Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/891pkJman8A7MzeceSLzlCsusoQ.roa
File: 891pkJman8A7MzeceSLzlCsusoQ.roa (raw, json)
Hash identifier: Svwn5oofFiF2d5X8eXzN2HWHECf2PyP669DewMN3pfM=
Subject key identifier: F3:DD:69:90:99:9A:9F:C0:3B:33:37:9C:79:22:F3:94:2B:2E:B2:84
Certificate issuer: /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial: 019619EC32A88B63B7060268DED879C4EB18
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/891pkJman8A7MzeceSLzlCsusoQ.roa
Signing time: Wed 09 Apr 2025 09:40:31 +0000
ROA not before: Wed 09 Apr 2025 09:40:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8820
IP address blocks: 46.236.208.0/20 maxlen: 24
46.236.240.0/20 maxlen: 24
78.41.48.0/22 maxlen: 24
81.92.0.0/20 maxlen: 24
82.139.192.0/18 maxlen: 24
195.8.224.0/19 maxlen: 24
195.8.253.0/24 maxlen: 24
195.8.254.2/31 maxlen: 32
212.17.224.0/19 maxlen: 24
212.60.128.0/19 maxlen: 24
213.240.128.0/18 maxlen: 24
2a01:170::/32 maxlen: 64
2a01:170:1000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:19:ec:32:a8:8b:63:b7:06:02:68:de:d8:79:c4:eb:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Validity
Not Before: Apr 9 09:40:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f3dd6990999a9fc03b33379c7922f3942b2eb284
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:de:af:49:9c:2e:2b:26:a0:86:44:95:04:aa:
6a:82:82:6a:64:91:e6:3f:16:c6:2c:ab:47:c9:32:
66:73:ca:4a:85:1c:9b:b0:f4:4c:5d:26:a9:35:b0:
4b:cb:c1:80:e2:ec:1e:bc:2c:78:ab:d2:1b:fc:32:
63:1d:11:bb:9a:06:a3:7a:d9:92:28:af:87:f4:dc:
ac:07:5a:ba:0b:74:0e:45:57:11:29:7d:44:d5:f9:
cf:d7:96:63:64:c2:09:30:d4:42:31:a7:1f:7b:24:
cb:73:19:2e:54:31:b0:3a:ae:fe:d5:52:54:65:d0:
fd:77:83:a3:cc:d3:36:2b:ce:b7:1c:3e:74:bf:cc:
a6:62:cd:95:b1:46:cb:d8:dd:a0:4e:f5:f5:6c:a9:
31:4b:d7:25:8b:e7:37:e3:aa:8b:74:46:17:53:d6:
d3:35:34:91:7e:a8:ff:fa:62:59:00:a1:3e:0c:cd:
2f:4f:eb:18:85:53:a4:a3:33:4c:e4:d0:03:47:a6:
18:63:84:4c:22:15:6c:6b:42:cc:62:e8:8a:dd:0a:
7f:60:17:f2:f0:d3:55:40:55:01:a3:68:4a:a0:9f:
1a:7c:93:a3:45:98:10:78:4b:2e:53:48:be:be:53:
e6:3d:50:fd:b8:1d:15:fe:d7:85:97:79:94:9e:cc:
03:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:DD:69:90:99:9A:9F:C0:3B:33:37:9C:79:22:F3:94:2B:2E:B2:84
X509v3 Authority Key Identifier:
keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/891pkJman8A7MzeceSLzlCsusoQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.236.208.0/20
46.236.240.0/20
78.41.48.0/22
81.92.0.0/20
82.139.192.0/18
195.8.224.0/19
212.17.224.0/19
212.60.128.0/19
213.240.128.0/18
IPv6:
2a01:170::/32
Signature Algorithm: sha256WithRSAEncryption
5e:99:5e:6e:54:d7:6b:b3:aa:58:47:4c:0e:31:b0:16:2f:d6:
5c:d5:82:6d:3f:33:2c:dc:fd:9a:13:8e:aa:9b:0b:cb:0f:a8:
69:61:78:8b:02:76:22:ed:76:9e:bf:69:00:4c:03:99:b6:1d:
6f:a8:ef:54:de:e5:d5:7e:c9:3b:d5:e5:20:b0:4a:d9:07:5c:
e2:67:31:33:d0:e7:6b:0d:c2:4e:54:97:54:00:78:2f:52:38:
be:15:3c:8f:4a:b5:23:0f:84:cb:75:17:6e:20:dd:a3:73:f4:
1b:d4:b4:26:c1:20:bd:58:c5:56:74:cd:7f:45:b9:1d:41:6c:
f0:4c:37:b2:92:59:b0:3d:de:a8:71:88:02:d7:36:b8:70:08:
b5:9e:9d:38:87:27:7e:ec:78:be:cf:c8:23:37:8e:83:91:20:
7f:44:7b:31:6f:2a:1e:7f:e1:25:7e:e0:c7:c2:5d:91:bd:a8:
fc:e3:1d:7a:a5:ed:77:9f:af:a7:ac:c7:21:fd:96:a4:26:e1:
4e:83:73:78:55:1e:92:d7:73:26:be:af:30:0d:1d:67:21:d6:
26:e7:60:a4:d6:0f:2f:23:69:11:c1:38:9e:4a:2a:7e:a3:66:
dd:57:89:e2:d9:e5:bd:a5:b1:92:3f:4e:d4:c4:59:1a:61:6e:
3d:fe:05:59
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZYZ7DKoi2O3BgJo3th5xOsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNDA5MDk0MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2RkNjk5MDk5OWE5ZmMwM2IzMzM3OWM3OTIyZjM5NDJiMmViMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0N6vSZwuKyaghkSVBKpqgoJqZJHm
PxbGLKtHyTJmc8pKhRybsPRMXSapNbBLy8GA4uwevCx4q9Ib/DJjHRG7mgajetmS
KK+H9NysB1q6C3QORVcRKX1E1fnP15ZjZMIJMNRCMacfeyTLcxkuVDGwOq7+1VJU
ZdD9d4OjzNM2K863HD50v8ymYs2VsUbL2N2gTvX1bKkxS9cli+c346qLdEYXU9bT
NTSRfqj/+mJZAKE+DM0vT+sYhVOkozNM5NADR6YYY4RMIhVsa0LMYuiK3Qp/YBfy
8NNVQFUBo2hKoJ8afJOjRZgQeEsuU0i+vlPmPVD9uB0V/teFl3mUnswDMwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPPdaZCZmp/AOzM3nHki85QrLrKEMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvODkxcGtKbWFuOEE3TXplY2VTTHpsQ3N1c29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQELuzQAwQE
LuzwAwQCTikwAwQEUVwAAwQGUovAAwQFwwjgAwQF1BHgAwQF1DyAAwQG1fCAMA0E
AgACMAcDBQAqAQFwMA0GCSqGSIb3DQEBCwUAA4IBAQBemV5uVNdrs6pYR0wOMbAW
L9Zc1YJtPzMs3P2aE46qmwvLD6hpYXiLAnYi7Xaev2kATAOZth1vqO9U3uXVfsk7
1eUgsErZB1ziZzEz0OdrDcJOVJdUAHgvUji+FTyPSrUjD4TLdRduIN2jc/Qb1LQm
wSC9WMVWdM1/RbkdQWzwTDeyklmwPd6ocYgC1za4cAi1np04hyd+7Hi+z8gjN46D
kSB/RHsxbyoef+ElfuDHwl2Rvaj84x16pe13n6+nrMch/ZakJuFOg3N4VR6S13Mm
vq8wDR1nIdYm52Ck1g8vI2kRwTieSip+o2bdV4ni2eW9pbGSP07UxFkaYW49/gVZ
-----END CERTIFICATE-----
Generated at Thu Apr 17 06:42:14 2025 by rpki-client