Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/8bKL0IbQOSgAyNHMsOTwdqXxmBA.roa
File: 8bKL0IbQOSgAyNHMsOTwdqXxmBA.roa (raw, json)
Hash identifier: SiMZDaqzDjVBWVjWC+CfQKEVMp/aAzgNg3WOueNrYnY=
Subject key identifier: F1:B2:8B:D0:86:D0:39:28:00:C8:D1:CC:B0:E4:F0:76:A5:F1:98:10
Certificate issuer: /CN=9944f812a0e002c38e84e47628bdba038598090b
Certificate serial: 019423D72EABDE9EEC59E37A8D6D2F141801
Authority key identifier: 99:44:F8:12:A0:E0:02:C3:8E:84:E4:76:28:BD:BA:03:85:98:09:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mUT4EqDgAsOOhOR2KL26A4WYCQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/8bKL0IbQOSgAyNHMsOTwdqXxmBA.roa
Signing time: Wed 01 Jan 2025 21:48:12 +0000
ROA not before: Wed 01 Jan 2025 21:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61071
IP address blocks: 88.213.210.0/24 maxlen: 24
88.213.211.0/24 maxlen: 24
88.213.213.0/24 maxlen: 24
88.213.214.0/23 maxlen: 23
88.213.214.0/24 maxlen: 24
88.213.215.0/24 maxlen: 24
178.217.88.0/22 maxlen: 24
185.134.228.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/mUT4EqDgAsOOhOR2KL26A4WYCQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/mUT4EqDgAsOOhOR2KL26A4WYCQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/mUT4EqDgAsOOhOR2KL26A4WYCQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 10:07:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:2e:ab:de:9e:ec:59:e3:7a:8d:6d:2f:14:18:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9944f812a0e002c38e84e47628bdba038598090b
Validity
Not Before: Jan 1 21:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f1b28bd086d0392800c8d1ccb0e4f076a5f19810
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:b2:b1:1e:d5:27:74:57:01:e7:59:7f:66:9a:
9a:cb:3d:a6:d0:21:b2:de:00:8b:5d:be:ac:7f:93:
9c:bd:b3:89:dd:f0:ba:bd:d4:40:0b:08:33:93:99:
d0:2b:f7:f0:8f:23:80:22:20:ac:d8:9f:90:71:9b:
c6:3b:04:6a:d2:c5:b0:c4:45:9f:19:b9:e6:fa:00:
10:84:19:76:df:b5:77:63:35:cb:b6:90:61:e8:fd:
74:37:65:b0:ce:46:8d:21:cb:b0:57:3b:3e:12:0f:
76:ed:61:08:6c:39:d8:03:ad:fa:15:87:fa:9a:a3:
3a:09:1e:6f:3a:0b:85:8b:f5:87:5a:b1:f2:c3:e4:
85:d3:f1:4d:45:5b:5a:a9:82:d9:ba:44:05:35:85:
be:23:54:f5:ad:7a:89:49:08:f9:04:f0:1b:a9:f4:
a9:93:13:6f:98:c4:69:4b:22:ea:2f:0e:ea:ff:fe:
c3:27:bf:92:99:23:67:85:be:10:63:61:56:1e:96:
97:50:68:df:3e:2d:94:63:0c:77:5f:b9:38:5d:4a:
a3:9b:ce:c6:e0:70:4c:ae:4b:22:e2:90:25:b2:e5:
01:b7:56:32:a3:b1:08:bc:d1:dc:df:67:f7:8e:1a:
98:dd:83:cf:e7:20:32:96:b0:ad:ef:19:99:11:c1:
1e:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:B2:8B:D0:86:D0:39:28:00:C8:D1:CC:B0:E4:F0:76:A5:F1:98:10
X509v3 Authority Key Identifier:
keyid:99:44:F8:12:A0:E0:02:C3:8E:84:E4:76:28:BD:BA:03:85:98:09:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mUT4EqDgAsOOhOR2KL26A4WYCQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/8bKL0IbQOSgAyNHMsOTwdqXxmBA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3c6cb5-a72c-4701-ae6c-306c5651343e/1/mUT4EqDgAsOOhOR2KL26A4WYCQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.213.210.0/23
88.213.213.0-88.213.215.255
178.217.88.0/22
185.134.228.0/22
Signature Algorithm: sha256WithRSAEncryption
6d:b8:10:a4:ae:e9:57:98:6e:69:95:7c:3b:fd:16:57:b0:69:
fe:e4:7f:97:2b:c0:6a:96:42:d9:37:89:ab:91:e4:88:62:f2:
ec:94:26:09:07:1c:7a:b8:a9:7f:fe:17:21:16:48:ee:c5:5a:
bf:37:8d:71:9f:75:02:b7:ea:6c:84:94:19:60:35:5d:02:5b:
a8:e3:bf:fc:d2:80:ce:7e:b2:7f:a3:57:46:e8:a5:48:d2:f1:
c7:40:ba:d8:84:12:fb:3c:fe:b5:47:c1:5d:09:3d:9a:fb:95:
08:8f:19:eb:85:e1:15:92:0b:11:5f:82:3d:7b:4f:60:0b:e8:
a7:36:0d:a5:19:d5:51:69:33:cc:ef:3b:11:de:87:72:d1:fa:
b7:fe:3e:cb:39:43:69:4f:4b:99:ac:d7:85:a0:dc:1e:e2:98:
21:12:bb:0c:df:49:93:82:b7:f2:c4:ee:eb:d6:41:5d:28:28:
82:74:cc:e4:53:0f:2f:57:7d:ee:9e:74:20:82:2e:02:5d:40:
a6:3c:50:2f:a1:cb:da:72:46:0d:23:6c:29:ec:3d:56:20:64:
88:94:9b:42:ce:0e:31:50:af:27:a4:cc:10:5b:12:93:7f:c0:
0b:4d:f6:c0:19:57:d3:19:dc:40:7c:f7:03:6c:fb:25:4a:17:
b4:21:a1:ab
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQj1y6r3p7sWeN6jW0vFBgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NDRmODEyYTBlMDAyYzM4ZTg0ZTQ3NjI4YmRiYTAzODU5
ODA5MGIwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWIyOGJkMDg2ZDAzOTI4MDBjOGQxY2NiMGU0ZjA3NmE1ZjE5ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurKxHtUndFcB51l/Zpqayz2m0CGy
3gCLXb6sf5OcvbOJ3fC6vdRACwgzk5nQK/fwjyOAIiCs2J+QcZvGOwRq0sWwxEWf
Gbnm+gAQhBl237V3YzXLtpBh6P10N2WwzkaNIcuwVzs+Eg927WEIbDnYA636FYf6
mqM6CR5vOguFi/WHWrHyw+SF0/FNRVtaqYLZukQFNYW+I1T1rXqJSQj5BPAbqfSp
kxNvmMRpSyLqLw7q//7DJ7+SmSNnhb4QY2FWHpaXUGjfPi2UYwx3X7k4XUqjm87G
4HBMrksi4pAlsuUBt1Yyo7EIvNHc32f3jhqY3YPP5yAylrCt7xmZEcEe3QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPGyi9CG0DkoAMjRzLDk8Hal8ZgQMB8GA1UdIwQY
MBaAFJlE+BKg4ALDjoTkdii9ugOFmAkLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVVUNEVxRGdBc09PaE9SMktMMjZBNFdZQ1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zYzZjYjUtYTcyYy00NzAxLWFlNmMt
MzA2YzU2NTEzNDNlLzEvOGJLTDBJYlFPU2dBeU5ITXNPVHdkcVh4bUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zYzZjYjUtYTcyYy00NzAxLWFlNmMtMzA2YzU2NTEzNDNl
LzEvbVVUNEVxRGdBc09PaE9SMktMMjZBNFdZQ1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBWNXSMAwD
BABY1dUDBANY1dADBAKy2VgDBAK5huQwDQYJKoZIhvcNAQELBQADggEBAG24EKSu
6VeYbmmVfDv9Flewaf7kf5crwGqWQtk3iauR5Ihi8uyUJgkHHHq4qX/+FyEWSO7F
Wr83jXGfdQK36myElBlgNV0CW6jjv/zSgM5+sn+jV0bopUjS8cdAutiEEvs8/rVH
wV0JPZr7lQiPGeuF4RWSCxFfgj17T2AL6Kc2DaUZ1VFpM8zvOxHeh3LR+rf+Pss5
Q2lPS5ms14Wg3B7imCESuwzfSZOCt/LE7uvWQV0oKIJ0zORTDy9Xfe6edCCCLgJd
QKY8UC+hy9pyRg0jbCnsPVYgZIiUm0LODjFQryekzBBbEpN/wAtN9sAZV9MZ3EB8
9wNs+yVKF7Qhoas=
-----END CERTIFICATE-----
Generated at Sun Apr 6 20:36:55 2025 by rpki-client