Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/a41794-d619-4c74-824d-31d7010a7256/1/A88LbPdx-8cfYkVb8yLzaoaOIc8.roa
File: A88LbPdx-8cfYkVb8yLzaoaOIc8.roa (raw, json)
Hash identifier: vbrcMRJHvTfymU9cXgb/J1eu18qmF5+dFVWeyuuyCEU=
Subject key identifier: 03:CF:0B:6C:F7:71:FB:C7:1F:62:45:5B:F3:22:F3:6A:86:8E:21:CF
Certificate issuer: /CN=acfb02432688674260c6d012a597d70bcd5149c4
Certificate serial: 01942C36891837E78836E74260A93DDC46DD
Authority key identifier: AC:FB:02:43:26:88:67:42:60:C6:D0:12:A5:97:D7:0B:CD:51:49:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rPsCQyaIZ0JgxtASpZfXC81RScQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/a41794-d619-4c74-824d-31d7010a7256/1/A88LbPdx-8cfYkVb8yLzaoaOIc8.roa
Signing time: Fri 03 Jan 2025 12:49:18 +0000
ROA not before: Fri 03 Jan 2025 12:49:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48638
IP address blocks: 89.106.240.0/21 maxlen: 24
91.194.86.0/23 maxlen: 24
94.143.184.0/21 maxlen: 24
185.43.152.0/22 maxlen: 24
185.59.168.0/22 maxlen: 24
195.28.164.0/23 maxlen: 24
2a02:4a00::/32 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/a41794-d619-4c74-824d-31d7010a7256/1/rPsCQyaIZ0JgxtASpZfXC81RScQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/a41794-d619-4c74-824d-31d7010a7256/1/rPsCQyaIZ0JgxtASpZfXC81RScQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/rPsCQyaIZ0JgxtASpZfXC81RScQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 18:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:2c:36:89:18:37:e7:88:36:e7:42:60:a9:3d:dc:46:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=acfb02432688674260c6d012a597d70bcd5149c4
Validity
Not Before: Jan 3 12:49:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=03cf0b6cf771fbc71f62455bf322f36a868e21cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:e5:61:13:35:1f:86:f1:98:62:d3:ec:77:9f:
cd:79:d9:4b:5c:e7:ba:f9:7e:fd:f6:90:7a:cb:1f:
1b:53:30:d0:56:43:f7:93:5b:4b:99:5c:45:54:bc:
92:7e:f3:92:cd:c3:87:6d:57:3d:a8:11:f3:67:65:
37:06:1e:57:d5:26:d0:7b:60:6b:f4:a6:e7:5f:ba:
08:29:0f:9e:e9:05:55:50:07:f4:d9:f4:07:0b:c8:
30:59:db:cb:c4:ce:1a:b1:e7:e1:21:41:73:dc:cb:
82:c6:78:b3:d5:79:f6:03:7f:82:20:61:93:e6:59:
20:fe:32:8f:05:03:c0:24:cc:39:5c:0f:7a:6c:4f:
f3:12:b6:79:3c:b5:b0:5b:ba:be:4a:73:51:44:05:
27:4c:a6:9c:4c:24:30:38:47:1c:6d:a9:ba:5e:98:
65:db:f2:7c:ee:25:ef:e9:06:a0:6b:c0:76:2c:dd:
3c:40:2a:61:bf:cb:e9:04:b0:64:ad:a5:b3:78:7b:
dd:aa:b2:f2:ca:dc:65:34:fc:c5:da:f7:a6:08:32:
a0:4c:4b:40:fb:f4:42:0a:94:f4:a6:b3:f4:85:84:
2c:e1:2b:3e:c5:e8:42:fc:e8:52:f8:39:8a:79:58:
c9:39:6c:cb:e8:e7:56:33:24:9b:55:94:bc:04:0e:
f1:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:CF:0B:6C:F7:71:FB:C7:1F:62:45:5B:F3:22:F3:6A:86:8E:21:CF
X509v3 Authority Key Identifier:
keyid:AC:FB:02:43:26:88:67:42:60:C6:D0:12:A5:97:D7:0B:CD:51:49:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPsCQyaIZ0JgxtASpZfXC81RScQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a41794-d619-4c74-824d-31d7010a7256/1/A88LbPdx-8cfYkVb8yLzaoaOIc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a41794-d619-4c74-824d-31d7010a7256/1/rPsCQyaIZ0JgxtASpZfXC81RScQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.106.240.0/21
91.194.86.0/23
94.143.184.0/21
185.43.152.0/22
185.59.168.0/22
195.28.164.0/23
IPv6:
2a02:4a00::/32
Signature Algorithm: sha256WithRSAEncryption
60:5f:b0:27:24:01:51:3c:61:b1:63:57:a3:7a:8f:bc:33:45:
b5:28:c8:2e:f7:48:0c:65:35:91:32:9e:41:58:b8:0f:11:c4:
aa:29:75:62:83:62:7d:9d:6a:f6:2a:1e:58:f0:f1:40:95:f5:
b5:ab:8c:c7:5a:d1:b4:cc:68:b0:22:2a:df:db:61:5c:39:d1:
da:f1:8d:85:fc:44:c8:bd:6a:99:38:93:7e:fa:b0:9b:a5:b9:
99:e5:08:6a:e3:01:49:40:08:ed:82:a4:d7:5a:e6:b7:e4:68:
3d:c2:69:4c:b2:c1:7c:37:3a:45:9f:64:da:a2:5e:dd:a1:cf:
78:47:c4:91:90:d7:4e:49:c6:1f:14:e0:7a:56:2a:35:1d:53:
6d:f1:a8:53:d1:34:d0:f9:5e:0e:75:14:fa:71:65:d5:54:92:
20:6e:dd:01:8f:7c:84:f5:14:39:10:24:42:aa:78:09:fc:4a:
12:f3:20:c6:d6:50:42:7b:e9:de:78:5c:9f:fe:26:27:2f:b5:
e9:43:16:1c:d3:cc:65:a1:26:6b:bc:c0:00:23:11:b7:e7:a3:
c0:5c:15:77:11:5e:70:3d:c7:0a:84:74:c6:57:5a:d5:fe:0f:
99:ee:91:43:82:d0:19:c1:25:c2:ba:d5:77:b1:65:5e:04:cf:
be:5d:98:e1
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQsNokYN+eINudCYKk93EbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZmIwMjQzMjY4ODY3NDI2MGM2ZDAxMmE1OTdkNzBiY2Q1
MTQ5YzQwHhcNMjUwMTAzMTI0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2NmMGI2Y2Y3NzFmYmM3MWY2MjQ1NWJmMzIyZjM2YTg2OGUyMWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruVhEzUfhvGYYtPsd5/NedlLXOe6
+X799pB6yx8bUzDQVkP3k1tLmVxFVLySfvOSzcOHbVc9qBHzZ2U3Bh5X1SbQe2Br
9KbnX7oIKQ+e6QVVUAf02fQHC8gwWdvLxM4asefhIUFz3MuCxniz1Xn2A3+CIGGT
5lkg/jKPBQPAJMw5XA96bE/zErZ5PLWwW7q+SnNRRAUnTKacTCQwOEccbam6Xphl
2/J87iXv6Qaga8B2LN08QCphv8vpBLBkraWzeHvdqrLyytxlNPzF2vemCDKgTEtA
+/RCCpT0prP0hYQs4Ss+xehC/OhS+DmKeVjJOWzL6OdWMySbVZS8BA7xkQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFAPPC2z3cfvHH2JFW/Mi82qGjiHPMB8GA1UdIwQY
MBaAFKz7AkMmiGdCYMbQEqWX1wvNUUnEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBzQ1F5YUlaMEpneHRBU3BaZlhDODFSU2NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hNDE3OTQtZDYxOS00Yzc0LTgyNGQt
MzFkNzAxMGE3MjU2LzEvQTg4TGJQZHgtOGNmWWtWYjh5THphb2FPSWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hNDE3OTQtZDYxOS00Yzc0LTgyNGQtMzFkNzAxMGE3MjU2
LzEvclBzQ1F5YUlaMEpneHRBU3BaZlhDODFSU2NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDWWrwAwQB
W8JWAwQDXo+4AwQCuSuYAwQCuTuoAwQBwxykMA0EAgACMAcDBQAqAkoAMA0GCSqG
SIb3DQEBCwUAA4IBAQBgX7AnJAFRPGGxY1ejeo+8M0W1KMgu90gMZTWRMp5BWLgP
EcSqKXVig2J9nWr2Kh5Y8PFAlfW1q4zHWtG0zGiwIirf22FcOdHa8Y2F/ETIvWqZ
OJN++rCbpbmZ5Qhq4wFJQAjtgqTXWua35Gg9wmlMssF8NzpFn2Taol7doc94R8SR
kNdOScYfFOB6Vio1HVNt8ahT0TTQ+V4OdRT6cWXVVJIgbt0Bj3yE9RQ5ECRCqngJ
/EoS8yDG1lBCe+neeFyf/iYnL7XpQxYc08xloSZrvMAAIxG356PAXBV3EV5wPccK
hHTGV1rV/g+Z7pFDgtAZwSXCutV3sWVeBM++XZjh
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:49:09 2025 by rpki-client