Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/fd6069-4179-45be-b82a-af3f794ae607/1/GLfBevz3wo4dWS7xfj6ER67qM3I.roa
File: GLfBevz3wo4dWS7xfj6ER67qM3I.roa (raw, json)
Hash identifier: q4r6hj69iY9YNJGXRxob1aI8UDhv8Z84d+2MRw6HY98=
Subject key identifier: 18:B7:C1:7A:FC:F7:C2:8E:1D:59:2E:F1:7E:3E:84:47:AE:EA:33:72
Certificate issuer: /CN=af121cd6e11da095f856d79deec469d0c6358494
Certificate serial: 01942445917D944A7466CB1FC915DE85283C
Authority key identifier: AF:12:1C:D6:E1:1D:A0:95:F8:56:D7:9D:EE:C4:69:D0:C6:35:84:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rxIc1uEdoJX4Vted7sRp0MY1hJQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/fd6069-4179-45be-b82a-af3f794ae607/1/GLfBevz3wo4dWS7xfj6ER67qM3I.roa
Signing time: Wed 01 Jan 2025 23:48:46 +0000
ROA not before: Wed 01 Jan 2025 23:48:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 85.187.128.0/19 maxlen: 24
114.129.128.0/19 maxlen: 24
185.52.148.0/22 maxlen: 24
185.62.136.0/22 maxlen: 24
185.132.4.0/22 maxlen: 24
185.133.20.0/22 maxlen: 24
185.141.188.0/22 maxlen: 24
185.143.44.0/22 maxlen: 24
185.146.20.0/22 maxlen: 24
185.146.28.0/22 maxlen: 24
185.148.44.0/22 maxlen: 24
185.148.128.0/22 maxlen: 24
185.149.112.0/22 maxlen: 24
185.151.48.0/22 maxlen: 24
185.160.65.0/24 maxlen: 24
185.160.66.0/23 maxlen: 24
185.166.145.0/24 maxlen: 24
185.166.146.0/23 maxlen: 24
185.168.108.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4f/fd6069-4179-45be-b82a-af3f794ae607/1/rxIc1uEdoJX4Vted7sRp0MY1hJQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/4f/fd6069-4179-45be-b82a-af3f794ae607/1/rxIc1uEdoJX4Vted7sRp0MY1hJQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/rxIc1uEdoJX4Vted7sRp0MY1hJQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 08:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:91:7d:94:4a:74:66:cb:1f:c9:15:de:85:28:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af121cd6e11da095f856d79deec469d0c6358494
Validity
Not Before: Jan 1 23:48:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=18b7c17afcf7c28e1d592ef17e3e8447aeea3372
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:07:75:34:2a:b7:40:15:96:fa:20:64:04:2a:
cf:e3:8c:de:38:60:1e:3e:51:b0:ed:36:8a:c8:5d:
c3:d1:db:37:78:91:31:45:80:de:9f:9f:c3:4d:3a:
70:27:fd:2c:0c:ec:db:6d:33:13:bf:fb:0a:a9:c8:
b6:38:51:0e:36:53:6e:85:fc:2c:87:0b:10:36:d2:
38:77:08:d2:46:35:e0:56:db:03:18:16:0e:72:69:
45:f3:35:1d:00:ba:77:8e:31:3b:42:cb:29:19:a5:
61:2b:3f:1a:d1:5b:4e:e4:6e:01:a1:9f:45:66:4c:
86:12:ac:b3:aa:79:ba:3d:fd:af:54:5a:a7:44:fc:
8b:19:6c:46:a7:4e:47:5a:60:8d:4d:00:73:79:78:
ec:e6:c0:97:41:5a:40:24:46:fe:ae:07:10:38:93:
6a:c8:3f:5f:a4:d8:5a:c7:b2:ff:29:7c:46:32:1e:
93:64:de:45:d9:50:ab:65:25:74:b0:ec:a6:8b:d4:
fa:54:09:a6:d7:63:c2:9e:77:e9:78:a7:a2:dc:70:
5f:4b:39:24:0f:a5:da:91:d5:4b:a2:77:66:e5:c0:
7c:70:ca:fb:be:13:e2:93:7f:3a:8e:bb:82:f1:d4:
28:7a:1b:1e:f8:ad:0b:82:d2:0a:62:4d:c0:7b:1d:
a1:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:B7:C1:7A:FC:F7:C2:8E:1D:59:2E:F1:7E:3E:84:47:AE:EA:33:72
X509v3 Authority Key Identifier:
keyid:AF:12:1C:D6:E1:1D:A0:95:F8:56:D7:9D:EE:C4:69:D0:C6:35:84:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rxIc1uEdoJX4Vted7sRp0MY1hJQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/fd6069-4179-45be-b82a-af3f794ae607/1/GLfBevz3wo4dWS7xfj6ER67qM3I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/fd6069-4179-45be-b82a-af3f794ae607/1/rxIc1uEdoJX4Vted7sRp0MY1hJQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.187.128.0/19
114.129.128.0/19
185.52.148.0/22
185.62.136.0/22
185.132.4.0/22
185.133.20.0/22
185.141.188.0/22
185.143.44.0/22
185.146.20.0/22
185.146.28.0/22
185.148.44.0/22
185.148.128.0/22
185.149.112.0/22
185.151.48.0/22
185.160.65.0-185.160.67.255
185.166.145.0-185.166.147.255
185.168.108.0/22
Signature Algorithm: sha256WithRSAEncryption
a3:84:e4:fa:d9:23:3b:c5:14:f5:01:0f:b3:0d:9d:4b:d4:ca:
25:fb:06:91:28:1b:49:ee:b9:f4:9b:d2:56:08:c6:de:ba:eb:
93:65:e4:2c:74:9b:57:e3:86:3c:f7:f1:2b:56:76:ab:6c:43:
03:36:2c:3b:ff:0a:ba:4e:09:37:c4:51:c2:c7:43:35:0d:60:
86:5f:7f:f8:4c:c2:66:6b:be:b7:be:90:b8:d9:92:e2:52:28:
47:90:35:6f:94:e4:47:a4:ef:c3:7f:a9:ab:84:4b:ff:7c:c6:
df:c7:63:f4:b4:5e:b4:f6:42:da:3f:74:e8:59:fa:12:83:a1:
d5:93:89:c1:11:8b:7f:01:01:c0:01:87:1f:b7:52:07:8c:29:
b7:5f:2b:f5:57:46:a0:5b:67:97:c1:22:3c:72:ea:b7:cb:4b:
45:9e:96:8d:09:f2:98:ce:46:f9:00:60:4d:fc:79:eb:52:96:
cd:36:b5:e8:1b:cf:39:d0:20:08:80:6d:99:e8:a1:b3:45:33:
20:44:59:23:da:a4:ae:ef:30:fa:6c:e2:6e:87:20:0d:e6:c2:
50:4d:1b:d4:2c:29:5f:3d:96:62:17:4d:ef:e4:83:1c:e8:e9:
4f:1d:d1:46:7f:a6:e1:af:6a:9d:c3:6c:8a:54:cb:d3:0d:e5:
34:44:7d:e9
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAZQkRZF9lEp0ZssfyRXehSg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMTIxY2Q2ZTExZGEwOTVmODU2ZDc5ZGVlYzQ2OWQwYzYz
NTg0OTQwHhcNMjUwMTAxMjM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGI3YzE3YWZjZjdjMjhlMWQ1OTJlZjE3ZTNlODQ0N2FlZWEzMzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgd1NCq3QBWW+iBkBCrP44zeOGAe
PlGw7TaKyF3D0ds3eJExRYDen5/DTTpwJ/0sDOzbbTMTv/sKqci2OFEONlNuhfws
hwsQNtI4dwjSRjXgVtsDGBYOcmlF8zUdALp3jjE7QsspGaVhKz8a0VtO5G4BoZ9F
ZkyGEqyzqnm6Pf2vVFqnRPyLGWxGp05HWmCNTQBzeXjs5sCXQVpAJEb+rgcQOJNq
yD9fpNhax7L/KXxGMh6TZN5F2VCrZSV0sOymi9T6VAmm12PCnnfpeKei3HBfSzkk
D6XakdVLondm5cB8cMr7vhPik386jruC8dQoehse+K0LgtIKYk3Aex2hAwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFBi3wXr898KOHVku8X4+hEeu6jNyMB8GA1UdIwQY
MBaAFK8SHNbhHaCV+FbXne7EadDGNYSUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnhJYzF1RWRvSlg0VnRlZDdzUnAwTVkxaEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9mZDYwNjktNDE3OS00NWJlLWI4MmEt
YWYzZjc5NGFlNjA3LzEvR0xmQmV2ejN3bzRkV1M3eGZqNkVSNjdxTTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9mZDYwNjktNDE3OS00NWJlLWI4MmEtYWYzZjc5NGFlNjA3
LzEvcnhJYzF1RWRvSlg0VnRlZDdzUnAwTVkxaEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAVVu4AD
BAVygYADBAK5NJQDBAK5PogDBAK5hAQDBAK5hRQDBAK5jbwDBAK5jywDBAK5khQD
BAK5khwDBAK5lCwDBAK5lIADBAK5lXADBAK5lzAwDAMEALmgQQMEArmgQDAMAwQA
uaaRAwQCuaaQAwQCuahsMA0GCSqGSIb3DQEBCwUAA4IBAQCjhOT62SM7xRT1AQ+z
DZ1L1Mol+waRKBtJ7rn0m9JWCMbeuuuTZeQsdJtX44Y89/ErVnarbEMDNiw7/wq6
Tgk3xFHCx0M1DWCGX3/4TMJma763vpC42ZLiUihHkDVvlORHpO/Df6mrhEv/fMbf
x2P0tF609kLaP3ToWfoSg6HVk4nBEYt/AQHAAYcft1IHjCm3Xyv1V0agW2eXwSI8
cuq3y0tFnpaNCfKYzkb5AGBN/HnrUpbNNrXoG8850CAIgG2Z6KGzRTMgRFkj2qSu
7zD6bOJuhyAN5sJQTRvULClfPZZiF03v5IMc6OlPHdFGf6bhr2qdw2yKVMvTDeU0
RH3p
-----END CERTIFICATE-----
Generated at Sat Apr 12 16:05:38 2025 by rpki-client