Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/d75869-ae0d-446d-93ed-00a0a328bb73/1/wnJRh-4CUXkPHnOwTdcWOQViBQs.roa
File: wnJRh-4CUXkPHnOwTdcWOQViBQs.roa (raw, json)
Hash identifier: +Cv+ZEGLAnj74mF/vlyspj0D6dG5P9lPHFBp/dI5sxM=
Subject key identifier: C2:72:51:87:EE:02:51:79:0F:1E:73:B0:4D:D7:16:39:05:62:05:0B
Certificate issuer: /CN=fdc1f25ca57f33fd84d26660e82305856d4ff54e
Certificate serial: 0194258FC69DB37BA7C57D20E927DD6A13CE
Authority key identifier: FD:C1:F2:5C:A5:7F:33:FD:84:D2:66:60:E8:23:05:85:6D:4F:F5:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_cHyXKV_M_2E0mZg6CMFhW1P9U4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/d75869-ae0d-446d-93ed-00a0a328bb73/1/wnJRh-4CUXkPHnOwTdcWOQViBQs.roa
Signing time: Thu 02 Jan 2025 05:49:26 +0000
ROA not before: Thu 02 Jan 2025 05:49:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49229
IP address blocks: 89.39.166.0/24 maxlen: 24
91.226.181.0/24 maxlen: 24
185.12.192.0/22 maxlen: 24
185.29.172.0/22 maxlen: 24
185.34.232.0/22 maxlen: 24
195.88.236.0/23 maxlen: 24
2a04:6040::/32 maxlen: 32
2a04:6041::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4b/d75869-ae0d-446d-93ed-00a0a328bb73/1/_cHyXKV_M_2E0mZg6CMFhW1P9U4.crl
rsync://rpki.ripe.net/repository/DEFAULT/4b/d75869-ae0d-446d-93ed-00a0a328bb73/1/_cHyXKV_M_2E0mZg6CMFhW1P9U4.mft
rsync://rpki.ripe.net/repository/DEFAULT/_cHyXKV_M_2E0mZg6CMFhW1P9U4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:c6:9d:b3:7b:a7:c5:7d:20:e9:27:dd:6a:13:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fdc1f25ca57f33fd84d26660e82305856d4ff54e
Validity
Not Before: Jan 2 05:49:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c2725187ee0251790f1e73b04dd716390562050b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:de:08:57:d7:b9:a5:fa:0d:aa:d7:a1:db:4e:
73:1d:8d:0b:cd:ad:a1:b9:3b:2c:d4:77:ac:4e:05:
9e:34:69:d6:28:c3:1b:e3:94:ce:67:91:2d:ed:bc:
1e:56:37:8a:cb:05:45:15:11:73:03:7c:4c:85:54:
67:2a:6f:44:78:21:d2:92:10:cd:dc:75:d8:16:40:
ab:d8:0c:87:34:49:0b:f1:f0:aa:82:8b:10:bc:b0:
19:e2:f8:b7:d2:95:9b:12:46:a8:61:db:06:66:80:
44:e4:46:1c:f2:be:ff:78:e1:0a:fe:02:1b:f9:9d:
d0:55:3a:42:76:88:6f:e5:aa:f7:b7:9b:7f:93:38:
4c:3b:20:86:a4:48:6d:3c:9e:01:9d:c1:e3:86:70:
36:40:7d:37:3c:18:93:4b:22:f2:d9:c5:a9:e8:e7:
5c:fd:f1:78:c4:28:35:15:ae:5d:da:b0:94:82:9c:
47:8b:84:9c:42:17:5b:da:80:4a:3e:8a:c0:48:7e:
f4:b6:70:37:52:af:01:65:49:20:ce:83:2e:13:15:
d2:0b:87:ee:09:1f:f5:cc:99:5e:70:82:c4:f2:7c:
cc:91:df:a8:fd:73:5b:01:30:d5:ea:68:14:cf:db:
a4:4c:e4:97:02:1e:57:e1:2d:13:13:c7:2d:88:c2:
f3:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:72:51:87:EE:02:51:79:0F:1E:73:B0:4D:D7:16:39:05:62:05:0B
X509v3 Authority Key Identifier:
keyid:FD:C1:F2:5C:A5:7F:33:FD:84:D2:66:60:E8:23:05:85:6D:4F:F5:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_cHyXKV_M_2E0mZg6CMFhW1P9U4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/d75869-ae0d-446d-93ed-00a0a328bb73/1/wnJRh-4CUXkPHnOwTdcWOQViBQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/d75869-ae0d-446d-93ed-00a0a328bb73/1/_cHyXKV_M_2E0mZg6CMFhW1P9U4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.166.0/24
91.226.181.0/24
185.12.192.0/22
185.29.172.0/22
185.34.232.0/22
195.88.236.0/23
IPv6:
2a04:6040::/31
Signature Algorithm: sha256WithRSAEncryption
68:bd:af:a9:01:66:d9:a9:b5:fb:ce:db:87:3c:04:a8:9a:fa:
e2:f5:d0:c3:8e:47:82:7c:84:5b:2a:23:0e:15:eb:4d:44:98:
76:2a:bf:6e:03:16:c5:a4:6d:61:b0:4d:f3:73:bb:70:6f:be:
62:ad:49:69:fa:5c:6c:72:77:9a:a6:1b:8e:7e:69:ae:95:86:
9e:7c:e9:11:1f:7f:3b:c3:e5:2b:a7:3a:22:ba:02:4f:d5:a5:
e9:0c:65:11:0a:13:7a:cb:f6:52:80:62:7c:2e:d3:79:94:b8:
f1:30:61:e9:18:b5:d5:c9:6c:0d:28:19:a0:2b:10:c2:fc:e8:
d8:a4:83:fc:a4:82:a5:19:6f:64:53:56:3c:e8:aa:14:ed:b4:
9a:de:cd:1c:42:00:4b:18:ed:bd:24:d8:22:f9:0f:1b:53:a0:
94:24:c4:4c:2c:a1:30:26:a4:61:c8:f2:09:7f:35:ad:27:46:
8f:2b:14:d3:c3:2a:3c:d4:31:5b:c5:86:a0:48:9e:85:36:f8:
67:47:8c:4f:bd:9c:80:88:71:66:ea:e2:66:1f:a9:0f:80:4b:
d9:cf:ae:ad:a1:76:82:b8:d9:a8:db:d3:80:5c:4f:b7:76:9c:
0d:76:30:9b:3e:1b:19:6a:30:74:ef:10:f6:af:fd:6c:ff:68:
ba:1a:eb:9f
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQlj8ads3unxX0g6SfdahPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkYzFmMjVjYTU3ZjMzZmQ4NGQyNjY2MGU4MjMwNTg1NmQ0
ZmY1NGUwHhcNMjUwMTAyMDU0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjcyNTE4N2VlMDI1MTc5MGYxZTczYjA0ZGQ3MTYzOTA1NjIwNTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd4IV9e5pfoNqteh205zHY0Lza2h
uTss1HesTgWeNGnWKMMb45TOZ5Et7bweVjeKywVFFRFzA3xMhVRnKm9EeCHSkhDN
3HXYFkCr2AyHNEkL8fCqgosQvLAZ4vi30pWbEkaoYdsGZoBE5EYc8r7/eOEK/gIb
+Z3QVTpCdohv5ar3t5t/kzhMOyCGpEhtPJ4BncHjhnA2QH03PBiTSyLy2cWp6Odc
/fF4xCg1Fa5d2rCUgpxHi4ScQhdb2oBKPorASH70tnA3Uq8BZUkgzoMuExXSC4fu
CR/1zJlecILE8nzMkd+o/XNbATDV6mgUz9ukTOSXAh5X4S0TE8ctiMLzhwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMJyUYfuAlF5Dx5zsE3XFjkFYgULMB8GA1UdIwQY
MBaAFP3B8lylfzP9hNJmYOgjBYVtT/VOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2NIeVhLVl9NXzJFMG1aZzZDTUZoVzFQOVU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9kNzU4NjktYWUwZC00NDZkLTkzZWQt
MDBhMGEzMjhiYjczLzEvd25KUmgtNENVWGtQSG5Pd1RkY1dPUVZpQlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9kNzU4NjktYWUwZC00NDZkLTkzZWQtMDBhMGEzMjhiYjcz
LzEvX2NIeVhLVl9NXzJFMG1aZzZDTUZoVzFQOVU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAWSemAwQA
W+K1AwQCuQzAAwQCuR2sAwQCuSLoAwQBw1jsMA0EAgACMAcDBQEqBGBAMA0GCSqG
SIb3DQEBCwUAA4IBAQBova+pAWbZqbX7ztuHPASomvri9dDDjkeCfIRbKiMOFetN
RJh2Kr9uAxbFpG1hsE3zc7twb75irUlp+lxscneaphuOfmmulYaefOkRH387w+Ur
pzoiugJP1aXpDGURChN6y/ZSgGJ8LtN5lLjxMGHpGLXVyWwNKBmgKxDC/OjYpIP8
pIKlGW9kU1Y86KoU7bSa3s0cQgBLGO29JNgi+Q8bU6CUJMRMLKEwJqRhyPIJfzWt
J0aPKxTTwyo81DFbxYagSJ6FNvhnR4xPvZyAiHFm6uJmH6kPgEvZz66toXaCuNmo
29OAXE+3dpwNdjCbPhsZajB07xD2r/1s/2i6Guuf
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:55:36 2025 by rpki-client