Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Mt8hC-xjYQlC-N6qBidIsHShzXo.roa
File: Mt8hC-xjYQlC-N6qBidIsHShzXo.roa (raw, json)
Hash identifier: sWSpbylQcehNgOmPoTPaNcGeqPpTTf4vD2YerrVnAec=
Subject key identifier: 32:DF:21:0B:EC:63:61:09:42:F8:DE:AA:06:27:48:B0:74:A1:CD:7A
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 0194228D95C38C922C019F511A7AA199BED6
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Mt8hC-xjYQlC-N6qBidIsHShzXo.roa
Signing time: Wed 01 Jan 2025 15:48:11 +0000
ROA not before: Wed 01 Jan 2025 15:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6453
IP address blocks: 84.51.0.0/18 maxlen: 24
85.153.128.0/17 maxlen: 24
91.93.0.0/16 maxlen: 24
176.88.0.0/16 maxlen: 24
176.232.0.0/14 maxlen: 24
176.236.0.0/16 maxlen: 24
195.33.192.0/18 maxlen: 24
212.252.0.0/15 maxlen: 24
213.14.0.0/16 maxlen: 24
213.14.207.0/24 maxlen: 24
213.74.0.0/16 maxlen: 24
213.254.128.0/19 maxlen: 24
217.131.0.0/16 maxlen: 24
2a01:188::/32 maxlen: 48
2a01:730::/32 maxlen: 48
2a03:3c0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 02:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:95:c3:8c:92:2c:01:9f:51:1a:7a:a1:99:be:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 1 15:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=32df210bec63610942f8deaa062748b074a1cd7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:61:af:85:80:bc:0d:82:f4:c9:a6:7c:b1:98:
1b:38:53:cb:d2:37:32:86:22:1c:b4:db:f0:2a:45:
79:f2:9b:f2:bd:28:d6:0e:26:aa:a8:73:0c:c7:6f:
00:23:e8:55:b0:e9:3a:35:02:bf:c8:51:45:0e:84:
5d:5c:bf:5f:58:34:79:12:92:98:26:90:75:29:e8:
88:71:6a:3c:68:bb:b3:cb:f8:32:3f:94:a0:4f:69:
e5:2f:7f:38:81:ea:42:e0:b4:77:59:20:44:ba:7a:
42:27:e9:2a:de:b1:bd:18:a7:a7:b1:99:09:81:07:
12:84:c5:41:47:09:5f:92:3b:1e:83:a9:4c:4a:e0:
c7:20:6b:99:0f:ce:1d:bf:a4:10:9e:c5:73:51:a2:
44:31:72:73:a5:f6:45:c8:2b:67:d7:2b:9d:4c:b8:
ad:a5:d5:a7:c7:94:04:ae:40:51:1c:5e:63:b6:bf:
16:28:02:91:92:1e:19:17:2e:8a:34:eb:f8:ba:35:
05:a2:53:ff:d7:32:ba:45:cf:68:3e:94:d9:f0:2e:
f8:f8:cc:7c:29:f1:e3:33:ea:d5:a8:8c:0f:6d:8a:
b5:48:9c:3a:89:d3:35:df:7d:2a:ce:92:25:98:ff:
e4:a4:61:a8:79:78:2e:12:31:1e:44:d5:2b:a4:98:
16:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:DF:21:0B:EC:63:61:09:42:F8:DE:AA:06:27:48:B0:74:A1:CD:7A
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Mt8hC-xjYQlC-N6qBidIsHShzXo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.51.0.0/18
85.153.128.0/17
91.93.0.0/16
176.88.0.0/16
176.232.0.0-176.236.255.255
195.33.192.0/18
212.252.0.0/15
213.14.0.0/16
213.74.0.0/16
213.254.128.0/19
217.131.0.0/16
IPv6:
2a01:188::/32
2a01:730::/32
2a03:3c0::/32
Signature Algorithm: sha256WithRSAEncryption
5e:37:04:89:78:e6:3f:03:48:26:da:db:d4:7c:b7:b1:49:bb:
7c:7a:c2:1c:aa:5b:38:6a:9e:5c:d1:e0:9d:4b:65:7e:b0:64:
8d:60:0e:70:47:c1:ea:02:a0:93:4b:8b:41:0d:13:5c:ca:51:
4f:34:fc:e8:91:cc:7d:e3:a6:7c:df:0a:cc:48:3c:a8:54:5b:
50:95:ac:01:17:c4:c9:09:1e:18:c0:d4:64:ec:11:ca:ff:34:
f7:5e:fe:60:a3:32:4a:24:bb:35:9c:06:37:9e:16:85:de:d9:
18:65:80:ef:ad:45:da:9d:01:9b:95:ba:ed:7d:4b:d5:e4:ea:
3c:3b:fa:5d:9c:e2:66:db:81:38:c9:c9:92:10:e8:d3:dc:51:
27:76:59:67:ea:13:62:fc:2e:11:5d:3c:02:34:90:41:05:01:
ca:3a:9a:08:fe:cc:1c:31:a6:1d:df:7a:eb:3a:aa:89:a9:af:
b6:0d:b1:d0:c1:5d:44:ea:fd:a7:a2:6e:cb:04:10:39:d2:a3:
bc:c5:0e:2a:d8:ea:a6:68:4e:64:26:0c:d9:ec:b3:64:b3:57:
ff:f7:83:64:79:d5:e8:dc:b5:70:17:9d:95:e6:ab:fb:08:5d:
98:91:99:99:60:33:a2:9a:52:51:de:0b:ee:1d:ba:03:bb:3f:
5e:16:0e:75
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZQijZXDjJIsAZ9RGnqhmb7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmRmMjEwYmVjNjM2MTA5NDJmOGRlYWEwNjI3NDhiMDc0YTFjZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWGvhYC8DYL0yaZ8sZgbOFPL0jcy
hiIctNvwKkV58pvyvSjWDiaqqHMMx28AI+hVsOk6NQK/yFFFDoRdXL9fWDR5EpKY
JpB1KeiIcWo8aLuzy/gyP5SgT2nlL384gepC4LR3WSBEunpCJ+kq3rG9GKensZkJ
gQcShMVBRwlfkjseg6lMSuDHIGuZD84dv6QQnsVzUaJEMXJzpfZFyCtn1yudTLit
pdWnx5QErkBRHF5jtr8WKAKRkh4ZFy6KNOv4ujUFolP/1zK6Rc9oPpTZ8C74+Mx8
KfHjM+rVqIwPbYq1SJw6idM1330qzpIlmP/kpGGoeXguEjEeRNUrpJgW1QIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFDLfIQvsY2EJQvjeqgYnSLB0oc16MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTXQ4aEMteGpZUWxDLU42cUJpZElzSFNoelhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBIBAIAATBCAwQGVDMAAwQH
VZmAAwMAW10DAwCwWDAKAwMDsOgDAwCw7AMEBsMhwAMDAdT8AwMA1Q4DAwDVSgME
BdX+gAMDANmDMBsEAgACMBUDBQAqAQGIAwUAKgEHMAMFACoDA8AwDQYJKoZIhvcN
AQELBQADggEBAF43BIl45j8DSCba29R8t7FJu3x6whyqWzhqnlzR4J1LZX6wZI1g
DnBHweoCoJNLi0ENE1zKUU80/OiRzH3jpnzfCsxIPKhUW1CVrAEXxMkJHhjA1GTs
Ecr/NPde/mCjMkokuzWcBjeeFoXe2RhlgO+tRdqdAZuVuu19S9Xk6jw7+l2c4mbb
gTjJyZIQ6NPcUSd2WWfqE2L8LhFdPAI0kEEFAco6mgj+zBwxph3feus6qompr7YN
sdDBXUTq/aeibssEEDnSo7zFDirY6qZoTmQmDNnss2SzV//3g2R51ejctXAXnZXm
q/sIXZiRmZlgM6KaUlHeC+4dugO7P14WDnU=
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:08:01 2025 by rpki-client