Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/2It_I9J9BgRnnQT5C-V712e3yx4.roa
File: 2It_I9J9BgRnnQT5C-V712e3yx4.roa (raw, json)
Hash identifier: ESMa8M4XpFdW7jSu8zHJhrebxwQNF93LMCKBGt+hLE4=
Subject key identifier: D8:8B:7F:23:D2:7D:06:04:67:9D:04:F9:0B:E5:7B:D7:67:B7:CB:1E
Certificate issuer: /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial: 019424B3D8A4F49E08C652F2E97D6F94353E
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/2It_I9J9BgRnnQT5C-V712e3yx4.roa
Signing time: Thu 02 Jan 2025 01:49:13 +0000
ROA not before: Thu 02 Jan 2025 01:49:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39700
IP address blocks: 78.108.128.0/20 maxlen: 24
80.246.202.0/24 maxlen: 24
81.30.38.0/24 maxlen: 24
91.142.240.0/21 maxlen: 21
91.142.240.0/22 maxlen: 22
91.142.246.0/23 maxlen: 23
91.142.248.0/22 maxlen: 22
141.255.178.0/23 maxlen: 23
176.74.224.0/24 maxlen: 24
2001:4cb8::/29 maxlen: 48
2001:4cb9::/32 maxlen: 32
2a00:c080:101c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.mft
rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:d8:a4:f4:9e:08:c6:52:f2:e9:7d:6f:94:35:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Validity
Not Before: Jan 2 01:49:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d88b7f23d27d0604679d04f90be57bd767b7cb1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:db:6b:ca:76:17:cd:a0:a0:1c:69:dd:3c:42:
b1:ec:45:d9:29:8e:23:17:86:cb:62:16:21:b8:71:
e8:f4:af:fb:5e:f5:60:93:c0:1d:39:3d:57:45:17:
69:ee:9b:ce:ac:94:98:4c:b0:f4:14:ec:78:a6:f9:
98:38:0a:67:c3:67:c9:fd:d9:15:47:41:39:12:1e:
20:43:09:b5:3e:46:b7:e6:ed:0d:b0:05:5b:3b:e2:
0a:cd:c4:da:b5:f3:4c:e3:6a:50:36:7d:68:17:ad:
72:98:1e:5e:41:d2:af:7e:07:37:30:01:e2:92:dc:
56:1b:44:96:0c:c6:29:97:e8:93:6b:17:dd:de:a9:
74:7a:e8:ed:b4:59:40:1e:ed:8e:f7:13:f4:75:ad:
f9:f3:a2:d2:5e:86:47:c4:a1:b6:ae:11:19:37:78:
d6:d7:c9:e4:79:eb:c5:b6:db:a2:96:72:bf:69:3c:
47:6a:e2:45:b7:95:e5:2f:0f:20:6b:29:c5:e6:9b:
d8:77:f5:2c:a7:31:12:3a:3b:f7:46:c0:a8:86:5f:
ff:02:18:2a:5e:09:22:26:ce:6e:c1:8a:a0:15:40:
90:f0:44:fc:19:95:47:97:2d:2c:5f:0c:ed:03:ea:
c6:05:56:13:76:a8:6e:04:ad:82:c2:77:3e:7c:48:
c1:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:8B:7F:23:D2:7D:06:04:67:9D:04:F9:0B:E5:7B:D7:67:B7:CB:1E
X509v3 Authority Key Identifier:
keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/2It_I9J9BgRnnQT5C-V712e3yx4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.108.128.0/20
80.246.202.0/24
81.30.38.0/24
91.142.240.0-91.142.251.255
141.255.178.0/23
176.74.224.0/24
IPv6:
2001:4cb8::/29
2a00:c080:101c::/48
Signature Algorithm: sha256WithRSAEncryption
85:27:31:fa:70:4d:dc:ec:51:8a:b9:0d:d5:90:7b:9d:13:7d:
f2:f1:23:93:d1:29:dc:62:d2:7f:a8:7d:8c:9b:a1:4c:1c:bf:
ad:cf:c8:4a:5a:1e:82:b2:82:a1:3b:46:0e:6f:00:b9:d9:01:
0e:0a:b0:94:ee:19:45:dd:33:ea:5e:6b:cf:96:57:4b:51:bc:
8a:7d:e1:23:cd:c3:5b:fb:3e:b2:b5:05:da:dc:a4:15:69:da:
87:74:13:cb:c2:d4:69:52:96:49:83:6c:fe:4f:21:e5:ef:03:
60:29:cf:e2:d3:d6:0e:b6:3a:32:21:97:19:ae:a6:c7:69:fe:
92:d8:ad:9d:db:ac:62:01:8a:4e:ca:8c:4a:d9:76:1e:7f:f2:
7d:be:ae:76:0d:4f:78:6f:8e:fa:b8:dc:26:a4:05:48:69:92:
dd:27:f0:0a:9a:4c:09:81:24:43:50:e7:27:b3:55:fd:81:ba:
12:e7:00:56:51:56:fa:b5:8d:9c:77:0a:02:69:8b:f4:4c:de:
d3:04:d5:90:89:98:ff:55:bf:e0:06:99:c9:49:03:d9:8a:3c:
a6:73:aa:31:2f:53:63:f1:17:c4:97:99:08:99:19:cf:2d:5e:
c9:ec:3a:47:97:7c:86:76:18:52:29:85:65:be:00:b6:77:2c:
48:d9:bb:68
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZQks9ik9J4IxlLy6X1vlDU+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODhiN2YyM2QyN2QwNjA0Njc5ZDA0ZjkwYmU1N2JkNzY3YjdjYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdtrynYXzaCgHGndPEKx7EXZKY4j
F4bLYhYhuHHo9K/7XvVgk8AdOT1XRRdp7pvOrJSYTLD0FOx4pvmYOApnw2fJ/dkV
R0E5Eh4gQwm1Pka35u0NsAVbO+IKzcTatfNM42pQNn1oF61ymB5eQdKvfgc3MAHi
ktxWG0SWDMYpl+iTaxfd3ql0eujttFlAHu2O9xP0da3586LSXoZHxKG2rhEZN3jW
18nkeevFttuilnK/aTxHauJFt5XlLw8gaynF5pvYd/UspzESOjv3RsCohl//Ahgq
XgkiJs5uwYqgFUCQ8ET8GZVHly0sXwztA+rGBVYTdqhuBK2Cwnc+fEjBVwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNiLfyPSfQYEZ50E+Qvle9dnt8seMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvMkl0X0k5SjlCZ1JublFUNUMtVjcxMmUzeXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAyBAIAATAsAwQETmyAAwQA
UPbKAwQAUR4mMAwDBARbjvADBAJbjvgDBAGN/7IDBACwSuAwFgQCAAIwEAMFAyAB
TLgDBwAqAMCAEBwwDQYJKoZIhvcNAQELBQADggEBAIUnMfpwTdzsUYq5DdWQe50T
ffLxI5PRKdxi0n+ofYyboUwcv63PyEpaHoKygqE7Rg5vALnZAQ4KsJTuGUXdM+pe
a8+WV0tRvIp94SPNw1v7PrK1BdrcpBVp2od0E8vC1GlSlkmDbP5PIeXvA2Apz+LT
1g62OjIhlxmupsdp/pLYrZ3brGIBik7KjErZdh5/8n2+rnYNT3hvjvq43CakBUhp
kt0n8AqaTAmBJENQ5yezVf2BuhLnAFZRVvq1jZx3CgJpi/RM3tME1ZCJmP9Vv+AG
mclJA9mKPKZzqjEvU2PxF8SXmQiZGc8tXsnsOkeXfIZ2GFIphWW+ALZ3LEjZu2g=
-----END CERTIFICATE-----
Generated at Sat Apr 12 08:28:44 2025 by rpki-client