Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/R42xE2mJMD9gnW-S_3g2XV8r74E.roa
File: R42xE2mJMD9gnW-S_3g2XV8r74E.roa (raw, json)
Hash identifier: EXpcy7RAsA9U8XogEzCQScUz5RV6/SXT/hCfZDn3n2Q=
Subject key identifier: 47:8D:B1:13:69:89:30:3F:60:9D:6F:92:FF:78:36:5D:5F:2B:EF:81
Certificate issuer: /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial: 019427488341D6E3AC6990739C3374249E19
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/R42xE2mJMD9gnW-S_3g2XV8r74E.roa
Signing time: Thu 02 Jan 2025 13:50:51 +0000
ROA not before: Thu 02 Jan 2025 13:50:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35332
IP address blocks: 37.235.112.0/21 maxlen: 24
45.89.144.0/22 maxlen: 24
45.116.184.0/22 maxlen: 24
77.242.112.0/20 maxlen: 24
87.236.0.0/21 maxlen: 24
139.28.200.0/22 maxlen: 24
185.113.212.0/22 maxlen: 24
185.151.96.0/22 maxlen: 24
188.92.56.0/21 maxlen: 24
194.5.181.0/24 maxlen: 24
194.156.2.0/24 maxlen: 24
208.88.128.0/22 maxlen: 24
2a00:a000::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.mft
rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 07:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:83:41:d6:e3:ac:69:90:73:9c:33:74:24:9e:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Validity
Not Before: Jan 2 13:50:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=478db1136989303f609d6f92ff78365d5f2bef81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:0a:06:fb:03:69:43:ab:19:03:85:87:f9:a4:
95:a6:90:f5:6b:63:fc:a9:eb:8b:18:8a:14:26:ad:
96:02:7f:d4:fc:fc:26:65:57:2b:37:c2:cd:23:f8:
f5:97:1a:bc:2d:1c:bf:57:4d:72:e7:3c:02:82:cb:
9d:bc:cf:a5:45:f6:db:fa:14:b0:ad:b1:89:e3:2e:
8e:0d:97:bf:fe:96:d8:4d:2e:2d:41:02:4a:24:91:
99:d0:b1:fe:e6:77:3e:d5:bc:da:40:8e:14:54:c0:
e6:4b:c0:f4:70:c1:4c:24:47:40:3b:47:d4:da:b2:
fb:3e:35:bd:47:ee:87:54:60:d2:9a:31:22:22:bf:
70:1b:18:70:e3:ea:55:3f:eb:bd:8f:ab:bd:cc:c8:
9e:77:c4:fc:ed:10:3e:71:ba:60:b4:cc:bb:33:fd:
e0:87:5e:bf:6e:2a:c6:dd:0b:03:24:25:43:06:18:
65:2d:5d:fb:f1:67:3c:af:b9:bf:3e:9b:20:1a:f3:
ae:34:bc:b5:3e:45:99:e9:e4:62:fc:5f:6f:29:2a:
68:e6:75:c7:c2:f4:c1:e0:f0:2b:5e:52:4b:d5:4f:
2c:bc:db:f3:de:a9:4c:12:ab:77:75:96:6f:09:b7:
44:da:39:b6:9e:10:27:60:a2:e3:1d:9a:cd:e5:0b:
eb:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:8D:B1:13:69:89:30:3F:60:9D:6F:92:FF:78:36:5D:5F:2B:EF:81
X509v3 Authority Key Identifier:
keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/R42xE2mJMD9gnW-S_3g2XV8r74E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.112.0/21
45.89.144.0/22
45.116.184.0/22
77.242.112.0/20
87.236.0.0/21
139.28.200.0/22
185.113.212.0/22
185.151.96.0/22
188.92.56.0/21
194.5.181.0/24
194.156.2.0/24
208.88.128.0/22
IPv6:
2a00:a000::/32
Signature Algorithm: sha256WithRSAEncryption
3b:a1:a8:f9:45:9e:1c:c1:32:69:b2:f1:cc:4e:c4:21:7b:31:
de:e4:ea:a8:c9:be:a0:11:85:f7:8f:91:3a:01:a4:a1:ca:4f:
cc:1a:00:44:eb:ac:f0:36:74:4a:33:39:43:2f:8f:da:a5:7e:
a5:c2:06:77:71:18:8b:64:2c:9a:a4:ff:1a:8b:f2:cd:35:8a:
e9:39:f1:3b:4c:26:ca:ce:76:ec:93:23:ea:a4:f7:c7:0d:cf:
11:21:6d:d3:76:8c:b3:8f:0f:ba:4b:a0:1c:7a:da:af:18:2b:
cb:e4:eb:df:73:87:ba:b4:ff:10:c4:7e:8a:97:ee:8e:ac:58:
2e:3a:a7:00:5d:f8:94:a5:33:d6:a5:00:da:1f:a1:47:a5:52:
09:2d:f1:f9:b0:0e:60:3a:1c:48:ea:6c:20:6d:cc:df:a9:48:
c0:45:2e:ab:0b:54:46:2c:4e:2f:63:7d:28:c3:26:d9:4e:5c:
15:9f:3f:cc:63:fe:9f:dc:46:69:21:7e:b6:87:44:59:24:4e:
3d:7e:82:93:3d:2c:1d:52:40:08:48:96:1d:86:f3:24:99:9d:
5e:c9:a9:e5:6b:07:c3:6c:68:3a:c7:91:16:94:ec:0b:0f:29:
21:67:d7:da:70:3f:19:96:25:45:84:17:d7:ed:35:9f:87:f5:
c6:b3:91:40
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQnSINB1uOsaZBznDN0JJ4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjUwMTAyMTM1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzhkYjExMzY5ODkzMDNmNjA5ZDZmOTJmZjc4MzY1ZDVmMmJlZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQoG+wNpQ6sZA4WH+aSVppD1a2P8
qeuLGIoUJq2WAn/U/PwmZVcrN8LNI/j1lxq8LRy/V01y5zwCgsudvM+lRfbb+hSw
rbGJ4y6ODZe//pbYTS4tQQJKJJGZ0LH+5nc+1bzaQI4UVMDmS8D0cMFMJEdAO0fU
2rL7PjW9R+6HVGDSmjEiIr9wGxhw4+pVP+u9j6u9zMied8T87RA+cbpgtMy7M/3g
h16/birG3QsDJCVDBhhlLV378Wc8r7m/PpsgGvOuNLy1PkWZ6eRi/F9vKSpo5nXH
wvTB4PArXlJL1U8svNvz3qlMEqt3dZZvCbdE2jm2nhAnYKLjHZrN5QvrkwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFEeNsRNpiTA/YJ1vkv94Nl1fK++BMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvUjQyeEUybUpNRDlnblctU18zZzJYVjhyNzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJetwAwQC
LVmQAwQCLXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQA
wgW1AwQAwpwCAwQC0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IB
AQA7oaj5RZ4cwTJpsvHMTsQhezHe5Oqoyb6gEYX3j5E6AaShyk/MGgBE66zwNnRK
MzlDL4/apX6lwgZ3cRiLZCyapP8ai/LNNYrpOfE7TCbKznbskyPqpPfHDc8RIW3T
doyzjw+6S6AcetqvGCvL5Ovfc4e6tP8QxH6Kl+6OrFguOqcAXfiUpTPWpQDaH6FH
pVIJLfH5sA5gOhxI6mwgbczfqUjARS6rC1RGLE4vY30owybZTlwVnz/MY/6f3EZp
IX62h0RZJE49foKTPSwdUkAISJYdhvMkmZ1eyanlawfDbGg6x5EWlOwLDykhZ9fa
cD8ZliVFhBfX7TWfh/XGs5FA
-----END CERTIFICATE-----
Generated at Fri Apr 18 15:43:35 2025 by rpki-client