Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/88YBk8uB85zBrul442nfGp-QuoU.roa
File: 88YBk8uB85zBrul442nfGp-QuoU.roa (raw, json)
Hash identifier: 8CHBmw57/ECRTXJRCiSBu+1kizP0rODHSoGmFmfszQs=
Subject key identifier: F3:C6:01:93:CB:81:F3:9C:C1:AE:E9:78:E3:69:DF:1A:9F:90:BA:85
Certificate issuer: /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial: 0195C9291D8A78B7423C2D466F2E3ADBA966
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/88YBk8uB85zBrul442nfGp-QuoU.roa
Signing time: Mon 24 Mar 2025 17:17:49 +0000
ROA not before: Mon 24 Mar 2025 17:17:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62206
IP address blocks: 91.228.12.0/24 maxlen: 24
91.228.13.0/24 maxlen: 24
91.228.14.0/24 maxlen: 24
91.228.15.0/24 maxlen: 24
94.154.32.0/24 maxlen: 24
94.154.35.0/24 maxlen: 24
94.154.36.0/24 maxlen: 24
94.154.37.0/24 maxlen: 24
94.154.38.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:01:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:c9:29:1d:8a:78:b7:42:3c:2d:46:6f:2e:3a:db:a9:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Validity
Not Before: Mar 24 17:17:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f3c60193cb81f39cc1aee978e369df1a9f90ba85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:12:9f:25:ae:88:e5:ac:75:2d:e8:b6:8d:2f:
ea:72:5d:6c:e1:90:9c:a0:b5:ac:8d:73:f9:da:ac:
53:f2:55:34:4a:bb:43:ca:3a:41:de:fd:5c:7c:4a:
2a:85:53:dd:2e:2c:90:55:4b:3c:22:72:0d:c0:66:
14:31:3a:80:7b:fb:df:8d:88:38:02:ca:55:ed:fb:
51:d4:89:45:c4:11:95:72:eb:ec:e4:a7:8f:d6:63:
c3:70:28:d3:ee:40:cd:91:7e:dc:6b:43:8b:b4:4a:
86:be:03:52:33:bf:52:0b:c7:56:87:2e:ac:5a:b7:
08:4d:77:2e:aa:fd:d0:54:45:22:f8:2b:5d:9d:da:
9f:7e:8f:01:32:b8:c2:ea:e2:d9:e2:7b:e0:33:5a:
52:80:d2:eb:0b:b6:a6:d3:ad:98:76:51:46:49:f3:
40:ff:b1:3a:88:c0:29:80:fd:13:93:20:e8:c5:8b:
8c:c2:12:4b:d9:e5:a9:88:e0:89:26:24:8c:75:aa:
dd:1d:01:94:65:20:96:ff:48:85:4d:84:c9:50:03:
61:69:17:60:ad:b9:79:98:65:a2:03:c8:cb:b7:e0:
0c:46:fc:d3:b1:33:6d:9c:d2:c9:75:42:8f:90:a3:
3e:e2:e1:5f:43:d4:9d:ba:92:b4:a1:6d:86:5e:e4:
56:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:C6:01:93:CB:81:F3:9C:C1:AE:E9:78:E3:69:DF:1A:9F:90:BA:85
X509v3 Authority Key Identifier:
keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/88YBk8uB85zBrul442nfGp-QuoU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.12.0/22
94.154.32.0/24
94.154.35.0-94.154.38.255
Signature Algorithm: sha256WithRSAEncryption
74:2d:c2:3f:90:7a:57:ac:a7:52:33:15:ae:82:21:5d:31:ce:
98:9b:c1:7c:5b:35:f5:ad:20:1b:e8:7c:e6:da:46:9c:af:f4:
1d:66:97:b4:81:bc:48:06:17:55:a2:71:6e:d1:f2:cb:de:97:
20:74:cc:de:2e:11:fe:c3:73:4a:b7:97:3c:8f:de:46:01:14:
25:26:97:5f:9a:68:85:c3:c3:67:8c:a4:d3:00:6b:f8:c1:cc:
19:09:b6:f7:bd:ac:76:fd:40:e5:f3:8a:43:3b:52:6c:d1:c3:
c3:de:79:a3:c9:60:31:27:be:36:5c:be:31:bf:c7:eb:8e:1f:
31:44:4e:b9:e0:a9:0b:4e:45:da:c9:d1:70:e5:94:60:ba:a5:
48:2d:eb:4f:a0:89:50:e4:11:d8:dc:40:4c:eb:4d:96:9c:60:
ed:25:9b:28:08:16:1d:ca:43:7f:eb:8c:2d:16:02:09:62:4d:
9d:7f:7f:1c:32:ca:57:17:e7:51:25:bb:3f:6c:62:15:9c:32:
4b:62:a6:d9:1e:5a:19:b6:0a:2a:e0:73:85:0f:54:a2:b5:c2:
ad:ac:ae:99:c6:89:05:1a:7a:dd:44:b8:01:55:01:8c:c1:08:
8d:bc:a1:0f:b6:74:ca:8b:5e:e2:5b:e6:90:96:2b:c9:7e:a8:
59:c9:d5:43
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZXJKR2KeLdCPC1Gby4626lmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwMzI0MTcxNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2M2MDE5M2NiODFmMzljYzFhZWU5NzhlMzY5ZGYxYTlmOTBiYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRKfJa6I5ax1Lei2jS/qcl1s4ZCc
oLWsjXP52qxT8lU0SrtDyjpB3v1cfEoqhVPdLiyQVUs8InINwGYUMTqAe/vfjYg4
AspV7ftR1IlFxBGVcuvs5KeP1mPDcCjT7kDNkX7ca0OLtEqGvgNSM79SC8dWhy6s
WrcITXcuqv3QVEUi+Ctdndqffo8BMrjC6uLZ4nvgM1pSgNLrC7am062YdlFGSfNA
/7E6iMApgP0TkyDoxYuMwhJL2eWpiOCJJiSMdardHQGUZSCW/0iFTYTJUANhaRdg
rbl5mGWiA8jLt+AMRvzTsTNtnNLJdUKPkKM+4uFfQ9SdupK0oW2GXuRWQQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPPGAZPLgfOcwa7peONp3xqfkLqFMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvODhZQms4dUI4NXpCcnVsNDQybmZHcC1RdW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCW+QMAwQA
XpogMAwDBABemiMDBABemiYwDQYJKoZIhvcNAQELBQADggEBAHQtwj+Qelesp1Iz
Fa6CIV0xzpibwXxbNfWtIBvofObaRpyv9B1ml7SBvEgGF1WicW7R8svelyB0zN4u
Ef7Dc0q3lzyP3kYBFCUml1+aaIXDw2eMpNMAa/jBzBkJtve9rHb9QOXzikM7UmzR
w8PeeaPJYDEnvjZcvjG/x+uOHzFETrngqQtORdrJ0XDllGC6pUgt60+giVDkEdjc
QEzrTZacYO0lmygIFh3KQ3/rjC0WAgliTZ1/fxwyylcX51Eluz9sYhWcMktiptke
Whm2Cirgc4UPVKK1wq2srpnGiQUaet1EuAFVAYzBCI28oQ+2dMqLXuJb5pCWK8l+
qFnJ1UM=
-----END CERTIFICATE-----
Generated at Mon Apr 7 20:15:22 2025 by rpki-client