPv6:
2a02:778::/32
Signature Algorithm: sha256WithRSAEncryption
c2:15:af:b5:76:3e:a6:3e:b1:44:71:7d:86:79:a3:62:f3:38:
c0:ab:e1:15:6b:85:d8:aa:c4:14:4b:6a:f7:17:93:a2:32:ec:
a9:43:0f:b6:88:5c:4f:d6:7c:be:ee:d3:c7:5e:6f:6f:93:5d:
4b:77:fd:4c:ea:60:d3:c1:d3:11:1f:41:32:5b:78:77:fc:ca:
a9:cb:cd:88:50:5d:f8:e8:cd:44:aa:16:16:27:ef:0f:ff:e5:
d8:37:4d:9b:a3:d7:aa:23:3f:b5:79:5d:fe:ba:58:a7:e9:62:
2c:b6:37:e6:ed:40:48:d9:69:cc:7f:ee:78:34:ba:cc:75:16:
cc:2a:04:e5:b8:31:d8:69:67:92:37:f2:6f:1c:65:6b:df:6e:
27:bb:2e:dc:ac:7f:46:41:14:41:fb:3c:ef:c9:f9:ee:bf:d3:
73:aa:d8:64:cb:6e:88:8f:3b:08:02:82:3f:42:e3:a8:4c:cb:
93:29:da:3f:89:d5:e4:93:0f:c9:eb:97:cc:0e:28:ce:00:52:
e5:1b:3f:e8:a2:86:f7:77:3c:0e:8d:94:03:b0:bf:8e:76:d9:
bf:aa:03:fb:a3:78:53:3e:a2:28:7b:06:bd:7f:9d:91:62:a0:
f4:92:27:f0:e3:71:42:54:e0:6c:a8:ef:52:9d:9b:7c:15:66:
45:31:83:60
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQhsg7I36CnHerv6+V19IAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzlkNTc5MzZkZDJkMTUyMTQ0M2U2OGRhZGQ5ZDA5NDlj
ZGUzM2YwHhcNMjUwMTAxMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmMxM2VhOWI5YjUwNTcxMmEyMWQ3YWQ5YTYwMzU5ZDkzNjA4ZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXrNDZLj9y3Orn/gygh8jnrxTxWQ
DZy5avE4uEupaW+bdc2dPo6YqMN9dMAs+PUDscPK35wJBTTdTa696fS+aF6w29At
W+s8TdtRXQ6rTBEVyednpjmmfAaRaBUqnbqfPK3qBl47jIA35kxY8A5YBwbdGhmo
LyIB0IVXBLNIPZ3C1Wil+Na0ufG+HvaoeapAz69E0z02rs24CCkk1+GQVtlhFVGO
dp5sIl1XMR6GLgvGnhvZfQxo49AZoWz5CdNzqcVwHsqy3/WmpNEB6nFxoHvSLR0s
cqafxb6a+dsa7B7zaf4Mlc3maYzc7i5IpEBYE1GqgmOMwEl6xwkvRAOiSwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEvBPqm5tQVxKiHXrZpgNZ2TYI+1MB8GA1UdIwQY
MBaAFBw51Xk23S0VIUQ+aNrdnQlJzeM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2Qt
ZDdjNWRhN2MxNjc2LzEvUzhFLXFibTFCWEVxSWRldG1tQTFuWk5najdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2QtZDdjNWRhN2MxNjc2
LzEvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBcewAwQD
WIXwAwQDXn1IAwQDbUbAAwQDbevgAwQDgv9oAwQCuSPQAwQD1O2oMA0EAgACMAcD
BQAqAgd4MA0GCSqGSIb3DQEBCwUAA4IBAQDCFa+1dj6mPrFEcX2GeaNi8zjAq+EV
a4XYqsQUS2r3F5OiMuypQw+2iFxP1ny+7tPHXm9vk11Ld/1M6mDTwdMRH0EyW3h3
/Mqpy82IUF346M1EqhYWJ+8P/+XYN02bo9eqIz+1eV3+ulin6WIstjfm7UBI2WnM
f+54NLrMdRbMKgTluDHYaWeSN/JvHGVr324nuy7crH9GQRRB+zzvyfnuv9Nzqthk
y26IjzsIAoI/QuOoTMuTKdo/idXkkw/J65fMDijOAFLlGz/ooob3dzwOjZQDsL+O
dtm/qgP7o3hTPqIoewa9f52RYqD0kifw43FCVOBsqO9SnZt8FWZFMYNg
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:44:59 2025 by rpki-client