Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/4Aub9tuAtawARwdUiRpETmWZK3Q.roa
File: 4Aub9tuAtawARwdUiRpETmWZK3Q.roa (raw, json)
Hash identifier: rR7Viq3jJ/xFUzk70maRtR8P0SCSBjY2uApRyB5OV6Y=
Subject key identifier: E0:0B:9B:F6:DB:80:B5:AC:00:47:07:54:89:1A:44:4E:65:99:2B:74
Certificate issuer: /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial: 0194221F4ABA135E28DBAD16E806F16CBC34
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/4Aub9tuAtawARwdUiRpETmWZK3Q.roa
Signing time: Wed 01 Jan 2025 13:47:43 +0000
ROA not before: Wed 01 Jan 2025 13:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39855
IP address blocks: 45.13.108.0/22 maxlen: 24
45.91.117.0/24 maxlen: 24
45.133.140.0/24 maxlen: 24
45.133.142.0/24 maxlen: 24
91.212.20.0/24 maxlen: 24
91.212.27.0/24 maxlen: 24
193.39.246.0/24 maxlen: 24
195.80.230.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:4a:ba:13:5e:28:db:ad:16:e8:06:f1:6c:bc:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Validity
Not Before: Jan 1 13:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e00b9bf6db80b5ac00470754891a444e65992b74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:d0:63:86:6b:90:eb:ff:bc:cf:be:eb:8c:56:
fd:0e:a3:ec:02:a5:97:6f:fb:f2:a0:9a:2a:9f:1d:
14:b0:41:18:ba:de:2f:16:7d:58:b7:9e:8c:ce:ee:
47:a2:51:ff:b1:a0:e1:53:5e:7b:ef:51:a3:3a:fd:
fd:dd:db:37:49:9d:8f:17:fe:ea:3f:36:08:bc:b2:
80:dd:f8:4b:25:cb:4c:c1:11:3b:73:09:ef:fa:26:
30:12:40:ea:40:00:28:31:fa:30:8a:cc:a7:b8:07:
23:bf:01:b3:2e:82:44:11:0c:8b:30:6d:92:05:68:
1b:06:a7:df:7d:b4:a8:98:89:b5:77:cd:aa:40:56:
bb:fd:0e:04:8e:c9:0b:b6:a8:d3:d4:23:3f:62:d5:
43:9f:31:9f:bf:05:9f:10:da:fc:b8:79:9a:eb:5e:
f2:7e:4b:6c:e5:e9:f6:3b:f0:37:77:ba:e5:c6:45:
a7:8c:7f:10:53:cb:9e:96:8f:5a:5c:5a:ca:dc:a9:
1d:cf:fc:77:88:ef:8c:8a:38:82:e3:f9:a1:2e:ae:
88:cf:71:ee:fd:a5:16:ff:c9:55:e0:c2:66:a4:20:
c0:99:8d:8f:5c:44:29:62:28:c0:8c:a7:e9:0b:2c:
1a:48:46:fa:bb:36:d2:76:8a:8e:fc:6c:d7:38:a1:
9b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:0B:9B:F6:DB:80:B5:AC:00:47:07:54:89:1A:44:4E:65:99:2B:74
X509v3 Authority Key Identifier:
keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/4Aub9tuAtawARwdUiRpETmWZK3Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.13.108.0/22
45.91.117.0/24
45.133.140.0/24
45.133.142.0/24
91.212.20.0/24
91.212.27.0/24
193.39.246.0/24
195.80.230.0/23
Signature Algorithm: sha256WithRSAEncryption
20:4e:9c:0b:d1:5e:b7:b5:03:de:3b:43:9f:fb:49:d0:88:20:
ad:17:b2:83:4f:62:04:7d:f0:83:58:c6:f6:62:0b:da:25:05:
a9:bc:8d:7d:20:85:67:0a:c9:37:45:8c:ae:a5:8a:ac:a7:f9:
fb:96:bb:11:be:76:37:c7:46:14:1e:fe:d6:8f:2c:36:a7:88:
4c:3e:49:4b:22:4b:53:98:48:e4:9c:35:44:a4:5f:53:19:37:
19:54:eb:68:dd:4c:27:bd:b9:b5:b8:b6:42:88:67:e7:d9:74:
78:97:c8:09:ab:84:c4:5d:e6:b8:00:fe:d3:b7:eb:17:01:2c:
b8:2f:cc:21:37:f7:7c:52:96:be:0f:f8:b0:35:a4:c6:4b:be:
6c:92:0a:cb:5e:e3:d3:ac:e9:33:09:db:8b:e0:65:b3:87:37:
d6:6f:a6:d2:b5:98:cc:bf:91:46:9d:7f:27:e6:fa:eb:c4:d3:
5d:e3:02:a9:c2:e5:07:4b:bc:25:b5:fd:42:ec:91:46:25:ad:
df:cb:89:58:6f:2a:cd:2f:80:29:7f:76:a5:39:94:69:16:9f:
62:e3:98:2f:fa:8d:4c:ed:70:b6:b2:c6:b9:8a:f6:7c:66:70:
f7:1b:03:55:2f:77:c5:63:f1:18:41:ad:f6:a0:8b:19:a1:3d:
b4:22:49:af
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQiH0q6E14o260W6AbxbLw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBiOWJmNmRiODBiNWFjMDA0NzA3NTQ4OTFhNDQ0ZTY1OTkyYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9BjhmuQ6/+8z77rjFb9DqPsAqWX
b/vyoJoqnx0UsEEYut4vFn1Yt56Mzu5HolH/saDhU15771GjOv393ds3SZ2PF/7q
PzYIvLKA3fhLJctMwRE7cwnv+iYwEkDqQAAoMfowisynuAcjvwGzLoJEEQyLMG2S
BWgbBqfffbSomIm1d82qQFa7/Q4EjskLtqjT1CM/YtVDnzGfvwWfENr8uHma617y
fkts5en2O/A3d7rlxkWnjH8QU8uelo9aXFrK3Kkdz/x3iO+MijiC4/mhLq6Iz3Hu
/aUW/8lV4MJmpCDAmY2PXEQpYijAjKfpCywaSEb6uzbSdoqO/GzXOKGbjQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOALm/bbgLWsAEcHVIkaRE5lmSt0MB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvNEF1Yjl0dUF0YXdBUndkVWlScEVUbVdaSzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLQ1sAwQA
LVt1AwQALYWMAwQALYWOAwQAW9QUAwQAW9QbAwQAwSf2AwQBw1DmMA0GCSqGSIb3
DQEBCwUAA4IBAQAgTpwL0V63tQPeO0Of+0nQiCCtF7KDT2IEffCDWMb2YgvaJQWp
vI19IIVnCsk3RYyupYqsp/n7lrsRvnY3x0YUHv7Wjyw2p4hMPklLIktTmEjknDVE
pF9TGTcZVOto3Uwnvbm1uLZCiGfn2XR4l8gJq4TEXea4AP7Tt+sXASy4L8whN/d8
Upa+D/iwNaTGS75skgrLXuPTrOkzCduL4GWzhzfWb6bStZjMv5FGnX8n5vrrxNNd
4wKpwuUHS7wltf1C7JFGJa3fy4lYbyrNL4Apf3alOZRpFp9i45gv+o1M7XC2ssa5
ivZ8ZnD3GwNVL3fFY/EYQa32oIsZoT20Ikmv
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:56:31 2025 by rpki-client