Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/aH3szR6jhr3LKmXFz58P9TMNq1M.roa
File: aH3szR6jhr3LKmXFz58P9TMNq1M.roa (raw, json)
Hash identifier: k2DoDeJi//lnLAIw8oEfwg7P4tlKFybQoCOgJClGVQo=
Subject key identifier: 68:7D:EC:CD:1E:A3:86:BD:CB:2A:65:C5:CF:9F:0F:F5:33:0D:AB:53
Certificate issuer: /CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Certificate serial: 01941FFA2021FA26B24B27D9374A204F9F6F
Authority key identifier: 2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/aH3szR6jhr3LKmXFz58P9TMNq1M.roa
Signing time: Wed 01 Jan 2025 03:47:53 +0000
ROA not before: Wed 01 Jan 2025 03:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41364
IP address blocks: 185.140.168.0/22 maxlen: 22
193.42.134.0/24 maxlen: 24
194.116.72.0/23 maxlen: 23
194.116.74.0/23 maxlen: 23
194.116.76.0/22 maxlen: 24
194.116.80.0/23 maxlen: 23
194.116.82.0/24 maxlen: 24
194.116.83.0/24 maxlen: 24
194.116.84.0/24 maxlen: 24
194.116.85.0/24 maxlen: 24
194.116.86.0/23 maxlen: 23
194.116.88.0/22 maxlen: 22
194.116.92.0/24 maxlen: 24
194.116.93.0/24 maxlen: 24
194.116.94.0/23 maxlen: 23
194.116.100.0/22 maxlen: 24
194.116.100.0/24 maxlen: 24
194.116.101.0/24 maxlen: 24
194.116.102.0/23 maxlen: 23
194.116.106.0/23 maxlen: 23
194.116.108.0/22 maxlen: 22
194.116.112.0/21 maxlen: 21
194.116.120.0/22 maxlen: 22
194.116.124.0/23 maxlen: 23
194.116.126.0/24 maxlen: 24
194.116.127.0/24 maxlen: 24
2a07:1ec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.mft
rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 05:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:20:21:fa:26:b2:4b:27:d9:37:4a:20:4f:9f:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Validity
Not Before: Jan 1 03:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=687deccd1ea386bdcb2a65c5cf9f0ff5330dab53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e0:44:6e:2b:eb:b1:b8:8c:6c:73:a1:30:ce:
89:7a:d1:bd:3c:8b:14:68:2e:aa:05:b4:82:22:0f:
86:58:23:57:e6:5f:76:7d:11:51:a8:15:85:ae:38:
41:05:dd:e5:b2:29:20:d4:5f:d0:cb:23:17:84:78:
68:92:22:5d:67:6a:1b:c3:86:0b:6c:e4:5d:66:6d:
ba:c0:11:05:27:28:0a:a3:49:d7:c5:13:f6:a1:24:
1a:43:ad:3c:88:e1:0a:0b:ee:39:e4:2b:e4:d6:d6:
b7:b7:77:43:17:47:cf:7d:aa:c7:a2:c5:f3:6d:23:
11:7d:bc:04:f6:02:f9:1a:28:7a:3f:8a:52:5a:14:
56:ef:79:4e:94:62:1e:4a:2b:1b:58:c6:37:f7:ca:
42:70:52:b3:c5:fe:2a:6d:49:03:a6:6a:f1:f5:2c:
40:43:e0:f7:3c:e3:25:4b:65:32:de:dc:d3:40:a1:
bd:0a:34:44:7d:5b:c3:3a:fe:e8:e3:6d:f5:d7:7e:
77:31:eb:b2:a5:69:e5:7a:b7:c0:49:37:e1:3b:ce:
a1:b9:e4:69:46:6b:16:ad:be:af:5a:4e:d9:32:be:
e4:c4:8b:14:32:ea:27:e2:cc:b1:97:7b:7f:5d:51:
6f:61:f6:4b:8a:fe:b0:65:ae:e1:fe:e5:05:c3:21:
fb:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:7D:EC:CD:1E:A3:86:BD:CB:2A:65:C5:CF:9F:0F:F5:33:0D:AB:53
X509v3 Authority Key Identifier:
keyid:2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/aH3szR6jhr3LKmXFz58P9TMNq1M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.140.168.0/22
193.42.134.0/24
194.116.72.0-194.116.95.255
194.116.100.0/22
194.116.106.0-194.116.127.255
IPv6:
2a07:1ec0::/29
Signature Algorithm: sha256WithRSAEncryption
07:ea:1b:bd:43:3b:3e:60:0e:df:29:9f:62:41:2d:8d:e6:78:
e5:8e:c5:95:89:0b:c5:0b:70:3f:35:44:e0:ee:9b:60:d1:64:
34:1d:42:ec:99:83:d7:38:6f:4c:ba:28:af:38:22:8e:a1:7d:
14:10:27:94:a5:34:73:f1:57:c5:c7:f3:b9:01:99:bf:d7:73:
5b:98:62:12:46:e1:4a:06:b2:d1:f5:44:f2:95:5f:44:59:6e:
83:8d:fb:ee:48:df:a7:68:c5:00:9e:01:4a:6e:6e:be:67:f4:
8a:b0:c4:6e:a3:93:7d:9d:43:15:c5:a8:f3:34:41:57:fe:0b:
c4:74:45:a7:aa:76:60:0c:9a:a9:25:1a:4c:14:43:0b:5b:31:
1e:d8:7d:bd:5f:d5:fa:56:2f:5f:10:2a:25:be:44:97:3b:4c:
f7:db:99:e9:eb:09:2f:c4:57:e6:55:9e:2a:ff:fe:ed:4d:97:
61:be:4e:ea:34:92:13:ac:01:23:ba:9a:86:71:f4:84:3c:87:
88:26:f8:bd:c8:44:e8:a5:20:4f:a8:7e:63:03:d6:2e:6e:7f:
b5:0f:4f:75:98:98:bc:ae:ce:43:57:25:80:24:43:cb:f6:4f:
be:51:1c:27:14:c5:e0:aa:a6:a1:0e:27:3f:34:d2:2a:c7:71:
f9:f8:4c:f9
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZQf+iAh+iaySyfZN0ogT59vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjODg3MzAyZDFlNzQwZjVmOTg0ODFmYjRiN2E0NjE2OTZi
ZmU1YzEwHhcNMjUwMTAxMDM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdkZWNjZDFlYTM4NmJkY2IyYTY1YzVjZjlmMGZmNTMzMGRhYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOBEbivrsbiMbHOhMM6JetG9PIsU
aC6qBbSCIg+GWCNX5l92fRFRqBWFrjhBBd3lsikg1F/QyyMXhHhokiJdZ2obw4YL
bORdZm26wBEFJygKo0nXxRP2oSQaQ608iOEKC+455Cvk1ta3t3dDF0fPfarHosXz
bSMRfbwE9gL5Gih6P4pSWhRW73lOlGIeSisbWMY398pCcFKzxf4qbUkDpmrx9SxA
Q+D3POMlS2Uy3tzTQKG9CjREfVvDOv7o42311353MeuypWnlerfASTfhO86hueRp
RmsWrb6vWk7ZMr7kxIsUMuon4syxl3t/XVFvYfZLiv6wZa7h/uUFwyH7BQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFGh97M0eo4a9yyplxc+fD/UzDatTMB8GA1UdIwQY
MBaAFCyIcwLR50D1+YSB+0t6RhaWv+XBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQt
YzAyOGQ5MWViYzljLzEvYUgzc3pSNmpocjNMS21YRno1OFA5VE1OcTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQtYzAyOGQ5MWViYzlj
LzEvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTA0BAIAATAuAwQCuYyoAwQA
wSqGMAwDBAPCdEgDBAXCdEADBALCdGQwDAMEAcJ0agMEB8J0ADANBAIAAjAHAwUD
KgcewDANBgkqhkiG9w0BAQsFAAOCAQEAB+obvUM7PmAO3ymfYkEtjeZ45Y7FlYkL
xQtwPzVE4O6bYNFkNB1C7JmD1zhvTLoorzgijqF9FBAnlKU0c/FXxcfzuQGZv9dz
W5hiEkbhSgay0fVE8pVfRFlug4377kjfp2jFAJ4BSm5uvmf0irDEbqOTfZ1DFcWo
8zRBV/4LxHRFp6p2YAyaqSUaTBRDC1sxHth9vV/V+lYvXxAqJb5ElztM99uZ6esJ
L8RX5lWeKv/+7U2XYb5O6jSSE6wBI7qahnH0hDyHiCb4vchE6KUgT6h+YwPWLm5/
tQ9PdZiYvK7OQ1clgCRDy/ZPvlEcJxTF4KqmoQ4nPzTSKsdx+fhM+Q==
-----END CERTIFICATE-----
Generated at Thu Apr 17 12:45:56 2025 by rpki-client