Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/Fb0UwpxCy0DRKLuSbZAzVNuZQGI.roa
File: Fb0UwpxCy0DRKLuSbZAzVNuZQGI.roa (raw, json)
Hash identifier: FQG+r4pQE3E1WCi2kVbQ4HOY+Sj6V8FJrKG1h8vbtwQ=
Subject key identifier: 15:BD:14:C2:9C:42:CB:40:D1:28:BB:92:6D:90:33:54:DB:99:40:62
Certificate issuer: /CN=9821e37eab6ef6326933e5fa3748d07d83026db0
Certificate serial: 019425FC48D358A2367B4F2AAB6C2CEACF31
Authority key identifier: 98:21:E3:7E:AB:6E:F6:32:69:33:E5:FA:37:48:D0:7D:83:02:6D:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/Fb0UwpxCy0DRKLuSbZAzVNuZQGI.roa
Signing time: Thu 02 Jan 2025 07:47:58 +0000
ROA not before: Thu 02 Jan 2025 07:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35370
IP address blocks: 78.152.64.0/19 maxlen: 24
78.152.64.0/21 maxlen: 21
78.152.68.0/24 maxlen: 24
78.152.72.0/21 maxlen: 21
78.152.80.0/21 maxlen: 21
78.152.88.0/21 maxlen: 24
78.152.92.0/22 maxlen: 22
78.152.95.0/24 maxlen: 24
87.243.128.0/18 maxlen: 18
87.243.128.0/22 maxlen: 22
87.243.132.0/22 maxlen: 22
87.243.136.0/22 maxlen: 22
87.243.140.0/22 maxlen: 22
87.243.144.0/23 maxlen: 23
87.243.144.0/24 maxlen: 24
87.243.145.0/24 maxlen: 24
87.243.146.0/23 maxlen: 23
87.243.148.0/23 maxlen: 23
87.243.150.0/23 maxlen: 23
87.243.152.0/22 maxlen: 22
87.243.154.0/24 maxlen: 24
87.243.156.0/23 maxlen: 23
87.243.156.0/24 maxlen: 24
87.243.157.0/24 maxlen: 24
87.243.158.0/23 maxlen: 23
87.243.158.0/24 maxlen: 24
87.243.160.0/22 maxlen: 22
87.243.160.0/23 maxlen: 23
87.243.164.0/22 maxlen: 22
87.243.168.0/23 maxlen: 23
87.243.171.0/24 maxlen: 24
87.243.172.0/22 maxlen: 22
87.243.177.0/24 maxlen: 24
87.243.178.0/24 maxlen: 24
87.243.180.0/22 maxlen: 22
87.243.184.0/21 maxlen: 21
87.243.184.0/24 maxlen: 24
2a0b:9e00::/29 maxlen: 29
2a0b:9e00::/32 maxlen: 32
2a0b:9e01::/32 maxlen: 32
2a0b:9e02::/32 maxlen: 32
2a0b:9e03::/32 maxlen: 32
2a0b:9e04::/32 maxlen: 32
2a0b:9e05::/32 maxlen: 32
2a0b:9e06::/32 maxlen: 32
2a0b:9e07::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.mft
rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:48:d3:58:a2:36:7b:4f:2a:ab:6c:2c:ea:cf:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9821e37eab6ef6326933e5fa3748d07d83026db0
Validity
Not Before: Jan 2 07:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=15bd14c29c42cb40d128bb926d903354db994062
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:27:b9:2b:b0:04:57:47:c0:49:70:f1:03:36:
7e:2c:f5:99:c2:7f:56:e1:16:d0:cd:3f:bf:6a:ac:
80:06:83:7a:3f:4d:b7:91:6e:9e:2c:2d:62:c5:a6:
e7:9f:9c:bc:10:a4:d3:53:19:c3:e6:e0:91:44:a8:
5d:43:b4:39:f0:73:c2:c2:21:f0:3f:fe:ef:90:44:
fd:c6:54:0d:7d:1f:f7:83:df:90:49:9c:2a:64:2c:
61:4b:dd:03:0c:c5:30:45:14:ea:03:66:43:e0:50:
0d:c3:7c:79:e9:d9:4d:59:77:82:0b:0a:cd:b5:86:
b9:01:7b:47:22:a3:d8:90:9d:f8:89:d7:9a:ce:68:
35:c4:36:02:58:c5:37:93:e5:98:0e:61:40:7e:95:
ff:ea:28:9c:1a:ec:24:f7:1e:8b:8a:c9:ec:1a:47:
e4:e8:ec:f2:a0:37:61:64:b6:88:25:a7:0b:da:8f:
03:44:d7:e2:e0:3c:0b:2f:ee:e7:7a:31:ea:4c:6c:
70:b4:8d:6f:fe:9e:2b:65:71:e8:53:0a:25:5e:4a:
49:86:fb:92:18:8e:c6:cc:33:74:98:3f:d8:b2:b7:
f3:67:84:cb:99:a6:3e:08:79:7a:0c:27:42:6b:96:
bb:fb:ce:41:17:44:4b:25:46:62:21:9b:98:20:1c:
6c:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:BD:14:C2:9C:42:CB:40:D1:28:BB:92:6D:90:33:54:DB:99:40:62
X509v3 Authority Key Identifier:
keyid:98:21:E3:7E:AB:6E:F6:32:69:33:E5:FA:37:48:D0:7D:83:02:6D:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/Fb0UwpxCy0DRKLuSbZAzVNuZQGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.152.64.0/19
87.243.128.0/18
IPv6:
2a0b:9e00::/29
Signature Algorithm: sha256WithRSAEncryption
19:71:99:2a:1f:a4:88:d5:cd:4c:d7:2c:7e:d8:21:8f:f6:29:
98:3f:73:a0:e3:57:6a:a3:a9:de:13:25:4f:01:42:fa:32:d2:
0f:a3:b8:ea:9e:69:c2:9d:b0:14:ca:3a:f4:11:e9:e4:cd:92:
bf:b5:2b:23:5f:df:fc:78:89:f7:5f:a5:ff:81:5d:10:73:78:
af:57:05:5f:1a:48:8f:c5:bc:e5:f0:e4:56:f6:43:9d:23:ad:
2f:9f:73:99:a1:2e:63:80:b0:86:2c:71:90:10:0c:b7:8c:de:
13:4c:ef:5e:b3:5f:2c:a1:2e:00:bd:8e:73:5d:59:1d:2c:b2:
0d:93:e4:30:17:12:40:f1:a7:af:4e:7e:0c:b5:b5:c8:89:0c:
56:5b:d7:56:4a:db:df:36:e8:fe:63:4c:2a:03:8a:9c:a6:7f:
4b:1f:22:28:30:00:9f:71:8e:24:9e:8a:f0:41:da:3d:64:9f:
c6:18:02:f8:6d:ea:5e:4b:b5:97:0d:da:91:66:49:fc:61:73:
7d:96:eb:65:e1:62:a9:31:6f:7a:af:e7:6e:45:df:90:48:9f:
0e:62:26:6b:41:47:f9:6f:70:94:80:19:5b:4e:11:e1:a8:ae:
21:95:4b:09:36:4b:bc:e4:21:03:52:ba:3f:56:7d:7e:8c:86:
e3:ec:c2:51
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/EjTWKI2e08qq2ws6s8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MjFlMzdlYWI2ZWY2MzI2OTMzZTVmYTM3NDhkMDdkODMw
MjZkYjAwHhcNMjUwMTAyMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWJkMTRjMjljNDJjYjQwZDEyOGJiOTI2ZDkwMzM1NGRiOTk0MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSe5K7AEV0fASXDxAzZ+LPWZwn9W
4RbQzT+/aqyABoN6P023kW6eLC1ixabnn5y8EKTTUxnD5uCRRKhdQ7Q58HPCwiHw
P/7vkET9xlQNfR/3g9+QSZwqZCxhS90DDMUwRRTqA2ZD4FANw3x56dlNWXeCCwrN
tYa5AXtHIqPYkJ34ideazmg1xDYCWMU3k+WYDmFAfpX/6iicGuwk9x6LisnsGkfk
6OzyoDdhZLaIJacL2o8DRNfi4DwLL+7nejHqTGxwtI1v/p4rZXHoUwolXkpJhvuS
GI7GzDN0mD/YsrfzZ4TLmaY+CHl6DCdCa5a7+85BF0RLJUZiIZuYIBxsoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBW9FMKcQstA0Si7km2QM1TbmUBiMB8GA1UdIwQY
MBaAFJgh436rbvYyaTPl+jdI0H2DAm2wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUNIamZxdHU5akpwTS1YNk4walFmWU1DYmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jMTVkZGItZTFlZi00MzA4LTk4OGQt
YWVmYTc1N2UwYzM4LzEvRmIwVXdweEN5MERSS0x1U2JaQXpWTnVaUUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jMTVkZGItZTFlZi00MzA4LTk4OGQtYWVmYTc1N2UwYzM4
LzEvbUNIamZxdHU5akpwTS1YNk4walFmWU1DYmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFTphAAwQG
V/OAMA0EAgACMAcDBQMqC54AMA0GCSqGSIb3DQEBCwUAA4IBAQAZcZkqH6SI1c1M
1yx+2CGP9imYP3Og41dqo6neEyVPAUL6MtIPo7jqnmnCnbAUyjr0EenkzZK/tSsj
X9/8eIn3X6X/gV0Qc3ivVwVfGkiPxbzl8ORW9kOdI60vn3OZoS5jgLCGLHGQEAy3
jN4TTO9es18soS4AvY5zXVkdLLINk+QwFxJA8aevTn4MtbXIiQxWW9dWStvfNuj+
Y0wqA4qcpn9LHyIoMACfcY4knorwQdo9ZJ/GGAL4bepeS7WXDdqRZkn8YXN9lutl
4WKpMW96r+duRd+QSJ8OYiZrQUf5b3CUgBlbThHhqK4hlUsJNku85CEDUro/Vn1+
jIbj7MJR
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:52:29 2025 by rpki-client