Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hEPXQgU_4RM48GU6YHvdaeu2Uew.roa
File: hEPXQgU_4RM48GU6YHvdaeu2Uew.roa (raw, json)
Hash identifier: Y8wvnBW02yBGPfnw7ReZF8CB9IAoGOhz+Y/sJITIMzc=
Subject key identifier: 84:43:D7:42:05:3F:E1:13:38:F0:65:3A:60:7B:DD:69:EB:B6:51:EC
Certificate issuer: /CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Certificate serial: 019421446934A96E630123552A81011F3A08
Authority key identifier: 85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hEPXQgU_4RM48GU6YHvdaeu2Uew.roa
Signing time: Wed 01 Jan 2025 09:48:38 +0000
ROA not before: Wed 01 Jan 2025 09:48:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204119
IP address blocks: 84.38.64.0/21 maxlen: 21
84.38.64.0/22 maxlen: 22
84.38.78.0/23 maxlen: 24
2a00:5080::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.mft
rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:69:34:a9:6e:63:01:23:55:2a:81:01:1f:3a:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Validity
Not Before: Jan 1 09:48:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8443d742053fe11338f0653a607bdd69ebb651ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:73:98:06:a2:ca:8c:18:2a:54:31:22:05:ab:
d3:eb:4a:17:5d:ac:8b:3f:ab:43:9d:40:26:c6:1a:
f1:49:66:65:de:7c:46:34:8b:57:94:e4:4e:0f:1d:
33:ca:ac:d9:8a:4b:c9:9c:b1:1a:30:03:f7:c5:01:
2a:05:28:2b:c1:cf:d7:5e:f6:ec:94:a8:89:6a:b8:
38:be:c9:23:49:c7:2e:b3:a4:e9:f7:fc:49:6b:ed:
59:6a:ad:f2:6a:66:c4:05:14:64:0d:8f:a8:08:c0:
88:84:e9:a4:17:47:75:39:ab:0f:7e:63:53:08:ea:
24:ab:ba:9c:25:72:f0:8e:d7:21:a8:cd:00:01:d3:
80:f0:c2:c9:38:72:1c:e9:f5:f9:25:ee:b1:a7:8c:
f9:87:a0:07:06:f0:8e:3c:20:1d:22:5e:35:dd:a6:
29:f8:28:9d:26:1f:c0:fa:7b:6f:63:23:6a:8d:17:
da:4e:88:a3:cf:67:9a:0b:6d:6e:1d:64:bc:0e:fb:
2c:01:19:27:8d:c6:ce:a6:af:54:0c:6f:26:94:e6:
80:85:1f:0e:c2:78:70:92:2f:bf:ef:e0:76:61:da:
51:b4:f9:7b:33:7a:4a:fa:02:2f:2c:3c:39:02:0d:
e8:b2:19:76:21:77:1c:4d:5d:dc:b9:ac:2e:7c:2a:
3b:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:43:D7:42:05:3F:E1:13:38:F0:65:3A:60:7B:DD:69:EB:B6:51:EC
X509v3 Authority Key Identifier:
keyid:85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hEPXQgU_4RM48GU6YHvdaeu2Uew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.64.0/21
84.38.78.0/23
IPv6:
2a00:5080::/32
Signature Algorithm: sha256WithRSAEncryption
15:4c:a6:ad:56:ab:97:18:2d:13:08:ff:d7:a8:28:5d:1b:30:
39:9c:5c:fe:b8:10:e0:a8:e3:29:63:34:e4:d7:b9:03:1d:00:
6f:eb:bd:bb:de:52:e6:a9:06:15:ac:08:90:35:c8:81:f2:0e:
22:91:d2:04:3c:3e:71:48:28:42:a6:fc:06:c8:18:f1:33:d5:
2e:4a:bd:a4:f0:13:60:c8:85:10:01:a2:25:c9:9b:62:c9:9b:
f7:81:08:0c:dc:a7:56:c6:0a:58:bc:14:aa:22:59:a4:c2:3a:
48:50:2e:5b:9e:ad:d9:bc:59:f0:96:5e:4c:41:79:a2:77:28:
69:1d:b4:bd:fb:66:88:5a:ba:7b:9f:83:f7:e4:73:4f:9c:f1:
00:77:7b:c5:86:5c:23:d7:44:f6:7b:8c:6f:e2:3d:39:5b:a0:
25:71:e3:bf:bf:be:48:60:07:ea:e4:bf:c8:00:73:08:83:7e:
64:4a:ef:5a:a7:82:99:9f:36:49:ef:a2:9a:c1:00:99:35:ca:
9b:be:60:99:ae:c5:df:1c:50:3d:a5:0d:95:a7:17:d2:82:07:
a3:15:f0:17:39:09:a9:b3:5b:95:74:e8:19:8c:e2:a7:81:00:
dc:d9:96:15:43:71:0b:d1:62:6d:47:a7:56:6a:8a:f1:94:90:
8e:fa:cb:d6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhRGk0qW5jASNVKoEBHzoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzM1MjVkNjhiNjExMTY1NjRlMTZlMWRkNGU1NmNiMDM1
YzljODUwHhcNMjUwMTAxMDk0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQzZDc0MjA1M2ZlMTEzMzhmMDY1M2E2MDdiZGQ2OWViYjY1MWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXOYBqLKjBgqVDEiBavT60oXXayL
P6tDnUAmxhrxSWZl3nxGNItXlORODx0zyqzZikvJnLEaMAP3xQEqBSgrwc/XXvbs
lKiJarg4vskjSccus6Tp9/xJa+1Zaq3yambEBRRkDY+oCMCIhOmkF0d1OasPfmNT
COokq7qcJXLwjtchqM0AAdOA8MLJOHIc6fX5Je6xp4z5h6AHBvCOPCAdIl413aYp
+CidJh/A+ntvYyNqjRfaToijz2eaC21uHWS8DvssARknjcbOpq9UDG8mlOaAhR8O
wnhwki+/7+B2YdpRtPl7M3pK+gIvLDw5Ag3oshl2IXccTV3cuawufCo7zwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIRD10IFP+ETOPBlOmB73WnrtlHsMB8GA1UdIwQY
MBaAFIXDUl1othEWVk4W4d1OVssDXJyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDkt
Njk0ZGJmYWRkYjhmLzEvaEVQWFFnVV80Uk00OEdVNllIdmRhZXUyVWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDktNjk0ZGJmYWRkYjhm
LzEvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVCZAAwQB
VCZOMA0EAgACMAcDBQAqAFCAMA0GCSqGSIb3DQEBCwUAA4IBAQAVTKatVquXGC0T
CP/XqChdGzA5nFz+uBDgqOMpYzTk17kDHQBv67273lLmqQYVrAiQNciB8g4ikdIE
PD5xSChCpvwGyBjxM9UuSr2k8BNgyIUQAaIlyZtiyZv3gQgM3KdWxgpYvBSqIlmk
wjpIUC5bnq3ZvFnwll5MQXmidyhpHbS9+2aIWrp7n4P35HNPnPEAd3vFhlwj10T2
e4xv4j05W6AlceO/v75IYAfq5L/IAHMIg35kSu9ap4KZnzZJ76KawQCZNcqbvmCZ
rsXfHFA9pQ2VpxfSggejFfAXOQmps1uVdOgZjOKngQDc2ZYVQ3EL0WJtR6dWaorx
lJCO+svW
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:58 2025 by rpki-client