Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/PE9TZdJ8-Lln6kf9d9axXJAbp-c.roa
File: PE9TZdJ8-Lln6kf9d9axXJAbp-c.roa (raw, json)
Hash identifier: L+Px9nqboU0pthFP3MQiGwoS0A274PGNuMWfIopTQcU=
Subject key identifier: 3C:4F:53:65:D2:7C:F8:B9:67:EA:47:FD:77:D6:B1:5C:90:1B:A7:E7
Certificate issuer: /CN=d1e013ec8a5c56df241a9b2563d111f8e543bf91
Certificate serial: 019547518690FDDAE9180717F8F4348DA4B5
Authority key identifier: D1:E0:13:EC:8A:5C:56:DF:24:1A:9B:25:63:D1:11:F8:E5:43:BF:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0eAT7IpcVt8kGpslY9ER-OVDv5E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/PE9TZdJ8-Lln6kf9d9axXJAbp-c.roa
Signing time: Thu 27 Feb 2025 12:11:20 +0000
ROA not before: Thu 27 Feb 2025 12:11:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43260
IP address blocks: 185.85.72.0/24 maxlen: 24
185.85.73.0/24 maxlen: 24
185.85.74.0/24 maxlen: 24
185.85.75.0/24 maxlen: 24
185.160.29.0/24 maxlen: 24
185.160.30.0/24 maxlen: 24
185.160.31.0/24 maxlen: 24
2a05:abc0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/0eAT7IpcVt8kGpslY9ER-OVDv5E.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/0eAT7IpcVt8kGpslY9ER-OVDv5E.mft
rsync://rpki.ripe.net/repository/DEFAULT/0eAT7IpcVt8kGpslY9ER-OVDv5E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 15:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:47:51:86:90:fd:da:e9:18:07:17:f8:f4:34:8d:a4:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1e013ec8a5c56df241a9b2563d111f8e543bf91
Validity
Not Before: Feb 27 12:11:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c4f5365d27cf8b967ea47fd77d6b15c901ba7e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:6a:15:70:ae:48:39:10:6c:56:25:ad:62:6c:
88:49:3c:98:bc:27:06:fd:1b:83:d7:c5:1e:dd:d3:
bd:04:c6:89:72:0f:d5:a6:cc:c2:45:d6:e0:a0:1b:
a7:b0:6d:05:0c:df:b9:47:11:9a:63:9e:c4:af:d7:
bf:f3:ed:6b:be:31:5b:14:63:12:78:dd:02:69:c3:
c5:9a:db:37:c4:53:11:ca:64:7d:ef:ea:aa:16:e4:
c3:c3:d9:d7:09:b5:5d:18:88:eb:9a:dc:45:88:cd:
39:a4:34:5e:17:60:5a:b4:f5:c9:2b:d8:f3:3b:f4:
dd:8e:31:00:31:ee:43:26:c4:cb:67:2a:f6:c3:60:
88:d1:ab:7c:26:f4:7a:73:ad:b9:44:33:0e:c0:1c:
07:fd:49:63:d3:27:8f:c1:ac:c3:24:30:38:e6:f4:
63:ff:9f:75:42:8f:54:f4:fb:0e:83:ac:44:b2:82:
8a:e2:57:b4:c0:a9:81:5a:ad:a6:e6:d8:16:64:78:
a7:f7:14:a9:cc:68:cd:41:44:ff:fb:24:5c:2d:fb:
89:7e:91:c8:fa:4f:3d:bb:7d:af:e8:33:71:ee:80:
94:53:53:db:38:c3:5a:c5:ad:09:c4:0c:29:c1:de:
d0:11:12:62:2b:3b:b3:40:b9:f6:3a:cd:20:df:ca:
21:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:4F:53:65:D2:7C:F8:B9:67:EA:47:FD:77:D6:B1:5C:90:1B:A7:E7
X509v3 Authority Key Identifier:
keyid:D1:E0:13:EC:8A:5C:56:DF:24:1A:9B:25:63:D1:11:F8:E5:43:BF:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0eAT7IpcVt8kGpslY9ER-OVDv5E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/PE9TZdJ8-Lln6kf9d9axXJAbp-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/0eAT7IpcVt8kGpslY9ER-OVDv5E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.85.72.0/22
185.160.29.0-185.160.31.255
IPv6:
2a05:abc0::/48
Signature Algorithm: sha256WithRSAEncryption
99:7d:ba:ee:ea:d3:e4:fa:76:43:4d:39:db:17:da:50:b2:4b:
70:f4:7e:29:21:95:20:bc:72:92:1d:20:40:61:24:8b:c4:c7:
c5:c5:21:2f:b7:b6:0d:1c:5c:c2:11:cc:05:eb:4f:a7:30:9a:
db:40:4a:c9:70:cf:2c:26:e0:41:59:04:83:7e:8a:04:cc:63:
89:1c:e3:7c:a3:52:2c:06:a8:21:33:23:ca:d4:ad:0a:40:7b:
87:92:2f:9a:b7:71:d9:ae:86:be:e1:6d:72:a4:1f:4c:27:3c:
78:37:d0:16:3c:b0:1e:58:b1:06:28:bd:97:0e:41:a5:09:03:
81:b4:75:ec:92:cf:a0:33:d4:88:a0:9e:6a:f5:ac:0a:08:df:
3f:2f:5d:e2:20:46:d5:ff:2e:1e:56:2b:76:bd:35:5a:68:06:
a3:a6:17:d8:7b:58:0d:b1:09:75:ca:7b:ec:4e:60:1a:e6:63:
ce:6a:a5:a8:ef:88:c5:cb:9f:5d:8f:73:aa:8a:fa:01:73:f3:
f3:27:3a:b7:91:98:2d:09:1c:60:c6:7f:f9:6b:d0:91:10:74:
e1:bf:e9:78:6e:a5:81:72:4e:c2:54:94:0b:20:93:3a:6e:45:
d8:7a:18:9f:24:39:f6:7c:1b:02:47:e9:0f:ef:3a:46:65:40:
bf:9e:f0:e2
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZVHUYaQ/drpGAcX+PQ0jaS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZTAxM2VjOGE1YzU2ZGYyNDFhOWIyNTYzZDExMWY4ZTU0
M2JmOTEwHhcNMjUwMjI3MTIxMTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzRmNTM2NWQyN2NmOGI5NjdlYTQ3ZmQ3N2Q2YjE1YzkwMWJhN2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmoVcK5IORBsViWtYmyISTyYvCcG
/RuD18Ue3dO9BMaJcg/VpszCRdbgoBunsG0FDN+5RxGaY57Er9e/8+1rvjFbFGMS
eN0CacPFmts3xFMRymR97+qqFuTDw9nXCbVdGIjrmtxFiM05pDReF2BatPXJK9jz
O/TdjjEAMe5DJsTLZyr2w2CI0at8JvR6c625RDMOwBwH/Ulj0yePwazDJDA45vRj
/591Qo9U9PsOg6xEsoKK4le0wKmBWq2m5tgWZHin9xSpzGjNQUT/+yRcLfuJfpHI
+k89u32v6DNx7oCUU1PbOMNaxa0JxAwpwd7QERJiKzuzQLn2Os0g38ohbQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFDxPU2XSfPi5Z+pH/XfWsVyQG6fnMB8GA1UdIwQY
MBaAFNHgE+yKXFbfJBqbJWPREfjlQ7+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGVBVDdJcGNWdDhrR3BzbFk5RVItT1ZEdjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9lNDFlZjQtZGMxZS00NDY5LWJkMmQt
NDQwNTI4YzFlNDllLzEvUEU5VFpkSjgtTGxuNmtmOWQ5YXhYSkFicC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9lNDFlZjQtZGMxZS00NDY5LWJkMmQtNDQwNTI4YzFlNDll
LzEvMGVBVDdJcGNWdDhrR3BzbFk5RVItT1ZEdjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUAwQCuVVIMAwD
BAC5oB0DBAW5oAAwDwQCAAIwCQMHACoFq8AAADANBgkqhkiG9w0BAQsFAAOCAQEA
mX267urT5Pp2Q0052xfaULJLcPR+KSGVILxykh0gQGEki8THxcUhL7e2DRxcwhHM
BetPpzCa20BKyXDPLCbgQVkEg36KBMxjiRzjfKNSLAaoITMjytStCkB7h5Ivmrdx
2a6GvuFtcqQfTCc8eDfQFjywHlixBii9lw5BpQkDgbR17JLPoDPUiKCeavWsCgjf
Py9d4iBG1f8uHlYrdr01WmgGo6YX2HtYDbEJdcp77E5gGuZjzmqlqO+IxcufXY9z
qor6AXPz8yc6t5GYLQkcYMZ/+WvQkRB04b/peG6lgXJOwlSUCyCTOm5F2HoYnyQ5
9nwbAkfpD+86RmVAv57w4g==
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:51:37 2025 by rpki-client