Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/a8e04b-0dba-40ec-b126-f457d404ae2f/1/PP9bgdUS-fVj1MX8DGYePZt8TkE.roa
File: PP9bgdUS-fVj1MX8DGYePZt8TkE.roa (raw, json)
Hash identifier: ostFORLB1aqakHZ76u6KB5do/0qYMVa/6OoMMSfXFeg=
Subject key identifier: 3C:FF:5B:81:D5:12:F9:F5:63:D4:C5:FC:0C:66:1E:3D:9B:7C:4E:41
Certificate issuer: /CN=2c88db81fdfbeccee75f4a9f698a3c1b3a84626e
Certificate serial: 0194228D0ADF955D8C044DFDC6A283DD6A76
Authority key identifier: 2C:88:DB:81:FD:FB:EC:CE:E7:5F:4A:9F:69:8A:3C:1B:3A:84:62:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LIjbgf377M7nX0qfaYo8GzqEYm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/a8e04b-0dba-40ec-b126-f457d404ae2f/1/PP9bgdUS-fVj1MX8DGYePZt8TkE.roa
Signing time: Wed 01 Jan 2025 15:47:36 +0000
ROA not before: Wed 01 Jan 2025 15:47:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58096
IP address blocks: 45.93.4.0/22 maxlen: 22
91.220.69.0/24 maxlen: 24
94.141.124.0/22 maxlen: 24
185.33.228.0/22 maxlen: 32
185.154.72.0/22 maxlen: 32
185.216.192.0/23 maxlen: 32
193.105.114.0/24 maxlen: 32
193.160.204.0/23 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/a8e04b-0dba-40ec-b126-f457d404ae2f/1/LIjbgf377M7nX0qfaYo8GzqEYm4.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/a8e04b-0dba-40ec-b126-f457d404ae2f/1/LIjbgf377M7nX0qfaYo8GzqEYm4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LIjbgf377M7nX0qfaYo8GzqEYm4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 18:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:0a:df:95:5d:8c:04:4d:fd:c6:a2:83:dd:6a:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c88db81fdfbeccee75f4a9f698a3c1b3a84626e
Validity
Not Before: Jan 1 15:47:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3cff5b81d512f9f563d4c5fc0c661e3d9b7c4e41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:e3:8f:d6:5f:ef:c7:d3:89:85:83:85:96:11:
aa:f9:9a:29:f4:ba:f2:96:ec:96:5d:43:5f:e5:0c:
8d:bb:bc:53:01:61:bc:d3:01:0b:e9:43:f1:36:ce:
fb:ac:1b:c1:bb:37:28:26:7c:d7:60:d8:f6:59:fb:
7d:83:b1:8e:a9:80:9d:d3:df:40:84:74:09:0e:87:
8c:7c:33:e1:73:44:11:c9:c9:5f:5f:6b:8f:53:0b:
3e:e2:9e:0e:ea:24:69:20:20:9c:c9:49:a4:02:85:
cd:61:62:5b:27:40:e6:05:cd:31:6c:86:9d:73:69:
ce:3d:f5:5f:08:31:8b:f9:fa:6d:b8:d5:e3:84:0d:
8c:01:3e:9f:99:4f:a5:ea:a9:19:c7:84:5f:03:1e:
14:9f:a5:5d:fd:40:f5:a0:77:62:da:63:7d:cc:00:
71:2f:8f:e3:5c:90:8b:c5:1b:3c:fe:78:9a:a5:8d:
8b:88:e5:45:12:65:d7:b0:ff:b6:ae:42:4f:9f:8b:
40:53:9e:d2:35:67:97:34:52:1f:bc:ad:a9:8d:e8:
52:fe:4e:47:8c:5c:bf:c0:aa:f8:c7:ff:9c:a4:43:
57:0d:2b:15:67:75:9b:9b:9d:ee:dc:91:e2:17:89:
36:b4:d9:94:13:50:8e:de:df:60:d3:a2:6c:47:b6:
c5:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:FF:5B:81:D5:12:F9:F5:63:D4:C5:FC:0C:66:1E:3D:9B:7C:4E:41
X509v3 Authority Key Identifier:
keyid:2C:88:DB:81:FD:FB:EC:CE:E7:5F:4A:9F:69:8A:3C:1B:3A:84:62:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LIjbgf377M7nX0qfaYo8GzqEYm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a8e04b-0dba-40ec-b126-f457d404ae2f/1/PP9bgdUS-fVj1MX8DGYePZt8TkE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/a8e04b-0dba-40ec-b126-f457d404ae2f/1/LIjbgf377M7nX0qfaYo8GzqEYm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.93.4.0/22
91.220.69.0/24
94.141.124.0/22
185.33.228.0/22
185.154.72.0/22
185.216.192.0/23
193.105.114.0/24
193.160.204.0/23
Signature Algorithm: sha256WithRSAEncryption
a8:42:aa:91:b2:ae:bb:e6:ac:c4:14:ad:84:20:3c:d6:ec:96:
9f:58:9b:3d:3b:b6:9c:cf:1f:e9:ec:04:54:ba:0b:99:2e:2b:
4c:e5:5a:59:b1:b0:95:c3:26:03:60:85:92:f7:f1:b0:ac:22:
64:b6:31:0e:ca:76:8a:21:d8:62:0e:1d:9c:60:06:07:48:f1:
b8:52:d3:77:74:d0:cc:a0:be:c0:43:31:b8:c1:d2:eb:8e:a6:
e9:25:ed:a5:d4:51:91:62:ac:73:12:30:9f:58:ad:c6:a1:c9:
c5:c8:a1:bd:d2:58:47:f5:f2:12:84:8c:10:69:32:b5:60:0c:
79:73:20:f9:cf:f4:98:4d:ec:8d:79:fc:69:6f:75:07:dd:a9:
e6:61:97:cf:88:c1:10:6f:44:f8:62:cb:c7:6b:b6:8d:23:12:
11:dd:2c:65:5a:9d:f1:25:08:3c:eb:05:6a:49:20:cc:d0:96:
a5:d2:d5:4b:eb:59:cd:f7:5d:4b:71:7a:b8:26:96:68:f7:ad:
d9:b7:ba:a3:ae:d7:7a:84:28:dc:db:8f:9c:7c:a1:64:07:ac:
e6:fd:05:d1:6f:21:37:c4:a5:58:af:29:f5:dd:9e:c7:5a:39:
14:49:25:da:f8:89:6b:d1:56:5e:c0:b5:ce:aa:b3:46:ef:68:
b2:af:95:3e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQijQrflV2MBE39xqKD3Wp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjODhkYjgxZmRmYmVjY2VlNzVmNGE5ZjY5OGEzYzFiM2E4
NDYyNmUwHhcNMjUwMTAxMTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ZmNWI4MWQ1MTJmOWY1NjNkNGM1ZmMwYzY2MWUzZDliN2M0ZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+OP1l/vx9OJhYOFlhGq+Zop9Lry
luyWXUNf5QyNu7xTAWG80wEL6UPxNs77rBvBuzcoJnzXYNj2Wft9g7GOqYCd099A
hHQJDoeMfDPhc0QRyclfX2uPUws+4p4O6iRpICCcyUmkAoXNYWJbJ0DmBc0xbIad
c2nOPfVfCDGL+fptuNXjhA2MAT6fmU+l6qkZx4RfAx4Un6Vd/UD1oHdi2mN9zABx
L4/jXJCLxRs8/niapY2LiOVFEmXXsP+2rkJPn4tAU57SNWeXNFIfvK2pjehS/k5H
jFy/wKr4x/+cpENXDSsVZ3Wbm53u3JHiF4k2tNmUE1CO3t9g06JsR7bFKwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDz/W4HVEvn1Y9TF/AxmHj2bfE5BMB8GA1UdIwQY
MBaAFCyI24H9++zO519Kn2mKPBs6hGJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTElqYmdmMzc3TTduWDBxZmFZbzhHenFFWW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9hOGUwNGItMGRiYS00MGVjLWIxMjYt
ZjQ1N2Q0MDRhZTJmLzEvUFA5YmdkVVMtZlZqMU1YOERHWWVQWnQ4VGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9hOGUwNGItMGRiYS00MGVjLWIxMjYtZjQ1N2Q0MDRhZTJm
LzEvTElqYmdmMzc3TTduWDBxZmFZbzhHenFFWW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLV0EAwQA
W9xFAwQCXo18AwQCuSHkAwQCuZpIAwQBudjAAwQAwWlyAwQBwaDMMA0GCSqGSIb3
DQEBCwUAA4IBAQCoQqqRsq675qzEFK2EIDzW7JafWJs9O7aczx/p7ARUuguZLitM
5VpZsbCVwyYDYIWS9/GwrCJktjEOynaKIdhiDh2cYAYHSPG4UtN3dNDMoL7AQzG4
wdLrjqbpJe2l1FGRYqxzEjCfWK3GocnFyKG90lhH9fIShIwQaTK1YAx5cyD5z/SY
TeyNefxpb3UH3anmYZfPiMEQb0T4YsvHa7aNIxIR3SxlWp3xJQg86wVqSSDM0Jal
0tVL61nN911LcXq4JpZo963Zt7qjrtd6hCjc24+cfKFkB6zm/QXRbyE3xKVYryn1
3Z7HWjkUSSXa+Ilr0VZewLXOqrNG72iyr5U+
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:18:35 2025 by rpki-client