Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/znH1xB-UwIcmPKY4qSurVwHtECk.roa
File: znH1xB-UwIcmPKY4qSurVwHtECk.roa (raw, json)
Hash identifier: Zu7FNMakIbfGP4tug6Www09X3z8LFVlsSJhCCf/Cwxo=
Subject key identifier: CE:71:F5:C4:1F:94:C0:87:26:3C:A6:38:A9:2B:AB:57:01:ED:10:29
Certificate issuer: /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial: 0194266BB0F2C65D1B8BF3BBB0686065842E
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/znH1xB-UwIcmPKY4qSurVwHtECk.roa
Signing time: Thu 02 Jan 2025 09:49:39 +0000
ROA not before: Thu 02 Jan 2025 09:49:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398464
IP address blocks: 45.133.112.0/22 maxlen: 24
45.136.24.0/22 maxlen: 24
45.147.8.0/22 maxlen: 24
45.147.232.0/22 maxlen: 24
91.132.124.0/24 maxlen: 24
93.177.94.0/23 maxlen: 24
193.142.36.0/22 maxlen: 24
194.180.232.0/23 maxlen: 24
194.180.236.0/23 maxlen: 24
212.87.216.0/24 maxlen: 24
212.87.218.0/24 maxlen: 24
212.87.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:b0:f2:c6:5d:1b:8b:f3:bb:b0:68:60:65:84:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Validity
Not Before: Jan 2 09:49:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ce71f5c41f94c087263ca638a92bab5701ed1029
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:a5:f5:de:ce:0c:9b:29:b7:03:06:b6:07:e5:
ac:90:c1:b0:17:64:19:5d:38:54:3f:ea:10:03:f5:
87:22:97:39:16:3a:25:f5:af:93:bf:02:1f:73:81:
02:6d:ba:82:f6:b6:89:2c:9a:21:d1:c5:42:2a:12:
ed:44:5c:44:7b:39:3b:7a:7f:c5:cf:64:57:cc:a8:
49:07:86:6c:bf:cd:e2:63:31:65:f9:8c:38:e6:e7:
d5:1a:7a:7d:f7:7c:f2:f1:41:d6:c3:38:81:55:d4:
27:53:2f:15:d9:2b:aa:25:74:ae:50:ba:02:87:9c:
79:cd:9f:41:00:65:dd:0d:81:c2:37:27:24:2f:b5:
01:71:18:8d:6e:66:b0:f3:7a:89:18:d0:72:5e:b7:
cc:9d:03:3f:6c:94:61:e5:c1:4c:6b:2a:ce:4b:1a:
91:f4:f5:e2:c7:bc:86:c5:56:a3:b7:24:fd:5a:07:
56:3d:74:e7:fc:a4:59:f8:72:c1:b6:c5:44:5d:da:
2d:27:68:88:03:c7:14:94:68:f6:c5:f1:41:c4:48:
85:bc:3c:a5:51:eb:d8:e6:7f:ae:ca:ea:7b:b7:e4:
e6:d2:9a:87:91:cf:a4:e1:44:71:57:ed:75:70:9e:
5c:92:8a:92:b9:2c:df:83:6d:f4:49:c6:9a:59:1e:
52:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:71:F5:C4:1F:94:C0:87:26:3C:A6:38:A9:2B:AB:57:01:ED:10:29
X509v3 Authority Key Identifier:
keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/znH1xB-UwIcmPKY4qSurVwHtECk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.133.112.0/22
45.136.24.0/22
45.147.8.0/22
45.147.232.0/22
91.132.124.0/24
93.177.94.0/23
193.142.36.0/22
194.180.232.0/23
194.180.236.0/23
212.87.216.0/24
212.87.218.0/23
Signature Algorithm: sha256WithRSAEncryption
9a:06:60:d1:67:bf:a9:e2:aa:ef:1c:b9:95:b3:a9:43:6f:7d:
4a:99:cc:83:eb:25:d9:a5:99:32:07:01:88:7f:f9:87:e6:33:
79:ae:68:d5:84:b4:b6:bb:84:42:f7:e5:82:e5:d7:30:9a:c6:
f0:1f:59:d8:82:c3:ef:46:18:1e:e1:78:17:09:4b:9c:18:3c:
52:d3:03:f0:ea:2e:8e:04:e7:41:2d:7d:a9:19:fe:95:87:a5:
de:68:91:56:de:c9:1f:67:b7:2a:32:1b:33:fa:af:0f:62:86:
c1:ab:71:91:2b:c5:80:4e:ff:08:31:bf:f1:38:5a:c1:3d:ad:
24:b4:e8:58:91:91:c9:50:00:1c:9f:b4:54:d2:74:75:e4:0f:
06:f9:ef:0c:21:f5:f7:5a:12:08:7b:9f:2e:29:91:d2:98:af:
7c:d6:71:2b:56:85:7a:30:81:4e:21:0c:93:24:2e:7c:df:47:
d3:70:69:0c:a0:65:c6:ac:b7:6c:58:32:ba:f7:f7:23:93:f6:
36:ec:bd:27:5f:ba:05:6d:0e:de:4f:5e:0d:71:be:4d:ec:cc:
03:c1:e6:07:c6:87:ae:ee:77:92:1d:f3:26:34:9f:6c:8c:44:
0c:65:4c:72:7a:fd:13:a2:e4:d0:d3:bd:43:d9:f5:26:8f:b3:
dd:01:ab:31
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQma7Dyxl0bi/O7sGhgZYQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTcxZjVjNDFmOTRjMDg3MjYzY2E2MzhhOTJiYWI1NzAxZWQxMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqX13s4Mmym3Awa2B+WskMGwF2QZ
XThUP+oQA/WHIpc5Fjol9a+TvwIfc4ECbbqC9raJLJoh0cVCKhLtRFxEezk7en/F
z2RXzKhJB4Zsv83iYzFl+Yw45ufVGnp993zy8UHWwziBVdQnUy8V2SuqJXSuULoC
h5x5zZ9BAGXdDYHCNyckL7UBcRiNbmaw83qJGNByXrfMnQM/bJRh5cFMayrOSxqR
9PXix7yGxVajtyT9WgdWPXTn/KRZ+HLBtsVEXdotJ2iIA8cUlGj2xfFBxEiFvDyl
UevY5n+uyup7t+Tm0pqHkc+k4URxV+11cJ5ckoqSuSzfg230ScaaWR5SawIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFM5x9cQflMCHJjymOKkrq1cB7RApMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvem5IMXhCLVV3SWNtUEtZNHFTdXJWd0h0RUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLYVwAwQC
LYgYAwQCLZMIAwQCLZPoAwQAW4R8AwQBXbFeAwQCwY4kAwQBwrToAwQBwrTsAwQA
1FfYAwQB1FfaMA0GCSqGSIb3DQEBCwUAA4IBAQCaBmDRZ7+p4qrvHLmVs6lDb31K
mcyD6yXZpZkyBwGIf/mH5jN5rmjVhLS2u4RC9+WC5dcwmsbwH1nYgsPvRhge4XgX
CUucGDxS0wPw6i6OBOdBLX2pGf6Vh6XeaJFW3skfZ7cqMhsz+q8PYobBq3GRK8WA
Tv8IMb/xOFrBPa0ktOhYkZHJUAAcn7RU0nR15A8G+e8MIfX3WhIIe58uKZHSmK98
1nErVoV6MIFOIQyTJC5830fTcGkMoGXGrLdsWDK69/cjk/Y27L0nX7oFbQ7eT14N
cb5N7MwDweYHxoeu7neSHfMmNJ9sjEQMZUxyev0TouTQ071D2fUmj7PdAasx
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:01:42 2025 by rpki-client