Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/0868af-f2d7-4905-88d2-9db6665449cb/1/IhBK0ciO53Ec1EbuRK46uaRKreQ.roa
File: IhBK0ciO53Ec1EbuRK46uaRKreQ.roa (raw, json)
Hash identifier: 4ZKr5RNFkrNbbNrdBlZagiUZ6klyQ2uoBXn/MMtAeKc=
Subject key identifier: 22:10:4A:D1:C8:8E:E7:71:1C:D4:46:EE:44:AE:3A:B9:A4:4A:AD:E4
Certificate issuer: /CN=f3e23abae3cf0b351260d66f32339928fddf2ebb
Certificate serial: 0194228D8396A5215ACA17546D161362A426
Authority key identifier: F3:E2:3A:BA:E3:CF:0B:35:12:60:D6:6F:32:33:99:28:FD:DF:2E:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8-I6uuPPCzUSYNZvMjOZKP3fLrs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/0868af-f2d7-4905-88d2-9db6665449cb/1/IhBK0ciO53Ec1EbuRK46uaRKreQ.roa
Signing time: Wed 01 Jan 2025 15:48:07 +0000
ROA not before: Wed 01 Jan 2025 15:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49584
IP address blocks: 185.2.60.0/22 maxlen: 24
185.179.112.0/24 maxlen: 24
185.179.113.0/24 maxlen: 24
185.179.114.0/24 maxlen: 24
185.179.115.0/24 maxlen: 24
2a0e:1c40::/29 maxlen: 29
2a0e:1c40:1::/48 maxlen: 48
2a0e:1c40:2000::/48 maxlen: 48
2a0e:1c40:4000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a0/0868af-f2d7-4905-88d2-9db6665449cb/1/8-I6uuPPCzUSYNZvMjOZKP3fLrs.crl
rsync://rpki.ripe.net/repository/DEFAULT/a0/0868af-f2d7-4905-88d2-9db6665449cb/1/8-I6uuPPCzUSYNZvMjOZKP3fLrs.mft
rsync://rpki.ripe.net/repository/DEFAULT/8-I6uuPPCzUSYNZvMjOZKP3fLrs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:83:96:a5:21:5a:ca:17:54:6d:16:13:62:a4:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f3e23abae3cf0b351260d66f32339928fddf2ebb
Validity
Not Before: Jan 1 15:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=22104ad1c88ee7711cd446ee44ae3ab9a44aade4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:c7:31:d6:bb:41:ee:11:2f:3e:81:07:fe:79:
ef:3d:82:fd:18:ce:5b:3a:29:2a:8e:a1:56:f8:ca:
b9:ee:69:6f:9e:8c:ad:ce:d7:23:72:54:07:67:6a:
0c:25:3e:f4:9f:0b:95:39:ba:9c:87:1c:73:c3:01:
97:5a:a0:bb:2a:0e:d8:0c:cb:4b:f9:b7:71:c5:bd:
d4:4c:90:15:61:0a:ce:04:45:34:c9:0c:ed:88:21:
10:f3:c7:f7:93:11:1d:a2:d2:1f:42:c4:98:ca:e1:
cb:c2:2c:89:43:b3:b3:4b:5e:d7:17:00:da:52:4f:
b5:c8:0f:5b:be:4f:0a:02:f0:fc:4a:a7:cf:9c:9d:
b5:ef:10:a7:9d:56:8f:db:4e:4a:ae:72:e8:8b:2b:
df:40:a4:18:e6:2d:9c:94:93:61:04:0d:c3:8a:d5:
3f:33:d5:b5:a1:ab:8a:12:56:e4:d6:71:7f:09:a0:
30:a6:ad:e5:57:2b:0e:4c:fa:3a:13:a3:6a:e3:00:
42:05:5d:3b:39:19:bf:e0:e0:a8:3b:4e:34:d9:52:
6a:6e:7c:47:0b:45:ce:b0:ba:60:35:a2:22:58:a4:
92:a9:6c:63:d7:63:60:33:dd:06:ee:cb:25:4e:30:
f3:d4:3f:48:77:a3:d6:fb:8d:b5:55:88:2c:4b:a6:
1c:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:10:4A:D1:C8:8E:E7:71:1C:D4:46:EE:44:AE:3A:B9:A4:4A:AD:E4
X509v3 Authority Key Identifier:
keyid:F3:E2:3A:BA:E3:CF:0B:35:12:60:D6:6F:32:33:99:28:FD:DF:2E:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8-I6uuPPCzUSYNZvMjOZKP3fLrs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/0868af-f2d7-4905-88d2-9db6665449cb/1/IhBK0ciO53Ec1EbuRK46uaRKreQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/0868af-f2d7-4905-88d2-9db6665449cb/1/8-I6uuPPCzUSYNZvMjOZKP3fLrs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.2.60.0/22
185.179.112.0/22
IPv6:
2a0e:1c40::/29
Signature Algorithm: sha256WithRSAEncryption
0e:62:4a:10:65:cf:4d:ca:66:87:23:a6:fe:5e:3a:07:45:f2:
99:e2:22:3e:5d:38:dc:16:ef:f6:26:da:99:d6:69:01:7f:4d:
44:01:33:83:62:85:8d:51:82:9f:cc:9f:3b:de:98:6f:40:44:
5f:09:ac:9e:63:22:17:6d:46:c5:ae:73:4f:4a:30:9c:90:86:
73:a1:bf:39:b0:e5:55:91:64:9a:4a:87:bc:4f:32:61:70:e7:
88:68:68:06:60:63:50:f2:2e:d3:58:52:eb:f0:68:c7:db:fc:
69:3b:4a:5a:29:30:19:82:35:8d:ae:df:2a:ed:39:4a:9f:9b:
d0:73:60:04:b2:af:59:55:66:2f:c5:2a:50:77:79:ba:db:ec:
22:85:b0:7f:f8:49:26:81:00:19:2a:e7:b4:cd:c2:79:97:d3:
15:20:a9:5d:6c:85:09:d3:8f:bd:32:ee:64:a3:81:48:74:e9:
aa:98:b5:60:be:1a:3d:d1:53:a3:92:6e:b6:88:00:db:02:62:
b5:2e:c0:e8:41:4d:75:a1:8d:79:08:7d:86:8c:f7:90:17:aa:
61:2c:9c:55:3a:7f:af:6b:52:11:c9:47:fa:95:56:64:6c:09:
2e:5f:e9:f9:1d:89:99:04:21:58:3b:24:33:57:40:1f:52:ad:
93:18:61:86
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijYOWpSFayhdUbRYTYqQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZTIzYWJhZTNjZjBiMzUxMjYwZDY2ZjMyMzM5OTI4ZmRk
ZjJlYmIwHhcNMjUwMTAxMTU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjEwNGFkMWM4OGVlNzcxMWNkNDQ2ZWU0NGFlM2FiOWE0NGFhZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8cx1rtB7hEvPoEH/nnvPYL9GM5b
OikqjqFW+Mq57mlvnoytztcjclQHZ2oMJT70nwuVObqchxxzwwGXWqC7Kg7YDMtL
+bdxxb3UTJAVYQrOBEU0yQztiCEQ88f3kxEdotIfQsSYyuHLwiyJQ7OzS17XFwDa
Uk+1yA9bvk8KAvD8SqfPnJ217xCnnVaP205KrnLoiyvfQKQY5i2clJNhBA3DitU/
M9W1oauKElbk1nF/CaAwpq3lVysOTPo6E6Nq4wBCBV07ORm/4OCoO0402VJqbnxH
C0XOsLpgNaIiWKSSqWxj12NgM90G7sslTjDz1D9Id6PW+421VYgsS6Yc0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCIQStHIjudxHNRG7kSuOrmkSq3kMB8GA1UdIwQY
MBaAFPPiOrrjzws1EmDWbzIzmSj93y67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOC1JNnV1UFBDelVTWU5adk1qT1pLUDNmTHJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8wODY4YWYtZjJkNy00OTA1LTg4ZDIt
OWRiNjY2NTQ0OWNiLzEvSWhCSzBjaU81M0VjMUVidVJLNDZ1YVJLcmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8wODY4YWYtZjJkNy00OTA1LTg4ZDItOWRiNjY2NTQ0OWNi
LzEvOC1JNnV1UFBDelVTWU5adk1qT1pLUDNmTHJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQI8AwQC
ubNwMA0EAgACMAcDBQMqDhxAMA0GCSqGSIb3DQEBCwUAA4IBAQAOYkoQZc9NymaH
I6b+XjoHRfKZ4iI+XTjcFu/2JtqZ1mkBf01EATODYoWNUYKfzJ873phvQERfCaye
YyIXbUbFrnNPSjCckIZzob85sOVVkWSaSoe8TzJhcOeIaGgGYGNQ8i7TWFLr8GjH
2/xpO0paKTAZgjWNrt8q7TlKn5vQc2AEsq9ZVWYvxSpQd3m62+wihbB/+EkmgQAZ
Kue0zcJ5l9MVIKldbIUJ04+9Mu5ko4FIdOmqmLVgvho90VOjkm62iADbAmK1LsDo
QU11oY15CH2GjPeQF6phLJxVOn+va1IRyUf6lVZkbAkuX+n5HYmZBCFYOyQzV0Af
Uq2TGGGG
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:54:34 2025 by rpki-client