Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/ZLef86UZ8-ykPDzWWLmzoQSdgC4.roa
File: ZLef86UZ8-ykPDzWWLmzoQSdgC4.roa (raw, json)
Hash identifier: 9D+NhHpbmJi6ZpbrwdmFqtG+bLkEiMEM9kjTpQm+k4M=
Subject key identifier: 64:B7:9F:F3:A5:19:F3:EC:A4:3C:3C:D6:58:B9:B3:A1:04:9D:80:2E
Certificate issuer: /CN=668d7f75ef42f0bd71aa9c66668e0a33dbe1634f
Certificate serial: 01942143A0904BDAFF2C5F7728DD6F4D0A73
Authority key identifier: 66:8D:7F:75:EF:42:F0:BD:71:AA:9C:66:66:8E:0A:33:DB:E1:63:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zo1_de9C8L1xqpxmZo4KM9vhY08.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/ZLef86UZ8-ykPDzWWLmzoQSdgC4.roa
Signing time: Wed 01 Jan 2025 09:47:47 +0000
ROA not before: Wed 01 Jan 2025 09:47:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198089
IP address blocks: 85.222.240.0/20 maxlen: 24
141.136.120.0/21 maxlen: 24
157.97.192.0/18 maxlen: 24
185.46.28.0/22 maxlen: 24
2a01:8580::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/Zo1_de9C8L1xqpxmZo4KM9vhY08.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/Zo1_de9C8L1xqpxmZo4KM9vhY08.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zo1_de9C8L1xqpxmZo4KM9vhY08.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 21:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:a0:90:4b:da:ff:2c:5f:77:28:dd:6f:4d:0a:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=668d7f75ef42f0bd71aa9c66668e0a33dbe1634f
Validity
Not Before: Jan 1 09:47:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=64b79ff3a519f3eca43c3cd658b9b3a1049d802e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b4:e3:4d:8d:b5:ab:3e:15:ae:1e:70:b7:2c:
30:7d:9e:f5:bc:1c:86:c8:49:01:36:18:62:bd:05:
3f:4a:f5:21:e6:d0:35:33:f7:2e:35:27:f8:12:69:
69:1f:01:db:7d:42:d3:2c:61:0d:23:5b:8b:fc:54:
80:a9:12:2c:36:d5:a1:02:39:7d:13:c9:77:f2:ac:
7c:27:3a:9c:fc:c5:01:f5:f4:19:ef:a6:d2:2a:b3:
0c:01:7f:c0:63:e4:29:6d:68:6c:2b:e4:bc:62:93:
b4:ec:d1:ae:a7:c7:28:b5:d1:18:b6:a9:e0:b5:f7:
66:1a:b2:9f:b9:87:bf:6a:f4:b7:71:51:48:7f:88:
20:19:2a:67:9e:b2:0e:af:50:d2:10:23:d3:55:dd:
93:4a:ae:e7:19:15:d2:56:5c:93:37:9e:d0:96:72:
c6:a4:61:35:59:f2:62:ca:a5:4c:e9:df:ab:95:a3:
b8:d3:40:3d:37:18:31:ea:0d:34:57:d9:71:a0:84:
53:78:7f:46:c6:dd:37:55:e9:4d:37:11:b3:6a:05:
8e:8e:e5:12:1b:3d:fc:70:f4:fc:9a:ce:14:12:94:
63:70:42:df:1e:bb:e4:fc:1d:c0:62:fa:5a:14:93:
6b:03:31:4a:9c:1f:bd:f6:c6:30:37:05:e2:70:ce:
31:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:B7:9F:F3:A5:19:F3:EC:A4:3C:3C:D6:58:B9:B3:A1:04:9D:80:2E
X509v3 Authority Key Identifier:
keyid:66:8D:7F:75:EF:42:F0:BD:71:AA:9C:66:66:8E:0A:33:DB:E1:63:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo1_de9C8L1xqpxmZo4KM9vhY08.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/ZLef86UZ8-ykPDzWWLmzoQSdgC4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/53f75e-42b9-4fae-b1be-26e7f3f2b11e/1/Zo1_de9C8L1xqpxmZo4KM9vhY08.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.222.240.0/20
141.136.120.0/21
157.97.192.0/18
185.46.28.0/22
IPv6:
2a01:8580::/32
Signature Algorithm: sha256WithRSAEncryption
3a:de:d8:e2:90:ea:ad:58:3d:92:50:ed:b7:2b:7d:d2:05:79:
20:ea:1d:91:cf:31:43:b1:f8:54:8b:d1:3b:4f:81:f0:f5:59:
65:be:bb:2b:a0:42:9a:e5:c9:c7:66:92:38:7e:90:00:aa:19:
c1:e9:d4:8f:39:b2:c9:ae:7e:4c:a2:f7:86:27:31:94:06:25:
ec:9c:19:0e:bf:74:f5:2e:ac:83:ec:86:00:9d:59:3e:ec:67:
76:14:21:13:ac:4f:7a:44:e5:5f:ff:92:31:e1:1f:ee:6f:b5:
c4:92:59:ac:6e:b0:24:75:43:f4:3a:fe:5f:77:a4:8d:2e:b5:
fd:26:2b:a3:fe:bf:61:70:7e:4c:7a:6e:ee:15:d2:a5:fc:a4:
68:c0:23:50:f1:0f:ff:58:18:a2:48:a4:79:ea:34:1a:2a:f0:
5f:52:55:b0:d0:05:28:7c:6a:25:7c:3b:e4:47:fa:18:26:8f:
b8:12:4e:ff:48:bf:4e:2d:fa:b7:ea:88:19:46:a0:79:3f:b7:
81:b1:94:f9:7f:b2:f7:13:93:ca:97:d0:25:c4:28:31:86:1d:
bc:ba:37:7a:4e:8b:9a:4a:37:c7:e6:bb:65:99:a6:3c:c9:9c:
c5:81:ec:5c:d3:f0:d3:a7:da:9b:e1:d3:6b:de:d8:4d:33:6e:
b5:42:c6:2d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQhQ6CQS9r/LF93KN1vTQpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGQ3Zjc1ZWY0MmYwYmQ3MWFhOWM2NjY2OGUwYTMzZGJl
MTYzNGYwHhcNMjUwMTAxMDk0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGI3OWZmM2E1MTlmM2VjYTQzYzNjZDY1OGI5YjNhMTA0OWQ4MDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbTjTY21qz4Vrh5wtywwfZ71vByG
yEkBNhhivQU/SvUh5tA1M/cuNSf4EmlpHwHbfULTLGENI1uL/FSAqRIsNtWhAjl9
E8l38qx8Jzqc/MUB9fQZ76bSKrMMAX/AY+QpbWhsK+S8YpO07NGup8cotdEYtqng
tfdmGrKfuYe/avS3cVFIf4ggGSpnnrIOr1DSECPTVd2TSq7nGRXSVlyTN57QlnLG
pGE1WfJiyqVM6d+rlaO400A9Nxgx6g00V9lxoIRTeH9Gxt03VelNNxGzagWOjuUS
Gz38cPT8ms4UEpRjcELfHrvk/B3AYvpaFJNrAzFKnB+99sYwNwXicM4xDQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFGS3n/OlGfPspDw81li5s6EEnYAuMB8GA1UdIwQY
MBaAFGaNf3XvQvC9caqcZmaOCjPb4WNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm8xX2RlOUM4TDF4cXB4bVpvNEtNOXZoWTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81M2Y3NWUtNDJiOS00ZmFlLWIxYmUt
MjZlN2YzZjJiMTFlLzEvWkxlZjg2VVo4LXlrUER6V1dMbXpvUVNkZ0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81M2Y3NWUtNDJiOS00ZmFlLWIxYmUtMjZlN2YzZjJiMTFl
LzEvWm8xX2RlOUM4TDF4cXB4bVpvNEtNOXZoWTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEVd7wAwQD
jYh4AwQGnWHAAwQCuS4cMA0EAgACMAcDBQAqAYWAMA0GCSqGSIb3DQEBCwUAA4IB
AQA63tjikOqtWD2SUO23K33SBXkg6h2RzzFDsfhUi9E7T4Hw9VllvrsroEKa5cnH
ZpI4fpAAqhnB6dSPObLJrn5MoveGJzGUBiXsnBkOv3T1LqyD7IYAnVk+7Gd2FCET
rE96ROVf/5Ix4R/ub7XEklmsbrAkdUP0Ov5fd6SNLrX9Jiuj/r9hcH5Mem7uFdKl
/KRowCNQ8Q//WBiiSKR56jQaKvBfUlWw0AUofGolfDvkR/oYJo+4Ek7/SL9OLfq3
6ogZRqB5P7eBsZT5f7L3E5PKl9AlxCgxhh28ujd6TouaSjfH5rtlmaY8yZzFgexc
0/DTp9qb4dNr3thNM261QsYt
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:50:58 2025 by rpki-client