Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_hYQ9yqEAlNQyxStBC1PJnGUoN0.roa
File: _hYQ9yqEAlNQyxStBC1PJnGUoN0.roa (raw, json)
Hash identifier: cV7jD0ZLA+sULnCbrJihqSzImdJPEctxt5tOAsiCsjY=
Subject key identifier: FE:16:10:F7:2A:84:02:53:50:CB:14:AD:04:2D:4F:26:71:94:A0:DD
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019421441708D5BBF92403F0B8823E2BB416
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_hYQ9yqEAlNQyxStBC1PJnGUoN0.roa
Signing time: Wed 01 Jan 2025 09:48:17 +0000
ROA not before: Wed 01 Jan 2025 09:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 79.99.150.0/23 maxlen: 24
82.153.255.0/24 maxlen: 24
82.163.10.0/23 maxlen: 24
89.213.127.0/24 maxlen: 24
89.213.226.0/24 maxlen: 24
109.176.14.0/24 maxlen: 24
109.176.30.0/24 maxlen: 24
109.176.208.0/24 maxlen: 24
213.218.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:17:08:d5:bb:f9:24:03:f0:b8:82:3e:2b:b4:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 1 09:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fe1610f72a84025350cb14ad042d4f267194a0dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:2e:27:92:92:ff:d4:0f:98:15:e3:1b:1b:4c:
5c:e5:cb:31:7f:1b:d3:7c:ce:69:4a:ad:95:a2:38:
bf:57:59:80:7b:72:d8:02:8e:1d:c9:18:e0:2d:b4:
35:55:82:3c:d8:6c:71:1c:86:bf:5d:16:8a:1c:ef:
a4:74:ad:5d:f5:a1:33:b1:14:5e:0f:c4:a5:de:8e:
06:ac:52:be:04:27:93:5e:d8:5a:6c:52:b8:2f:21:
de:da:ee:c8:70:12:64:9b:8f:e4:2c:ed:63:e7:34:
76:98:c5:80:cf:d9:37:00:dd:1d:82:2a:d7:b7:99:
6f:eb:af:21:c9:8a:d6:8d:61:1d:70:c0:d4:82:d4:
cb:b0:60:8a:f2:4f:93:49:b0:1e:26:78:a2:64:4b:
3c:49:c2:54:01:6d:31:76:d8:9b:75:a8:e7:7a:b9:
ba:0b:77:8c:36:95:93:21:60:ed:a8:f3:dd:a8:cc:
6c:fa:ab:5d:f2:71:1b:b4:3f:21:93:d2:35:ec:ba:
0d:eb:3a:ce:b0:09:b6:20:bf:12:b9:3b:81:f0:53:
e1:ac:ed:93:21:51:0d:cb:54:6e:c0:0c:a7:ac:93:
36:bf:05:83:24:ef:7b:82:b3:52:6c:89:f9:68:16:
82:22:f6:f2:a2:8d:d1:00:f0:a0:bc:de:2e:dc:82:
43:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:16:10:F7:2A:84:02:53:50:CB:14:AD:04:2D:4F:26:71:94:A0:DD
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_hYQ9yqEAlNQyxStBC1PJnGUoN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.99.150.0/23
82.153.255.0/24
82.163.10.0/23
89.213.127.0/24
89.213.226.0/24
109.176.14.0/24
109.176.30.0/24
109.176.208.0/24
213.218.248.0/24
Signature Algorithm: sha256WithRSAEncryption
24:c4:9e:34:14:40:62:bd:27:9e:47:73:18:4b:fc:cf:1d:64:
ca:c9:16:61:70:1e:ea:29:f0:a2:64:20:0c:ed:2c:77:0f:2b:
a2:26:57:98:b0:57:58:68:7e:76:14:f3:23:f7:f3:fd:2b:e0:
a9:c6:80:27:42:00:9f:b6:72:f4:6b:49:81:ac:e0:57:07:c6:
c3:b7:9e:9c:6b:7d:de:93:9c:64:b5:5c:dd:64:19:b2:11:4b:
33:40:7b:b0:57:c0:85:85:f7:2f:1c:18:78:c4:d7:3e:48:a9:
7d:4d:97:25:75:5e:ac:49:4e:10:8e:be:5b:ce:28:27:52:eb:
bb:c7:b3:28:85:c1:aa:1f:6c:32:ce:d6:46:70:3f:70:1c:30:
00:8d:46:a3:40:00:3d:fe:f4:e6:4d:c4:4a:97:83:5e:0d:75:
2e:38:68:d1:cd:56:6b:42:e1:cc:a3:5f:90:47:ab:3d:87:7d:
96:63:80:70:b2:92:fd:fc:a4:f5:eb:c8:a8:25:3a:b3:a5:cc:
60:59:a2:5b:a5:32:10:a2:64:6c:94:43:b0:db:83:91:55:99:
b0:2c:db:c1:33:d1:fd:b7:5a:ea:89:e2:6b:94:2a:22:dc:61:
26:f5:19:57:85:3a:8d:84:99:8f:33:48:dc:a6:95:e9:b9:91:
c1:46:fd:cd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQhRBcI1bv5JAPwuII+K7QWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTE2MTBmNzJhODQwMjUzNTBjYjE0YWQwNDJkNGYyNjcxOTRhMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC4nkpL/1A+YFeMbG0xc5csxfxvT
fM5pSq2Voji/V1mAe3LYAo4dyRjgLbQ1VYI82GxxHIa/XRaKHO+kdK1d9aEzsRRe
D8Sl3o4GrFK+BCeTXthabFK4LyHe2u7IcBJkm4/kLO1j5zR2mMWAz9k3AN0dgirX
t5lv668hyYrWjWEdcMDUgtTLsGCK8k+TSbAeJniiZEs8ScJUAW0xdtibdajnerm6
C3eMNpWTIWDtqPPdqMxs+qtd8nEbtD8hk9I17LoN6zrOsAm2IL8SuTuB8FPhrO2T
IVENy1RuwAynrJM2vwWDJO97grNSbIn5aBaCIvbyoo3RAPCgvN4u3IJD9wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFP4WEPcqhAJTUMsUrQQtTyZxlKDdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX2hZUTl5cUVBbE5ReXhTdEJDMVBKbkdVb04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBT2OWAwQA
Upn/AwQBUqMKAwQAWdV/AwQAWdXiAwQAbbAOAwQAbbAeAwQAbbDQAwQA1dr4MA0G
CSqGSIb3DQEBCwUAA4IBAQAkxJ40FEBivSeeR3MYS/zPHWTKyRZhcB7qKfCiZCAM
7Sx3DyuiJleYsFdYaH52FPMj9/P9K+CpxoAnQgCftnL0a0mBrOBXB8bDt56ca33e
k5xktVzdZBmyEUszQHuwV8CFhfcvHBh4xNc+SKl9TZcldV6sSU4Qjr5bzignUuu7
x7MohcGqH2wyztZGcD9wHDAAjUajQAA9/vTmTcRKl4NeDXUuOGjRzVZrQuHMo1+Q
R6s9h32WY4BwspL9/KT168ioJTqzpcxgWaJbpTIQomRslEOw24ORVZmwLNvBM9H9
t1rqieJrlCoi3GEm9RlXhTqNhJmPM0jcppXpuZHBRv3N
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:37:45 2025 by rpki-client