Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h8kOlPT3aDUI2vS3G3VbrJ-K5rY.roa
File: h8kOlPT3aDUI2vS3G3VbrJ-K5rY.roa (raw, json)
Hash identifier: ITbMcZKpfXZ4hryBmIjucJ8/67mJbjqxoekf8/P/+28=
Subject key identifier: 87:C9:0E:94:F4:F7:68:35:08:DA:F4:B7:1B:75:5B:AC:9F:8A:E6:B6
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01948886DC075555681CE38E690CB01FC7A9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h8kOlPT3aDUI2vS3G3VbrJ-K5rY.roa
Signing time: Tue 21 Jan 2025 11:02:07 +0000
ROA not before: Tue 21 Jan 2025 11:02:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 77.93.137.0/24 maxlen: 24
77.93.149.0/24 maxlen: 24
80.240.88.0/21 maxlen: 24
82.152.174.0/23 maxlen: 23
82.153.208.0/22 maxlen: 22
82.163.19.0/24 maxlen: 24
82.163.24.0/21 maxlen: 24
89.213.58.0/24 maxlen: 24
89.213.60.0/23 maxlen: 24
89.213.108.0/23 maxlen: 24
89.213.110.0/24 maxlen: 24
89.213.122.0/24 maxlen: 24
89.213.126.0/24 maxlen: 24
89.213.147.0/24 maxlen: 24
89.213.194.0/23 maxlen: 24
89.213.198.0/23 maxlen: 24
89.213.200.0/23 maxlen: 24
89.213.202.0/23 maxlen: 24
89.213.204.0/23 maxlen: 24
89.213.228.0/24 maxlen: 24
89.213.240.0/23 maxlen: 24
89.213.249.0/24 maxlen: 24
89.213.250.0/24 maxlen: 24
109.176.230.0/24 maxlen: 24
213.210.16.0/24 maxlen: 24
213.210.18.0/24 maxlen: 24
213.210.33.0/24 maxlen: 24
213.210.51.0/24 maxlen: 24
213.218.220.0/24 maxlen: 24
217.144.151.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:88:86:dc:07:55:55:68:1c:e3:8e:69:0c:b0:1f:c7:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 21 11:02:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87c90e94f4f7683508daf4b71b755bac9f8ae6b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:7c:f1:f3:99:51:8d:9e:f6:95:0e:33:7a:04:
5d:0f:99:58:0d:0c:d2:56:e9:c0:55:a8:1d:12:d1:
0c:51:90:f4:68:f6:40:20:87:7e:53:cb:ac:5f:c3:
b0:f3:23:88:4e:32:5c:9f:02:8e:6c:f0:ad:a9:46:
b9:d2:79:fd:ac:35:59:70:10:ae:82:5e:7c:76:36:
d8:86:85:08:61:60:b3:36:4f:35:89:58:5c:f3:7c:
e2:39:b8:30:26:12:bb:74:5e:13:ef:5a:d5:dc:3f:
e7:7b:69:4f:8d:3e:63:99:89:9a:85:19:bf:b9:11:
49:70:78:31:ff:99:3e:4f:fa:c4:7e:e6:2b:c4:d4:
ec:28:f2:4d:a3:2c:db:71:1f:d4:3d:8f:ee:41:2c:
af:fa:c8:fe:b2:90:78:21:d3:d0:dc:1c:1a:82:53:
15:69:92:29:59:36:04:28:d8:97:2c:6a:ec:67:56:
68:ed:54:2e:1d:55:fe:18:5f:10:c3:89:c8:8d:9f:
c8:ca:e3:67:2a:97:c8:56:24:ea:bc:4f:8b:e6:3c:
6d:a1:d9:fc:7f:ff:e8:6e:be:01:9f:72:14:d6:33:
82:f0:73:b3:d7:28:e4:57:67:00:57:01:e3:d3:77:
bc:85:2d:0a:ff:5f:40:39:10:e8:e8:8d:fa:8a:88:
ae:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:C9:0E:94:F4:F7:68:35:08:DA:F4:B7:1B:75:5B:AC:9F:8A:E6:B6
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h8kOlPT3aDUI2vS3G3VbrJ-K5rY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.137.0/24
77.93.149.0/24
80.240.88.0/21
82.152.174.0/23
82.153.208.0/22
82.163.19.0/24
82.163.24.0/21
89.213.58.0/24
89.213.60.0/23
89.213.108.0-89.213.110.255
89.213.122.0/24
89.213.126.0/24
89.213.147.0/24
89.213.194.0/23
89.213.198.0-89.213.205.255
89.213.228.0/24
89.213.240.0/23
89.213.249.0-89.213.250.255
109.176.230.0/24
213.210.16.0/24
213.210.18.0/24
213.210.33.0/24
213.210.51.0/24
213.218.220.0/24
217.144.151.0/24
Signature Algorithm: sha256WithRSAEncryption
47:18:1b:a4:a9:0f:2e:eb:64:e9:4c:3a:ec:e6:b7:4a:7b:1f:
93:25:e0:1e:77:c0:84:14:ac:3c:ef:da:22:cc:0c:41:dc:00:
0c:18:3a:a6:f7:07:2b:6d:e0:de:36:f8:e2:1b:d7:a5:e2:71:
b4:b4:83:6a:a6:b4:aa:66:eb:31:e1:b5:ec:bf:c4:dc:9b:33:
58:a9:f9:14:49:6c:58:5a:92:3a:7a:9c:95:05:78:39:fd:d7:
74:3f:1b:a5:0e:50:08:69:79:36:4f:44:81:67:a5:a2:5e:79:
5c:ef:31:6b:47:85:a9:0f:b1:76:fa:89:9c:24:0f:03:27:cb:
37:e4:c2:da:8d:55:0e:5d:29:fd:a3:c0:3c:0c:fd:91:e1:51:
cf:d3:29:a3:e5:ec:a9:1f:0a:03:14:c4:77:2b:28:a7:b0:94:
52:b4:c3:93:1f:7e:65:e4:23:73:74:39:b6:64:2d:0b:90:d4:
cf:0e:55:b2:81:e4:f3:84:fc:6f:22:89:d6:4e:9f:e6:1a:39:
c0:4b:61:cf:5b:b1:99:a0:5e:ea:18:7b:4d:1f:f2:05:88:ed:
32:60:ec:72:ce:40:72:f1:90:47:f6:0e:5b:ac:88:5f:09:e8:
30:e3:ee:93:da:80:2b:b3:4c:87:8d:d1:25:dc:6f:7a:c4:e1:
15:c9:1d:6b
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAZSIhtwHVVVoHOOOaQywH8epMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTIxMTEwMjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M5MGU5NGY0Zjc2ODM1MDhkYWY0YjcxYjc1NWJhYzlmOGFlNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHzx85lRjZ72lQ4zegRdD5lYDQzS
VunAVagdEtEMUZD0aPZAIId+U8usX8Ow8yOITjJcnwKObPCtqUa50nn9rDVZcBCu
gl58djbYhoUIYWCzNk81iVhc83ziObgwJhK7dF4T71rV3D/ne2lPjT5jmYmahRm/
uRFJcHgx/5k+T/rEfuYrxNTsKPJNoyzbcR/UPY/uQSyv+sj+spB4IdPQ3BwaglMV
aZIpWTYEKNiXLGrsZ1Zo7VQuHVX+GF8Qw4nIjZ/IyuNnKpfIViTqvE+L5jxtodn8
f//obr4Bn3IU1jOC8HOz1yjkV2cAVwHj03e8hS0K/19AORDo6I36ioiurwIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFIfJDpT092g1CNr0txt1W6yfiua2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaDhrT2xQVDNhRFVJMnZTM0czVmJySi1LNXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4DBABN
XYkDBABNXZUDBANQ8FgDBAFSmK4DBAJSmdADBABSoxMDBANSoxgDBABZ1ToDBAFZ
1TwwDAMEAlnVbAMEAFnVbgMEAFnVegMEAFnVfgMEAFnVkwMEAVnVwjAMAwQBWdXG
AwQBWdXMAwQAWdXkAwQBWdXwMAwDBABZ1fkDBABZ1foDBABtsOYDBADV0hADBADV
0hIDBADV0iEDBADV0jMDBADV2twDBADZkJcwDQYJKoZIhvcNAQELBQADggEBAEcY
G6SpDy7rZOlMOuzmt0p7H5Ml4B53wIQUrDzv2iLMDEHcAAwYOqb3Bytt4N42+OIb
16XicbS0g2qmtKpm6zHhtey/xNybM1ip+RRJbFhakjp6nJUFeDn913Q/G6UOUAhp
eTZPRIFnpaJeeVzvMWtHhakPsXb6iZwkDwMnyzfkwtqNVQ5dKf2jwDwM/ZHhUc/T
KaPl7KkfCgMUxHcrKKewlFK0w5MffmXkI3N0ObZkLQuQ1M8OVbKB5POE/G8iidZO
n+YaOcBLYc9bsZmgXuoYe00f8gWI7TJg7HLOQHLxkEf2DlusiF8J6DDj7pPagCuz
TIeN0SXcb3rE4RXJHWs=
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:44:53 2025 by rpki-client