Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/hgdnPYifylvEbRhPG5rcZMHgm-E.roa
File: hgdnPYifylvEbRhPG5rcZMHgm-E.roa (raw, json)
Hash identifier: kVaA/BoHtOWfVS1UNUVlSYGZdZvXh/V05GtETEpyoE0=
Subject key identifier: 86:07:67:3D:88:9F:CA:5B:C4:6D:18:4F:1B:9A:DC:64:C1:E0:9B:E1
Certificate issuer: /CN=64b31dcd6bb5308029c4273230514f726b1b86ba
Certificate serial: 019427B601AD367C560AE14AB0F95237104C
Authority key identifier: 64:B3:1D:CD:6B:B5:30:80:29:C4:27:32:30:51:4F:72:6B:1B:86:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZLMdzWu1MIApxCcyMFFPcmsbhro.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/hgdnPYifylvEbRhPG5rcZMHgm-E.roa
Signing time: Thu 02 Jan 2025 15:50:26 +0000
ROA not before: Thu 02 Jan 2025 15:50:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 135391
IP address blocks: 185.232.56.0/24 maxlen: 24
185.232.57.0/24 maxlen: 24
185.232.58.0/24 maxlen: 24
185.232.59.0/24 maxlen: 24
2a0d:5300::/40 maxlen: 40
2a0d:5300:100::/40 maxlen: 40
2a0d:5300:200::/40 maxlen: 40
2a0d:5300:300::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/ZLMdzWu1MIApxCcyMFFPcmsbhro.crl
rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/ZLMdzWu1MIApxCcyMFFPcmsbhro.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZLMdzWu1MIApxCcyMFFPcmsbhro.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:01:ad:36:7c:56:0a:e1:4a:b0:f9:52:37:10:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64b31dcd6bb5308029c4273230514f726b1b86ba
Validity
Not Before: Jan 2 15:50:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8607673d889fca5bc46d184f1b9adc64c1e09be1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:3c:d7:ba:63:4c:11:18:58:1c:41:55:07:7a:
15:a1:3a:02:63:3f:fe:6a:86:0d:eb:bb:6d:1e:e8:
20:c9:f3:ae:d1:74:32:98:55:8a:6c:1d:77:b3:dd:
d6:b9:cf:d9:ee:1f:31:72:85:c9:4c:fe:a6:cf:71:
7a:0b:cf:b5:30:98:05:59:ee:df:bc:2c:e1:9e:26:
0f:3f:61:85:ef:1b:be:0a:70:24:7c:be:26:6e:3b:
7a:0a:fe:81:17:9e:06:a1:9e:66:a6:66:86:36:6e:
c6:5a:c7:ea:b4:a1:8d:0c:22:f7:d5:06:ef:da:ff:
bd:3a:9e:e9:d8:51:3a:5c:5c:4e:c6:14:ca:e0:eb:
f2:20:0f:63:b0:bc:84:d8:e8:e0:c7:b1:e8:5f:33:
19:ca:ee:ed:43:d2:fb:7b:ab:73:d6:71:2c:ef:a1:
8e:72:28:db:ec:73:bb:7f:87:da:b9:7f:4e:13:e4:
81:d7:83:13:f1:ea:b7:e5:d5:2a:e1:30:52:a9:76:
2c:c6:c1:c3:e6:d5:f2:8c:7d:5a:d6:ae:6f:4e:63:
27:2d:86:b1:e8:6b:f3:9b:7f:6d:8f:de:69:99:03:
9f:1e:63:14:30:bd:a2:2a:20:32:cb:0f:81:a2:6e:
8b:b1:40:cb:39:25:9f:ae:86:5f:f3:20:64:07:db:
6a:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:07:67:3D:88:9F:CA:5B:C4:6D:18:4F:1B:9A:DC:64:C1:E0:9B:E1
X509v3 Authority Key Identifier:
keyid:64:B3:1D:CD:6B:B5:30:80:29:C4:27:32:30:51:4F:72:6B:1B:86:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZLMdzWu1MIApxCcyMFFPcmsbhro.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/hgdnPYifylvEbRhPG5rcZMHgm-E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/ZLMdzWu1MIApxCcyMFFPcmsbhro.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.232.56.0/22
IPv6:
2a0d:5300::/38
Signature Algorithm: sha256WithRSAEncryption
d0:63:49:a8:ee:7f:8d:4e:0a:62:54:f2:36:b5:c3:56:3a:33:
d3:fd:02:ab:de:3d:96:2d:33:bd:a5:40:41:17:45:ba:44:37:
da:67:fd:a2:e9:2a:40:d0:0d:df:84:3a:13:19:16:46:e7:6e:
fb:1f:23:fe:fd:30:80:c4:df:93:db:d3:b8:f9:16:a1:42:48:
d1:c4:e0:07:f5:82:23:e1:3d:44:50:47:bd:b3:73:36:57:e9:
da:cb:04:d1:a8:ec:fa:30:ea:0a:8a:55:b3:63:2e:ed:18:25:
3f:15:74:bd:58:e6:e0:c3:af:2d:e5:b6:46:a2:09:d6:2a:f3:
56:9a:0c:04:62:b6:0a:8b:2c:52:53:31:36:75:74:a0:0a:eb:
dc:22:21:72:83:4d:86:b2:5b:92:ad:ca:a7:fa:7a:91:49:ac:
02:63:22:5e:76:97:68:d4:12:4f:9b:19:4c:57:04:46:b1:d8:
de:ce:0e:d7:cd:22:7b:25:a7:c6:05:50:77:84:7b:9b:f9:17:
c8:6c:ce:32:92:5f:db:5a:e9:a5:6d:08:31:90:88:7e:a8:2e:
e4:88:d4:f7:90:87:76:9a:16:f4:b2:5a:48:a0:ce:d5:af:d8:
f1:b5:23:74:9f:aa:0b:93:8c:7f:19:59:52:19:49:00:71:ce:
7f:85:98:db
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQntgGtNnxWCuFKsPlSNxBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YjMxZGNkNmJiNTMwODAyOWM0MjczMjMwNTE0ZjcyNmIx
Yjg2YmEwHhcNMjUwMTAyMTU1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA3NjczZDg4OWZjYTViYzQ2ZDE4NGYxYjlhZGM2NGMxZTA5YmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zzXumNMERhYHEFVB3oVoToCYz/+
aoYN67ttHuggyfOu0XQymFWKbB13s93Wuc/Z7h8xcoXJTP6mz3F6C8+1MJgFWe7f
vCzhniYPP2GF7xu+CnAkfL4mbjt6Cv6BF54GoZ5mpmaGNm7GWsfqtKGNDCL31Qbv
2v+9Op7p2FE6XFxOxhTK4OvyIA9jsLyE2Ojgx7HoXzMZyu7tQ9L7e6tz1nEs76GO
cijb7HO7f4fauX9OE+SB14MT8eq35dUq4TBSqXYsxsHD5tXyjH1a1q5vTmMnLYax
6Gvzm39tj95pmQOfHmMUML2iKiAyyw+Bom6LsUDLOSWfroZf8yBkB9tqlwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFIYHZz2In8pbxG0YTxua3GTB4JvhMB8GA1UdIwQY
MBaAFGSzHc1rtTCAKcQnMjBRT3JrG4a6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkxNZHpXdTFNSUFweENjeU1GRlBjbXNiaHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny85ODBkNmUtOGE5OS00MjYwLTgwNjQt
NDRhYjY4OWUxZDRkLzEvaGdkblBZaWZ5bHZFYlJoUEc1cmNaTUhnbS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny85ODBkNmUtOGE5OS00MjYwLTgwNjQtNDRhYjY4OWUxZDRk
LzEvWkxNZHpXdTFNSUFweENjeU1GRlBjbXNiaHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCueg4MA4E
AgACMAgDBgIqDVMAADANBgkqhkiG9w0BAQsFAAOCAQEA0GNJqO5/jU4KYlTyNrXD
Vjoz0/0Cq949li0zvaVAQRdFukQ32mf9oukqQNAN34Q6ExkWRudu+x8j/v0wgMTf
k9vTuPkWoUJI0cTgB/WCI+E9RFBHvbNzNlfp2ssE0ajs+jDqCopVs2Mu7RglPxV0
vVjm4MOvLeW2RqIJ1irzVpoMBGK2CossUlMxNnV0oArr3CIhcoNNhrJbkq3Kp/p6
kUmsAmMiXnaXaNQST5sZTFcERrHY3s4O180ieyWnxgVQd4R7m/kXyGzOMpJf21rp
pW0IMZCIfqgu5IjU95CHdpoW9LJaSKDO1a/Y8bUjdJ+qC5OMfxlZUhlJAHHOf4WY
2w==
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:56:32 2025 by rpki-client