Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/Xzm_YN2y4YC1KyLS5AdB2sYqI3k.roa
File: Xzm_YN2y4YC1KyLS5AdB2sYqI3k.roa (raw, json)
Hash identifier: bsiN3wruxSEcF6pDUEe2cyri76gLxnZ3en5nBr1s2x8=
Subject key identifier: 5F:39:BF:60:DD:B2:E1:80:B5:2B:22:D2:E4:07:41:DA:C6:2A:23:79
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 019427B420EEE5598BC98C243AB677D43F96
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/Xzm_YN2y4YC1KyLS5AdB2sYqI3k.roa
Signing time: Thu 02 Jan 2025 15:48:23 +0000
ROA not before: Thu 02 Jan 2025 15:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1239
IP address blocks: 86.38.145.0/24 maxlen: 24
86.38.191.0/24 maxlen: 24
89.117.212.0/24 maxlen: 24
89.117.214.0/24 maxlen: 24
89.117.240.0/24 maxlen: 24
89.117.242.0/24 maxlen: 24
89.117.251.0/24 maxlen: 24
217.9.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b4:20:ee:e5:59:8b:c9:8c:24:3a:b6:77:d4:3f:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Jan 2 15:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f39bf60ddb2e180b52b22d2e40741dac62a2379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:a2:b9:32:99:52:18:fe:53:db:be:ea:1c:9d:
ec:e2:e8:cf:33:69:80:96:17:ee:e8:df:54:bb:f7:
2f:78:e2:b7:e8:0f:e6:31:83:c6:ba:62:0c:93:f3:
5a:f0:92:09:50:f6:a5:62:db:3e:c4:34:ef:94:da:
fb:c4:37:aa:48:3b:d3:91:7b:f9:20:dc:00:db:2c:
a3:39:2b:94:23:36:ad:15:16:f4:a0:7b:d0:87:22:
10:be:59:f7:87:fd:85:1f:f5:9b:1d:2e:68:fe:c7:
2e:22:cc:a1:50:c6:47:ac:69:97:cc:e1:7a:40:9f:
eb:52:ca:cb:0d:12:47:0d:aa:9d:2f:f8:72:63:4c:
1e:eb:5f:0d:25:ee:41:69:ef:70:1a:39:2e:28:f0:
dc:38:65:9c:4c:35:3d:44:d3:7c:4d:0c:d4:e1:6f:
7b:b7:ae:ad:2a:47:f1:5e:7f:6d:86:16:df:8d:5c:
1c:00:6c:29:a6:af:26:90:ea:df:e7:e9:ab:51:ad:
5b:14:a1:12:47:0a:ef:68:97:e8:a4:b0:93:bc:e2:
45:09:c5:d0:f6:ea:3c:8a:e2:89:72:82:ac:4f:b3:
20:b4:24:76:8a:39:27:cb:19:43:8f:93:2f:f6:42:
4a:09:2f:f7:df:6f:a7:7a:eb:68:7a:31:f2:65:e4:
77:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:39:BF:60:DD:B2:E1:80:B5:2B:22:D2:E4:07:41:DA:C6:2A:23:79
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/Xzm_YN2y4YC1KyLS5AdB2sYqI3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.145.0/24
86.38.191.0/24
89.117.212.0/24
89.117.214.0/24
89.117.240.0/24
89.117.242.0/24
89.117.251.0/24
217.9.246.0/24
Signature Algorithm: sha256WithRSAEncryption
47:c1:1a:cf:58:9a:fb:4f:f3:08:63:32:87:7e:a5:99:df:6e:
59:ee:3b:07:82:15:45:4e:ba:cd:18:25:06:8f:41:77:73:4d:
f0:ad:21:c2:7b:16:13:f0:1a:e3:b7:e9:bd:0a:e3:d9:1d:57:
de:5e:24:fb:88:d6:26:df:02:6e:fc:75:16:4e:3f:85:95:08:
8a:e3:d7:be:c7:e1:7b:d7:44:1c:4b:62:6e:ac:33:b2:97:06:
06:ca:c2:93:65:37:b3:1f:ac:49:03:25:52:2b:f3:6b:a5:e9:
60:b3:81:7a:b9:7f:a6:8f:57:c7:e6:26:cc:cb:71:1a:bf:3d:
81:b9:9f:62:3a:5f:84:a5:4b:65:64:0c:88:95:b7:41:b7:4d:
9b:fe:2b:7b:c9:8c:73:fe:3a:2b:21:e3:cd:38:e5:29:10:35:
94:a5:f7:22:ec:9f:7c:6f:07:a3:00:8e:9a:b1:da:1b:8b:a1:
4e:f7:41:2c:f9:72:00:93:ab:c3:42:2f:a8:43:a2:c4:7c:98:
14:b5:16:d0:07:36:1e:44:81:e2:32:38:db:a7:5c:ac:ca:95:
9a:32:2a:2a:75:b3:f2:f0:21:de:e0:db:29:37:c1:42:b3:53:
5a:30:96:ff:9a:0a:18:b1:05:1a:da:ea:2f:55:7b:a9:4c:f6:
4f:00:84:69
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQntCDu5VmLyYwkOrZ31D+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMTAyMTU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjM5YmY2MGRkYjJlMTgwYjUyYjIyZDJlNDA3NDFkYWM2MmEyMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqK5MplSGP5T277qHJ3s4ujPM2mA
lhfu6N9Uu/cveOK36A/mMYPGumIMk/Na8JIJUPalYts+xDTvlNr7xDeqSDvTkXv5
INwA2yyjOSuUIzatFRb0oHvQhyIQvln3h/2FH/WbHS5o/scuIsyhUMZHrGmXzOF6
QJ/rUsrLDRJHDaqdL/hyY0we618NJe5Bae9wGjkuKPDcOGWcTDU9RNN8TQzU4W97
t66tKkfxXn9thhbfjVwcAGwppq8mkOrf5+mrUa1bFKESRwrvaJfopLCTvOJFCcXQ
9uo8iuKJcoKsT7MgtCR2ijknyxlDj5Mv9kJKCS/332+neutoejHyZeR3qwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF85v2DdsuGAtSsi0uQHQdrGKiN5MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvWHptX1lOMnk0WUMxS3lMUzVBZEIyc1lxSTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAViaRAwQA
Via/AwQAWXXUAwQAWXXWAwQAWXXwAwQAWXXyAwQAWXX7AwQA2Qn2MA0GCSqGSIb3
DQEBCwUAA4IBAQBHwRrPWJr7T/MIYzKHfqWZ325Z7jsHghVFTrrNGCUGj0F3c03w
rSHCexYT8Brjt+m9CuPZHVfeXiT7iNYm3wJu/HUWTj+FlQiK49e+x+F710QcS2Ju
rDOylwYGysKTZTezH6xJAyVSK/Nrpelgs4F6uX+mj1fH5ibMy3Eavz2BuZ9iOl+E
pUtlZAyIlbdBt02b/it7yYxz/jorIePNOOUpEDWUpfci7J98bwejAI6asdobi6FO
90Es+XIAk6vDQi+oQ6LEfJgUtRbQBzYeRIHiMjjbp1ysypWaMioqdbPy8CHe4Nsp
N8FCs1NaMJb/mgoYsQUa2uovVXupTPZPAIRp
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:03:06 2025 by rpki-client