Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/95cd2d-0d52-4b07-b76b-d853e7842b3a/1/1Az4dE0ZX7KAKDKykX60lhzHZkE.roa
File: 1Az4dE0ZX7KAKDKykX60lhzHZkE.roa (raw, json)
Hash identifier: 8wvcW71BfAfRwFPQ94lUDGje+TfkTvnyVdfl40+6qJo=
Subject key identifier: D4:0C:F8:74:4D:19:5F:B2:80:28:32:B2:91:7E:B4:96:1C:C7:66:41
Certificate issuer: /CN=1cf31e958a6fa85dfd517ea5a2167a359ce02691
Certificate serial: 019423D740B9F81760552EE5E4D25EEBB4C4
Authority key identifier: 1C:F3:1E:95:8A:6F:A8:5D:FD:51:7E:A5:A2:16:7A:35:9C:E0:26:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HPMelYpvqF39UX6lohZ6NZzgJpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/95cd2d-0d52-4b07-b76b-d853e7842b3a/1/1Az4dE0ZX7KAKDKykX60lhzHZkE.roa
Signing time: Wed 01 Jan 2025 21:48:16 +0000
ROA not before: Wed 01 Jan 2025 21:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34724
IP address blocks: 62.182.152.0/22 maxlen: 22
95.214.204.0/22 maxlen: 22
139.28.12.0/22 maxlen: 22
185.31.32.0/22 maxlen: 22
185.68.60.0/22 maxlen: 22
193.34.64.0/22 maxlen: 22
2a00:b720::/29 maxlen: 29
2a05:9300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/95cd2d-0d52-4b07-b76b-d853e7842b3a/1/HPMelYpvqF39UX6lohZ6NZzgJpE.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/95cd2d-0d52-4b07-b76b-d853e7842b3a/1/HPMelYpvqF39UX6lohZ6NZzgJpE.mft
rsync://rpki.ripe.net/repository/DEFAULT/HPMelYpvqF39UX6lohZ6NZzgJpE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 09:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:40:b9:f8:17:60:55:2e:e5:e4:d2:5e:eb:b4:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1cf31e958a6fa85dfd517ea5a2167a359ce02691
Validity
Not Before: Jan 1 21:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d40cf8744d195fb2802832b2917eb4961cc76641
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:e0:09:0f:fa:b3:c6:77:2c:cd:5e:ef:f8:26:
01:a3:08:b8:a2:5f:22:95:f2:01:9a:1f:af:a7:0e:
aa:4e:40:76:26:8d:9a:55:b4:e8:12:9f:c8:a8:5b:
87:d7:90:24:a5:a0:96:c1:8c:2a:9d:ac:d1:18:37:
50:52:ac:8b:43:4b:b2:65:bc:d0:cb:58:29:82:a7:
8f:48:55:78:59:8d:d0:87:8f:3d:51:d6:ca:f5:86:
d3:a3:2c:7a:a9:13:d9:a4:28:e8:1b:58:5e:3e:fd:
0e:75:0f:b9:c5:3a:96:47:d4:6c:9b:c8:15:b2:83:
57:32:e3:ff:9e:fa:1e:c8:3c:ae:7a:5c:3a:80:17:
af:31:85:95:ab:1c:9a:c2:62:d0:29:40:15:84:3d:
69:dd:95:52:fd:57:19:1b:24:3c:81:d1:a0:26:e8:
ea:69:e8:64:9f:ee:4b:14:7c:fa:c8:00:9e:10:60:
09:7c:9a:f1:41:75:c4:c8:67:6a:fd:53:72:5b:80:
dd:17:63:a9:5c:54:be:cf:52:a0:f5:18:35:8c:e3:
b2:5d:43:d0:61:00:ed:a1:b6:3c:1d:4d:ee:6d:52:
81:44:01:22:f0:5e:26:ed:a5:e8:b2:45:03:e6:58:
2b:a9:6b:41:1d:e2:20:e4:96:7e:4a:24:db:0a:42:
96:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:0C:F8:74:4D:19:5F:B2:80:28:32:B2:91:7E:B4:96:1C:C7:66:41
X509v3 Authority Key Identifier:
keyid:1C:F3:1E:95:8A:6F:A8:5D:FD:51:7E:A5:A2:16:7A:35:9C:E0:26:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HPMelYpvqF39UX6lohZ6NZzgJpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/95cd2d-0d52-4b07-b76b-d853e7842b3a/1/1Az4dE0ZX7KAKDKykX60lhzHZkE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/95cd2d-0d52-4b07-b76b-d853e7842b3a/1/HPMelYpvqF39UX6lohZ6NZzgJpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.152.0/22
95.214.204.0/22
139.28.12.0/22
185.31.32.0/22
185.68.60.0/22
193.34.64.0/22
IPv6:
2a00:b720::/29
2a05:9300::/29
Signature Algorithm: sha256WithRSAEncryption
a4:af:ed:8f:e8:a6:29:7a:d5:1f:b1:d6:a3:24:5d:cc:83:b6:
b9:3c:f2:6c:b9:39:ac:3a:6c:5c:35:57:80:f6:6e:90:01:17:
63:db:ff:ce:83:ed:33:42:d3:45:78:bd:da:71:54:30:34:76:
0a:71:fb:08:a8:81:e6:7e:df:46:f2:86:0b:a5:f7:5c:15:de:
03:4d:87:d0:95:18:2a:f8:f1:c1:b5:b5:a1:5e:37:30:6b:e7:
27:b5:02:2e:f5:6d:ff:24:a4:3b:8b:46:6f:19:92:f6:88:90:
c6:b5:e4:52:5f:75:3b:42:ea:c6:1a:83:99:46:ed:da:f2:21:
1b:17:b1:4e:4f:21:5a:6e:9b:9c:6a:f4:94:cd:69:02:c1:fe:
09:6a:de:2f:22:72:65:4a:4b:f4:7d:22:fc:fd:08:8e:c8:d9:
df:7f:83:ed:0c:21:32:be:79:ea:67:38:a3:40:a6:09:a7:42:
e2:dd:fd:2f:2d:1e:c5:2e:1d:a4:99:d6:30:2b:68:46:9c:5c:
ee:40:09:f9:ad:cf:00:c3:67:bc:6b:e5:72:18:c2:a3:c5:9e:
b7:6b:ed:64:93:56:36:f7:36:88:64:7c:bf:3d:76:59:d6:b7:
34:f0:34:df:6d:19:01:30:a4:4c:0b:4b:37:10:c0:b1:49:bf:
a4:d6:ea:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQj10C5+BdgVS7l5NJe67TEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZjMxZTk1OGE2ZmE4NWRmZDUxN2VhNWEyMTY3YTM1OWNl
MDI2OTEwHhcNMjUwMTAxMjE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDBjZjg3NDRkMTk1ZmIyODAyODMyYjI5MTdlYjQ5NjFjYzc2NjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOAJD/qzxncszV7v+CYBowi4ol8i
lfIBmh+vpw6qTkB2Jo2aVbToEp/IqFuH15AkpaCWwYwqnazRGDdQUqyLQ0uyZbzQ
y1gpgqePSFV4WY3Qh489UdbK9YbToyx6qRPZpCjoG1hePv0OdQ+5xTqWR9Rsm8gV
soNXMuP/nvoeyDyuelw6gBevMYWVqxyawmLQKUAVhD1p3ZVS/VcZGyQ8gdGgJujq
aehkn+5LFHz6yACeEGAJfJrxQXXEyGdq/VNyW4DdF2OpXFS+z1Kg9Rg1jOOyXUPQ
YQDtobY8HU3ubVKBRAEi8F4m7aXoskUD5lgrqWtBHeIg5JZ+SiTbCkKWLQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNQM+HRNGV+ygCgyspF+tJYcx2ZBMB8GA1UdIwQY
MBaAFBzzHpWKb6hd/VF+paIWejWc4CaRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFBNZWxZcHZxRjM5VVg2bG9oWjZOWnpnSnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85NWNkMmQtMGQ1Mi00YjA3LWI3NmIt
ZDg1M2U3ODQyYjNhLzEvMUF6NGRFMFpYN0tBS0RLeWtYNjBsaHpIWmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85NWNkMmQtMGQ1Mi00YjA3LWI3NmItZDg1M2U3ODQyYjNh
LzEvSFBNZWxZcHZxRjM5VVg2bG9oWjZOWnpnSnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCPraYAwQC
X9bMAwQCixwMAwQCuR8gAwQCuUQ8AwQCwSJAMBQEAgACMA4DBQMqALcgAwUDKgWT
ADANBgkqhkiG9w0BAQsFAAOCAQEApK/tj+imKXrVH7HWoyRdzIO2uTzybLk5rDps
XDVXgPZukAEXY9v/zoPtM0LTRXi92nFUMDR2CnH7CKiB5n7fRvKGC6X3XBXeA02H
0JUYKvjxwbW1oV43MGvnJ7UCLvVt/ySkO4tGbxmS9oiQxrXkUl91O0LqxhqDmUbt
2vIhGxexTk8hWm6bnGr0lM1pAsH+CWreLyJyZUpL9H0i/P0IjsjZ33+D7QwhMr55
6mc4o0CmCadC4t39Ly0exS4dpJnWMCtoRpxc7kAJ+a3PAMNnvGvlchjCo8Wet2vt
ZJNWNvc2iGR8vz12Wda3NPA0320ZATCkTAtLNxDAsUm/pNbq/Q==
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:19:40 2025 by rpki-client