Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/XZes0nTuYVnyyfrFPRRjs8Jx51Y.roa
File: XZes0nTuYVnyyfrFPRRjs8Jx51Y.roa (raw, json)
Hash identifier: 0BBkRTYLYp0bNpkG9KKvJ443VFVkJBIrpGAocXr8JCM=
Subject key identifier: 5D:97:AC:D2:74:EE:61:59:F2:C9:FA:C5:3D:14:63:B3:C2:71:E7:56
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 019426D9AFBEFB4418F112A70BACE46AA716
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/XZes0nTuYVnyyfrFPRRjs8Jx51Y.roa
Signing time: Thu 02 Jan 2025 11:49:48 +0000
ROA not before: Thu 02 Jan 2025 11:49:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28884
IP address blocks: 85.140.96.0/20 maxlen: 20
85.140.96.0/21 maxlen: 21
85.140.104.0/21 maxlen: 21
213.87.112.0/23 maxlen: 23
213.87.114.0/23 maxlen: 23
213.87.116.0/23 maxlen: 23
213.87.118.0/23 maxlen: 23
213.87.120.0/23 maxlen: 23
213.87.122.0/23 maxlen: 23
213.87.124.0/23 maxlen: 23
213.87.126.0/23 maxlen: 23
213.87.184.0/23 maxlen: 23
213.87.224.0/23 maxlen: 23
2a00:1fa2:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 03:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:af:be:fb:44:18:f1:12:a7:0b:ac:e4:6a:a7:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Jan 2 11:49:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d97acd274ee6159f2c9fac53d1463b3c271e756
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:93:52:c5:30:1f:f4:91:cc:44:ac:6c:42:b0:
00:64:62:b1:e2:75:4b:91:83:62:ce:d1:23:c4:17:
4a:17:fd:1e:2f:29:b6:93:70:d7:62:3c:5c:78:69:
80:2b:a8:99:bd:1a:cd:a1:6a:e8:66:d4:74:e2:12:
dd:28:b9:db:f6:26:6c:b8:50:c3:a7:25:58:0d:86:
78:76:ce:99:7c:28:92:dc:03:d4:bd:81:bf:f9:e2:
fd:28:94:bc:de:95:90:b8:c5:cc:50:d4:df:ea:a6:
90:93:af:7f:24:05:db:65:0c:3c:11:12:90:96:70:
2c:e4:c7:b3:3a:15:4c:c9:a4:28:13:ec:48:16:fc:
a3:48:b7:d8:f5:c0:29:8f:dd:2e:1c:6f:40:1f:5f:
27:f8:c3:59:c2:04:cf:86:c2:5d:c1:67:95:41:51:
a7:33:41:4e:16:c6:88:dc:f1:14:be:c8:62:0d:a5:
b1:cb:92:bc:b3:13:52:e0:6b:77:9c:38:17:f4:b0:
29:1d:f3:12:a9:d1:df:37:06:04:cd:6e:ea:82:9d:
e1:05:01:44:9a:ec:b1:16:1a:18:ec:57:d2:c2:2f:
91:8b:91:4b:12:ba:12:25:3c:76:65:f4:2d:97:4d:
82:bf:ac:0f:4b:64:10:c7:07:63:f7:dd:d6:a4:cc:
20:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:97:AC:D2:74:EE:61:59:F2:C9:FA:C5:3D:14:63:B3:C2:71:E7:56
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/XZes0nTuYVnyyfrFPRRjs8Jx51Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.140.96.0/20
213.87.112.0/20
213.87.184.0/23
213.87.224.0/23
IPv6:
2a00:1fa2:8000::/33
Signature Algorithm: sha256WithRSAEncryption
17:43:21:97:7a:ef:11:55:e7:a9:e7:3f:94:08:75:08:d0:2e:
a6:72:34:6d:63:78:a6:a0:8f:18:29:2e:be:b1:87:d2:ec:da:
39:e1:88:3c:62:a3:45:9f:2f:ec:56:8e:b6:42:bc:22:7e:96:
cd:c3:8d:68:72:db:cc:b7:e8:59:a6:ef:ee:52:49:12:5d:e4:
af:1b:d4:ed:4e:5f:c1:06:20:56:e5:b8:8f:5a:6a:e3:dc:01:
8e:db:db:ab:1b:54:d0:be:c5:e1:4f:b9:39:d6:a6:56:65:c2:
fd:4f:98:00:17:da:bf:59:8f:bb:32:3c:3b:bb:3e:8f:78:4b:
aa:61:99:b6:44:7c:4d:72:1f:c9:48:53:44:dc:8b:11:67:b3:
40:ff:83:98:26:98:19:d0:6e:3a:6c:c9:e4:c5:32:17:d2:22:
28:e0:9e:ec:ac:b5:7d:1f:46:87:ed:3d:b8:54:34:0b:4e:1e:
17:44:ad:6d:37:8d:d5:a6:bb:8d:b8:42:02:7c:56:1d:d4:3d:
84:92:96:8f:62:59:76:8c:34:4b:7a:96:c2:c1:35:b5:fa:f5:
78:42:5c:42:f3:ad:63:0a:47:90:de:48:3e:41:32:aa:12:44:
a9:37:1d:2c:a8:0d:7c:f0:c7:a8:0a:8a:77:76:c5:b4:15:e6:
7d:71:87:92
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQm2a+++0QY8RKnC6zkaqcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDk3YWNkMjc0ZWU2MTU5ZjJjOWZhYzUzZDE0NjNiM2MyNzFlNzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZNSxTAf9JHMRKxsQrAAZGKx4nVL
kYNiztEjxBdKF/0eLym2k3DXYjxceGmAK6iZvRrNoWroZtR04hLdKLnb9iZsuFDD
pyVYDYZ4ds6ZfCiS3APUvYG/+eL9KJS83pWQuMXMUNTf6qaQk69/JAXbZQw8ERKQ
lnAs5MezOhVMyaQoE+xIFvyjSLfY9cApj90uHG9AH18n+MNZwgTPhsJdwWeVQVGn
M0FOFsaI3PEUvshiDaWxy5K8sxNS4Gt3nDgX9LApHfMSqdHfNwYEzW7qgp3hBQFE
muyxFhoY7FfSwi+Ri5FLEroSJTx2ZfQtl02Cv6wPS2QQxwdj993WpMwgFwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFF2XrNJ07mFZ8sn6xT0UY7PCcedWMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvWFplczBuVHVZVm55eWZyRlBSUmpzOEp4NTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQEVYxgAwQE
1VdwAwQB1Ve4AwQB1VfgMA4EAgACMAgDBgcqAB+igDANBgkqhkiG9w0BAQsFAAOC
AQEAF0Mhl3rvEVXnqec/lAh1CNAupnI0bWN4pqCPGCkuvrGH0uzaOeGIPGKjRZ8v
7FaOtkK8In6WzcONaHLbzLfoWabv7lJJEl3krxvU7U5fwQYgVuW4j1pq49wBjtvb
qxtU0L7F4U+5OdamVmXC/U+YABfav1mPuzI8O7s+j3hLqmGZtkR8TXIfyUhTRNyL
EWezQP+DmCaYGdBuOmzJ5MUyF9IiKOCe7Ky1fR9Gh+09uFQ0C04eF0StbTeN1aa7
jbhCAnxWHdQ9hJKWj2JZdow0S3qWwsE1tfr1eEJcQvOtYwpHkN5IPkEyqhJEqTcd
LKgNfPDHqAqKd3bFtBXmfXGHkg==
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:47:57 2025 by rpki-client