Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/oCb6cpOKxQ3hs0Wd_KXRQQOGUOY.roa
File: oCb6cpOKxQ3hs0Wd_KXRQQOGUOY.roa (raw, json)
Hash identifier: nIAMXpEpkh1hhboO/mB9TQEizUmas4RdDtRm1RU1TV8=
Subject key identifier: A0:26:FA:72:93:8A:C5:0D:E1:B3:45:9D:FC:A5:D1:41:03:86:50:E6
Certificate issuer: /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial: 0194B915E1E6A84F593D8B4F1402F71481B1
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/oCb6cpOKxQ3hs0Wd_KXRQQOGUOY.roa
Signing time: Thu 30 Jan 2025 21:20:06 +0000
ROA not before: Thu 30 Jan 2025 21:20:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29075
IP address blocks: 45.10.224.0/23 maxlen: 23
45.10.226.0/24 maxlen: 24
45.94.124.0/22 maxlen: 22
45.94.128.0/22 maxlen: 22
45.94.128.0/23 maxlen: 23
45.94.130.0/23 maxlen: 23
85.118.32.0/19 maxlen: 19
91.109.176.0/20 maxlen: 20
128.204.224.0/20 maxlen: 20
141.255.144.0/20 maxlen: 20
178.20.48.0/21 maxlen: 21
185.10.252.0/22 maxlen: 24
185.10.252.0/24 maxlen: 24
185.10.254.0/24 maxlen: 24
185.10.255.0/24 maxlen: 24
185.118.0.0/22 maxlen: 22
185.123.24.0/22 maxlen: 22
185.177.180.0/22 maxlen: 22
188.121.224.0/19 maxlen: 19
212.85.144.0/20 maxlen: 20
2a00:1b88::/32 maxlen: 32
2a02:2178::/29 maxlen: 29
2a02:2178::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 03:01:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b9:15:e1:e6:a8:4f:59:3d:8b:4f:14:02:f7:14:81:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Validity
Not Before: Jan 30 21:20:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a026fa72938ac50de1b3459dfca5d141038650e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:99:b1:92:51:9a:89:7e:b6:ff:35:b0:40:bb:
90:33:62:c4:c9:26:63:08:ba:88:c1:84:61:8d:39:
47:94:98:8f:e5:3d:7a:d9:62:e0:d4:6f:ae:02:53:
cf:ae:be:0c:a9:ef:ae:49:97:d5:fc:01:f9:31:87:
32:6f:96:10:9a:f8:11:56:13:da:d1:7b:44:9a:aa:
d7:90:5a:b9:29:bc:fc:02:68:61:8f:32:26:4f:17:
04:1a:e7:9e:87:21:2d:74:ef:b7:82:36:0d:25:6b:
b4:07:84:ab:9f:bb:c0:3f:27:67:3c:45:a7:15:e2:
94:22:48:54:5c:fa:7b:7d:98:35:5e:33:d4:70:63:
85:a6:f7:4a:f2:40:02:70:2b:83:79:a5:6e:ef:3e:
cf:45:e4:34:99:9f:ab:47:79:74:6c:d3:8d:3b:51:
b3:25:31:e2:63:ba:e1:93:92:81:2d:5e:66:1b:20:
56:ac:dc:9f:95:56:e5:b0:9a:b9:39:23:1a:49:d9:
3d:c2:c1:71:70:e2:94:5c:d9:3c:bd:1e:d6:e5:1f:
0c:b3:0b:9c:d8:33:50:62:7a:72:36:e1:a5:e0:81:
e8:1b:da:3c:05:a2:a2:e6:61:dd:cf:93:4e:2d:84:
d8:7e:07:dd:c0:e6:54:90:65:02:76:35:a6:16:92:
55:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:26:FA:72:93:8A:C5:0D:E1:B3:45:9D:FC:A5:D1:41:03:86:50:E6
X509v3 Authority Key Identifier:
keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/oCb6cpOKxQ3hs0Wd_KXRQQOGUOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.224.0-45.10.226.255
45.94.124.0-45.94.131.255
85.118.32.0/19
91.109.176.0/20
128.204.224.0/20
141.255.144.0/20
178.20.48.0/21
185.10.252.0/22
185.118.0.0/22
185.123.24.0/22
185.177.180.0/22
188.121.224.0/19
212.85.144.0/20
IPv6:
2a00:1b88::/32
2a02:2178::/29
Signature Algorithm: sha256WithRSAEncryption
27:fc:db:b9:2a:82:18:df:17:9e:f0:1e:af:d6:56:ca:61:e7:
42:73:ec:d2:d3:fc:1e:8c:9f:28:95:f5:10:c2:b0:59:f0:f0:
84:28:7f:15:01:ac:4c:92:cd:35:17:24:17:c2:b5:bd:0c:11:
8e:49:94:4f:27:27:60:4b:29:5b:10:6a:68:3a:26:b5:af:1f:
fe:95:ab:a8:db:64:c0:2c:a6:5f:aa:f4:13:03:8d:d3:bf:7b:
34:0e:8a:45:7f:c9:7e:de:a1:2c:6b:b6:dc:d3:48:ee:bd:0a:
d7:b2:1d:b2:ec:4f:7d:d3:d1:65:2f:70:ad:c4:05:13:f6:07:
c2:ee:2e:8b:5f:93:09:6b:14:67:cb:77:0d:8f:e0:32:96:a8:
01:c0:78:77:93:b4:cb:cc:e6:46:b1:e6:b7:d1:74:a4:ba:26:
80:37:67:bc:dc:8a:67:83:fb:5c:fe:32:0a:a2:13:7d:52:a4:
c2:51:e1:50:63:4b:ef:e6:59:92:b1:59:e9:a0:f6:c5:0d:61:
b5:6c:64:89:57:1d:0c:bb:63:e8:fd:e8:3d:8b:fb:42:20:11:
1f:e1:db:e6:0b:52:10:9e:ac:d7:07:1a:bf:e6:2d:a1:9c:19:
ca:14:24:c2:49:a2:37:cb:84:ab:a1:eb:96:44:78:90:fa:eb:
d8:78:74:41
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZS5FeHmqE9ZPYtPFAL3FIGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjUwMTMwMjEyMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDI2ZmE3MjkzOGFjNTBkZTFiMzQ1OWRmY2E1ZDE0MTAzODY1MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpmxklGaiX62/zWwQLuQM2LEySZj
CLqIwYRhjTlHlJiP5T162WLg1G+uAlPPrr4Mqe+uSZfV/AH5MYcyb5YQmvgRVhPa
0XtEmqrXkFq5Kbz8AmhhjzImTxcEGueehyEtdO+3gjYNJWu0B4Srn7vAPydnPEWn
FeKUIkhUXPp7fZg1XjPUcGOFpvdK8kACcCuDeaVu7z7PReQ0mZ+rR3l0bNONO1Gz
JTHiY7rhk5KBLV5mGyBWrNyflVblsJq5OSMaSdk9wsFxcOKUXNk8vR7W5R8Mswuc
2DNQYnpyNuGl4IHoG9o8BaKi5mHdz5NOLYTYfgfdwOZUkGUCdjWmFpJV4wIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFKAm+nKTisUN4bNFnfyl0UEDhlDmMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvb0NiNmNwT0t4UTNoczBXZF9LWFJRUU9HVU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwZAQCAAEwXjAMAwQFLQrg
AwQALQriMAwDBAItXnwDBAItXoADBAVVdiADBARbbbADBASAzOADBASN/5ADBAOy
FDADBAK5CvwDBAK5dgADBAK5exgDBAK5sbQDBAW8eeADBATUVZAwFAQCAAIwDgMF
ACoAG4gDBQMqAiF4MA0GCSqGSIb3DQEBCwUAA4IBAQAn/Nu5KoIY3xee8B6v1lbK
YedCc+zS0/wejJ8olfUQwrBZ8PCEKH8VAaxMks01FyQXwrW9DBGOSZRPJydgSylb
EGpoOia1rx/+lauo22TALKZfqvQTA43Tv3s0DopFf8l+3qEsa7bc00juvQrXsh2y
7E9909FlL3CtxAUT9gfC7i6LX5MJaxRny3cNj+AylqgBwHh3k7TLzOZGsea30XSk
uiaAN2e83Ipng/tc/jIKohN9UqTCUeFQY0vv5lmSsVnpoPbFDWG1bGSJVx0Mu2Po
/eg9i/tCIBEf4dvmC1IQnqzXBxq/5i2hnBnKFCTCSaI3y4SroeuWRHiQ+uvYeHRB
-----END CERTIFICATE-----
Generated at Sat Apr 12 13:01:53 2025 by rpki-client