Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/DUHPPbMiJZ5g5-MVvzd1BoFThPs.roa
File: DUHPPbMiJZ5g5-MVvzd1BoFThPs.roa (raw, json)
Hash identifier: jYJfj32NL3hL8Amv7vFPn8VdtIOctCQTglUuBNZ6asM=
Subject key identifier: 0D:41:CF:3D:B3:22:25:9E:60:E7:E3:15:BF:37:75:06:81:53:84:FB
Certificate issuer: /CN=2875f185823dbc6a82d105b3ca16077db5729377
Certificate serial: 01942823E51CE477F54D8D3663B35027A3E6
Authority key identifier: 28:75:F1:85:82:3D:BC:6A:82:D1:05:B3:CA:16:07:7D:B5:72:93:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/DUHPPbMiJZ5g5-MVvzd1BoFThPs.roa
Signing time: Thu 02 Jan 2025 17:50:28 +0000
ROA not before: Thu 02 Jan 2025 17:50:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1299
IP address blocks: 37.157.48.0/24 maxlen: 24
37.157.49.0/24 maxlen: 24
37.157.50.0/24 maxlen: 24
37.157.51.0/24 maxlen: 24
37.157.52.0/24 maxlen: 24
37.157.53.0/24 maxlen: 24
37.157.54.0/24 maxlen: 24
37.157.55.0/24 maxlen: 24
84.247.32.0/24 maxlen: 24
84.247.33.0/24 maxlen: 24
84.247.34.0/24 maxlen: 24
84.247.35.0/24 maxlen: 24
89.35.164.0/24 maxlen: 24
89.35.165.0/24 maxlen: 24
89.35.166.0/24 maxlen: 24
89.35.167.0/24 maxlen: 24
149.19.176.0/24 maxlen: 24
149.19.177.0/24 maxlen: 24
149.19.178.0/24 maxlen: 24
149.19.179.0/24 maxlen: 24
185.2.76.0/24 maxlen: 24
185.2.77.0/24 maxlen: 24
185.2.78.0/24 maxlen: 24
185.2.79.0/24 maxlen: 24
185.34.80.0/24 maxlen: 24
185.34.81.0/24 maxlen: 24
185.34.82.0/24 maxlen: 24
185.34.83.0/24 maxlen: 24
185.60.4.0/24 maxlen: 24
185.60.5.0/24 maxlen: 24
185.60.6.0/24 maxlen: 24
185.60.7.0/24 maxlen: 24
185.61.88.0/24 maxlen: 24
185.61.89.0/24 maxlen: 24
185.61.90.0/24 maxlen: 24
185.61.91.0/24 maxlen: 24
185.86.20.0/24 maxlen: 24
185.86.21.0/24 maxlen: 24
185.86.22.0/24 maxlen: 24
185.86.23.0/24 maxlen: 24
185.91.40.0/24 maxlen: 24
185.91.41.0/24 maxlen: 24
185.91.42.0/24 maxlen: 24
185.91.43.0/24 maxlen: 24
195.206.184.0/24 maxlen: 24
195.206.185.0/24 maxlen: 24
195.206.186.0/24 maxlen: 24
195.206.187.0/24 maxlen: 24
195.206.188.0/24 maxlen: 24
195.206.189.0/24 maxlen: 24
195.206.190.0/24 maxlen: 24
195.206.191.0/24 maxlen: 24
2a00:b840::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/KHXxhYI9vGqC0QWzyhYHfbVyk3c.crl
rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/KHXxhYI9vGqC0QWzyhYHfbVyk3c.mft
rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 02:01:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:23:e5:1c:e4:77:f5:4d:8d:36:63:b3:50:27:a3:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2875f185823dbc6a82d105b3ca16077db5729377
Validity
Not Before: Jan 2 17:50:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0d41cf3db322259e60e7e315bf377506815384fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:3e:e7:92:30:5f:3e:7f:0d:77:e4:39:f2:0c:
07:5c:70:d6:ce:e9:38:a0:34:bd:e1:4e:fd:5a:1e:
d8:2f:b1:41:46:62:84:e7:2f:23:a2:8a:9f:4d:3f:
80:92:f3:37:02:5e:3b:5a:95:16:e0:bd:56:d4:61:
2f:5e:14:2f:79:7b:47:35:46:82:78:eb:72:bc:ae:
3e:c7:32:01:a0:55:ad:77:9f:08:fb:01:3b:ba:46:
ad:6f:9b:59:b2:2c:1d:a4:28:8b:1d:e7:21:f6:96:
26:fa:77:8b:d2:bd:e8:64:d0:cd:d4:c1:d8:22:5a:
a3:17:f2:63:ed:03:66:9d:0e:99:3d:88:3a:88:bc:
d6:59:42:20:2c:c2:2b:5e:68:db:38:20:74:f8:a0:
0f:9a:72:b2:4f:46:2d:99:e0:80:12:ce:6e:74:85:
ed:bc:3a:b5:20:2f:a0:ef:1e:5d:55:7d:77:dd:f7:
e4:33:f0:a4:45:95:e8:e6:b3:f6:75:70:aa:78:cd:
79:df:e9:f1:39:f7:50:06:06:31:d1:79:e7:b2:48:
b0:1f:09:bb:d4:82:96:e5:db:1e:c8:02:10:50:8e:
9b:56:fe:dd:41:fe:00:a9:18:61:1b:55:00:f7:f1:
c1:56:b8:dd:0f:1d:7d:46:b4:f4:65:55:dc:b2:0c:
9a:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:41:CF:3D:B3:22:25:9E:60:E7:E3:15:BF:37:75:06:81:53:84:FB
X509v3 Authority Key Identifier:
keyid:28:75:F1:85:82:3D:BC:6A:82:D1:05:B3:CA:16:07:7D:B5:72:93:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/DUHPPbMiJZ5g5-MVvzd1BoFThPs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/KHXxhYI9vGqC0QWzyhYHfbVyk3c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.157.48.0/21
84.247.32.0/22
89.35.164.0/22
149.19.176.0/22
185.2.76.0/22
185.34.80.0/22
185.60.4.0/22
185.61.88.0/22
185.86.20.0/22
185.91.40.0/22
195.206.184.0/21
IPv6:
2a00:b840::/29
Signature Algorithm: sha256WithRSAEncryption
a4:49:1f:53:c3:8c:b1:8f:67:73:d7:49:6c:17:b2:9e:e6:7e:
59:40:b9:ba:6e:9e:33:d5:1d:1e:8a:c9:de:8a:ec:19:95:28:
a5:c3:7f:dc:d9:f0:be:bc:7d:59:54:0f:5f:ec:9a:cb:d1:84:
b7:b4:24:04:30:77:b5:d8:1c:bd:2e:ad:6d:cd:6a:91:3e:5f:
48:ce:ed:73:a6:e4:f9:59:7a:e2:17:03:95:f0:e1:16:f7:9a:
ed:17:0b:48:d4:07:90:1d:6b:34:ad:2c:b3:8a:05:b6:08:b1:
26:e5:8e:b8:6b:ea:10:74:b0:05:e8:4c:b8:14:09:99:42:40:
a7:93:8c:68:5f:63:41:b0:92:4c:9f:a6:69:d4:8c:9e:80:22:
17:2d:4d:41:5c:d2:62:d8:45:9d:86:06:26:6c:da:70:c6:74:
d4:41:91:ad:8a:6f:76:7a:42:52:68:22:6f:a6:72:de:2c:96:
8d:94:4a:55:5d:3d:81:2f:71:68:6c:0e:86:ec:00:5d:16:02:
12:f1:6c:42:02:4e:a5:d7:44:b5:1e:a4:3d:e1:cd:75:c5:b7:
98:25:c7:35:76:79:e2:9d:76:79:f8:1f:62:6a:30:11:81:1d:
5b:20:42:38:3d:bf:d9:6c:2d:d9:97:f4:f6:56:db:c9:cc:2f:
b1:76:38:d3
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZQoI+Uc5Hf1TY02Y7NQJ6PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NzVmMTg1ODIzZGJjNmE4MmQxMDViM2NhMTYwNzdkYjU3
MjkzNzcwHhcNMjUwMTAyMTc1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQxY2YzZGIzMjIyNTllNjBlN2UzMTViZjM3NzUwNjgxNTM4NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj7nkjBfPn8Nd+Q58gwHXHDWzuk4
oDS94U79Wh7YL7FBRmKE5y8jooqfTT+AkvM3Al47WpUW4L1W1GEvXhQveXtHNUaC
eOtyvK4+xzIBoFWtd58I+wE7ukatb5tZsiwdpCiLHech9pYm+neL0r3oZNDN1MHY
IlqjF/Jj7QNmnQ6ZPYg6iLzWWUIgLMIrXmjbOCB0+KAPmnKyT0YtmeCAEs5udIXt
vDq1IC+g7x5dVX133ffkM/CkRZXo5rP2dXCqeM153+nxOfdQBgYx0XnnskiwHwm7
1IKW5dseyAIQUI6bVv7dQf4AqRhhG1UA9/HBVrjdDx19RrT0ZVXcsgyarwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFA1Bzz2zIiWeYOfjFb83dQaBU4T7MB8GA1UdIwQY
MBaAFCh18YWCPbxqgtEFs8oWB321cpN3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0hYeGhZSTl2R3FDMFFXenloWUhmYlZ5azNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hMDRkYTYtOTg4Ny00MmE1LThlZDct
OTRlNWQ0OWNjNjI4LzEvRFVIUFBiTWlKWjVnNS1NVnZ6ZDFCb0ZUaFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hMDRkYTYtOTg4Ny00MmE1LThlZDctOTRlNWQ0OWNjNjI4
LzEvS0hYeGhZSTl2R3FDMFFXenloWUhmYlZ5azNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDJZ0wAwQC
VPcgAwQCWSOkAwQClROwAwQCuQJMAwQCuSJQAwQCuTwEAwQCuT1YAwQCuVYUAwQC
uVsoAwQDw864MA0EAgACMAcDBQMqALhAMA0GCSqGSIb3DQEBCwUAA4IBAQCkSR9T
w4yxj2dz10lsF7Ke5n5ZQLm6bp4z1R0eisneiuwZlSilw3/c2fC+vH1ZVA9f7JrL
0YS3tCQEMHe12By9Lq1tzWqRPl9Izu1zpuT5WXriFwOV8OEW95rtFwtI1AeQHWs0
rSyzigW2CLEm5Y64a+oQdLAF6Ey4FAmZQkCnk4xoX2NBsJJMn6Zp1IyegCIXLU1B
XNJi2EWdhgYmbNpwxnTUQZGtim92ekJSaCJvpnLeLJaNlEpVXT2BL3FobA6G7ABd
FgIS8WxCAk6l10S1HqQ94c11xbeYJcc1dnninXZ5+B9iajARgR1bIEI4Pb/ZbC3Z
l/T2VtvJzC+xdjjT
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:36:53 2025 by rpki-client