Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/gf-ztZnGBMD3gis8NYuG9N92sfw.roa
File: gf-ztZnGBMD3gis8NYuG9N92sfw.roa (raw, json)
Hash identifier: ehCASISZ7Fk/s7piTjFKUNtpfPH5xpu2BhLg9f7INf8=
Subject key identifier: 81:FF:B3:B5:99:C6:04:C0:F7:82:2B:3C:35:8B:86:F4:DF:76:B1:FC
Certificate issuer: /CN=1594f00471e248abe394d521e96cba9630d8520e
Certificate serial: 019422FBA2930DCCFC322F31FFEE94481252
Authority key identifier: 15:94:F0:04:71:E2:48:AB:E3:94:D5:21:E9:6C:BA:96:30:D8:52:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/gf-ztZnGBMD3gis8NYuG9N92sfw.roa
Signing time: Wed 01 Jan 2025 17:48:24 +0000
ROA not before: Wed 01 Jan 2025 17:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212041
IP address blocks: 185.245.246.0/23 maxlen: 23
185.247.60.0/24 maxlen: 24
185.252.128.0/24 maxlen: 31
185.252.129.0/24 maxlen: 31
185.252.130.0/24 maxlen: 31
185.252.131.0/24 maxlen: 31
194.61.81.0/24 maxlen: 24
195.28.20.0/24 maxlen: 24
2a0c:2740::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.mft
rsync://rpki.ripe.net/repository/DEFAULT/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:a2:93:0d:cc:fc:32:2f:31:ff:ee:94:48:12:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1594f00471e248abe394d521e96cba9630d8520e
Validity
Not Before: Jan 1 17:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=81ffb3b599c604c0f7822b3c358b86f4df76b1fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:7d:76:b2:6c:ac:93:ab:87:98:4a:f3:c2:09:
06:de:a2:03:0b:b8:50:ad:73:17:db:26:6c:56:a7:
80:9a:cc:0a:65:6a:1b:45:c7:a4:a3:94:df:b5:76:
90:07:73:d7:b3:3f:fe:45:fd:3a:0f:34:f6:d7:6d:
bb:23:1a:57:38:91:5a:c8:f9:69:3a:0b:08:26:b9:
cf:cb:7c:e3:f5:8c:53:37:ec:b9:c5:9c:09:91:fc:
2c:95:78:81:db:30:5d:d1:58:48:17:90:73:44:55:
c4:e5:b1:e8:09:ca:7e:2a:04:20:33:e2:79:2e:55:
a0:37:79:6b:b1:30:b0:cb:db:43:ae:d9:dd:01:d6:
2d:ba:5c:b2:ef:4f:2b:cc:e3:2f:72:26:49:52:72:
90:2a:ae:19:9c:a2:3c:91:f1:33:92:cd:9e:e9:2a:
8f:4c:a4:a7:c7:ca:cf:da:fa:29:bc:3d:c8:5b:df:
63:ca:80:2c:7a:cf:dc:d8:13:ca:98:ee:5e:d3:9f:
ac:e5:5a:36:fd:31:6d:89:81:39:b9:e5:68:f7:b0:
e1:31:2d:4a:5e:44:8b:1d:c7:bd:c9:9c:c1:09:4d:
cd:66:42:aa:73:6b:87:ba:11:3a:d3:de:da:e7:f7:
5a:cc:7c:b7:c9:6d:30:33:86:0a:23:8d:1c:26:ec:
2a:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:FF:B3:B5:99:C6:04:C0:F7:82:2B:3C:35:8B:86:F4:DF:76:B1:FC
X509v3 Authority Key Identifier:
keyid:15:94:F0:04:71:E2:48:AB:E3:94:D5:21:E9:6C:BA:96:30:D8:52:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/gf-ztZnGBMD3gis8NYuG9N92sfw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/79a64e-069f-499d-a631-8cd42cede220/1/FZTwBHHiSKvjlNUh6Wy6ljDYUg4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.245.246.0/23
185.247.60.0/24
185.252.128.0/22
194.61.81.0/24
195.28.20.0/24
IPv6:
2a0c:2740::/29
Signature Algorithm: sha256WithRSAEncryption
7c:54:f3:96:4a:db:3e:09:ab:0f:95:de:cf:90:22:65:3b:12:
80:a4:0f:3e:3c:c2:e4:cc:79:c1:6e:28:75:64:80:16:74:c3:
7f:ab:49:49:10:82:f8:01:4d:b7:f2:74:27:c6:85:8b:35:f8:
0d:f3:5a:28:8e:ad:9d:c8:04:d5:2b:b5:a6:9d:6b:c8:0e:01:
06:62:05:46:56:ef:ee:d4:93:c7:11:14:f2:b4:3d:8b:c5:3e:
1a:2c:9a:91:3a:fd:ad:17:46:a2:d3:95:94:2e:4e:c0:26:4d:
ff:9d:72:aa:d7:e6:dd:9c:38:95:17:9f:91:df:e2:55:1c:46:
a2:d3:33:12:7e:0b:a1:3b:4e:21:21:0e:1b:e3:3d:a0:6d:47:
e8:68:ab:4f:5d:87:39:6b:47:01:78:7a:ac:b3:77:92:ec:50:
dd:74:2f:86:85:62:62:94:af:60:29:f6:26:ee:c7:4d:bc:54:
13:bc:b7:49:18:68:28:e6:f8:6b:46:18:3f:c2:04:8f:f1:f1:
29:06:36:3f:92:81:31:00:02:af:4b:17:4c:1b:45:1a:b4:5d:
de:1e:ca:bf:91:f4:0d:34:f9:89:e4:da:55:5c:d3:5b:4f:f2:
eb:a2:67:e2:f1:2d:60:8d:c7:fa:0a:b4:4e:8c:be:1c:08:9b:
d4:fb:53:4f
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQi+6KTDcz8Mi8x/+6USBJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OTRmMDA0NzFlMjQ4YWJlMzk0ZDUyMWU5NmNiYTk2MzBk
ODUyMGUwHhcNMjUwMTAxMTc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWZmYjNiNTk5YzYwNGMwZjc4MjJiM2MzNThiODZmNGRmNzZiMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn12smysk6uHmErzwgkG3qIDC7hQ
rXMX2yZsVqeAmswKZWobRceko5TftXaQB3PXsz/+Rf06DzT21227IxpXOJFayPlp
OgsIJrnPy3zj9YxTN+y5xZwJkfwslXiB2zBd0VhIF5BzRFXE5bHoCcp+KgQgM+J5
LlWgN3lrsTCwy9tDrtndAdYtulyy708rzOMvciZJUnKQKq4ZnKI8kfEzks2e6SqP
TKSnx8rP2vopvD3IW99jyoAses/c2BPKmO5e05+s5Vo2/TFtiYE5ueVo97DhMS1K
XkSLHce9yZzBCU3NZkKqc2uHuhE6097a5/dazHy3yW0wM4YKI40cJuwqpwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIH/s7WZxgTA94IrPDWLhvTfdrH8MB8GA1UdIwQY
MBaAFBWU8ARx4kir45TVIelsupYw2FIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlpUd0JISGlTS3ZqbE5VaDZXeTZsakRZVWc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83OWE2NGUtMDY5Zi00OTlkLWE2MzEt
OGNkNDJjZWRlMjIwLzEvZ2YtenRabkdCTUQzZ2lzOE5ZdUc5Tjkyc2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83OWE2NGUtMDY5Zi00OTlkLWE2MzEtOGNkNDJjZWRlMjIw
LzEvRlpUd0JISGlTS3ZqbE5VaDZXeTZsakRZVWc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQBufX2AwQA
ufc8AwQCufyAAwQAwj1RAwQAwxwUMA0EAgACMAcDBQMqDCdAMA0GCSqGSIb3DQEB
CwUAA4IBAQB8VPOWSts+CasPld7PkCJlOxKApA8+PMLkzHnBbih1ZIAWdMN/q0lJ
EIL4AU238nQnxoWLNfgN81oojq2dyATVK7WmnWvIDgEGYgVGVu/u1JPHERTytD2L
xT4aLJqROv2tF0ai05WULk7AJk3/nXKq1+bdnDiVF5+R3+JVHEai0zMSfguhO04h
IQ4b4z2gbUfoaKtPXYc5a0cBeHqss3eS7FDddC+GhWJilK9gKfYm7sdNvFQTvLdJ
GGgo5vhrRhg/wgSP8fEpBjY/koExAAKvSxdMG0UatF3eHsq/kfQNNPmJ5NpVXNNb
T/Lromfi8S1gjcf6CrROjL4cCJvU+1NP
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:26:33 2025 by rpki-client