Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/cdMOuRF7uOMr3eiWtLluBITicTo.roa
File: cdMOuRF7uOMr3eiWtLluBITicTo.roa (raw, json)
Hash identifier: 2zf3i/TaVgEDUbWisH1c3bo8xEvWjGA35Bw+WbjbFqQ=
Subject key identifier: 71:D3:0E:B9:11:7B:B8:E3:2B:DD:E8:96:B4:B9:6E:04:84:E2:71:3A
Certificate issuer: /CN=a2893a4b284acb5d8a4164289045492109511688
Certificate serial: 019423D7DA8D72D825A5FCB7CEBC3AFB0AB7
Authority key identifier: A2:89:3A:4B:28:4A:CB:5D:8A:41:64:28:90:45:49:21:09:51:16:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ook6SyhKy12KQWQokEVJIQlRFog.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/cdMOuRF7uOMr3eiWtLluBITicTo.roa
Signing time: Wed 01 Jan 2025 21:48:56 +0000
ROA not before: Wed 01 Jan 2025 21:48:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 45.67.100.0/22 maxlen: 24
45.87.168.0/22 maxlen: 24
95.214.136.0/22 maxlen: 24
185.25.156.0/22 maxlen: 24
185.25.157.0/24 maxlen: 24
185.25.158.0/24 maxlen: 24
185.25.159.0/24 maxlen: 24
185.175.160.0/22 maxlen: 24
185.182.240.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/ook6SyhKy12KQWQokEVJIQlRFog.crl
rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/ook6SyhKy12KQWQokEVJIQlRFog.mft
rsync://rpki.ripe.net/repository/DEFAULT/ook6SyhKy12KQWQokEVJIQlRFog.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:da:8d:72:d8:25:a5:fc:b7:ce:bc:3a:fb:0a:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a2893a4b284acb5d8a4164289045492109511688
Validity
Not Before: Jan 1 21:48:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71d30eb9117bb8e32bdde896b4b96e0484e2713a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f2:53:a5:7f:e5:51:7b:1f:f9:ef:ed:3f:e1:
da:5d:21:a0:32:f3:5c:61:a2:4b:b8:dd:7d:3e:14:
c0:32:63:ed:e4:32:df:d7:a7:b3:af:3b:5a:d7:1a:
0d:28:d0:e2:ae:91:24:b7:02:ad:26:33:c9:7e:be:
d1:97:2f:46:93:e2:f4:f8:e9:1f:35:03:bc:e0:5e:
14:1a:5e:3b:71:65:47:f6:3e:39:ff:0d:76:24:6a:
e5:24:8b:0b:9b:6b:19:75:4e:99:da:df:06:4d:fd:
a4:a0:d7:3c:32:c6:f5:a3:35:02:64:68:88:e8:a9:
a1:a7:70:06:29:22:61:55:5e:75:90:12:ba:ed:22:
35:6d:78:59:1a:8a:27:68:84:6e:bb:07:3d:25:f5:
bc:c2:c0:c6:48:07:e6:e7:41:6b:de:3b:80:30:82:
1a:9d:f4:17:87:0a:e8:42:b7:69:de:2e:27:f2:74:
81:ff:04:91:08:48:02:59:f8:f6:49:41:9b:10:30:
d4:17:fd:3f:0f:b0:af:a4:06:96:c7:f9:14:90:f7:
1c:84:ee:f9:5e:75:4f:26:d8:65:41:c5:93:2b:d9:
77:f5:61:af:fb:68:5e:e1:64:a1:fd:e8:1b:8f:9a:
07:55:cd:e1:38:e0:66:cb:5a:96:b7:29:44:66:86:
36:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:D3:0E:B9:11:7B:B8:E3:2B:DD:E8:96:B4:B9:6E:04:84:E2:71:3A
X509v3 Authority Key Identifier:
keyid:A2:89:3A:4B:28:4A:CB:5D:8A:41:64:28:90:45:49:21:09:51:16:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ook6SyhKy12KQWQokEVJIQlRFog.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/cdMOuRF7uOMr3eiWtLluBITicTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b487ab-5e31-4117-ada8-a5d3cb918206/1/ook6SyhKy12KQWQokEVJIQlRFog.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.100.0/22
45.87.168.0/22
95.214.136.0/22
185.25.156.0/22
185.175.160.0/22
185.182.240.0/22
Signature Algorithm: sha256WithRSAEncryption
b0:1b:c0:da:b0:ca:2a:97:57:8c:17:86:ba:55:66:5b:9c:33:
67:ba:ad:78:80:06:f0:d1:97:51:79:25:d6:e5:48:2b:79:aa:
ae:de:df:ae:78:12:57:3d:e1:ca:59:5d:44:0c:6a:94:8b:00:
dd:45:8d:da:b8:49:15:f3:e6:59:0c:f0:0b:b4:2d:5a:ba:67:
8d:de:ae:5c:56:bd:aa:ba:54:89:92:16:ad:1c:8c:83:d0:e6:
e7:dd:f9:45:45:ad:37:6d:86:84:53:e2:4d:3f:a2:fa:f5:a2:
df:d9:48:61:16:3b:e1:55:cd:62:0f:4f:d7:a1:14:8b:3b:60:
39:62:d0:f6:3d:7a:d4:89:f1:a2:b2:44:06:a5:ec:c7:41:d0:
88:80:29:a7:c6:2b:4c:dc:1b:d7:b5:5d:c5:b6:df:c8:27:60:
14:82:77:f9:4f:f5:d5:3b:49:28:a2:f7:88:8a:53:ab:04:d8:
e2:10:bc:e6:5a:bd:d9:a1:f3:d2:17:af:6a:7a:43:58:46:79:
99:a6:1d:29:81:11:9f:a8:de:78:89:4a:0e:ee:75:9b:20:62:
5e:11:bf:a4:d8:77:08:b2:4a:43:38:04:86:00:0c:61:21:86:
f4:d5:a8:ba:9e:0e:56:3b:31:73:c5:2e:1d:1d:ad:16:31:87:
8a:22:2c:cc
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQj19qNctglpfy3zrw6+wq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyODkzYTRiMjg0YWNiNWQ4YTQxNjQyODkwNDU0OTIxMDk1
MTE2ODgwHhcNMjUwMTAxMjE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQzMGViOTExN2JiOGUzMmJkZGU4OTZiNGI5NmUwNDg0ZTI3MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/JTpX/lUXsf+e/tP+HaXSGgMvNc
YaJLuN19PhTAMmPt5DLf16ezrzta1xoNKNDirpEktwKtJjPJfr7Rly9Gk+L0+Okf
NQO84F4UGl47cWVH9j45/w12JGrlJIsLm2sZdU6Z2t8GTf2koNc8Msb1ozUCZGiI
6Kmhp3AGKSJhVV51kBK67SI1bXhZGoonaIRuuwc9JfW8wsDGSAfm50Fr3juAMIIa
nfQXhwroQrdp3i4n8nSB/wSRCEgCWfj2SUGbEDDUF/0/D7CvpAaWx/kUkPcchO75
XnVPJthlQcWTK9l39WGv+2he4WSh/egbj5oHVc3hOOBmy1qWtylEZoY2nQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHHTDrkRe7jjK93olrS5bgSE4nE6MB8GA1UdIwQY
MBaAFKKJOksoSstdikFkKJBFSSEJURaIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb29rNlN5aEt5MTJLUVdRb2tFVkpJUWxSRm9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iNDg3YWItNWUzMS00MTE3LWFkYTgt
YTVkM2NiOTE4MjA2LzEvY2RNT3VSRjd1T01yM2VpV3RMbHVCSVRpY1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iNDg3YWItNWUzMS00MTE3LWFkYTgtYTVkM2NiOTE4MjA2
LzEvb29rNlN5aEt5MTJLUVdRb2tFVkpJUWxSRm9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCLUNkAwQC
LVeoAwQCX9aIAwQCuRmcAwQCua+gAwQCubbwMA0GCSqGSIb3DQEBCwUAA4IBAQCw
G8DasMoql1eMF4a6VWZbnDNnuq14gAbw0ZdReSXW5Ugreaqu3t+ueBJXPeHKWV1E
DGqUiwDdRY3auEkV8+ZZDPALtC1aumeN3q5cVr2qulSJkhatHIyD0Obn3flFRa03
bYaEU+JNP6L69aLf2UhhFjvhVc1iD0/XoRSLO2A5YtD2PXrUifGiskQGpezHQdCI
gCmnxitM3BvXtV3Ftt/IJ2AUgnf5T/XVO0kooveIilOrBNjiELzmWr3ZofPSF69q
ekNYRnmZph0pgRGfqN54iUoO7nWbIGJeEb+k2HcIskpDOASGAAxhIYb01ai6ng5W
OzFzxS4dHa0WMYeKIizM
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:59:53 2025 by rpki-client