Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/r0mTEa6qt-IyELm4t03iQrSQvaU.roa
File: r0mTEa6qt-IyELm4t03iQrSQvaU.roa (raw, json)
Hash identifier: 5O0ZRSkH9lwLC8LUcZsdLUDFOU7u/lNlnWwcFjFATOs=
Subject key identifier: AF:49:93:11:AE:AA:B7:E2:32:10:B9:B8:B7:4D:E2:42:B4:90:BD:A5
Certificate issuer: /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial: 0194221F411D75D44FA8B42AD0A922613774
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/r0mTEa6qt-IyELm4t03iQrSQvaU.roa
Signing time: Wed 01 Jan 2025 13:47:41 +0000
ROA not before: Wed 01 Jan 2025 13:47:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8477
IP address blocks: 109.232.24.0/22 maxlen: 22
185.13.168.0/22 maxlen: 22
213.156.96.0/22 maxlen: 22
213.156.104.0/22 maxlen: 22
213.156.108.0/22 maxlen: 22
213.156.112.0/22 maxlen: 22
213.156.116.0/22 maxlen: 22
213.156.120.0/22 maxlen: 22
213.156.124.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 05:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:41:1d:75:d4:4f:a8:b4:2a:d0:a9:22:61:37:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Validity
Not Before: Jan 1 13:47:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=af499311aeaab7e23210b9b8b74de242b490bda5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:33:37:fe:1e:99:6e:ab:1d:e8:7f:ad:cc:02:
63:51:bd:6b:6f:57:46:db:1b:6b:53:bf:78:11:4c:
ed:c7:c6:a1:ca:39:cc:58:b6:a8:fc:d0:ff:54:43:
1c:fa:43:af:a7:5a:38:ca:10:1f:a7:88:30:9e:16:
0e:02:40:69:95:b2:f2:c6:67:32:a3:ab:9b:a2:2d:
df:8b:0f:51:06:5d:15:f5:db:1d:e2:7b:ff:29:c7:
cf:aa:5d:eb:ee:2e:30:48:17:b3:0a:2a:59:c4:94:
f1:f6:13:ea:a1:e2:84:a4:e9:4d:9b:56:68:b7:91:
3b:0d:52:82:6e:d9:20:03:f3:f5:5b:9b:19:35:2f:
58:12:f6:2f:a6:a9:09:a3:d8:50:47:08:93:61:ae:
6a:06:bf:60:83:43:15:f6:0d:b1:7b:49:18:da:be:
c6:e2:e7:4c:6b:58:ab:2c:76:c3:f2:02:cd:9b:40:
21:61:59:03:28:d6:02:e1:8f:6d:13:16:46:e4:aa:
34:01:a5:0b:9d:ad:6a:f3:b9:d1:f8:53:23:b3:10:
52:0b:ec:4e:ac:24:c5:f7:f2:17:48:2e:0b:23:10:
b2:30:ad:2e:a6:34:53:03:6c:2e:70:fe:a2:39:f3:
ac:d4:15:85:f7:5b:54:39:4c:f4:c0:3f:5a:25:24:
5b:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:49:93:11:AE:AA:B7:E2:32:10:B9:B8:B7:4D:E2:42:B4:90:BD:A5
X509v3 Authority Key Identifier:
keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/r0mTEa6qt-IyELm4t03iQrSQvaU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.232.24.0/22
185.13.168.0/22
213.156.96.0/22
213.156.104.0-213.156.127.255
Signature Algorithm: sha256WithRSAEncryption
ad:bb:06:25:af:af:1d:13:ec:39:a2:37:69:0f:17:0b:bb:17:
1d:23:0a:99:b8:93:9e:d0:7a:25:85:0c:ba:9d:a4:07:c8:a9:
97:5b:7a:81:c4:f2:48:28:5e:2c:9f:1e:d3:4e:58:cb:c9:01:
aa:0a:ac:a3:17:4d:da:3d:10:99:83:43:4f:0c:cb:84:4f:56:
2d:64:f1:15:87:42:da:cb:af:e5:b0:94:39:65:54:a4:22:b7:
bd:d4:a9:28:1e:c9:84:a7:95:a4:e0:e2:89:2b:25:0f:ab:89:
46:1c:ed:a7:dd:3a:c1:44:b4:a3:fa:71:bd:a9:50:4c:92:3c:
ea:af:79:22:32:b9:20:03:06:5d:ab:c1:13:c3:62:32:33:22:
51:6c:70:be:a4:3d:64:03:b5:36:2f:5b:b1:f4:22:fd:e6:c9:
0e:2a:6f:2f:9b:45:14:e9:e9:a5:bf:f7:3f:83:be:7b:ed:99:
e7:d7:47:c9:7c:9f:15:c4:46:a7:19:c2:cd:f5:14:ad:9b:40:
7c:49:90:d7:75:1b:68:46:a9:9d:2f:c2:92:4a:61:c3:a1:02:
5d:3d:96:c4:19:1e:ac:c0:b0:83:c8:31:f4:0b:8e:1b:64:6a:
48:7a:a0:78:5c:bb:1b:b3:49:8a:48:2f:a1:91:53:3f:05:07:
9c:2a:06:35
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQiH0EdddRPqLQq0KkiYTd0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjUwMTAxMTM0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQ5OTMxMWFlYWFiN2UyMzIxMGI5YjhiNzRkZTI0MmI0OTBiZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjM3/h6Zbqsd6H+tzAJjUb1rb1dG
2xtrU794EUztx8ahyjnMWLao/ND/VEMc+kOvp1o4yhAfp4gwnhYOAkBplbLyxmcy
o6uboi3fiw9RBl0V9dsd4nv/KcfPql3r7i4wSBezCipZxJTx9hPqoeKEpOlNm1Zo
t5E7DVKCbtkgA/P1W5sZNS9YEvYvpqkJo9hQRwiTYa5qBr9gg0MV9g2xe0kY2r7G
4udMa1irLHbD8gLNm0AhYVkDKNYC4Y9tExZG5Ko0AaULna1q87nR+FMjsxBSC+xO
rCTF9/IXSC4LIxCyMK0upjRTA2wucP6iOfOs1BWF91tUOUz0wD9aJSRbWwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFK9JkxGuqrfiMhC5uLdN4kK0kL2lMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvcjBtVEVhNnF0LUl5RUxtNHQwM2lRclNRdmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCbegYAwQC
uQ2oAwQC1ZxgMAwDBAPVnGgDBAfVnAAwDQYJKoZIhvcNAQELBQADggEBAK27BiWv
rx0T7DmiN2kPFwu7Fx0jCpm4k57QeiWFDLqdpAfIqZdbeoHE8kgoXiyfHtNOWMvJ
AaoKrKMXTdo9EJmDQ08My4RPVi1k8RWHQtrLr+WwlDllVKQit73UqSgeyYSnlaTg
4okrJQ+riUYc7afdOsFEtKP6cb2pUEySPOqveSIyuSADBl2rwRPDYjIzIlFscL6k
PWQDtTYvW7H0Iv3myQ4qby+bRRTp6aW/9z+DvnvtmefXR8l8nxXERqcZws31FK2b
QHxJkNd1G2hGqZ0vwpJKYcOhAl09lsQZHqzAsIPIMfQLjhtkakh6oHhcuxuzSYpI
L6GRUz8FB5wqBjU=
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:58:33 2025 by rpki-client