Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/7i8JH2gDDE50EmzV6j2wTHTOrXc.roa
File: 7i8JH2gDDE50EmzV6j2wTHTOrXc.roa (raw, json)
Hash identifier: N1lOwseUmLTmn9OgnciUdbf6hlxuHBxxnuvg8UgK1o8=
Subject key identifier: EE:2F:09:1F:68:03:0C:4E:74:12:6C:D5:EA:3D:B0:4C:74:CE:AD:77
Certificate issuer: /CN=0f091bdc666b8a59433c68d90e0d8cc37acdce92
Certificate serial: 01941F8CA37E2FAA06D2D419AB0317F2DC80
Authority key identifier: 0F:09:1B:DC:66:6B:8A:59:43:3C:68:D9:0E:0D:8C:C3:7A:CD:CE:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Dwkb3GZrillDPGjZDg2Mw3rNzpI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/7i8JH2gDDE50EmzV6j2wTHTOrXc.roa
Signing time: Wed 01 Jan 2025 01:48:18 +0000
ROA not before: Wed 01 Jan 2025 01:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198399
IP address blocks: 37.34.72.0/21 maxlen: 24
185.95.224.0/22 maxlen: 24
195.93.168.0/23 maxlen: 24
2a00:c5e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/Dwkb3GZrillDPGjZDg2Mw3rNzpI.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/Dwkb3GZrillDPGjZDg2Mw3rNzpI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Dwkb3GZrillDPGjZDg2Mw3rNzpI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 22:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:a3:7e:2f:aa:06:d2:d4:19:ab:03:17:f2:dc:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0f091bdc666b8a59433c68d90e0d8cc37acdce92
Validity
Not Before: Jan 1 01:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ee2f091f68030c4e74126cd5ea3db04c74cead77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:86:f6:d5:13:cb:c1:eb:65:4f:3b:a7:5f:90:
cd:29:d1:df:d9:af:2e:bb:91:7d:b7:c8:6c:84:7f:
f1:5d:14:62:49:b4:bf:d9:9d:bf:4b:53:4f:2f:04:
1f:42:7b:32:61:f7:40:f4:85:36:ad:26:28:f4:b8:
49:11:75:a7:e9:af:a3:93:a9:df:a5:3a:a9:6f:80:
66:fb:93:59:70:9d:a1:1f:b1:56:16:27:9f:b5:4f:
ee:24:c6:2a:4d:e2:66:8a:eb:0b:56:b3:63:4e:dc:
ce:59:52:a1:b6:88:9c:cc:1d:d4:56:94:50:f5:7b:
3c:0c:5c:ba:eb:f1:8d:c3:24:cf:d0:c5:77:21:09:
e5:a2:c9:0b:60:a1:3a:aa:93:71:52:ab:00:c0:8d:
97:19:cf:31:48:d7:98:8d:5b:cb:44:f5:85:8b:d9:
d4:08:15:6a:f3:0f:52:96:ef:65:f0:1d:f5:42:48:
aa:f8:05:77:73:95:d0:4a:37:fb:ae:0f:28:ec:6d:
bd:a9:f6:3a:09:1c:ab:a4:6a:d5:dd:99:74:d3:83:
3f:80:ba:ee:40:c5:13:71:62:3f:46:92:48:78:92:
7b:3d:22:89:72:3c:55:d4:13:13:e1:2b:12:1a:0c:
10:d9:5f:e8:f1:43:fb:dc:a0:fa:80:23:e4:59:de:
bb:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:2F:09:1F:68:03:0C:4E:74:12:6C:D5:EA:3D:B0:4C:74:CE:AD:77
X509v3 Authority Key Identifier:
keyid:0F:09:1B:DC:66:6B:8A:59:43:3C:68:D9:0E:0D:8C:C3:7A:CD:CE:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dwkb3GZrillDPGjZDg2Mw3rNzpI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/7i8JH2gDDE50EmzV6j2wTHTOrXc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b64083-550e-4caf-bc29-a34a8b806832/1/Dwkb3GZrillDPGjZDg2Mw3rNzpI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.34.72.0/21
185.95.224.0/22
195.93.168.0/23
IPv6:
2a00:c5e0::/32
Signature Algorithm: sha256WithRSAEncryption
3f:9f:ee:be:c3:b6:18:3f:8f:51:9d:37:66:22:d3:d4:de:78:
90:12:a7:60:f7:cf:b9:0e:8e:d2:3b:8e:52:ca:0e:25:90:db:
74:f4:81:87:47:d5:15:ae:f2:e2:db:5f:3b:cf:2e:f6:52:a2:
16:ab:d3:38:15:cc:1f:3a:cc:d8:40:2e:5c:48:47:79:6d:7f:
97:99:5c:1d:45:33:55:61:92:e9:87:6a:ac:bd:d9:a6:58:23:
67:a3:6a:33:53:cc:75:93:98:1e:15:aa:9e:c3:ba:5e:9c:be:
9c:e8:d7:4f:ec:87:f7:d8:16:0e:0f:38:c1:c8:66:f6:3a:70:
dc:3d:b2:c9:ed:39:02:43:e4:8b:94:83:71:17:c6:7d:78:e3:
11:57:40:26:54:57:73:1a:f9:70:e6:c3:c2:31:ba:36:5a:1c:
01:43:80:ac:24:97:64:db:4e:34:b5:df:fa:25:36:99:fe:12:
b4:e4:9f:3a:d5:68:8b:40:1b:6b:5a:db:8e:1b:b4:b4:1d:25:
8b:42:d2:0a:da:bd:f1:ea:df:41:49:d4:dd:d7:0c:02:46:1d:
87:0e:fd:27:86:ff:55:a9:fa:50:70:73:9d:dc:ac:fb:f5:cf:
c1:3b:09:ef:10:a9:ab:dc:7a:98:22:6a:3a:d8:a5:cf:a7:a1:
88:51:9f:38
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQfjKN+L6oG0tQZqwMX8tyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMDkxYmRjNjY2YjhhNTk0MzNjNjhkOTBlMGQ4Y2MzN2Fj
ZGNlOTIwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTJmMDkxZjY4MDMwYzRlNzQxMjZjZDVlYTNkYjA0Yzc0Y2VhZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArob21RPLwetlTzunX5DNKdHf2a8u
u5F9t8hshH/xXRRiSbS/2Z2/S1NPLwQfQnsyYfdA9IU2rSYo9LhJEXWn6a+jk6nf
pTqpb4Bm+5NZcJ2hH7FWFieftU/uJMYqTeJmiusLVrNjTtzOWVKhtoiczB3UVpRQ
9Xs8DFy66/GNwyTP0MV3IQnloskLYKE6qpNxUqsAwI2XGc8xSNeYjVvLRPWFi9nU
CBVq8w9Slu9l8B31Qkiq+AV3c5XQSjf7rg8o7G29qfY6CRyrpGrV3Zl004M/gLru
QMUTcWI/RpJIeJJ7PSKJcjxV1BMT4SsSGgwQ2V/o8UP73KD6gCPkWd67nwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFO4vCR9oAwxOdBJs1eo9sEx0zq13MB8GA1UdIwQY
MBaAFA8JG9xma4pZQzxo2Q4NjMN6zc6SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHdrYjNHWnJpbGxEUEdqWkRnMk13M3JOenBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9iNjQwODMtNTUwZS00Y2FmLWJjMjkt
YTM0YThiODA2ODMyLzEvN2k4SkgyZ0RERTUwRW16VjZqMndUSFRPclhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9iNjQwODMtNTUwZS00Y2FmLWJjMjktYTM0YThiODA2ODMy
LzEvRHdrYjNHWnJpbGxEUEdqWkRnMk13M3JOenBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJSJIAwQC
uV/gAwQBw12oMA0EAgACMAcDBQAqAMXgMA0GCSqGSIb3DQEBCwUAA4IBAQA/n+6+
w7YYP49RnTdmItPU3niQEqdg98+5Do7SO45Syg4lkNt09IGHR9UVrvLi2187zy72
UqIWq9M4FcwfOszYQC5cSEd5bX+XmVwdRTNVYZLph2qsvdmmWCNno2ozU8x1k5ge
Faqew7penL6c6NdP7If32BYODzjByGb2OnDcPbLJ7TkCQ+SLlINxF8Z9eOMRV0Am
VFdzGvlw5sPCMbo2WhwBQ4CsJJdk2040td/6JTaZ/hK05J861WiLQBtrWtuOG7S0
HSWLQtIK2r3x6t9BSdTd1wwCRh2HDv0nhv9VqfpQcHOd3Kz79c/BOwnvEKmr3HqY
Imo62KXPp6GIUZ84
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:45:45 2025 by rpki-client