Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/PmeI5MIhQ4wxSrPUPOIOQ9Ubvnk.roa
File: PmeI5MIhQ4wxSrPUPOIOQ9Ubvnk.roa (raw, json)
Hash identifier: W6jZRl9BSEjjkm486LLqed9ed+xxHLYMlqc3sRgCALQ=
Subject key identifier: 3E:67:88:E4:C2:21:43:8C:31:4A:B3:D4:3C:E2:0E:43:D5:1B:BE:79
Certificate issuer: /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial: 0194266BF370558D65548166E0E6DD80B658
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/PmeI5MIhQ4wxSrPUPOIOQ9Ubvnk.roa
Signing time: Thu 02 Jan 2025 09:49:56 +0000
ROA not before: Thu 02 Jan 2025 09:49:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43811
IP address blocks: 31.193.192.0/24 maxlen: 24
31.193.193.0/24 maxlen: 24
31.193.194.0/24 maxlen: 24
31.193.195.0/24 maxlen: 24
31.193.196.0/24 maxlen: 24
31.193.197.0/24 maxlen: 24
31.193.198.0/24 maxlen: 24
31.193.199.0/24 maxlen: 24
81.7.105.0/24 maxlen: 24
81.7.106.0/24 maxlen: 24
81.7.107.0/24 maxlen: 24
81.7.114.0/24 maxlen: 24
81.7.115.0/24 maxlen: 24
82.135.132.0/24 maxlen: 24
82.135.133.0/24 maxlen: 24
82.135.217.0/24 maxlen: 24
82.135.218.0/24 maxlen: 24
85.206.140.0/24 maxlen: 24
85.206.141.0/24 maxlen: 24
85.206.142.0/24 maxlen: 24
85.206.143.0/24 maxlen: 24
85.206.148.0/22 maxlen: 22
88.118.143.0/24 maxlen: 24
88.119.180.0/24 maxlen: 24
88.119.181.0/24 maxlen: 24
88.119.220.0/24 maxlen: 24
88.119.221.0/24 maxlen: 24
88.119.222.0/24 maxlen: 24
88.119.246.0/24 maxlen: 24
92.61.32.0/20 maxlen: 32
185.3.228.0/24 maxlen: 24
185.3.229.0/24 maxlen: 24
185.3.230.0/24 maxlen: 24
185.3.231.0/24 maxlen: 24
193.105.146.0/24 maxlen: 24
193.200.124.0/24 maxlen: 24
193.200.125.0/24 maxlen: 24
194.176.32.0/24 maxlen: 24
194.176.33.0/24 maxlen: 24
194.176.35.0/24 maxlen: 24
194.176.36.0/24 maxlen: 24
194.176.54.0/23 maxlen: 23
195.12.180.0/24 maxlen: 24
212.47.123.0/24 maxlen: 24
2a00:1eb8:c004::/48 maxlen: 48
2a02:118:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 03:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:f3:70:55:8d:65:54:81:66:e0:e6:dd:80:b6:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
Validity
Not Before: Jan 2 09:49:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3e6788e4c221438c314ab3d43ce20e43d51bbe79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b6:02:14:d1:12:28:b8:b1:32:6a:08:20:60:
d2:71:34:db:72:28:08:2f:1d:a2:5e:b0:c3:50:30:
4a:e6:ef:b1:09:41:39:58:35:9c:86:bb:6c:72:ab:
67:d3:3f:b4:53:0a:13:53:69:1a:fa:13:3a:00:de:
ce:5c:a0:72:86:8c:bb:a1:9a:4a:39:dd:32:a8:04:
69:aa:65:84:0e:6a:ac:84:61:d5:0e:c7:63:cf:14:
c1:06:a5:7b:e0:8b:72:c8:3f:0f:75:f4:a9:91:f5:
40:0f:e3:1e:30:8e:b4:3b:cc:f0:8d:4c:f2:85:3d:
37:4a:26:3d:7f:7e:ad:e9:b4:ae:d6:74:c9:91:51:
c0:f9:4b:62:17:3d:56:0b:14:c1:2c:4d:f2:0e:a3:
40:96:59:7c:84:74:3b:95:01:3f:b0:26:8b:e3:03:
3f:3d:9d:51:bc:16:63:11:a5:47:4c:10:b6:f3:52:
39:39:7f:67:2c:08:7d:ac:34:6f:05:bd:51:56:a8:
57:45:ec:7d:8b:dd:56:ad:fb:6f:b3:cf:fc:97:c0:
d5:e4:54:6f:a5:37:ee:d8:d1:56:36:e8:b4:33:ca:
db:9e:05:49:79:38:1e:14:c7:05:b9:96:a9:0b:7a:
63:60:a4:9e:18:28:70:db:07:85:21:d5:20:9d:f2:
b9:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:67:88:E4:C2:21:43:8C:31:4A:B3:D4:3C:E2:0E:43:D5:1B:BE:79
X509v3 Authority Key Identifier:
keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/PmeI5MIhQ4wxSrPUPOIOQ9Ubvnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.192.0/21
81.7.105.0-81.7.107.255
81.7.114.0/23
82.135.132.0/23
82.135.217.0-82.135.218.255
85.206.140.0/22
85.206.148.0/22
88.118.143.0/24
88.119.180.0/23
88.119.220.0-88.119.222.255
88.119.246.0/24
92.61.32.0/20
185.3.228.0/22
193.105.146.0/24
193.200.124.0/23
194.176.32.0/23
194.176.35.0-194.176.36.255
194.176.54.0/23
195.12.180.0/24
212.47.123.0/24
IPv6:
2a00:1eb8:c004::/48
2a02:118:2::/48
Signature Algorithm: sha256WithRSAEncryption
08:67:ac:89:1f:eb:74:f7:17:6a:b3:15:5d:22:78:c5:3c:28:
28:c0:8f:2f:67:c0:ef:e2:57:b6:22:25:cb:9f:fc:55:7c:56:
29:ba:db:ce:3e:c9:34:59:04:15:7c:ff:a7:cd:1c:30:ca:08:
51:dd:f9:06:cf:a3:3b:08:ed:71:9b:db:8c:22:16:3e:fb:59:
b9:5d:0f:85:b8:58:fe:29:39:0f:b1:ac:6a:39:0f:45:cc:b6:
65:68:0d:00:80:76:0a:34:5f:ea:ef:cc:69:05:5f:b9:30:43:
dd:5d:61:40:f7:2f:c6:bb:36:c8:e4:52:aa:3b:a9:03:ae:e5:
8f:0f:96:94:bf:40:83:b3:8f:ab:6b:94:0e:61:73:41:dd:fb:
e7:e7:5e:13:ce:dc:ac:28:98:e5:67:9e:d1:95:a8:e2:dd:c7:
b7:40:4d:13:93:f1:1b:4f:26:8d:91:74:af:85:b9:a3:f4:3a:
de:85:2a:bd:9d:f5:93:98:f8:8d:9f:3c:fa:c8:b3:54:0a:f2:
f0:7b:f2:64:17:2a:ba:e8:5f:0d:8e:29:1b:21:c6:0f:eb:1e:
36:68:43:5f:ab:2a:92:e4:46:f5:32:18:7a:2e:40:97:da:5d:
b9:7c:75:1c:68:40:26:6f:6e:13:87:8d:18:e9:f4:1b:ff:cf:
28:a1:e9:00
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAZQma/NwVY1lVIFm4ObdgLZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjUwMTAyMDk0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTY3ODhlNGMyMjE0MzhjMzE0YWIzZDQzY2UyMGU0M2Q1MWJiZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7YCFNESKLixMmoIIGDScTTbcigI
Lx2iXrDDUDBK5u+xCUE5WDWchrtscqtn0z+0UwoTU2ka+hM6AN7OXKByhoy7oZpK
Od0yqARpqmWEDmqshGHVDsdjzxTBBqV74ItyyD8PdfSpkfVAD+MeMI60O8zwjUzy
hT03SiY9f36t6bSu1nTJkVHA+UtiFz1WCxTBLE3yDqNAlll8hHQ7lQE/sCaL4wM/
PZ1RvBZjEaVHTBC281I5OX9nLAh9rDRvBb1RVqhXRex9i91Wrftvs8/8l8DV5FRv
pTfu2NFWNui0M8rbngVJeTgeFMcFuZapC3pjYKSeGChw2weFIdUgnfK5pQIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFD5niOTCIUOMMUqz1DziDkPVG755MB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL1BtZUk1TUloUTR3eFNyUFVQT0lPUTlVYnZuay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgc8GCCsGAQUFBwEHAQH/BIG/MIG8MIGfBAIAATCBmAME
Ax/BwDAMAwQAUQdpAwQCUQdoAwQBUQdyAwQBUoeEMAwDBABSh9kDBABSh9oDBAJV
zowDBAJVzpQDBABYdo8DBAFYd7QwDAMEAlh33AMEAFh33gMEAFh39gMEBFw9IAME
ArkD5AMEAMFpkgMEAcHIfAMEAcKwIDAMAwQAwrAjAwQAwrAkAwQBwrA2AwQAwwy0
AwQA1C97MBgEAgACMBIDBwAqAB64wAQDBwAqAgEYAAIwDQYJKoZIhvcNAQELBQAD
ggEBAAhnrIkf63T3F2qzFV0ieMU8KCjAjy9nwO/iV7YiJcuf/FV8Vim6284+yTRZ
BBV8/6fNHDDKCFHd+QbPozsI7XGb24wiFj77WbldD4W4WP4pOQ+xrGo5D0XMtmVo
DQCAdgo0X+rvzGkFX7kwQ91dYUD3L8a7NsjkUqo7qQOu5Y8PlpS/QIOzj6trlA5h
c0Hd++fnXhPO3KwomOVnntGVqOLdx7dATROT8RtPJo2RdK+FuaP0Ot6FKr2d9ZOY
+I2fPPrIs1QK8vB78mQXKrroXw2OKRshxg/rHjZoQ1+rKpLkRvUyGHouQJfaXbl8
dRxoQCZvbhOHjRjp9Bv/zyih6QA=
-----END CERTIFICATE-----
Generated at Sun Apr 13 11:44:10 2025 by rpki-client