Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/3ojh0vwmWGR8R130UvEk1Ukeno0.roa
File: 3ojh0vwmWGR8R130UvEk1Ukeno0.roa (raw, json)
Hash identifier: /WfyicFmwcjSGtw05lqyqsVoIK9F8QUQc2+NhhBmMwI=
Subject key identifier: DE:88:E1:D2:FC:26:58:64:7C:47:5D:F4:52:F1:24:D5:49:1E:9E:8D
Certificate issuer: /CN=d48551e26169b3b3e124f6964e2702e95768253e
Certificate serial: 01942522235EDF0E0AFB37FED6DD9E523D93
Authority key identifier: D4:85:51:E2:61:69:B3:B3:E1:24:F6:96:4E:27:02:E9:57:68:25:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1IVR4mFps7PhJPaWTicC6VdoJT4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/3ojh0vwmWGR8R130UvEk1Ukeno0.roa
Signing time: Thu 02 Jan 2025 03:49:41 +0000
ROA not before: Thu 02 Jan 2025 03:49:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9031
IP address blocks: 77.109.64.0/18 maxlen: 24
79.132.224.0/19 maxlen: 24
85.234.192.0/19 maxlen: 24
109.236.128.0/20 maxlen: 24
185.95.72.0/22 maxlen: 24
212.71.0.0/19 maxlen: 24
212.233.32.0/19 maxlen: 24
213.211.128.0/18 maxlen: 24
213.219.128.0/18 maxlen: 24
2a02:578::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/1IVR4mFps7PhJPaWTicC6VdoJT4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/1IVR4mFps7PhJPaWTicC6VdoJT4.mft
rsync://rpki.ripe.net/repository/DEFAULT/1IVR4mFps7PhJPaWTicC6VdoJT4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 21:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:22:23:5e:df:0e:0a:fb:37:fe:d6:dd:9e:52:3d:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48551e26169b3b3e124f6964e2702e95768253e
Validity
Not Before: Jan 2 03:49:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de88e1d2fc2658647c475df452f124d5491e9e8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:40:64:d7:23:27:2b:b5:77:f0:a4:1d:91:7e:
d4:2f:ad:68:af:ee:46:e3:c3:be:eb:02:c2:b9:f3:
51:8e:51:9b:92:ec:49:17:66:62:3f:2f:d0:30:67:
55:f6:a4:bd:1e:d5:37:0e:e0:ae:37:18:45:60:18:
b3:d9:83:5e:bc:22:22:c0:09:27:90:ad:e8:d1:c6:
5b:21:f3:37:c1:5f:89:84:d4:fe:bf:7e:4a:e0:1a:
b2:c1:c9:7f:f2:0d:de:22:5d:2a:ca:2a:5d:bb:bc:
63:b2:42:ca:15:98:84:e8:9a:a8:f4:54:28:80:c6:
85:bf:79:2a:b0:98:99:56:1b:4f:f0:cc:f1:50:66:
5f:1f:90:a3:3e:cb:f6:ac:8c:b9:3a:96:fe:9c:ec:
fc:b7:bc:60:52:ca:48:85:7c:31:87:40:2c:d7:0c:
69:d0:3e:8d:d9:58:d5:5d:7d:86:47:49:a2:d9:9f:
68:38:ef:16:fb:cb:ea:76:df:46:05:49:eb:b9:e5:
be:96:d6:84:d9:16:05:96:fe:7c:2c:2d:a4:b3:d3:
1f:7c:44:6b:cc:b3:e1:4e:79:7c:e2:51:92:c4:e6:
28:1e:35:4c:06:d8:79:3e:90:01:cd:8f:b9:06:51:
29:6e:74:40:e1:c7:a3:95:70:92:01:09:2f:05:bb:
7e:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:88:E1:D2:FC:26:58:64:7C:47:5D:F4:52:F1:24:D5:49:1E:9E:8D
X509v3 Authority Key Identifier:
keyid:D4:85:51:E2:61:69:B3:B3:E1:24:F6:96:4E:27:02:E9:57:68:25:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IVR4mFps7PhJPaWTicC6VdoJT4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/3ojh0vwmWGR8R130UvEk1Ukeno0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/1IVR4mFps7PhJPaWTicC6VdoJT4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.109.64.0/18
79.132.224.0/19
85.234.192.0/19
109.236.128.0/20
185.95.72.0/22
212.71.0.0/19
212.233.32.0/19
213.211.128.0/18
213.219.128.0/18
IPv6:
2a02:578::/32
Signature Algorithm: sha256WithRSAEncryption
69:35:2b:66:ee:d9:c3:c0:ab:13:41:b2:36:27:44:92:66:fd:
ad:ad:06:b9:5a:ca:e1:9a:4a:c9:8d:82:b2:b1:fa:07:c1:4a:
a6:98:5f:40:be:2a:19:2d:fc:0c:99:e2:84:70:47:45:46:56:
19:0d:04:84:38:cd:04:cb:f2:d1:1f:aa:7e:a1:b9:cb:0f:6e:
ba:3e:be:69:79:41:16:cf:e7:45:04:c7:9c:11:ba:ab:fd:62:
2b:22:fa:dc:55:7f:f2:4c:2a:77:13:78:d9:45:e3:46:f8:dc:
f7:3a:c1:ba:28:ae:6e:f3:ab:ee:e3:48:f2:26:e1:ed:0b:23:
b1:3b:83:14:83:5f:d0:d3:82:0a:aa:49:28:1b:dd:34:19:81:
80:cb:af:58:66:d6:49:d6:41:4f:96:24:da:87:67:e8:2d:47:
28:1e:c7:7e:20:cb:52:b6:2f:77:59:d5:0c:52:86:fc:f0:6e:
65:50:70:d2:01:de:6b:27:49:7b:7c:7e:48:f6:43:7a:c3:c1:
ba:c7:51:e0:c9:7c:96:ce:d6:71:66:38:65:8c:bf:fc:14:12:
ab:0c:e8:52:e3:63:ec:bc:86:29:eb:52:5d:e6:96:24:85:b8:
6e:b4:2e:8f:ae:85:a5:97:e6:95:d0:c5:a5:5c:46:6c:43:32:
85:e2:3c:62
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQlIiNe3w4K+zf+1t2eUj2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODU1MWUyNjE2OWIzYjNlMTI0ZjY5NjRlMjcwMmU5NTc2
ODI1M2UwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg4ZTFkMmZjMjY1ODY0N2M0NzVkZjQ1MmYxMjRkNTQ5MWU5ZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00Bk1yMnK7V38KQdkX7UL61or+5G
48O+6wLCufNRjlGbkuxJF2ZiPy/QMGdV9qS9HtU3DuCuNxhFYBiz2YNevCIiwAkn
kK3o0cZbIfM3wV+JhNT+v35K4Bqywcl/8g3eIl0qyipdu7xjskLKFZiE6Jqo9FQo
gMaFv3kqsJiZVhtP8MzxUGZfH5CjPsv2rIy5Opb+nOz8t7xgUspIhXwxh0As1wxp
0D6N2VjVXX2GR0mi2Z9oOO8W+8vqdt9GBUnrueW+ltaE2RYFlv58LC2ks9MffERr
zLPhTnl84lGSxOYoHjVMBth5PpABzY+5BlEpbnRA4cejlXCSAQkvBbt+ewIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFN6I4dL8JlhkfEdd9FLxJNVJHp6NMB8GA1UdIwQY
MBaAFNSFUeJhabOz4ST2lk4nAulXaCU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlWUjRtRnBzN1BoSlBhV1RpY0M2VmRvSlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lYWQyNzctODRjOS00YjhlLTg3OWUt
NWY3MzI2NzEwMmE2LzEvM29qaDB2d21XR1I4UjEzMFV2RWsxVWtlbm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lYWQyNzctODRjOS00YjhlLTg3OWUtNWY3MzI2NzEwMmE2
LzEvMUlWUjRtRnBzN1BoSlBhV1RpY0M2VmRvSlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQGTW1AAwQF
T4TgAwQFVerAAwQEbeyAAwQCuV9IAwQF1EcAAwQF1OkgAwQG1dOAAwQG1duAMA0E
AgACMAcDBQAqAgV4MA0GCSqGSIb3DQEBCwUAA4IBAQBpNStm7tnDwKsTQbI2J0SS
Zv2trQa5WsrhmkrJjYKysfoHwUqmmF9AvioZLfwMmeKEcEdFRlYZDQSEOM0Ey/LR
H6p+obnLD266Pr5peUEWz+dFBMecEbqr/WIrIvrcVX/yTCp3E3jZReNG+Nz3OsG6
KK5u86vu40jyJuHtCyOxO4MUg1/Q04IKqkkoG900GYGAy69YZtZJ1kFPliTah2fo
LUcoHsd+IMtSti93WdUMUob88G5lUHDSAd5rJ0l7fH5I9kN6w8G6x1HgyXyWztZx
ZjhljL/8FBKrDOhS42PsvIYp61Jd5pYkhbhutC6ProWll+aV0MWlXEZsQzKF4jxi
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:42:36 2025 by rpki-client