Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/r8v_y5CgKRJYVb0efXm40LZehP4.roa
File: r8v_y5CgKRJYVb0efXm40LZehP4.roa (raw, json)
Hash identifier: RKFUmKgDYqrRW6TXR7G+/oNe9iSAV+m90qk1jsY/Or0=
Subject key identifier: AF:CB:FF:CB:90:A0:29:12:58:55:BD:1E:7D:79:B8:D0:B6:5E:84:FE
Certificate issuer: /CN=33b9f91816dd4d8226a41e3b4c3b09c7bdcc64a9
Certificate serial: 0194236A12C543F49C23DC8F25E96054CBB9
Authority key identifier: 33:B9:F9:18:16:DD:4D:82:26:A4:1E:3B:4C:3B:09:C7:BD:CC:64:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/r8v_y5CgKRJYVb0efXm40LZehP4.roa
Signing time: Wed 01 Jan 2025 19:49:01 +0000
ROA not before: Wed 01 Jan 2025 19:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39257
IP address blocks: 78.31.200.0/22 maxlen: 22
87.238.184.0/21 maxlen: 21
87.238.187.0/24 maxlen: 24
87.238.190.0/24 maxlen: 24
91.212.106.0/24 maxlen: 24
91.214.127.0/24 maxlen: 24
185.26.200.0/22 maxlen: 22
2a02:8c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.mft
rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 03:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:12:c5:43:f4:9c:23:dc:8f:25:e9:60:54:cb:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33b9f91816dd4d8226a41e3b4c3b09c7bdcc64a9
Validity
Not Before: Jan 1 19:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afcbffcb90a029125855bd1e7d79b8d0b65e84fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:b0:6f:f1:a5:20:09:3c:8a:b8:28:a9:66:0c:
cd:a2:fc:82:c7:4a:f6:af:6f:15:37:de:42:88:29:
0a:b2:3a:ce:24:b6:6c:1f:85:f3:78:f6:1e:c1:6a:
fd:af:1c:c9:88:d6:df:15:94:67:f8:b7:19:d0:14:
32:ba:09:2e:90:e4:e2:da:22:45:d8:b3:a5:06:03:
8c:70:8c:0f:72:76:5b:93:0b:d6:9d:b9:84:5f:6c:
a6:d9:d5:e7:b9:77:7f:73:bc:51:28:eb:6e:db:7e:
f8:ce:45:2b:c7:3e:fb:5c:ff:ba:6f:cd:bc:c8:87:
a3:4e:23:53:a0:97:51:da:ea:dc:42:3c:8d:02:9a:
ca:8a:2d:8f:ff:dc:59:86:78:c0:76:d0:31:43:b8:
a6:9c:47:c9:43:17:22:17:d3:df:54:f0:27:a0:54:
4e:bc:16:d2:5b:94:63:c7:07:b6:3a:1a:60:70:db:
62:ee:63:78:55:8b:c8:5a:e7:19:71:2a:de:54:65:
08:e5:a2:29:87:f4:e9:03:ee:9e:e5:73:b0:b2:2d:
a5:d2:50:61:7d:24:dc:d2:e4:d3:9b:07:ea:4b:df:
4d:4d:d8:54:f4:4c:d8:6a:fa:83:73:aa:9f:88:47:
8a:a0:db:df:5b:47:1c:3a:fc:88:70:f7:6b:ab:5e:
90:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:CB:FF:CB:90:A0:29:12:58:55:BD:1E:7D:79:B8:D0:B6:5E:84:FE
X509v3 Authority Key Identifier:
keyid:33:B9:F9:18:16:DD:4D:82:26:A4:1E:3B:4C:3B:09:C7:BD:CC:64:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/r8v_y5CgKRJYVb0efXm40LZehP4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.31.200.0/22
87.238.184.0/21
91.212.106.0/24
91.214.127.0/24
185.26.200.0/22
IPv6:
2a02:8c0::/32
Signature Algorithm: sha256WithRSAEncryption
83:16:24:db:6e:10:4a:e1:ad:22:05:04:30:67:9f:b5:51:87:
f0:e7:37:3c:a3:4c:c4:c5:bf:6e:0f:7b:f1:b7:47:3e:ef:5f:
85:aa:1b:08:8e:a2:9a:6d:4c:63:78:2e:d2:51:67:6b:43:33:
a8:9d:5e:fc:a3:cc:fb:d7:96:81:bf:b9:a0:06:d0:60:b9:54:
b0:ff:e1:2e:38:fb:df:4a:7f:fb:ba:91:80:08:81:86:b2:ea:
3f:d3:f6:7c:5b:45:b3:16:71:03:18:69:51:e1:c6:0c:c7:ed:
3e:37:17:52:13:10:81:21:84:8a:7c:b0:93:9a:bb:c1:7e:9f:
44:28:02:38:4a:32:48:10:a3:99:a6:97:a7:88:08:e8:de:61:
31:c2:60:df:10:53:9c:ef:0c:3d:02:de:69:64:0d:84:ff:ae:
eb:d3:50:53:f1:b9:00:ce:d6:9f:8a:35:fc:3f:90:8a:ad:1d:
f2:64:30:fc:39:3a:40:5a:3e:eb:33:aa:1e:5b:c7:d5:fa:89:
71:2c:5c:51:90:f9:2e:b8:2e:75:2a:b5:af:f3:2a:72:4c:4a:
34:13:21:24:db:34:19:0d:77:0b:70:75:3d:9a:b5:d6:13:c7:
96:61:d6:c6:1e:ef:c9:99:79:88:91:89:e7:2f:ef:c3:62:1d:
d2:54:22:57
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQjahLFQ/ScI9yPJelgVMu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYjlmOTE4MTZkZDRkODIyNmE0MWUzYjRjM2IwOWM3YmRj
YzY0YTkwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNiZmZjYjkwYTAyOTEyNTg1NWJkMWU3ZDc5YjhkMGI2NWU4NGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLBv8aUgCTyKuCipZgzNovyCx0r2
r28VN95CiCkKsjrOJLZsH4XzePYewWr9rxzJiNbfFZRn+LcZ0BQyugkukOTi2iJF
2LOlBgOMcIwPcnZbkwvWnbmEX2ym2dXnuXd/c7xRKOtu2374zkUrxz77XP+6b828
yIejTiNToJdR2urcQjyNAprKii2P/9xZhnjAdtAxQ7imnEfJQxciF9PfVPAnoFRO
vBbSW5Rjxwe2OhpgcNti7mN4VYvIWucZcSreVGUI5aIph/TpA+6e5XOwsi2l0lBh
fSTc0uTTmwfqS99NTdhU9EzYavqDc6qfiEeKoNvfW0ccOvyIcPdrq16QUwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFK/L/8uQoCkSWFW9Hn15uNC2XoT+MB8GA1UdIwQY
MBaAFDO5+RgW3U2CJqQeO0w7Cce9zGSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTduNUdCYmRUWUltcEI0N1REc0p4NzNNWktrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi84MTMyZjAtNzAyZS00MDQ0LWI2ZDYt
Y2E4Y2Y2YWNmYWViLzEvcjh2X3k1Q2dLUkpZVmIwZWZYbTQwTFplaFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi84MTMyZjAtNzAyZS00MDQ0LWI2ZDYtY2E4Y2Y2YWNmYWVi
LzEvTTduNUdCYmRUWUltcEI0N1REc0p4NzNNWktrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCTh/IAwQD
V+64AwQAW9RqAwQAW9Z/AwQCuRrIMA0EAgACMAcDBQAqAgjAMA0GCSqGSIb3DQEB
CwUAA4IBAQCDFiTbbhBK4a0iBQQwZ5+1UYfw5zc8o0zExb9uD3vxt0c+71+FqhsI
jqKabUxjeC7SUWdrQzOonV78o8z715aBv7mgBtBguVSw/+EuOPvfSn/7upGACIGG
suo/0/Z8W0WzFnEDGGlR4cYMx+0+NxdSExCBIYSKfLCTmrvBfp9EKAI4SjJIEKOZ
ppeniAjo3mExwmDfEFOc7ww9At5pZA2E/67r01BT8bkAztafijX8P5CKrR3yZDD8
OTpAWj7rM6oeW8fV+olxLFxRkPkuuC51KrWv8ypyTEo0EyEk2zQZDXcLcHU9mrXW
E8eWYdbGHu/JmXmIkYnnL+/DYh3SVCJX
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:08:24 2025 by rpki-client