Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/12bcoRpyhxcN6wVe5E7GqdMB6EU.roa
File: 12bcoRpyhxcN6wVe5E7GqdMB6EU.roa (raw, json)
Hash identifier: r0dkh09UaIafY8LdKgjtDDwdtCz3QHwlzpUJT/cj3NA=
Subject key identifier: D7:66:DC:A1:1A:72:87:17:0D:EB:05:5E:E4:4E:C6:A9:D3:01:E8:45
Certificate issuer: /CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
Certificate serial: 019427480BC4E6968EC6D5DB66A673BB9C15
Authority key identifier: E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/12bcoRpyhxcN6wVe5E7GqdMB6EU.roa
Signing time: Thu 02 Jan 2025 13:50:20 +0000
ROA not before: Thu 02 Jan 2025 13:50:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2847
IP address blocks: 83.171.0.0/18 maxlen: 18
193.219.32.0/21 maxlen: 21
193.219.60.0/22 maxlen: 22
193.219.60.0/24 maxlen: 24
193.219.64.0/20 maxlen: 20
193.219.152.0/21 maxlen: 21
193.219.160.0/19 maxlen: 19
2001:778::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.mft
rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:0b:c4:e6:96:8e:c6:d5:db:66:a6:73:bb:9c:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
Validity
Not Before: Jan 2 13:50:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d766dca11a7287170deb055ee44ec6a9d301e845
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d9:ee:46:33:1c:ad:6f:14:60:dd:33:a3:a6:
64:c3:9c:bf:99:ad:d0:13:db:7d:e5:ca:24:dc:1c:
a0:48:23:f1:64:b0:4a:36:7e:74:22:96:c4:bf:f2:
70:c1:d3:2c:04:c0:9b:45:a6:28:6f:c1:21:fd:4c:
77:d5:8f:6a:e3:b0:e6:4b:12:50:8a:d7:a6:f9:31:
4e:d8:9b:25:12:78:30:8a:45:5b:dc:5b:95:30:c6:
f0:ec:cd:08:e3:8d:24:bf:03:71:3f:5d:35:41:53:
75:80:3a:f1:63:7f:1b:62:a2:1d:25:6e:d7:32:5d:
64:55:a6:ef:7a:5d:16:ae:d1:f1:1b:32:7c:46:e2:
11:51:44:d3:67:ad:24:52:4f:54:34:77:2c:cb:43:
16:03:0f:24:3e:f1:e8:ef:9f:cc:61:e9:bc:7f:93:
39:28:76:23:06:ec:ab:ac:24:a1:02:79:ff:4c:ee:
40:3b:ca:85:e4:c8:69:33:a2:34:f5:c2:3b:e1:1e:
44:7b:43:5d:30:17:dc:1c:d8:26:b8:bb:94:6f:23:
c5:92:a2:4f:fb:e3:c0:bf:70:28:1e:f8:a0:b2:8c:
dd:72:80:c2:ea:00:63:0f:cc:70:48:3a:27:0a:37:
39:a5:c7:2f:95:24:29:aa:2b:c3:bf:ee:c5:af:8e:
f7:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:66:DC:A1:1A:72:87:17:0D:EB:05:5E:E4:4E:C6:A9:D3:01:E8:45
X509v3 Authority Key Identifier:
keyid:E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/12bcoRpyhxcN6wVe5E7GqdMB6EU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.171.0.0/18
193.219.32.0/21
193.219.60.0-193.219.79.255
193.219.152.0-193.219.191.255
IPv6:
2001:778::/32
Signature Algorithm: sha256WithRSAEncryption
3c:bf:e6:f4:5a:d0:e1:f2:68:8f:93:19:58:ea:67:17:90:ca:
59:04:aa:a7:75:70:da:ad:b7:ef:04:b9:26:88:50:33:de:d6:
75:03:00:f7:73:90:67:8e:e3:e9:fc:8b:11:82:f7:06:7e:51:
14:9d:63:81:0f:87:0e:29:90:14:6e:be:d8:ef:a3:a5:17:69:
ff:6a:47:d5:cb:f9:9e:29:09:71:52:b7:7a:0a:41:a2:c2:53:
b4:75:ca:03:ce:88:6d:a7:c8:50:69:0b:14:57:76:54:f0:f4:
4b:eb:23:fa:fd:a0:ae:b5:3f:25:a6:49:e3:c4:88:ee:9d:3a:
a8:34:cf:70:96:12:96:02:a6:c8:cc:1f:6b:28:50:d9:41:97:
e1:04:71:ca:06:d2:8a:b8:87:cf:73:c7:c2:61:73:c2:02:d3:
a5:63:4c:9c:f6:60:8d:23:c1:31:8b:88:c9:73:57:ad:b6:7e:
33:15:11:b0:a3:cd:65:72:60:68:9d:44:f8:6f:4c:1d:91:b4:
57:f9:a1:ed:83:94:48:c5:cc:df:b7:73:6e:02:74:a8:25:02:
dc:05:ab:97:5c:c2:9c:08:3a:58:ad:b3:17:14:77:31:b8:bc:
4c:be:5b:31:8c:75:bf:d0:72:b9:99:49:ea:6d:d8:fc:cd:c7:
ef:51:2c:58
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZQnSAvE5paOxtXbZqZzu5wVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2YyM2Q2ODkzNzQ5NDI4OGRmY2M3YTBlZmUxZmU3NGEy
MDM2ZTEwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzY2ZGNhMTFhNzI4NzE3MGRlYjA1NWVlNDRlYzZhOWQzMDFlODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9nuRjMcrW8UYN0zo6Zkw5y/ma3Q
E9t95cok3BygSCPxZLBKNn50IpbEv/JwwdMsBMCbRaYob8Eh/Ux31Y9q47DmSxJQ
item+TFO2JslEngwikVb3FuVMMbw7M0I440kvwNxP101QVN1gDrxY38bYqIdJW7X
Ml1kVabvel0WrtHxGzJ8RuIRUUTTZ60kUk9UNHcsy0MWAw8kPvHo75/MYem8f5M5
KHYjBuyrrCShAnn/TO5AO8qF5MhpM6I09cI74R5Ee0NdMBfcHNgmuLuUbyPFkqJP
++PAv3AoHvigsozdcoDC6gBjD8xwSDonCjc5pccvlSQpqivDv+7Fr473kQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFNdm3KEacocXDesFXuROxqnTAehFMB8GA1UdIwQY
MBaAFOQ/I9aJN0lCiN/Meg7+H+dKIDbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMt
OWQxODVmNzM4MjExLzEvMTJiY29ScHloeGNONndWZTVFN0dxZE1CNkVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMtOWQxODVmNzM4MjEx
LzEvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQGU6sAAwQD
wdsgMAwDBALB2zwDBATB20AwDAMEA8HbmAMEBsHbgDANBAIAAjAHAwUAIAEHeDAN
BgkqhkiG9w0BAQsFAAOCAQEAPL/m9FrQ4fJoj5MZWOpnF5DKWQSqp3Vw2q237wS5
JohQM97WdQMA93OQZ47j6fyLEYL3Bn5RFJ1jgQ+HDimQFG6+2O+jpRdp/2pH1cv5
nikJcVK3egpBosJTtHXKA86IbafIUGkLFFd2VPD0S+sj+v2grrU/JaZJ48SI7p06
qDTPcJYSlgKmyMwfayhQ2UGX4QRxygbSiriHz3PHwmFzwgLTpWNMnPZgjSPBMYuI
yXNXrbZ+MxURsKPNZXJgaJ1E+G9MHZG0V/mh7YOUSMXM37dzbgJ0qCUC3AWrl1zC
nAg6WK2zFxR3Mbi8TL5bMYx1v9ByuZlJ6m3Y/M3H71EsWA==
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:24:39 2025 by rpki-client