Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/Fdf0vtB1gT4L0JunIsm8qNZYmQ4.roa
File: Fdf0vtB1gT4L0JunIsm8qNZYmQ4.roa (raw, json)
Hash identifier: Hfh7wbvCwd9LX8YiFV9RA+et4MH+5Md9SfCGKXu907E=
Subject key identifier: 15:D7:F4:BE:D0:75:81:3E:0B:D0:9B:A7:22:C9:BC:A8:D6:58:99:0E
Certificate issuer: /CN=c8531ae2ce57c95f5a398930ea45503542801ba1
Certificate serial: 0194206860AFE2B10E650415557B07B01A58
Authority key identifier: C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/Fdf0vtB1gT4L0JunIsm8qNZYmQ4.roa
Signing time: Wed 01 Jan 2025 05:48:18 +0000
ROA not before: Wed 01 Jan 2025 05:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3491
IP address blocks: 185.77.60.0/22 maxlen: 22
185.77.60.0/24 maxlen: 24
217.113.64.0/19 maxlen: 19
217.113.65.0/24 maxlen: 24
217.113.86.0/24 maxlen: 24
217.113.88.0/24 maxlen: 24
217.113.92.0/24 maxlen: 24
2a03:5400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.mft
rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:60:af:e2:b1:0e:65:04:15:55:7b:07:b0:1a:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8531ae2ce57c95f5a398930ea45503542801ba1
Validity
Not Before: Jan 1 05:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=15d7f4bed075813e0bd09ba722c9bca8d658990e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:bc:95:90:ae:cb:66:ab:16:d4:c1:ae:b8:84:
bc:97:f5:bd:7c:bc:c5:fd:39:ad:fb:ce:e9:ae:e4:
9f:32:75:5e:f2:20:5e:ec:47:53:bb:8d:b8:e6:b7:
59:ea:6d:6b:bc:a0:37:a3:0d:f1:fd:32:27:be:2b:
af:9a:5d:ac:cd:c8:5b:75:3e:fd:54:cf:67:f6:6f:
cb:3d:90:28:70:45:d6:7f:a3:3d:a7:3f:de:27:03:
97:43:b8:5c:a6:d5:a6:9d:90:c4:9e:a3:c7:aa:3e:
0a:6d:70:d0:6e:7c:20:67:54:56:22:43:2e:d0:20:
71:37:c6:db:54:18:fc:6a:88:11:d5:09:84:4a:e9:
85:a8:53:63:78:3e:76:0d:29:9b:9f:be:af:d2:3c:
bd:bb:42:de:22:ac:8e:75:5f:a8:03:b1:27:bb:f1:
19:bc:62:84:b2:4a:49:5a:f2:d1:ef:50:8a:1b:5d:
53:07:24:26:e6:e0:ea:4d:c8:0b:b1:09:bc:f1:c1:
bd:9c:c3:82:c6:3c:ee:5b:8b:b6:33:4c:46:9b:45:
5a:de:6b:25:f7:9f:e7:17:21:a9:07:3c:8c:40:35:
2b:fe:c2:66:4e:73:1a:a4:dc:c3:8f:2a:e4:1f:22:
2f:61:56:e1:f2:13:83:4b:a4:8f:9f:05:04:73:aa:
08:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:D7:F4:BE:D0:75:81:3E:0B:D0:9B:A7:22:C9:BC:A8:D6:58:99:0E
X509v3 Authority Key Identifier:
keyid:C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/Fdf0vtB1gT4L0JunIsm8qNZYmQ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.77.60.0/22
217.113.64.0/19
IPv6:
2a03:5400::/32
Signature Algorithm: sha256WithRSAEncryption
c0:be:94:eb:06:75:72:8f:f6:5c:50:45:da:90:4c:6a:d1:fe:
96:97:40:07:ee:cd:11:6d:89:1f:4e:0b:87:0a:1a:65:98:a5:
ea:48:a5:78:89:98:c9:53:79:76:d9:47:67:77:27:e9:76:27:
ed:af:c9:a2:7d:2a:26:08:fe:96:78:6c:8a:4b:3c:0f:b3:00:
0d:47:4c:82:b6:cc:cc:95:11:d5:ce:6d:b4:a6:c3:d7:9b:1c:
b5:77:48:39:7a:6b:a6:71:3d:97:ce:97:45:b7:3a:aa:4e:a0:
d4:82:ac:c7:27:08:d2:41:07:4c:97:d2:be:bd:b2:a6:5e:97:
20:97:54:fb:25:78:85:ca:de:72:aa:51:33:fb:0c:2f:2e:ba:
83:7e:d0:c6:5c:f7:2c:66:4b:21:dc:0b:48:2e:f0:b7:c1:2c:
61:2f:3e:89:6f:14:75:7f:df:f5:e2:8a:ef:29:1b:75:63:cc:
8c:96:96:9e:d0:b1:be:cd:a7:11:fc:49:00:33:c1:26:4f:1a:
ae:ee:b6:57:8f:5c:0a:47:7c:40:3e:be:83:68:e5:eb:da:87:
b4:db:7e:7e:ae:b4:c6:e9:fd:a7:1e:96:25:93:f8:05:6e:3b:
35:3a:93:f0:2e:c8:56:04:61:03:cc:e3:bf:fd:eb:dc:72:e4:
68:85:db:40
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQgaGCv4rEOZQQVVXsHsBpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTMxYWUyY2U1N2M5NWY1YTM5ODkzMGVhNDU1MDM1NDI4
MDFiYTEwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWQ3ZjRiZWQwNzU4MTNlMGJkMDliYTcyMmM5YmNhOGQ2NTg5OTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7yVkK7LZqsW1MGuuIS8l/W9fLzF
/Tmt+87pruSfMnVe8iBe7EdTu4245rdZ6m1rvKA3ow3x/TInviuvml2szchbdT79
VM9n9m/LPZAocEXWf6M9pz/eJwOXQ7hcptWmnZDEnqPHqj4KbXDQbnwgZ1RWIkMu
0CBxN8bbVBj8aogR1QmESumFqFNjeD52DSmbn76v0jy9u0LeIqyOdV+oA7Enu/EZ
vGKEskpJWvLR71CKG11TByQm5uDqTcgLsQm88cG9nMOCxjzuW4u2M0xGm0Va3msl
95/nFyGpBzyMQDUr/sJmTnMapNzDjyrkHyIvYVbh8hODS6SPnwUEc6oIzQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBXX9L7QdYE+C9CbpyLJvKjWWJkOMB8GA1UdIwQY
MBaAFMhTGuLOV8lfWjmJMOpFUDVCgBuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjkt
NDVkNTQyZDVmNTVmLzEvRmRmMHZ0QjFnVDRMMEp1bklzbThxTlpZbVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjktNDVkNTQyZDVmNTVm
LzEveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuU08AwQF
2XFAMA0EAgACMAcDBQAqA1QAMA0GCSqGSIb3DQEBCwUAA4IBAQDAvpTrBnVyj/Zc
UEXakExq0f6Wl0AH7s0RbYkfTguHChplmKXqSKV4iZjJU3l22Udndyfpdiftr8mi
fSomCP6WeGyKSzwPswANR0yCtszMlRHVzm20psPXmxy1d0g5emumcT2XzpdFtzqq
TqDUgqzHJwjSQQdMl9K+vbKmXpcgl1T7JXiFyt5yqlEz+wwvLrqDftDGXPcsZksh
3AtILvC3wSxhLz6JbxR1f9/14orvKRt1Y8yMlpae0LG+zacR/EkAM8EmTxqu7rZX
j1wKR3xAPr6DaOXr2oe0235+rrTG6f2nHpYlk/gFbjs1OpPwLshWBGEDzOO//evc
cuRohdtA
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:52:05 2025 by rpki-client