Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/y_HvmHHGVlKjcbTPtfwbbemE9ts.roa
File: y_HvmHHGVlKjcbTPtfwbbemE9ts.roa (raw, json)
Hash identifier: 8SIoZagJaVQOy82S0A9ugj7Iv6sEqZZHPMha1KNQ3uM=
Subject key identifier: CB:F1:EF:98:71:C6:56:52:A3:71:B4:CF:B5:FC:1B:6D:E9:84:F6:DB
Certificate issuer: /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial: 0195135B906536FDA18BFDE2564521D881B9
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/y_HvmHHGVlKjcbTPtfwbbemE9ts.roa
Signing time: Mon 17 Feb 2025 10:02:02 +0000
ROA not before: Mon 17 Feb 2025 10:02:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34530
IP address blocks: 194.126.216.0/24 maxlen: 24
213.222.192.0/24 maxlen: 24
213.222.198.0/24 maxlen: 24
213.222.199.0/24 maxlen: 24
213.222.220.0/22 maxlen: 22
213.222.221.0/24 maxlen: 24
213.222.222.0/24 maxlen: 24
213.222.223.0/24 maxlen: 24
2a03:7580:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.mft
rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:13:5b:90:65:36:fd:a1:8b:fd:e2:56:45:21:d8:81:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Validity
Not Before: Feb 17 10:02:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cbf1ef9871c65652a371b4cfb5fc1b6de984f6db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:1d:64:69:e9:a0:0a:1c:78:b8:96:1c:95:44:
19:27:f6:9e:1d:75:18:81:34:0b:a3:35:0c:0a:f1:
64:a8:e6:ce:87:88:84:a3:2b:a4:47:f9:b0:2a:8c:
a8:70:07:c1:55:4e:b9:53:8a:8f:a5:f6:57:d0:03:
aa:ca:81:ec:e5:d4:3c:c8:df:06:b2:71:f2:b1:c9:
3f:c7:30:e5:61:54:e1:e6:60:e5:d2:57:df:67:54:
17:a7:6d:7e:33:b4:b8:97:41:71:d1:1f:a8:d2:fe:
8d:9a:ef:a0:4a:7e:7f:fe:c5:bc:da:23:01:a8:ec:
7d:4b:7e:8d:44:62:80:14:8e:9a:c6:9b:58:84:b3:
d7:8f:1c:59:40:ba:ec:fa:53:d3:b1:5d:e6:ab:2f:
7f:09:da:c7:6a:bd:3e:b6:88:fe:d2:18:f9:c9:e4:
52:b7:44:28:02:9f:f3:97:93:55:49:60:b3:d7:24:
3c:57:f7:71:e0:59:a2:1f:28:72:1e:07:b9:d1:21:
c8:f6:ac:96:32:d2:49:c6:a9:c9:8c:97:6d:1d:63:
09:61:ae:c4:b9:03:b5:fa:a8:07:21:b3:d9:33:71:
3b:3f:14:ae:03:ac:d0:54:8c:6b:6e:de:38:d1:2b:
7e:b4:d3:22:f1:10:26:9d:d8:2b:a5:fe:43:0a:5e:
fc:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:F1:EF:98:71:C6:56:52:A3:71:B4:CF:B5:FC:1B:6D:E9:84:F6:DB
X509v3 Authority Key Identifier:
keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/y_HvmHHGVlKjcbTPtfwbbemE9ts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.126.216.0/24
213.222.192.0/24
213.222.198.0/23
213.222.220.0/22
IPv6:
2a03:7580:4000::/40
Signature Algorithm: sha256WithRSAEncryption
06:60:01:81:4d:94:80:f4:35:65:f6:f0:e5:8a:91:1f:23:aa:
25:98:08:26:d8:11:7f:f4:39:2c:36:3e:85:b2:b9:40:54:4c:
88:5e:f8:59:64:da:67:f5:eb:c9:ac:97:1d:a0:f4:d2:df:e2:
0a:9e:a5:52:e7:46:97:ef:40:98:df:8e:2d:6f:10:7e:a6:dc:
b6:4d:2f:c8:d8:f7:ff:0c:62:28:cf:0b:15:58:a4:b7:5a:5b:
01:df:ef:ef:2d:8b:50:85:96:58:58:f1:e3:dd:b9:6e:87:db:
fc:98:d8:b5:ab:b2:59:fd:6e:35:55:ac:9c:95:95:88:f8:f8:
cd:dd:b9:bc:44:de:8b:18:05:70:9f:35:a6:aa:dd:91:a6:6b:
d8:db:c2:1a:bb:d2:62:fb:38:da:32:d7:b0:95:ae:ec:65:b8:
b2:55:d8:31:28:74:66:c3:bc:69:06:32:c0:84:a7:68:71:5b:
76:c2:d9:dc:c0:c7:68:d0:a0:a7:11:58:ad:b6:38:97:90:e2:
84:c9:e5:b9:00:e8:0b:9e:08:7f:d7:d9:08:96:b3:2a:b0:52:
72:b2:e2:39:6e:62:d3:72:ba:de:5c:9d:3c:9d:9d:98:24:56:
80:1e:96:6f:42:d2:65:a1:42:bb:fe:e2:58:11:f4:6b:ed:2d:
eb:16:e0:c0
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZUTW5BlNv2hi/3iVkUh2IG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjUwMjE3MTAwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmYxZWY5ODcxYzY1NjUyYTM3MWI0Y2ZiNWZjMWI2ZGU5ODRmNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB1kaemgChx4uJYclUQZJ/aeHXUY
gTQLozUMCvFkqObOh4iEoyukR/mwKoyocAfBVU65U4qPpfZX0AOqyoHs5dQ8yN8G
snHysck/xzDlYVTh5mDl0lffZ1QXp21+M7S4l0Fx0R+o0v6Nmu+gSn5//sW82iMB
qOx9S36NRGKAFI6axptYhLPXjxxZQLrs+lPTsV3mqy9/CdrHar0+toj+0hj5yeRS
t0QoAp/zl5NVSWCz1yQ8V/dx4FmiHyhyHge50SHI9qyWMtJJxqnJjJdtHWMJYa7E
uQO1+qgHIbPZM3E7PxSuA6zQVIxrbt440St+tNMi8RAmndgrpf5DCl78RwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFMvx75hxxlZSo3G0z7X8G23phPbbMB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEveV9Idm1ISEdWbEtqY2JUUHRmd2JiZW1FOXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQAwn7YAwQA
1d7AAwQB1d7GAwQC1d7cMA4EAgACMAgDBgAqA3WAQDANBgkqhkiG9w0BAQsFAAOC
AQEABmABgU2UgPQ1Zfbw5YqRHyOqJZgIJtgRf/Q5LDY+hbK5QFRMiF74WWTaZ/Xr
yayXHaD00t/iCp6lUudGl+9AmN+OLW8Qfqbctk0vyNj3/wxiKM8LFVikt1pbAd/v
7y2LUIWWWFjx4925bofb/JjYtauyWf1uNVWsnJWViPj4zd25vETeixgFcJ81pqrd
kaZr2NvCGrvSYvs42jLXsJWu7GW4slXYMSh0ZsO8aQYywISnaHFbdsLZ3MDHaNCg
pxFYrbY4l5DihMnluQDoC54If9fZCJazKrBScrLiOW5i03K63lydPJ2dmCRWgB6W
b0LSZaFCu/7iWBH0a+0t6xbgwA==
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:52:29 2025 by rpki-client