Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/aJfMXR0KgD85hp2B5m_o11nFhQY.roa
File: aJfMXR0KgD85hp2B5m_o11nFhQY.roa (raw, json)
Hash identifier: KbbBuzotL/jgzy+EpOCalbhLtTBDf/lVI3VgkQVW38s=
Subject key identifier: 68:97:CC:5D:1D:0A:80:3F:39:86:9D:81:E6:6F:E8:D7:59:C5:85:06
Certificate issuer: /CN=a3e6e823f6dda67d283a9f41a72909906ac9a837
Certificate serial: 019424452F6484AB1DFB60B3CDC396E951FD
Authority key identifier: A3:E6:E8:23:F6:DD:A6:7D:28:3A:9F:41:A7:29:09:90:6A:C9:A8:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/aJfMXR0KgD85hp2B5m_o11nFhQY.roa
Signing time: Wed 01 Jan 2025 23:48:21 +0000
ROA not before: Wed 01 Jan 2025 23:48:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44124
IP address blocks: 78.31.136.0/21 maxlen: 21
79.124.96.0/19 maxlen: 24
81.161.104.0/22 maxlen: 22
185.34.236.0/22 maxlen: 24
193.189.116.0/23 maxlen: 23
195.20.218.0/23 maxlen: 23
195.225.244.0/22 maxlen: 22
2a03:6600::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.crl
rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.mft
rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 17:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:2f:64:84:ab:1d:fb:60:b3:cd:c3:96:e9:51:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3e6e823f6dda67d283a9f41a72909906ac9a837
Validity
Not Before: Jan 1 23:48:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6897cc5d1d0a803f39869d81e66fe8d759c58506
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a9:6d:52:16:db:24:e8:c2:7d:08:46:7a:2a:
72:15:67:62:ae:c3:2e:19:e0:36:90:0b:00:a6:0c:
3b:27:8f:e1:b0:c5:0c:6d:b9:1c:ac:ab:37:a3:08:
a3:bf:9a:93:84:37:23:f8:6c:f8:7e:90:86:65:ef:
d8:20:57:05:fa:bc:c0:b6:d5:af:16:e8:e0:06:64:
3f:76:fb:b2:88:33:d9:e2:0d:9d:43:0e:a6:61:5e:
da:6f:d0:08:c8:9a:27:f0:cc:fc:77:e5:5a:1a:68:
0d:46:45:15:bf:5b:e4:3a:b4:5a:53:07:13:ad:fd:
8b:2f:2a:47:f1:74:e5:17:4a:3b:0a:91:79:ce:a9:
f2:96:6f:bd:57:28:7c:b1:61:81:6e:f0:56:dd:09:
64:6f:fe:d2:f8:e2:85:86:6f:ad:e9:56:58:57:86:
a4:70:4d:e9:24:60:63:02:5b:a3:43:6e:a6:fe:d0:
76:f5:f0:9a:69:fa:c2:89:46:53:45:67:c5:ba:35:
f0:a3:3a:3a:31:e0:e8:f4:07:7c:c0:fc:08:c3:c1:
a2:ce:34:6b:06:b5:38:bd:d7:24:45:c2:30:18:67:
28:7e:9a:97:e8:8a:b0:77:66:36:05:24:6d:08:a9:
ac:eb:7d:f0:66:98:50:22:1d:af:e8:ad:64:ef:cb:
c8:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:97:CC:5D:1D:0A:80:3F:39:86:9D:81:E6:6F:E8:D7:59:C5:85:06
X509v3 Authority Key Identifier:
keyid:A3:E6:E8:23:F6:DD:A6:7D:28:3A:9F:41:A7:29:09:90:6A:C9:A8:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/aJfMXR0KgD85hp2B5m_o11nFhQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.31.136.0/21
79.124.96.0/19
81.161.104.0/22
185.34.236.0/22
193.189.116.0/23
195.20.218.0/23
195.225.244.0/22
IPv6:
2a03:6600::/32
Signature Algorithm: sha256WithRSAEncryption
34:47:cc:6e:ae:6f:7f:72:ab:cb:35:e4:a6:a6:c6:c3:f7:ba:
3b:cc:9c:7f:c7:4c:f7:ec:64:e6:10:cf:a9:63:cd:3b:91:5d:
a8:74:21:27:da:f6:92:d3:18:a0:f3:5c:ad:f8:4b:61:ad:fe:
a8:28:51:58:3c:ad:d4:40:fa:69:95:19:5f:0e:dd:2d:b1:5e:
d2:0d:a5:54:a8:13:0f:61:eb:31:fe:4c:78:fb:63:64:b7:68:
d6:fb:19:70:38:59:e7:38:5f:07:a7:fd:c1:dd:a0:86:16:11:
1b:c4:ea:a9:88:eb:7e:47:f2:eb:66:d1:2d:b4:85:87:94:8d:
16:85:d3:eb:24:77:2a:6e:72:50:b5:67:88:06:e7:32:e3:62:
0d:f1:15:15:4a:7d:ad:44:c4:07:54:db:67:80:a3:6d:c2:d6:
6d:ea:6e:bd:b8:4b:73:f9:9c:9b:ca:56:ba:26:aa:5e:a3:2e:
63:b2:b5:11:30:1d:01:28:16:69:0c:3c:da:db:fb:f0:e3:94:
75:43:83:bb:3d:25:57:21:9b:ea:99:fa:1e:c4:6e:e7:bf:95:
88:2a:01:f1:f3:ab:b9:c8:b1:38:10:78:c3:e0:2c:83:d2:67:
55:65:fb:68:95:5b:5d:3e:52:cb:54:6b:5f:14:c0:57:f6:ba:
0b:32:00:f8
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQkRS9khKsd+2CzzcOW6VH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTZlODIzZjZkZGE2N2QyODNhOWY0MWE3MjkwOTkwNmFj
OWE4MzcwHhcNMjUwMTAxMjM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODk3Y2M1ZDFkMGE4MDNmMzk4NjlkODFlNjZmZThkNzU5YzU4NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6ltUhbbJOjCfQhGeipyFWdirsMu
GeA2kAsApgw7J4/hsMUMbbkcrKs3owijv5qThDcj+Gz4fpCGZe/YIFcF+rzAttWv
FujgBmQ/dvuyiDPZ4g2dQw6mYV7ab9AIyJon8Mz8d+VaGmgNRkUVv1vkOrRaUwcT
rf2LLypH8XTlF0o7CpF5zqnylm+9Vyh8sWGBbvBW3Qlkb/7S+OKFhm+t6VZYV4ak
cE3pJGBjAlujQ26m/tB29fCaafrCiUZTRWfFujXwozo6MeDo9Ad8wPwIw8GizjRr
BrU4vdckRcIwGGcofpqX6Iqwd2Y2BSRtCKms633wZphQIh2v6K1k78vIzQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFGiXzF0dCoA/OYadgeZv6NdZxYUGMB8GA1UdIwQY
MBaAFKPm6CP23aZ9KDqfQacpCZBqyag3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1ib0lfYmRwbjBvT3A5QnB5a0prR3JKcURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8xOGExYmMtOTY3Yy00OTMxLTg1YjUt
MDBmMDBhZjFjOGQ3LzEvYUpmTVhSMEtnRDg1aHAyQjVtX28xMW5GaFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8xOGExYmMtOTY3Yy00OTMxLTg1YjUtMDBmMDBhZjFjOGQ3
LzEvby1ib0lfYmRwbjBvT3A5QnB5a0prR3JKcURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDTh+IAwQF
T3xgAwQCUaFoAwQCuSLsAwQBwb10AwQBwxTaAwQCw+H0MA0EAgACMAcDBQAqA2YA
MA0GCSqGSIb3DQEBCwUAA4IBAQA0R8xurm9/cqvLNeSmpsbD97o7zJx/x0z37GTm
EM+pY807kV2odCEn2vaS0xig81yt+Ethrf6oKFFYPK3UQPpplRlfDt0tsV7SDaVU
qBMPYesx/kx4+2Nkt2jW+xlwOFnnOF8Hp/3B3aCGFhEbxOqpiOt+R/LrZtEttIWH
lI0WhdPrJHcqbnJQtWeIBucy42IN8RUVSn2tRMQHVNtngKNtwtZt6m69uEtz+Zyb
yla6Jqpeoy5jsrURMB0BKBZpDDza2/vw45R1Q4O7PSVXIZvqmfoexG7nv5WIKgHx
86u5yLE4EHjD4CyD0mdVZftolVtdPlLLVGtfFMBX9roLMgD4
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:37:17 2025 by rpki-client