Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sbhqWy2iMkZsCUeO2RtG7dxfsTQ.roa
File: sbhqWy2iMkZsCUeO2RtG7dxfsTQ.roa (raw, json)
Hash identifier: 2fLfX/3JNDLlUIyJAGdI2i0UkWkWu2Dwh/lVsh97CfE=
Subject key identifier: B1:B8:6A:5B:2D:A2:32:46:6C:09:47:8E:D9:1B:46:ED:DC:5F:B1:34
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0194753D6C4660BB72EFC1F52C3333446960
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sbhqWy2iMkZsCUeO2RtG7dxfsTQ.roa
Signing time: Fri 17 Jan 2025 17:09:07 +0000
ROA not before: Fri 17 Jan 2025 17:09:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.250.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Feb 2025 21:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:75:3d:6c:46:60:bb:72:ef:c1:f5:2c:33:33:44:69:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 17 17:09:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b1b86a5b2da232466c09478ed91b46eddc5fb134
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:f7:79:5b:65:d9:66:62:b5:74:12:54:43:4b:
c6:52:c1:ca:04:b1:8e:4c:a6:ef:91:5e:48:50:c1:
31:92:bb:b6:8d:20:32:e7:72:2f:a6:c3:fd:01:67:
80:3d:9d:a5:44:9d:3b:f3:7b:b1:c1:37:d6:ff:f9:
e0:05:24:89:11:39:6b:53:42:12:76:bf:28:c9:0b:
a5:ab:01:a9:28:32:6a:e6:af:24:ce:3f:bc:39:6b:
35:34:45:6b:9f:cf:62:a1:79:96:27:b3:63:de:b6:
d6:fb:ae:e5:1d:bb:3c:ca:1c:d0:50:9f:5a:b1:13:
da:c5:b0:99:fc:da:a6:b1:09:d2:50:54:54:fb:31:
b4:fe:b1:9f:05:bc:1d:fc:f2:a3:b0:d4:0a:5d:c1:
92:75:32:5a:ea:98:f3:dd:4b:4a:c4:19:b9:2f:b5:
3f:f6:7c:90:13:76:99:40:a3:6d:da:2d:7b:d9:6d:
90:0b:02:30:4e:1a:5d:4b:b1:4d:bb:74:ca:10:3c:
1f:3f:83:3d:dc:c6:85:de:11:b8:fa:32:da:88:a9:
2f:ad:52:ff:85:de:ee:f4:0e:62:2d:86:7b:9d:47:
cd:d4:10:49:5f:7f:5b:c0:8a:ac:52:4b:ef:75:e2:
63:a3:a5:ff:af:3d:a1:ef:7c:05:d6:70:8f:a9:de:
27:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:B8:6A:5B:2D:A2:32:46:6C:09:47:8E:D9:1B:46:ED:DC:5F:B1:34
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sbhqWy2iMkZsCUeO2RtG7dxfsTQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
82.152.111.0/24
82.152.250.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.250.0/24
89.213.136.0/24
89.213.153.0/24
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
185.49.125.0/24
213.152.61.0-213.152.62.255
Signature Algorithm: sha256WithRSAEncryption
6b:75:3a:64:d7:c9:e2:42:37:d7:5b:07:3e:c5:e0:22:1e:c1:
16:4b:cd:a4:61:26:2a:fe:c2:7e:db:96:dd:2b:15:c5:1c:db:
72:50:e7:cc:a1:d5:ce:d0:5e:b0:64:56:67:92:90:e4:28:fc:
57:52:c4:2e:21:87:1b:e9:d6:ac:62:dc:3d:32:89:58:46:3b:
29:88:4a:c2:4a:4e:2c:21:9b:52:7e:5b:65:06:5e:4e:92:a0:
a6:e0:41:ac:c7:69:ad:14:87:94:c3:b8:66:f6:58:f5:1a:d0:
b2:39:99:41:25:46:df:80:f1:78:5c:07:0b:37:db:15:96:21:
69:21:fd:07:ad:8a:c1:97:d8:05:18:93:62:23:f0:44:79:a2:
e4:ea:e6:1f:e1:6e:42:99:1f:62:e6:0b:c1:45:74:7a:ec:48:
f8:0c:70:3f:24:d4:73:e1:e5:e3:89:80:6f:53:58:93:16:7a:
92:84:62:20:45:b7:e2:54:e9:8b:97:8c:72:42:69:6e:de:92:
79:5b:2d:fa:62:b7:c5:eb:37:cc:4a:59:93:9f:da:2e:ce:60:
53:5f:8a:1a:58:48:d5:20:75:5f:f4:6c:6e:d1:6c:d9:fe:d4:
d9:bd:97:97:50:71:d1:9e:58:01:a0:cb:e6:ee:5d:63:b0:71:
9f:5c:57:52
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZR1PWxGYLty78H1LDMzRGlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTE3MTcwOTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI4NmE1YjJkYTIzMjQ2NmMwOTQ3OGVkOTFiNDZlZGRjNWZiMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvd5W2XZZmK1dBJUQ0vGUsHKBLGO
TKbvkV5IUMExkru2jSAy53IvpsP9AWeAPZ2lRJ0783uxwTfW//ngBSSJETlrU0IS
dr8oyQulqwGpKDJq5q8kzj+8OWs1NEVrn89ioXmWJ7Nj3rbW+67lHbs8yhzQUJ9a
sRPaxbCZ/NqmsQnSUFRU+zG0/rGfBbwd/PKjsNQKXcGSdTJa6pjz3UtKxBm5L7U/
9nyQE3aZQKNt2i172W2QCwIwThpdS7FNu3TKEDwfP4M93MaF3hG4+jLaiKkvrVL/
hd7u9A5iLYZ7nUfN1BBJX39bwIqsUkvvdeJjo6X/rz2h73wF1nCPqd4ntQIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFLG4alstojJGbAlHjtkbRu3cX7E0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc2JocVd5MmlNa1pzQ1VlTzJSdEc3ZHhmc1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+gME
AFnViAMEAFnVmQMEAG2w0QMEAG2w0wMEA22w2AMEAG2w+QMEALkxfTAMAwQA1Zg9
AwQA1Zg+MA0GCSqGSIb3DQEBCwUAA4IBAQBrdTpk18niQjfXWwc+xeAiHsEWS82k
YSYq/sJ+25bdKxXFHNtyUOfModXO0F6wZFZnkpDkKPxXUsQuIYcb6dasYtw9MolY
RjspiErCSk4sIZtSfltlBl5OkqCm4EGsx2mtFIeUw7hm9lj1GtCyOZlBJUbfgPF4
XAcLN9sVliFpIf0HrYrBl9gFGJNiI/BEeaLk6uYf4W5CmR9i5gvBRXR67Ej4DHA/
JNRz4eXjiYBvU1iTFnqShGIgRbfiVOmLl4xyQmlu3pJ5Wy36YrfF6zfMSlmTn9ou
zmBTX4oaWEjVIHVf9Gxu0WzZ/tTZvZeXUHHRnlgBoMvm7l1jsHGfXFdS
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:42:35 2025 by rpki-client