Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/1h855CNEVOjEfeY3xJdnjH3udfA.roa
File: 1h855CNEVOjEfeY3xJdnjH3udfA.roa (raw, json)
Hash identifier: LnReL4xvvQZDIPnpuzGkg0WHy3mNK+PRykuvMTviVRU=
Subject key identifier: D6:1F:39:E4:23:44:54:E8:C4:7D:E6:37:C4:97:67:8C:7D:EE:75:F0
Certificate issuer: /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial: 0194221FEF0FB57BDA2694E6F3FFCC5CED73
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/1h855CNEVOjEfeY3xJdnjH3udfA.roa
Signing time: Wed 01 Jan 2025 13:48:25 +0000
ROA not before: Wed 01 Jan 2025 13:48:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42044
IP address blocks: 185.24.65.0/24 maxlen: 24
185.24.66.0/24 maxlen: 24
193.105.170.0/24 maxlen: 24
212.18.250.0/24 maxlen: 24
2001:67c:2630::/48 maxlen: 48
2a04:2b00:100::/48 maxlen: 48
2a04:2b00:200::/48 maxlen: 48
2a04:2b00:212::/48 maxlen: 48
2a04:2b00:6374::/48 maxlen: 48
2a04:2b01::/32 maxlen: 32
2a04:2b02::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:ef:0f:b5:7b:da:26:94:e6:f3:ff:cc:5c:ed:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Validity
Not Before: Jan 1 13:48:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d61f39e4234454e8c47de637c497678c7dee75f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:37:67:43:40:5a:24:d7:00:f6:3f:46:5d:79:
df:62:f5:fa:c6:e9:a6:c4:15:53:e9:f2:58:50:62:
4b:a8:b8:6f:52:a1:79:ae:fa:55:89:c4:f4:bf:b2:
94:33:28:5f:b1:22:6b:92:76:39:30:e4:fa:19:c0:
01:18:ab:38:eb:0a:74:87:14:9e:14:8e:1c:46:7d:
ce:1f:97:f9:60:66:63:94:b6:fa:92:0c:ae:e4:a7:
33:f2:5b:3a:a6:2b:04:5c:c3:0f:8c:01:9d:9d:93:
10:85:17:c0:15:94:70:9f:6b:4c:9a:c0:e2:19:01:
f0:c3:1b:07:43:2b:bd:f9:62:f1:88:6d:62:33:c7:
fc:b5:6c:c7:45:91:21:21:4e:a4:9c:22:1c:05:a9:
99:fc:26:e9:24:80:37:dc:ce:2c:45:a8:9e:39:87:
31:01:ba:9c:cf:fb:58:7d:40:42:b3:2a:fe:3a:bc:
22:c1:bc:0b:d4:c0:86:57:31:75:67:d8:1c:cc:8b:
6c:c7:80:cc:3d:a6:36:63:d8:45:e8:2a:74:51:0d:
2f:16:d0:86:ee:f3:74:d6:2e:eb:24:bd:d5:3c:35:
65:b3:d5:4c:0e:09:92:19:1b:8e:a8:f3:c5:80:f4:
3d:f6:29:03:3b:1f:81:e6:6e:0a:22:56:85:82:02:
0b:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:1F:39:E4:23:44:54:E8:C4:7D:E6:37:C4:97:67:8C:7D:EE:75:F0
X509v3 Authority Key Identifier:
keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/1h855CNEVOjEfeY3xJdnjH3udfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.24.65.0-185.24.66.255
193.105.170.0/24
212.18.250.0/24
IPv6:
2001:67c:2630::/48
2a04:2b00:100::/48
2a04:2b00:200::/48
2a04:2b00:212::/48
2a04:2b00:6374::/48
2a04:2b01::-2a04:2b02:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
06:b0:ee:c6:9d:65:f3:95:73:85:63:a5:25:25:7e:fc:eb:b7:
b8:0e:c6:cd:12:d9:4b:44:41:5d:ee:f5:ad:97:59:bd:32:22:
b4:46:3c:57:41:1c:43:9d:15:b8:48:8f:b5:88:91:2a:04:a0:
8a:26:54:ff:98:3e:79:b5:ba:02:0a:dc:18:01:af:6c:b7:17:
84:2e:dc:18:4d:04:19:3e:fb:f5:fd:e4:84:d0:1e:66:16:8b:
e3:f3:69:48:30:3a:0a:31:bb:82:7d:79:df:1a:96:f6:c7:29:
71:26:4b:04:20:7d:a3:fe:74:fd:ce:a2:fb:c3:0a:56:0a:44:
1e:b0:79:90:04:90:82:95:94:9e:3e:a5:28:7a:31:a4:e6:6a:
8d:2a:c5:64:90:07:f5:26:56:14:59:c0:72:b6:05:21:64:85:
48:df:28:2e:ef:e5:f9:6d:84:7f:dd:49:6d:09:8c:cc:14:df:
2f:7d:70:99:d4:fa:63:82:24:d5:f7:83:1f:7c:f0:21:a5:d4:
90:81:fd:53:b4:2f:09:92:7e:a1:93:fc:d6:7b:f0:bd:af:f7:
ac:e9:f1:11:f6:41:de:58:cc:2d:b6:79:84:31:0c:27:29:7e:
18:88:3f:5a:95:b2:64:7a:28:f4:29:b9:3c:7f:77:8a:a9:e3:
b5:ea:0a:47
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZQiH+8PtXvaJpTm8//MXO1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjUwMTAxMTM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjFmMzllNDIzNDQ1NGU4YzQ3ZGU2MzdjNDk3Njc4YzdkZWU3NWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzdnQ0BaJNcA9j9GXXnfYvX6xumm
xBVT6fJYUGJLqLhvUqF5rvpVicT0v7KUMyhfsSJrknY5MOT6GcABGKs46wp0hxSe
FI4cRn3OH5f5YGZjlLb6kgyu5Kcz8ls6pisEXMMPjAGdnZMQhRfAFZRwn2tMmsDi
GQHwwxsHQyu9+WLxiG1iM8f8tWzHRZEhIU6knCIcBamZ/CbpJIA33M4sRaieOYcx
Abqcz/tYfUBCsyr+OrwiwbwL1MCGVzF1Z9gczItsx4DMPaY2Y9hF6Cp0UQ0vFtCG
7vN01i7rJL3VPDVls9VMDgmSGRuOqPPFgPQ99ikDOx+B5m4KIlaFggILpwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFNYfOeQjRFToxH3mN8SXZ4x97nXwMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvMWg4NTVDTkVWT2pFZmVZM3hKZG5qSDN1ZGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAgBAIAATAaMAwDBAC5GEED
BAC5GEIDBADBaaoDBADUEvowQwQCAAIwPQMHACABBnwmMAMHACoEKwABAAMHACoE
KwACAAMHACoEKwACEgMHACoEKwBjdDAOAwUAKgQrAQMFACoEKwIwDQYJKoZIhvcN
AQELBQADggEBAAaw7sadZfOVc4VjpSUlfvzrt7gOxs0S2UtEQV3u9a2XWb0yIrRG
PFdBHEOdFbhIj7WIkSoEoIomVP+YPnm1ugIK3BgBr2y3F4Qu3BhNBBk++/X95ITQ
HmYWi+PzaUgwOgoxu4J9ed8alvbHKXEmSwQgfaP+dP3OovvDClYKRB6weZAEkIKV
lJ4+pSh6MaTmao0qxWSQB/UmVhRZwHK2BSFkhUjfKC7v5flthH/dSW0JjMwU3y99
cJnU+mOCJNX3gx988CGl1JCB/VO0LwmSfqGT/NZ78L2v96zp8RH2Qd5YzC22eYQx
DCcpfhiIP1qVsmR6KPQpuTx/d4qp47XqCkc=
-----END CERTIFICATE-----
Generated at Wed Apr 16 16:05:07 2025 by rpki-client