Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/iBl8t3z-BUajHzSAeaP-AzTEflQ.roa
File: iBl8t3z-BUajHzSAeaP-AzTEflQ.roa (raw, json)
Hash identifier: +f1NthgpfDbumeIw5C75bNKybF0uHgK0qHdvaGhDtxc=
Subject key identifier: 88:19:7C:B7:7C:FE:05:46:A3:1F:34:80:79:A3:FE:03:34:C4:7E:54
Certificate issuer: /CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
Certificate serial: 019425FDC9BF84DA775131A4EAE8181EBBD7
Authority key identifier: 2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/iBl8t3z-BUajHzSAeaP-AzTEflQ.roa
Signing time: Thu 02 Jan 2025 07:49:36 +0000
ROA not before: Thu 02 Jan 2025 07:49:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201540
IP address blocks: 185.71.192.0/23 maxlen: 23
185.71.194.0/23 maxlen: 23
185.109.60.0/24 maxlen: 24
185.109.61.0/24 maxlen: 24
185.109.62.0/23 maxlen: 23
185.109.72.0/24 maxlen: 24
185.109.73.0/24 maxlen: 24
185.109.74.0/24 maxlen: 24
185.109.75.0/24 maxlen: 24
185.109.80.0/23 maxlen: 23
185.109.82.0/23 maxlen: 23
185.111.8.0/22 maxlen: 22
185.111.12.0/22 maxlen: 22
185.111.64.0/23 maxlen: 23
185.111.136.0/22 maxlen: 22
185.112.168.0/22 maxlen: 22
185.120.192.0/22 maxlen: 22
185.120.196.0/22 maxlen: 22
185.120.200.0/24 maxlen: 24
185.120.201.0/24 maxlen: 24
185.120.202.0/24 maxlen: 24
185.120.203.0/24 maxlen: 24
185.120.208.0/22 maxlen: 22
185.120.216.0/22 maxlen: 22
185.120.224.0/22 maxlen: 22
185.120.232.0/22 maxlen: 22
185.120.240.0/22 maxlen: 22
2a03:3b60::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.mft
rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 09:01:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:c9:bf:84:da:77:51:31:a4:ea:e8:18:1e:bb:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
Validity
Not Before: Jan 2 07:49:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=88197cb77cfe0546a31f348079a3fe0334c47e54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a0:6f:23:be:5d:54:97:07:00:38:ca:aa:86:
b9:66:a0:c7:70:b0:d9:00:95:fd:7f:5c:e3:80:01:
f9:de:a7:e7:26:1c:cd:53:cd:3f:23:3e:8a:d7:ef:
cf:89:73:45:5c:51:ae:b3:8c:44:bc:08:25:25:e4:
c1:c0:54:a8:52:35:74:07:8a:a1:f7:ea:f7:a3:f1:
f6:cd:d3:6f:af:2e:04:d5:ef:d9:4f:5b:1b:6f:e3:
38:b0:89:92:45:bd:cf:6a:a4:d0:3b:bb:c7:cc:61:
34:9c:9b:7d:33:59:14:9f:9b:0a:b6:7b:73:a6:05:
00:3a:a1:31:8f:69:8e:c6:88:76:22:1b:bf:8a:4f:
98:6f:d2:d7:9e:de:db:33:cc:71:4e:9f:32:d8:7f:
51:b9:e0:c2:c6:40:5b:c7:30:96:36:d9:a7:28:18:
c3:8e:21:72:ec:cd:a6:78:e3:83:26:5c:0e:1e:aa:
81:e6:9b:ce:ef:05:a1:b2:0d:ae:1b:17:9a:b2:fb:
58:cf:6d:0f:b4:53:3a:c7:46:45:96:42:27:ab:a5:
82:d8:7d:15:1f:43:47:98:7a:7d:7f:c4:02:0e:e2:
ea:c8:56:b1:2e:5d:b7:0a:d7:69:8b:97:95:b6:0e:
14:7b:fb:76:82:25:ef:5e:b0:ea:f3:1d:2e:53:97:
38:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:19:7C:B7:7C:FE:05:46:A3:1F:34:80:79:A3:FE:03:34:C4:7E:54
X509v3 Authority Key Identifier:
keyid:2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/iBl8t3z-BUajHzSAeaP-AzTEflQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.71.192.0/22
185.109.60.0/22
185.109.72.0/22
185.109.80.0/22
185.111.8.0/21
185.111.64.0/23
185.111.136.0/22
185.112.168.0/22
185.120.192.0-185.120.203.255
185.120.208.0/22
185.120.216.0/22
185.120.224.0/22
185.120.232.0/22
185.120.240.0/22
IPv6:
2a03:3b60::/32
Signature Algorithm: sha256WithRSAEncryption
a2:21:d3:f8:7e:c6:09:66:a4:6a:0c:c1:1f:c2:e9:45:df:90:
55:3f:68:e0:03:0b:a3:2e:91:5c:f3:fd:65:e6:ad:84:fa:07:
e7:23:32:22:aa:6e:75:e1:ff:4d:c5:3d:b1:a5:fc:32:4c:fa:
14:02:ae:a8:ec:58:df:11:e6:61:5a:aa:dd:d1:d7:fe:70:22:
a3:d3:79:7c:20:47:27:53:7d:31:a6:1c:65:4b:a1:52:9f:57:
4e:c0:7d:82:9d:4e:63:ba:8e:b1:5c:88:1b:d8:cd:e9:72:0f:
2c:57:82:f9:12:93:cb:16:d1:e1:b6:c5:fe:cb:da:d0:c2:26:
b2:0d:3a:ae:89:2c:74:65:7e:87:d3:08:01:48:14:95:47:fe:
e3:09:11:0c:44:dc:1c:3e:8d:66:d3:e1:9c:c7:80:3c:05:3e:
df:1f:64:94:2a:99:a6:e2:e9:d8:e7:39:d2:11:c3:98:1f:61:
f8:8d:15:d0:e7:e5:eb:81:a4:a9:1d:2f:2f:a4:73:2f:47:88:
6d:67:75:98:4a:c7:c2:08:b2:a9:bc:3f:15:85:e7:ce:5a:0a:
93:a1:ed:8f:e9:23:75:66:3f:13:71:ee:6a:61:4f:03:02:e3:
b3:9f:28:7e:02:45:a4:3c:2e:c6:57:ba:86:24:90:89:d5:d6:
54:9a:69:b5
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZQl/cm/hNp3UTGk6ugYHrvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiN2FiNjU2OWRlNzhkM2M0YTA4MmZkZTZkZDFkNmEzZjBk
NTA5YzIwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE5N2NiNzdjZmUwNTQ2YTMxZjM0ODA3OWEzZmUwMzM0YzQ3ZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqBvI75dVJcHADjKqoa5ZqDHcLDZ
AJX9f1zjgAH53qfnJhzNU80/Iz6K1+/PiXNFXFGus4xEvAglJeTBwFSoUjV0B4qh
9+r3o/H2zdNvry4E1e/ZT1sbb+M4sImSRb3PaqTQO7vHzGE0nJt9M1kUn5sKtntz
pgUAOqExj2mOxoh2Ihu/ik+Yb9LXnt7bM8xxTp8y2H9RueDCxkBbxzCWNtmnKBjD
jiFy7M2meOODJlwOHqqB5pvO7wWhsg2uGxeasvtYz20PtFM6x0ZFlkInq6WC2H0V
H0NHmHp9f8QCDuLqyFaxLl23Ctdpi5eVtg4Ue/t2giXvXrDq8x0uU5c4CQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFIgZfLd8/gVGox80gHmj/gM0xH5UMB8GA1UdIwQY
MBaAFCt6tlad5408Sggv3m3R1qPw1QnCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0Yzgt
M2ZjOTY1OTRiNGM1LzEvaUJsOHQzei1CVWFqSHpTQWVhUC1BelRFZmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0YzgtM2ZjOTY1OTRiNGM1
LzEvSzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEArlHwAME
ArltPAMEArltSAMEArltUAMEA7lvCAMEAblvQAMEArlviAMEArlwqDAMAwQGuXjA
AwQCuXjIAwQCuXjQAwQCuXjYAwQCuXjgAwQCuXjoAwQCuXjwMA0EAgACMAcDBQAq
AztgMA0GCSqGSIb3DQEBCwUAA4IBAQCiIdP4fsYJZqRqDMEfwulF35BVP2jgAwuj
LpFc8/1l5q2E+gfnIzIiqm514f9NxT2xpfwyTPoUAq6o7FjfEeZhWqrd0df+cCKj
03l8IEcnU30xphxlS6FSn1dOwH2CnU5juo6xXIgb2M3pcg8sV4L5EpPLFtHhtsX+
y9rQwiayDTquiSx0ZX6H0wgBSBSVR/7jCREMRNwcPo1m0+Gcx4A8BT7fH2SUKpmm
4unY5znSEcOYH2H4jRXQ5+XrgaSpHS8vpHMvR4htZ3WYSsfCCLKpvD8VhefOWgqT
oe2P6SN1Zj8Tce5qYU8DAuOznyh+AkWkPC7GV7qGJJCJ1dZUmmm1
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:11:53 2025 by rpki-client