Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/2Kr-1XLrgROhbD1jcsbK-FilLdY.roa
File: 2Kr-1XLrgROhbD1jcsbK-FilLdY.roa (raw, json)
Hash identifier: 5GfsQOtJA+CgwxuKGKTuCz73LK7pVElXz0y95QkCQq0=
Subject key identifier: D8:AA:FE:D5:72:EB:81:13:A1:6C:3D:63:72:C6:CA:F8:58:A5:2D:D6
Certificate issuer: /CN=bffd0f0ad9c784096c5a0fb9e8cf5c2f0440413b
Certificate serial: 019421444EA4948BD3329A81D51609EE8D21
Authority key identifier: BF:FD:0F:0A:D9:C7:84:09:6C:5A:0F:B9:E8:CF:5C:2F:04:40:41:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v_0PCtnHhAlsWg-56M9cLwRAQTs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/2Kr-1XLrgROhbD1jcsbK-FilLdY.roa
Signing time: Wed 01 Jan 2025 09:48:32 +0000
ROA not before: Wed 01 Jan 2025 09:48:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44692
IP address blocks: 78.31.144.0/23 maxlen: 23
78.31.146.0/23 maxlen: 23
78.31.148.0/23 maxlen: 23
78.31.150.0/23 maxlen: 23
85.202.96.0/20 maxlen: 20
109.125.192.0/19 maxlen: 19
109.125.218.0/23 maxlen: 23
109.125.220.0/22 maxlen: 22
109.125.224.0/23 maxlen: 23
109.125.226.0/23 maxlen: 23
109.125.228.0/23 maxlen: 23
109.125.230.0/23 maxlen: 23
109.125.232.0/22 maxlen: 22
109.125.236.0/22 maxlen: 22
109.125.240.0/22 maxlen: 22
109.125.244.0/22 maxlen: 22
109.125.248.0/22 maxlen: 22
109.125.254.0/24 maxlen: 24
109.125.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/v_0PCtnHhAlsWg-56M9cLwRAQTs.crl
rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/v_0PCtnHhAlsWg-56M9cLwRAQTs.mft
rsync://rpki.ripe.net/repository/DEFAULT/v_0PCtnHhAlsWg-56M9cLwRAQTs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:4e:a4:94:8b:d3:32:9a:81:d5:16:09:ee:8d:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bffd0f0ad9c784096c5a0fb9e8cf5c2f0440413b
Validity
Not Before: Jan 1 09:48:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8aafed572eb8113a16c3d6372c6caf858a52dd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:2a:85:66:fc:23:58:78:36:04:55:c5:9c:7f:
b8:05:90:1c:98:29:8f:d9:78:0e:7f:50:b6:a8:59:
36:8c:d3:6e:d8:41:03:da:38:3b:1e:88:31:52:85:
1b:0f:6a:35:1b:b3:a5:59:20:2e:b8:0a:39:f2:5a:
db:40:67:dd:51:7b:fc:c5:ff:84:b6:0d:7e:18:3e:
35:a7:9c:6d:7b:76:50:02:7a:5f:52:50:a6:82:a1:
67:35:48:be:10:6b:84:5d:f8:db:65:8e:09:da:4d:
c7:67:81:9c:bd:9e:32:c4:f5:d5:dc:62:18:ee:3c:
12:c5:8c:4a:40:b1:2e:d5:90:66:c9:7f:f9:e5:d5:
fd:dd:f6:46:8f:47:81:17:5e:0a:4f:31:c6:d1:14:
05:8d:ee:77:c0:6a:99:70:6c:ef:b8:30:45:d7:c5:
20:7b:72:b9:61:96:cd:4f:42:7e:13:91:a3:00:fe:
7d:3f:c9:54:e5:97:a5:c1:01:83:3a:f6:7e:5f:59:
c3:9f:48:a3:53:d4:2c:14:c2:c7:84:2f:77:cd:29:
20:99:ac:53:57:80:30:ac:be:4d:8a:95:5c:8a:f1:
ab:fc:8f:3b:26:a7:b1:b1:9b:36:75:61:c8:dc:0b:
c2:95:ff:99:56:67:a1:b5:32:09:8b:9d:a7:fa:00:
82:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:AA:FE:D5:72:EB:81:13:A1:6C:3D:63:72:C6:CA:F8:58:A5:2D:D6
X509v3 Authority Key Identifier:
keyid:BF:FD:0F:0A:D9:C7:84:09:6C:5A:0F:B9:E8:CF:5C:2F:04:40:41:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v_0PCtnHhAlsWg-56M9cLwRAQTs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/2Kr-1XLrgROhbD1jcsbK-FilLdY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/eaea59-919d-4135-9bde-6dcf0c93cbdb/1/v_0PCtnHhAlsWg-56M9cLwRAQTs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.31.144.0/21
85.202.96.0/20
109.125.192.0-109.125.251.255
109.125.254.0/23
Signature Algorithm: sha256WithRSAEncryption
48:95:22:82:50:55:cd:8a:88:0a:15:18:cf:a9:f3:50:9f:2b:
c0:e2:29:f3:df:8c:91:e8:3a:3b:7a:55:78:7e:47:2b:a6:fc:
59:a0:fc:90:d0:ea:af:32:52:3b:1b:5b:08:e7:0b:72:8c:1a:
5a:76:9e:5e:f5:0c:61:68:fe:ee:d4:a7:eb:7e:a4:7f:06:e1:
0e:f3:5c:8e:7b:70:60:84:19:40:2a:c4:26:95:9c:f0:b2:c0:
3c:69:73:55:ed:91:70:a7:b2:11:e5:af:f7:d1:56:b4:30:5a:
1e:f6:18:6b:e8:4c:19:cd:4e:40:ec:99:07:3a:16:fa:4a:e1:
3b:56:9a:62:4f:b6:f8:03:d4:12:b4:1c:48:39:79:9a:af:40:
53:06:af:13:4b:0a:75:3d:50:51:8d:61:be:53:43:ec:a4:6a:
82:dc:a6:50:c2:f5:16:ee:04:80:b4:d8:a0:d9:17:60:ee:60:
75:cd:87:c5:33:ac:76:df:31:a9:44:1e:16:0c:81:4a:92:8e:
2a:19:6a:b0:32:0d:52:8b:f6:36:83:62:1b:96:ae:94:0b:d4:
62:11:ae:f4:d4:07:8c:23:38:a2:e4:1f:31:83:b4:33:50:06:
bb:d3:37:e5:fc:1b:7c:b2:8d:54:b7:45:9d:4a:6a:42:ff:12:
d3:5c:7e:ba
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQhRE6klIvTMpqB1RYJ7o0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZmQwZjBhZDljNzg0MDk2YzVhMGZiOWU4Y2Y1YzJmMDQ0
MDQxM2IwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGFhZmVkNTcyZWI4MTEzYTE2YzNkNjM3MmM2Y2FmODU4YTUyZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCqFZvwjWHg2BFXFnH+4BZAcmCmP
2XgOf1C2qFk2jNNu2EED2jg7HogxUoUbD2o1G7OlWSAuuAo58lrbQGfdUXv8xf+E
tg1+GD41p5xte3ZQAnpfUlCmgqFnNUi+EGuEXfjbZY4J2k3HZ4GcvZ4yxPXV3GIY
7jwSxYxKQLEu1ZBmyX/55dX93fZGj0eBF14KTzHG0RQFje53wGqZcGzvuDBF18Ug
e3K5YZbNT0J+E5GjAP59P8lU5ZelwQGDOvZ+X1nDn0ijU9QsFMLHhC93zSkgmaxT
V4AwrL5NipVcivGr/I87JqexsZs2dWHI3AvClf+ZVmehtTIJi52n+gCCxwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFNiq/tVy64EToWw9Y3LGyvhYpS3WMB8GA1UdIwQY
MBaAFL/9DwrZx4QJbFoPuejPXC8EQEE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdl8wUEN0bkhoQWxzV2ctNTZNOWNMd1JBUVRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lYWVhNTktOTE5ZC00MTM1LTliZGUt
NmRjZjBjOTNjYmRiLzEvMktyLTFYTHJnUk9oYkQxamNzYkstRmlsTGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lYWVhNTktOTE5ZC00MTM1LTliZGUtNmRjZjBjOTNjYmRi
LzEvdl8wUEN0bkhoQWxzV2ctNTZNOWNMd1JBUVRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDTh+QAwQE
VcpgMAwDBAZtfcADBAJtffgDBAFtff4wDQYJKoZIhvcNAQELBQADggEBAEiVIoJQ
Vc2KiAoVGM+p81CfK8DiKfPfjJHoOjt6VXh+Ryum/Fmg/JDQ6q8yUjsbWwjnC3KM
Glp2nl71DGFo/u7Up+t+pH8G4Q7zXI57cGCEGUAqxCaVnPCywDxpc1XtkXCnshHl
r/fRVrQwWh72GGvoTBnNTkDsmQc6FvpK4TtWmmJPtvgD1BK0HEg5eZqvQFMGrxNL
CnU9UFGNYb5TQ+ykaoLcplDC9RbuBIC02KDZF2DuYHXNh8UzrHbfMalEHhYMgUqS
jioZarAyDVKL9jaDYhuWrpQL1GIRrvTUB4wjOKLkHzGDtDNQBrvTN+X8G3yyjVS3
RZ1KakL/EtNcfro=
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:54 2025 by rpki-client