Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1IhfcMc6vdLalAssbxGvWJUN-I8.roa
File: 1IhfcMc6vdLalAssbxGvWJUN-I8.roa (raw, json)
Hash identifier: UFPUuXseMe5mmCfOL5TtRt0nyrvSJU49C2dua22bxsA=
Subject key identifier: D4:88:5F:70:C7:3A:BD:D2:DA:94:0B:2C:6F:11:AF:58:95:0D:F8:8F
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 019425FC84073FCBD6E5A6CAD985BFBADF14
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1IhfcMc6vdLalAssbxGvWJUN-I8.roa
Signing time: Thu 02 Jan 2025 07:48:13 +0000
ROA not before: Thu 02 Jan 2025 07:48:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212552
IP address blocks: 43.225.90.0/24 maxlen: 24
45.146.241.0/24 maxlen: 24
46.249.98.0/23 maxlen: 24
46.249.100.0/22 maxlen: 24
46.249.111.0/24 maxlen: 24
82.115.8.0/24 maxlen: 24
82.115.13.0/24 maxlen: 24
82.115.16.0/24 maxlen: 24
82.115.17.0/24 maxlen: 24
82.115.18.0/24 maxlen: 24
82.115.19.0/24 maxlen: 24
82.115.20.0/23 maxlen: 24
82.115.24.0/22 maxlen: 24
89.251.8.0/23 maxlen: 24
103.75.196.0/22 maxlen: 24
185.80.196.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
193.36.84.0/23 maxlen: 24
202.133.88.0/24 maxlen: 24
202.133.89.0/24 maxlen: 24
202.133.90.0/24 maxlen: 24
202.133.91.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 01:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:84:07:3f:cb:d6:e5:a6:ca:d9:85:bf:ba:df:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 07:48:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4885f70c73abdd2da940b2c6f11af58950df88f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:56:dd:aa:bf:46:3d:bf:86:f9:48:d6:f1:68:
e8:71:46:3a:02:41:aa:1a:f8:ea:a0:cd:a8:d2:33:
8f:0c:e8:c8:c9:4a:7f:65:99:9e:05:ca:13:f3:ee:
6c:ab:a4:69:06:2b:79:00:51:3b:dd:2d:16:3d:83:
0d:15:cb:c0:08:44:d6:29:88:cb:0e:a4:5d:d9:0a:
46:73:92:34:f2:04:47:ae:80:b7:51:3d:79:9c:c4:
fb:fa:1d:30:dc:f4:dc:d2:2b:32:88:08:e7:c4:12:
4e:cd:07:97:da:c2:9b:8d:9b:0d:37:d5:4f:ee:8b:
e0:d3:39:05:f1:65:1e:d2:bb:bc:e4:17:f9:c0:d8:
40:d0:e9:f1:1e:87:32:01:b8:a4:f9:6a:f6:f7:5f:
40:d8:c1:75:ec:d9:ea:ba:95:93:64:31:ff:20:f4:
44:c3:fb:53:ad:2c:8f:62:da:2b:b8:d0:2d:fc:70:
3d:c6:79:5c:97:af:4d:c9:e3:4d:eb:f8:86:fe:bd:
69:d3:a6:e8:cb:d7:79:02:77:42:cb:63:31:fa:a8:
3b:eb:ba:e6:bf:f9:e8:56:33:0e:df:1a:0d:a0:f5:
cc:76:de:10:06:26:33:75:3d:99:d5:ab:13:9a:ac:
7b:f4:b7:b9:d5:c0:c4:d7:7b:81:c6:44:be:ca:81:
d2:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:88:5F:70:C7:3A:BD:D2:DA:94:0B:2C:6F:11:AF:58:95:0D:F8:8F
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1IhfcMc6vdLalAssbxGvWJUN-I8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
43.225.90.0/24
45.146.241.0/24
46.249.98.0-46.249.103.255
46.249.111.0/24
82.115.8.0/24
82.115.13.0/24
82.115.16.0-82.115.21.255
82.115.24.0/22
89.251.8.0/23
103.75.196.0/22
185.80.196.0/24
185.215.244.0/23
193.36.84.0/23
202.133.88.0/22
Signature Algorithm: sha256WithRSAEncryption
a8:a1:a8:d6:3d:8b:84:f9:77:3b:8b:24:51:46:bd:cb:b1:a9:
1b:41:1a:da:97:c8:4b:79:af:bb:b3:42:8c:57:5c:72:40:cf:
f0:45:26:32:8c:3d:a5:68:4e:e0:83:7c:9b:c9:6b:be:08:6c:
95:fa:d1:e4:25:37:c1:1a:79:b6:ff:5a:3c:24:3f:4d:8f:71:
40:60:db:46:3a:69:7d:8e:84:9d:40:1b:be:95:19:3a:b7:16:
7d:1d:c6:57:7d:4c:3b:4b:86:ab:6b:36:ad:0a:53:af:69:f8:
6e:96:c7:92:c9:97:20:51:43:eb:42:95:87:52:f2:1f:2e:00:
af:4b:55:92:5a:50:c4:14:56:8a:9d:25:4a:36:97:16:e6:b3:
b6:37:ec:dc:e7:a8:d8:26:82:80:f2:68:56:35:85:c5:69:2a:
06:e6:db:1e:7e:a8:14:a0:f8:66:04:25:e2:a4:24:e0:0c:98:
e0:5b:32:4a:62:6a:3d:3a:fb:64:0a:96:5c:8b:4e:ac:24:98:
6e:fa:21:52:95:10:a2:14:82:36:eb:98:3a:e2:77:34:20:ee:
be:36:60:7b:f3:45:27:4b:a8:f7:02:62:fc:57:22:fb:bc:4f:
15:aa:c3:20:c3:02:38:53:01:06:ff:89:00:61:30:69:1d:41:
7c:3b:29:ee
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZQl/IQHP8vW5abK2YW/ut8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg4NWY3MGM3M2FiZGQyZGE5NDBiMmM2ZjExYWY1ODk1MGRmODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lbdqr9GPb+G+UjW8WjocUY6AkGq
GvjqoM2o0jOPDOjIyUp/ZZmeBcoT8+5sq6RpBit5AFE73S0WPYMNFcvACETWKYjL
DqRd2QpGc5I08gRHroC3UT15nMT7+h0w3PTc0isyiAjnxBJOzQeX2sKbjZsNN9VP
7ovg0zkF8WUe0ru85Bf5wNhA0OnxHocyAbik+Wr2919A2MF17NnqupWTZDH/IPRE
w/tTrSyPYtoruNAt/HA9xnlcl69NyeNN6/iG/r1p06boy9d5AndCy2Mx+qg767rm
v/noVjMO3xoNoPXMdt4QBiYzdT2Z1asTmqx79Le51cDE13uBxkS+yoHStQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFNSIX3DHOr3S2pQLLG8Rr1iVDfiPMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMUloZmNNYzZ2ZExhbEFzc2J4R3ZXSlVOLUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQAK+FaAwQA
LZLxMAwDBAEu+WIDBAMu+WADBAAu+W8DBABScwgDBABScw0wDAMEBFJzEAMEAVJz
FAMEAlJzGAMEAVn7CAMEAmdLxAMEALlQxAMEAbnX9AMEAcEkVAMEAsqFWDANBgkq
hkiG9w0BAQsFAAOCAQEAqKGo1j2LhPl3O4skUUa9y7GpG0Ea2pfIS3mvu7NCjFdc
ckDP8EUmMow9pWhO4IN8m8lrvghslfrR5CU3wRp5tv9aPCQ/TY9xQGDbRjppfY6E
nUAbvpUZOrcWfR3GV31MO0uGq2s2rQpTr2n4bpbHksmXIFFD60KVh1LyHy4Ar0tV
klpQxBRWip0lSjaXFuaztjfs3Oeo2CaCgPJoVjWFxWkqBubbHn6oFKD4ZgQl4qQk
4AyY4FsySmJqPTr7ZAqWXItOrCSYbvohUpUQohSCNuuYOuJ3NCDuvjZge/NFJ0uo
9wJi/Fci+7xPFarDIMMCOFMBBv+JAGEwaR1BfDsp7g==
-----END CERTIFICATE-----
Generated at Mon Apr 7 11:35:13 2025 by rpki-client