Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/P0eLHT9-M-aTFtL_3Zf0a5B6Ndg.roa
File: P0eLHT9-M-aTFtL_3Zf0a5B6Ndg.roa (raw, json)
Hash identifier: uyQciIXo2hsIiWCjmOsDyTK0I4LR9Xab2ALuXJDMpzQ=
Subject key identifier: 3F:47:8B:1D:3F:7E:33:E6:93:16:D2:FF:DD:97:F4:6B:90:7A:35:D8
Certificate issuer: /CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
Certificate serial: 019426D966059136FCF8DBCE5BB8686F2585
Authority key identifier: BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/P0eLHT9-M-aTFtL_3Zf0a5B6Ndg.roa
Signing time: Thu 02 Jan 2025 11:49:29 +0000
ROA not before: Thu 02 Jan 2025 11:49:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50084
IP address blocks: 185.96.176.0/22 maxlen: 22
185.96.176.0/24 maxlen: 24
185.96.177.0/24 maxlen: 24
185.96.178.0/24 maxlen: 24
185.96.179.0/24 maxlen: 24
194.247.164.0/23 maxlen: 23
194.247.164.0/24 maxlen: 24
194.247.165.0/24 maxlen: 24
2a07:4140::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.mft
rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:66:05:91:36:fc:f8:db:ce:5b:b8:68:6f:25:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
Validity
Not Before: Jan 2 11:49:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f478b1d3f7e33e69316d2ffdd97f46b907a35d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:17:29:3f:fa:8b:c4:fd:61:b7:ab:55:3f:34:
91:dd:9c:02:bb:28:c3:54:2d:7b:21:11:db:79:08:
24:70:e1:29:76:b0:72:1f:32:71:ee:04:0b:54:01:
b0:96:02:e9:ad:8d:be:f0:c5:40:80:e0:68:f4:25:
a6:2e:2d:53:9a:30:a0:d8:48:cd:dd:de:1a:99:c7:
3f:91:d9:e3:76:72:6b:ec:38:fe:11:a9:f3:7e:05:
21:57:8c:07:b5:78:50:e7:34:d9:38:06:56:4f:27:
63:41:73:f0:f4:ff:50:f1:d9:46:3e:ee:78:96:b4:
1e:10:1b:71:59:e0:d5:f4:6e:d1:f8:6d:97:3b:e1:
b3:72:46:a4:6e:95:ba:18:2b:6c:a7:cc:ed:0a:1f:
ff:97:e4:74:a9:c5:39:92:6e:13:9b:cf:68:ce:cc:
c4:9c:de:45:05:6b:0d:ac:e1:a1:5f:f1:4e:de:22:
c0:12:63:f7:7c:9e:ac:ea:5e:5d:61:55:01:3d:8f:
5f:05:4b:2e:0d:37:9d:5a:29:89:ea:a2:dd:96:62:
a7:bc:ee:c5:cc:f6:48:97:43:d6:2a:d3:11:78:f6:
85:43:2e:be:ad:27:96:f3:bd:85:c0:97:8a:b6:12:
e6:eb:aa:50:2b:0f:74:5e:14:24:e3:82:9d:c2:23:
31:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:47:8B:1D:3F:7E:33:E6:93:16:D2:FF:DD:97:F4:6B:90:7A:35:D8
X509v3 Authority Key Identifier:
keyid:BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/P0eLHT9-M-aTFtL_3Zf0a5B6Ndg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.96.176.0/22
194.247.164.0/23
IPv6:
2a07:4140::/29
Signature Algorithm: sha256WithRSAEncryption
8c:33:78:82:9e:f5:a4:9c:93:97:e4:09:6e:f1:cf:e0:4c:28:
a0:fc:10:df:8a:a3:13:c9:8b:85:5a:d9:67:3e:f4:40:84:1a:
0c:02:14:5a:03:63:44:58:13:27:2a:b4:fd:8c:e1:ff:41:58:
e1:62:3c:be:2f:11:90:ee:12:26:33:ef:0a:8e:cd:98:05:fc:
5c:b4:6b:33:b4:f4:c3:02:f7:85:82:ea:ae:f5:5f:e2:ca:b9:
41:22:b3:ff:54:d7:79:72:78:b5:f2:9d:e0:53:d5:7e:2d:0a:
3d:d0:59:9a:68:46:27:7d:cb:14:00:c0:5f:9d:de:94:cf:eb:
7a:c7:31:21:5c:61:42:59:a1:e7:aa:51:6c:81:5b:90:2c:a2:
33:e7:64:62:0a:b3:9b:fa:68:aa:9a:06:a6:43:2f:f2:61:bc:
1d:65:1e:da:83:d3:30:0e:76:42:13:a2:26:6e:6d:6e:06:14:
26:c6:d2:70:cc:c2:e4:47:05:2b:61:96:c1:78:06:96:69:78:
69:df:6a:84:83:0e:92:d0:bf:91:6d:8a:ce:31:8c:be:70:9e:
b2:e5:b5:90:ba:9c:33:54:e6:ec:88:89:48:d6:0c:b4:17:be:
41:ce:95:61:03:53:f2:34:74:14:30:fd:93:53:fb:97:cb:d0:
b6:d3:eb:37
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQm2WYFkTb8+NvOW7hobyWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDk0M2Y1MjAzZDQzNDYwYTEzYWQ0ZWE5ZDdkNWI5NTBj
NjEzY2QwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQ3OGIxZDNmN2UzM2U2OTMxNmQyZmZkZDk3ZjQ2YjkwN2EzNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxcpP/qLxP1ht6tVPzSR3ZwCuyjD
VC17IRHbeQgkcOEpdrByHzJx7gQLVAGwlgLprY2+8MVAgOBo9CWmLi1TmjCg2EjN
3d4amcc/kdnjdnJr7Dj+EanzfgUhV4wHtXhQ5zTZOAZWTydjQXPw9P9Q8dlGPu54
lrQeEBtxWeDV9G7R+G2XO+GzckakbpW6GCtsp8ztCh//l+R0qcU5km4Tm89ozszE
nN5FBWsNrOGhX/FO3iLAEmP3fJ6s6l5dYVUBPY9fBUsuDTedWimJ6qLdlmKnvO7F
zPZIl0PWKtMRePaFQy6+rSeW872FwJeKthLm66pQKw90XhQk44KdwiMxiwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD9Hix0/fjPmkxbS/92X9GuQejXYMB8GA1UdIwQY
MBaAFL5JQ/UgPUNGChOtTqnX1blQxhPNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYt
YTA1MWFlNjNkYmExLzEvUDBlTEhUOS1NLWFURnRMXzNaZjBhNUI2TmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYtYTA1MWFlNjNkYmEx
LzEvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWCwAwQB
wvekMA0EAgACMAcDBQMqB0FAMA0GCSqGSIb3DQEBCwUAA4IBAQCMM3iCnvWknJOX
5Alu8c/gTCig/BDfiqMTyYuFWtlnPvRAhBoMAhRaA2NEWBMnKrT9jOH/QVjhYjy+
LxGQ7hImM+8Kjs2YBfxctGsztPTDAveFguqu9V/iyrlBIrP/VNd5cni18p3gU9V+
LQo90FmaaEYnfcsUAMBfnd6Uz+t6xzEhXGFCWaHnqlFsgVuQLKIz52RiCrOb+miq
mgamQy/yYbwdZR7ag9MwDnZCE6Imbm1uBhQmxtJwzMLkRwUrYZbBeAaWaXhp32qE
gw6S0L+RbYrOMYy+cJ6y5bWQupwzVObsiIlI1gy0F75BzpVhA1PyNHQUMP2TU/uX
y9C20+s3
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:55:26 2025 by rpki-client