Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/9lwL98-HDVBrZzYLRCpSdOAFXpo.roa
File: 9lwL98-HDVBrZzYLRCpSdOAFXpo.roa (raw, json)
Hash identifier: Za/9eX9VNb3FiSxJk6MAE/CpFGWxRO5mjghE1elRivc=
Subject key identifier: F6:5C:0B:F7:CF:87:0D:50:6B:67:36:0B:44:2A:52:74:E0:05:5E:9A
Certificate issuer: /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial: 0194274736572104DE1907AFE9790C9D582E
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/9lwL98-HDVBrZzYLRCpSdOAFXpo.roa
Signing time: Thu 02 Jan 2025 13:49:25 +0000
ROA not before: Thu 02 Jan 2025 13:49:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58329
IP address blocks: 31.214.157.0/24 maxlen: 24
79.132.128.0/24 maxlen: 24
79.132.129.0/24 maxlen: 24
79.132.132.0/24 maxlen: 24
79.132.133.0/24 maxlen: 24
185.158.249.0/24 maxlen: 24
193.242.210.0/23 maxlen: 23
194.76.225.0/24 maxlen: 24
2001:67c:2ae8::/48 maxlen: 48
2a0b:7140:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 16:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:36:57:21:04:de:19:07:af:e9:79:0c:9d:58:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
Validity
Not Before: Jan 2 13:49:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f65c0bf7cf870d506b67360b442a5274e0055e9a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:fd:03:45:83:c8:bd:71:8c:45:99:97:86:26:
df:30:1c:e3:9b:f7:16:a3:6a:6b:1e:b9:3f:38:b9:
63:d7:8f:12:e7:ca:bb:90:70:2f:37:59:e2:03:08:
c1:54:9f:a8:ee:7d:4f:92:39:14:c0:7c:94:6d:ad:
4b:e1:f6:52:6c:56:ed:9b:fd:90:64:cc:0a:66:43:
b7:d5:d9:55:2d:f0:e8:71:71:57:b5:1a:42:85:82:
4c:e2:24:6c:b5:2c:bd:6b:15:45:3f:7a:44:44:de:
19:88:aa:2f:d0:d9:40:89:f2:36:fc:df:11:d4:4f:
67:cd:78:49:f3:ff:d0:a9:0a:50:a8:e8:6e:aa:a0:
bb:f5:7e:aa:32:85:87:5a:a7:fb:de:3b:bb:27:67:
e5:08:bf:78:bc:46:a0:33:ae:69:cf:f9:6a:03:45:
b7:f5:ad:0c:cc:7f:30:89:e9:d4:6b:a6:2d:1c:63:
af:0c:a9:bf:56:ca:b6:63:a4:fc:d6:50:f5:7f:2a:
a3:d3:65:21:77:55:4e:29:fc:e9:82:6f:3b:96:85:
db:98:23:da:4f:82:97:6b:0f:16:9d:94:02:62:2c:
b8:19:7a:c0:9b:0c:f2:3d:94:7b:d4:aa:d6:41:5a:
62:7f:67:0b:e1:c4:a4:81:34:9f:0c:46:e1:55:98:
04:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:5C:0B:F7:CF:87:0D:50:6B:67:36:0B:44:2A:52:74:E0:05:5E:9A
X509v3 Authority Key Identifier:
keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/9lwL98-HDVBrZzYLRCpSdOAFXpo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.157.0/24
79.132.128.0/23
79.132.132.0/23
185.158.249.0/24
193.242.210.0/23
194.76.225.0/24
IPv6:
2001:67c:2ae8::/48
2a0b:7140:6::/48
Signature Algorithm: sha256WithRSAEncryption
7f:3c:c6:52:38:e5:60:a7:76:6e:80:be:f3:47:30:67:11:ab:
58:0f:f8:01:9f:38:a8:64:dc:09:79:3c:c2:cb:67:55:a3:a7:
82:ff:f7:61:91:6c:ac:d7:56:78:a4:f0:83:55:e0:e2:be:2f:
36:8a:cd:02:49:d0:81:3e:c2:34:5d:1e:7e:5e:04:ce:4a:1e:
e7:f8:29:7f:d1:7a:7e:86:7c:c9:a3:a3:48:5c:c8:0a:01:27:
de:c2:23:99:4f:f5:f9:c2:ce:25:08:25:55:b9:23:a6:9e:e8:
06:e2:db:fd:d8:aa:79:7f:02:48:11:96:c5:b1:e9:13:f8:81:
9f:a9:44:23:a4:c0:60:4a:22:52:58:b7:cc:6a:d6:4b:c1:e2:
95:24:0b:eb:4d:24:d3:97:2d:dd:48:8d:77:d5:44:c1:d9:bc:
fb:0a:6f:14:69:d2:6e:d0:0d:ab:b3:82:28:1f:b2:a3:32:e7:
06:8c:de:6f:a7:ac:44:7c:13:63:3f:f7:98:41:6b:19:5a:da:
0d:83:25:be:04:38:2d:53:68:f1:3b:79:6f:ea:88:30:55:13:
cc:8e:6f:ed:a9:b2:26:b7:78:a6:fe:e3:71:a6:6b:f2:3c:bf:
6c:c9:8f:f4:34:d2:b6:4f:40:67:2c:fb:d1:e1:fe:93:6c:2a:
52:4f:7c:95
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQnRzZXIQTeGQev6XkMnVguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjUwMTAyMTM0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjVjMGJmN2NmODcwZDUwNmI2NzM2MGI0NDJhNTI3NGUwMDU1ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP0DRYPIvXGMRZmXhibfMBzjm/cW
o2prHrk/OLlj148S58q7kHAvN1niAwjBVJ+o7n1PkjkUwHyUba1L4fZSbFbtm/2Q
ZMwKZkO31dlVLfDocXFXtRpChYJM4iRstSy9axVFP3pERN4ZiKov0NlAifI2/N8R
1E9nzXhJ8//QqQpQqOhuqqC79X6qMoWHWqf73ju7J2flCL94vEagM65pz/lqA0W3
9a0MzH8wienUa6YtHGOvDKm/Vsq2Y6T81lD1fyqj02Uhd1VOKfzpgm87loXbmCPa
T4KXaw8WnZQCYiy4GXrAmwzyPZR71KrWQVpif2cL4cSkgTSfDEbhVZgETwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPZcC/fPhw1Qa2c2C0QqUnTgBV6aMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvOWx3TDk4LUhEVkJyWnpZTFJDcFNkT0FGWHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQAH9adAwQB
T4SAAwQBT4SEAwQAuZ75AwQBwfLSAwQAwkzhMBgEAgACMBIDBwAgAQZ8KugDBwAq
C3FAAAYwDQYJKoZIhvcNAQELBQADggEBAH88xlI45WCndm6AvvNHMGcRq1gP+AGf
OKhk3Al5PMLLZ1Wjp4L/92GRbKzXVnik8INV4OK+LzaKzQJJ0IE+wjRdHn5eBM5K
Huf4KX/Ren6GfMmjo0hcyAoBJ97CI5lP9fnCziUIJVW5I6ae6Abi2/3Yqnl/AkgR
lsWx6RP4gZ+pRCOkwGBKIlJYt8xq1kvB4pUkC+tNJNOXLd1IjXfVRMHZvPsKbxRp
0m7QDauzgigfsqMy5waM3m+nrER8E2M/95hBaxla2g2DJb4EOC1TaPE7eW/qiDBV
E8yOb+2psia3eKb+43Gma/I8v2zJj/Q00rZPQGcs+9Hh/pNsKlJPfJU=
-----END CERTIFICATE-----
Generated at Tue Apr 8 01:10:06 2025 by rpki-client