Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/PxoTHEdjjpKU7nFnIp_dVD-FKVs.roa
File: PxoTHEdjjpKU7nFnIp_dVD-FKVs.roa (raw, json)
Hash identifier: qS6lJqb4wx7qjtbMuBVvEV9SkrI1ddneyAf2i6qSLdE=
Subject key identifier: 3F:1A:13:1C:47:63:8E:92:94:EE:71:67:22:9F:DD:54:3F:85:29:5B
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 01948277F31ACB4E2B2EC04315395C841FA8
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/PxoTHEdjjpKU7nFnIp_dVD-FKVs.roa
Signing time: Mon 20 Jan 2025 06:48:06 +0000
ROA not before: Mon 20 Jan 2025 06:48:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197248
IP address blocks: 62.112.192.0/21 maxlen: 21
62.112.208.0/21 maxlen: 21
77.111.88.0/21 maxlen: 24
93.88.192.0/21 maxlen: 21
93.88.194.0/24 maxlen: 24
109.61.0.0/22 maxlen: 22
109.61.8.0/21 maxlen: 21
109.61.20.0/22 maxlen: 22
109.61.22.0/24 maxlen: 24
109.61.24.0/21 maxlen: 21
109.61.48.0/20 maxlen: 20
109.61.64.0/20 maxlen: 21
109.61.96.0/21 maxlen: 21
109.61.112.0/21 maxlen: 21
185.229.249.0/24 maxlen: 24
2a01:be00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.mft
rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 12:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:82:77:f3:1a:cb:4e:2b:2e:c0:43:15:39:5c:84:1f:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Jan 20 06:48:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f1a131c47638e9294ee7167229fdd543f85295b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:c6:07:85:bf:b7:a2:8e:6c:28:a4:8f:07:ce:
97:e4:49:26:c5:a0:1d:7e:c0:14:79:69:c1:b2:f7:
9d:95:d5:42:8f:c1:9b:5b:a7:66:65:ed:f7:8f:e1:
d2:7c:71:d3:f4:fc:83:c1:b5:3a:2c:f1:ec:2a:2f:
7a:7c:37:c0:87:8f:de:58:40:3e:20:8b:bf:4b:4d:
93:96:6c:7d:fb:3f:cf:6e:31:98:83:be:9a:f8:6a:
72:83:4f:5b:b6:e2:47:56:43:23:01:df:fa:43:1f:
be:6d:17:35:48:82:56:9a:a6:fd:73:14:aa:b3:9b:
6a:11:0c:bd:07:00:cb:36:fa:09:cf:27:fc:97:84:
d1:d9:db:98:18:48:6d:07:5d:c5:75:f3:f9:45:91:
c4:11:b0:fa:f7:93:a7:11:2d:e6:78:9c:3b:96:66:
c7:90:cc:e5:f0:06:7d:d3:b5:7a:27:93:b5:81:2b:
b8:52:41:ce:6c:ef:ce:16:a1:4c:f4:3e:05:0a:93:
84:43:2b:ce:9c:c7:df:0e:47:fc:83:90:cc:21:5b:
c7:c7:fc:e8:80:c8:c0:80:fd:46:9e:90:fd:15:1b:
f6:58:62:d4:68:12:ef:60:5a:78:ec:79:3d:86:ff:
82:06:c3:7f:25:d0:64:5a:bb:08:ee:95:ba:4b:2a:
58:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:1A:13:1C:47:63:8E:92:94:EE:71:67:22:9F:DD:54:3F:85:29:5B
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/PxoTHEdjjpKU7nFnIp_dVD-FKVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/21
62.112.208.0/21
77.111.88.0/21
93.88.192.0/21
109.61.0.0/22
109.61.8.0/21
109.61.20.0-109.61.31.255
109.61.48.0-109.61.79.255
109.61.96.0/21
109.61.112.0/21
185.229.249.0/24
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
7c:2c:c7:39:b9:41:0b:2d:cf:c8:ef:9f:f3:f0:70:af:c8:f7:
80:39:b6:e0:b1:e4:60:0f:33:9c:8f:eb:15:a6:91:3d:b1:bd:
cb:84:c2:d6:0b:5a:60:64:4b:17:11:a9:c7:15:66:4a:54:64:
49:17:3a:1f:fa:97:ee:b6:fe:1e:79:de:8d:52:31:3c:93:6e:
28:cb:ee:a2:ff:00:34:25:97:c7:05:46:c8:f1:a0:a0:35:32:
83:06:2b:07:aa:b1:3b:1f:ef:a2:1f:96:5f:58:fc:02:7f:53:
ef:dc:c3:c5:73:c8:35:ae:68:65:5b:d0:80:01:e4:e9:f6:48:
94:d2:dc:8f:da:3b:ad:af:a1:3d:6c:11:89:44:cf:66:f0:77:
6e:a0:ae:be:8e:30:1d:7f:d6:ca:53:4a:8d:e2:2b:8c:4c:89:
06:19:28:28:e2:96:41:f2:40:51:4b:4c:7c:c0:8d:75:62:4d:
97:96:f8:6f:80:0c:b2:da:1e:a9:b4:d9:32:53:4d:eb:97:7d:
fd:d7:b6:58:3e:0f:cc:8f:26:f9:11:16:84:92:c0:c7:79:48:
19:17:23:59:b2:b2:c3:a3:ce:d2:9a:1a:0a:90:93:ac:28:52:
d2:03:fe:89:f4:ff:e9:67:be:24:de:8e:d4:8f:bf:48:3a:2d:
e0:3f:a6:20
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAZSCd/May04rLsBDFTlchB+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjUwMTIwMDY0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjFhMTMxYzQ3NjM4ZTkyOTRlZTcxNjcyMjlmZGQ1NDNmODUyOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsYHhb+3oo5sKKSPB86X5EkmxaAd
fsAUeWnBsvedldVCj8GbW6dmZe33j+HSfHHT9PyDwbU6LPHsKi96fDfAh4/eWEA+
IIu/S02Tlmx9+z/PbjGYg76a+Gpyg09btuJHVkMjAd/6Qx++bRc1SIJWmqb9cxSq
s5tqEQy9BwDLNvoJzyf8l4TR2duYGEhtB13FdfP5RZHEEbD695OnES3meJw7lmbH
kMzl8AZ907V6J5O1gSu4UkHObO/OFqFM9D4FCpOEQyvOnMffDkf8g5DMIVvHx/zo
gMjAgP1GnpD9FRv2WGLUaBLvYFp47Hk9hv+CBsN/JdBkWrsI7pW6SypY4QIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFD8aExxHY46SlO5xZyKf3VQ/hSlbMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvUHhvVEhFZGpqcEtVN25GbklwX2RWRC1GS1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQDPnDAAwQD
PnDQAwQDTW9YAwQDXVjAAwQCbT0AAwQDbT0IMAwDBAJtPRQDBAVtPQAwDAMEBG09
MAMEBG09QAMEA209YAMEA209cAMEALnl+TANBAIAAjAHAwUAKgG+ADANBgkqhkiG
9w0BAQsFAAOCAQEAfCzHOblBCy3PyO+f8/Bwr8j3gDm24LHkYA8znI/rFaaRPbG9
y4TC1gtaYGRLFxGpxxVmSlRkSRc6H/qX7rb+HnnejVIxPJNuKMvuov8ANCWXxwVG
yPGgoDUygwYrB6qxOx/voh+WX1j8An9T79zDxXPINa5oZVvQgAHk6fZIlNLcj9o7
ra+hPWwRiUTPZvB3bqCuvo4wHX/WylNKjeIrjEyJBhkoKOKWQfJAUUtMfMCNdWJN
l5b4b4AMstoeqbTZMlNN65d9/de2WD4PzI8m+REWhJLAx3lIGRcjWbKyw6PO0poa
CpCTrChS0gP+ifT/6We+JN6O1I+/SDot4D+mIA==
-----END CERTIFICATE-----
Generated at Mon Apr 7 16:46:56 2025 by rpki-client