Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PQjk5DmrPtkcaN12rD0u7oWG5Zs.roa
File: PQjk5DmrPtkcaN12rD0u7oWG5Zs.roa (raw, json)
Hash identifier: VgLUNrZvqVAxoHbv6aQOu/nnUlIdXwwbaS0KrMaMPAA=
Subject key identifier: 3D:08:E4:E4:39:AB:3E:D9:1C:68:DD:76:AC:3D:2E:EE:85:86:E5:9B
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01942143FF1DF1EF7378E216DA549E3AC518
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PQjk5DmrPtkcaN12rD0u7oWG5Zs.roa
Signing time: Wed 01 Jan 2025 09:48:11 +0000
ROA not before: Wed 01 Jan 2025 09:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199614
IP address blocks: 81.168.123.0/24 maxlen: 24
82.153.10.0/24 maxlen: 24
89.213.46.0/23 maxlen: 24
109.176.28.0/24 maxlen: 24
109.176.212.0/23 maxlen: 24
109.176.214.0/23 maxlen: 24
213.130.157.0/24 maxlen: 24
213.130.158.0/24 maxlen: 24
213.130.159.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:ff:1d:f1:ef:73:78:e2:16:da:54:9e:3a:c5:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 1 09:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3d08e4e439ab3ed91c68dd76ac3d2eee8586e59b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:e1:40:6e:9c:91:64:f2:2a:e5:51:89:7c:ee:
64:54:09:5d:2f:0b:3a:8f:4c:1f:07:a6:49:1a:55:
15:be:49:d4:ef:19:2b:be:67:8e:2b:da:0f:71:3d:
ea:fb:eb:2d:e1:ff:bf:e9:3f:3b:d4:91:55:e2:2b:
83:e2:d2:58:a4:23:32:e9:2a:66:0f:f3:16:33:51:
c6:5d:ad:37:10:4d:13:53:7a:b7:95:e2:69:ae:70:
27:96:10:79:52:79:17:e1:5f:19:40:d9:a4:ac:d1:
a6:ea:97:96:35:e0:ed:a2:7e:24:f9:b8:53:04:0a:
c3:e4:90:90:51:00:47:8e:13:3a:b5:14:26:1a:78:
dd:20:7d:f2:ee:78:9c:d1:63:02:f3:dd:be:0a:0d:
86:a3:91:a0:bb:60:f9:21:7d:09:37:b7:7b:3e:ee:
30:95:c0:4a:06:a0:0d:cb:cc:76:e7:c7:ed:35:ac:
9c:67:ad:23:69:bb:9c:56:1a:d8:14:93:c4:e2:48:
4e:d6:9e:de:e1:eb:c0:0c:d3:8d:4e:3b:ad:fd:90:
2a:0b:06:c7:55:45:4e:5c:0a:cc:85:d5:28:85:2d:
12:6b:de:95:59:34:a5:16:60:c2:cb:5e:ac:2c:29:
42:dd:a1:d9:bc:b8:a7:c2:20:4e:89:11:49:89:48:
07:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:08:E4:E4:39:AB:3E:D9:1C:68:DD:76:AC:3D:2E:EE:85:86:E5:9B
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PQjk5DmrPtkcaN12rD0u7oWG5Zs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.123.0/24
82.153.10.0/24
89.213.46.0/23
109.176.28.0/24
109.176.212.0/22
213.130.157.0-213.130.159.255
Signature Algorithm: sha256WithRSAEncryption
4a:0c:15:76:be:78:9c:8b:4f:ff:d6:13:c2:64:81:fb:7d:b6:
02:fd:e6:31:45:0c:d9:d1:cd:94:1e:20:fb:86:3b:82:7b:83:
7f:68:50:1f:79:78:0d:9d:3a:47:34:ba:07:83:5c:c6:06:07:
f4:83:0f:e2:a6:35:e0:27:78:14:06:67:d8:3d:e6:4d:77:54:
d3:33:40:97:a0:fc:bd:87:49:71:8c:91:91:e1:19:17:70:26:
81:5a:4f:e9:c7:4f:60:e7:02:0d:dd:d3:71:fa:44:7f:21:9a:
2f:d2:4f:bc:1e:ef:e1:22:8d:97:79:79:fe:44:ab:3b:f8:fb:
92:81:74:25:ff:3f:d7:91:55:30:56:18:0d:53:0c:24:ee:51:
14:0f:91:54:e2:68:1a:b2:86:b3:97:c2:ac:b6:ac:90:31:2b:
74:d2:4c:13:ec:01:56:08:af:33:c8:b8:4c:e4:ba:04:a2:d3:
e9:43:c6:28:f3:b8:87:80:4b:2e:f0:87:a0:f6:e6:76:51:1a:
c1:e9:ab:e3:46:40:5d:b4:63:53:a4:38:9e:6d:41:b8:e4:d3:
20:e4:45:9d:f4:21:db:49:8d:f1:76:ad:5a:67:96:99:9e:fc:
d3:7c:78:c4:e5:5d:de:dc:34:c7:01:c3:ad:1d:6b:3e:cf:ce:
25:dc:06:57
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZQhQ/8d8e9zeOIW2lSeOsUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDA4ZTRlNDM5YWIzZWQ5MWM2OGRkNzZhYzNkMmVlZTg1ODZlNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+FAbpyRZPIq5VGJfO5kVAldLws6
j0wfB6ZJGlUVvknU7xkrvmeOK9oPcT3q++st4f+/6T871JFV4iuD4tJYpCMy6Spm
D/MWM1HGXa03EE0TU3q3leJprnAnlhB5UnkX4V8ZQNmkrNGm6peWNeDton4k+bhT
BArD5JCQUQBHjhM6tRQmGnjdIH3y7nic0WMC892+Cg2Go5Ggu2D5IX0JN7d7Pu4w
lcBKBqANy8x258ftNaycZ60jabucVhrYFJPE4khO1p7e4evADNONTjut/ZAqCwbH
VUVOXArMhdUohS0Sa96VWTSlFmDCy16sLClC3aHZvLinwiBOiRFJiUgHIwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFD0I5OQ5qz7ZHGjddqw9Lu6FhuWbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUFFqazVEbXJQdGtjYU4xMnJEMHU3b1dHNVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAUah7AwQA
UpkKAwQBWdUuAwQAbbAcAwQCbbDUMAwDBADVgp0DBAXVgoAwDQYJKoZIhvcNAQEL
BQADggEBAEoMFXa+eJyLT//WE8Jkgft9tgL95jFFDNnRzZQeIPuGO4J7g39oUB95
eA2dOkc0ugeDXMYGB/SDD+KmNeAneBQGZ9g95k13VNMzQJeg/L2HSXGMkZHhGRdw
JoFaT+nHT2DnAg3d03H6RH8hmi/ST7we7+EijZd5ef5Eqzv4+5KBdCX/P9eRVTBW
GA1TDCTuURQPkVTiaBqyhrOXwqy2rJAxK3TSTBPsAVYIrzPIuEzkugSi0+lDxijz
uIeASy7wh6D25nZRGsHpq+NGQF20Y1OkOJ5tQbjk0yDkRZ30IdtJjfF2rVpnlpme
/NN8eMTlXd7cNMcBw60daz7PziXcBlc=
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:47:45 2025 by rpki-client