Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/O-aTNeAUuhRfRBdVxSFTjH721NM.roa
File: O-aTNeAUuhRfRBdVxSFTjH721NM.roa (raw, json)
Hash identifier: 646Eeqep+XalWbfa7ZRu6J/EFuQON8lDSdfIDR01CgY=
Subject key identifier: 3B:E6:93:35:E0:14:BA:14:5F:44:17:55:C5:21:53:8C:7E:F6:D4:D3
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 0194BC8FC70099432ADED180676AD5DE91FF
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/O-aTNeAUuhRfRBdVxSFTjH721NM.roa
Signing time: Fri 31 Jan 2025 13:32:06 +0000
ROA not before: Fri 31 Jan 2025 13:32:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13285
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
81.6.192.0/18 maxlen: 24
82.133.0.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.14.0.0/15 maxlen: 24
92.16.0.0/12 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
195.112.0.0/18 maxlen: 24
195.149.0.0/18 maxlen: 24
212.139.24.0/24 maxlen: 24
212.139.133.0/24 maxlen: 24
212.139.148.0/22 maxlen: 22
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
2001:7e0::/32 maxlen: 32
2001:4a00::/27 maxlen: 27
2a00:4340::/32 maxlen: 32
2a0b:db00::/29 maxlen: 29
2a0b:e900::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 03:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:bc:8f:c7:00:99:43:2a:de:d1:80:67:6a:d5:de:91:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Jan 31 13:32:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3be69335e014ba145f441755c521538c7ef6d4d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:dc:01:7d:56:d7:20:e5:ea:63:11:99:d1:5b:
c2:8f:25:5c:c4:99:60:16:a5:0d:a3:d6:87:46:4b:
45:f7:30:a1:b2:f5:f5:0a:61:02:81:f7:52:5b:29:
6f:77:4a:98:f7:f3:a5:58:93:c0:e9:04:62:f4:aa:
7d:75:ec:97:0c:ae:95:82:3f:0e:3b:bd:42:c2:62:
ad:7b:d3:83:5e:9a:4b:2b:9a:95:c6:1f:48:26:52:
39:b8:34:78:d7:6c:8f:26:1d:6f:d3:8c:97:d5:da:
07:5b:4e:b4:37:15:28:db:b1:2d:65:60:c9:ef:b7:
9e:c7:1f:c2:f6:10:6d:0f:1c:50:b8:07:40:7d:f8:
38:86:c3:1e:fa:08:02:4e:5d:26:eb:c2:d8:41:b4:
3b:07:fe:af:9e:09:8d:79:5d:cb:88:da:76:26:f3:
37:b9:d1:99:b3:8a:ad:24:90:26:27:8e:08:a5:33:
d2:23:17:0d:21:53:3b:6c:37:dc:e8:33:2d:66:34:
18:20:cf:5a:9e:ff:b5:cb:91:a8:b0:cc:43:06:43:
c7:91:e3:8b:70:03:54:c0:49:f9:b2:c2:f8:27:0d:
8a:ad:4f:74:17:6d:03:4d:2b:e5:26:d5:13:75:d9:
6d:05:c2:7a:49:45:4a:25:b6:ad:19:4d:58:c9:10:
ef:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:E6:93:35:E0:14:BA:14:5F:44:17:55:C5:21:53:8C:7E:F6:D4:D3
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/O-aTNeAUuhRfRBdVxSFTjH721NM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
81.6.192.0/18
82.133.0.0/17
89.240.0.0/14
91.146.112.0/21
92.14.0.0-92.31.255.255
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.144.0/22
193.218.99.0/24
195.112.0.0/18
195.149.0.0/18
212.139.24.0/24
212.139.133.0/24
212.139.148.0/22
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a00:4340::/32
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
d4:84:c0:1b:7d:c7:1e:d6:f4:fc:6d:41:39:bf:7c:8a:35:b2:
20:68:61:af:0b:80:9a:a1:34:92:64:1b:30:01:87:db:6a:0a:
54:d0:79:66:95:3f:8a:e5:1a:a7:df:67:86:55:12:a1:64:70:
57:a8:d5:7d:93:f7:a5:5f:16:26:b4:3f:ea:48:22:8a:82:0e:
ff:1a:45:aa:7d:db:9b:89:40:4f:f4:a5:0b:77:c9:78:09:30:
71:f7:83:e4:09:94:ad:46:23:1d:da:52:75:64:4a:af:c9:be:
fd:b6:6a:aa:6f:cb:6a:1d:95:41:3b:86:17:fb:74:84:0d:eb:
d0:72:bf:7c:c4:8e:22:bf:d7:1e:94:f6:59:c4:1d:e3:3e:db:
be:87:ba:b7:40:9a:a3:b9:3f:ce:40:17:a1:78:ab:a8:3f:b6:
b2:f7:20:5c:31:fb:24:d2:57:53:18:f2:e8:99:29:1e:f6:35:
09:0b:bf:a8:be:93:d1:1c:4e:55:5f:9b:9d:a3:58:39:ac:6a:
44:ac:9c:fa:bd:f8:d8:65:de:f1:0f:79:85:48:96:0c:ca:ae:
8a:8c:02:c3:d6:ae:16:88:01:f4:40:66:9b:90:41:8a:b4:68:
30:af:5c:6f:ae:89:b5:8f:01:77:6a:3d:31:4e:db:55:a7:b7:
c3:28:1c:38
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgISAZS8j8cAmUMq3tGAZ2rV3pH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjUwMTMxMTMzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU2OTMzNWUwMTRiYTE0NWY0NDE3NTVjNTIxNTM4YzdlZjZkNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9wBfVbXIOXqYxGZ0VvCjyVcxJlg
FqUNo9aHRktF9zChsvX1CmECgfdSWylvd0qY9/OlWJPA6QRi9Kp9deyXDK6Vgj8O
O71CwmKte9ODXppLK5qVxh9IJlI5uDR412yPJh1v04yX1doHW060NxUo27EtZWDJ
77eexx/C9hBtDxxQuAdAffg4hsMe+ggCTl0m68LYQbQ7B/6vngmNeV3LiNp2JvM3
udGZs4qtJJAmJ44IpTPSIxcNIVM7bDfc6DMtZjQYIM9anv+1y5GosMxDBkPHkeOL
cANUwEn5ssL4Jw2KrU90F20DTSvlJtUTddltBcJ6SUVKJbatGU1YyRDvaQIDAQAB
o4ICwjCCAr4wHQYDVR0OBBYEFDvmkzXgFLoUX0QXVcUhU4x+9tTTMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvTy1hVE5lQVV1aFJmUkJkVnhTRlRqSDcyMU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHXBggrBgEFBQcBBwEB/wSBxzCBxDCBlgQCAAEwgY8DAwMC
YAMEBj4DwAMEBz4YgAMEBT7xoAMDA06QAwQGUQbAAwQHUoUAAwMCWfADBANbknAw
CgMDAVwOAwMFXAADBAK5cNQwDAMEArmtdAMEArmteAMEArmvkAMEAMHaYwMEBsNw
AAMEBsOVAAMEANSLGAMEANSLhQMEAtSLlAMEBtXQQAMEBdkIAAMEBNlEgDApBAIA
AjAjAwUAIAEH4AMFBSABSgADBQAqAENAAwUDKgvbAAMFAyoL6QAwDQYJKoZIhvcN
AQELBQADggEBANSEwBt9xx7W9PxtQTm/fIo1siBoYa8LgJqhNJJkGzABh9tqClTQ
eWaVP4rlGqffZ4ZVEqFkcFeo1X2T96VfFia0P+pIIoqCDv8aRap925uJQE/0pQt3
yXgJMHH3g+QJlK1GIx3aUnVkSq/Jvv22aqpvy2odlUE7hhf7dIQN69Byv3zEjiK/
1x6U9lnEHeM+276HurdAmqO5P85AF6F4q6g/trL3IFwx+yTSV1MY8uiZKR72NQkL
v6i+k9EcTlVfm52jWDmsakSsnPq9+Nhl3vEPeYVIlgzKroqMAsPWrhaIAfRAZpuQ
QYq0aDCvXG+uibWPAXdqPTFO21Wnt8MoHDg=
-----END CERTIFICATE-----
Generated at Sun Apr 13 10:10:11 2025 by rpki-client