Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/fa6cc2-27af-416c-a134-98f7454ba6ce/1/8gW9HzVtsq8E7qA7ltvcwjfvGOc.roa
File: 8gW9HzVtsq8E7qA7ltvcwjfvGOc.roa (raw, json)
Hash identifier: YA8a2IoWK4RdfAw+N6IQe1enWMEGZEE3fnlKSQfkojY=
Subject key identifier: F2:05:BD:1F:35:6D:B2:AF:04:EE:A0:3B:96:DB:DC:C2:37:EF:18:E7
Certificate issuer: /CN=4a8ae7871525be2ea4d0dffdae4f3a8bff372496
Certificate serial: 0195C813B64B372B1FC5D607034B8A27B254
Authority key identifier: 4A:8A:E7:87:15:25:BE:2E:A4:D0:DF:FD:AE:4F:3A:8B:FF:37:24:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SornhxUlvi6k0N_9rk86i_83JJY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/fa6cc2-27af-416c-a134-98f7454ba6ce/1/8gW9HzVtsq8E7qA7ltvcwjfvGOc.roa
Signing time: Mon 24 Mar 2025 12:14:49 +0000
ROA not before: Mon 24 Mar 2025 12:14:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207503
IP address blocks: 134.101.32.0/21 maxlen: 21
134.101.40.0/21 maxlen: 21
134.101.48.0/21 maxlen: 21
134.101.56.0/21 maxlen: 21
185.102.240.0/23 maxlen: 23
185.102.242.0/23 maxlen: 23
212.110.232.0/21 maxlen: 21
212.110.240.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/fa6cc2-27af-416c-a134-98f7454ba6ce/1/SornhxUlvi6k0N_9rk86i_83JJY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/fa6cc2-27af-416c-a134-98f7454ba6ce/1/SornhxUlvi6k0N_9rk86i_83JJY.mft
rsync://rpki.ripe.net/repository/DEFAULT/SornhxUlvi6k0N_9rk86i_83JJY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 12:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:c8:13:b6:4b:37:2b:1f:c5:d6:07:03:4b:8a:27:b2:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4a8ae7871525be2ea4d0dffdae4f3a8bff372496
Validity
Not Before: Mar 24 12:14:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f205bd1f356db2af04eea03b96dbdcc237ef18e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:14:08:8a:92:65:de:8b:88:4f:0b:d1:6d:69:
54:4c:71:e2:10:67:9a:a5:2d:f0:8a:3a:a4:57:37:
fa:43:a7:39:88:f7:da:83:28:ff:f1:37:c1:cf:20:
f1:eb:12:63:12:b2:09:7d:ed:c4:7a:9a:73:65:31:
ec:9e:91:87:5c:b8:7f:95:7e:24:d4:0f:85:da:0c:
2d:f5:15:65:59:2d:ea:9f:0d:82:1f:56:d9:9e:c2:
6a:a2:da:57:d1:8a:e8:b5:52:cd:2a:15:82:d7:47:
43:e6:83:48:74:5b:08:74:95:24:cf:8e:0e:c8:09:
f1:d8:ec:c0:31:d1:d3:ac:9d:a8:45:14:a0:b2:03:
4e:b9:e1:7d:21:1c:34:9e:0f:0e:77:fb:7b:b4:36:
a9:b0:9b:f7:78:cb:fa:c2:88:04:fd:b2:e4:62:0a:
14:0e:66:8f:61:3b:3f:a2:43:81:ce:13:43:38:b9:
98:b6:18:42:84:a2:04:ee:e9:5c:97:3e:3c:3c:d6:
72:0d:0c:eb:9d:ac:e1:57:a8:9c:07:77:08:c7:76:
1e:60:0f:4d:a6:6c:25:e5:74:76:c9:36:88:90:cc:
8a:31:df:fc:5d:11:65:49:60:42:c9:63:13:30:ce:
19:41:28:9a:84:32:78:b8:3d:d5:dd:cd:32:c3:a6:
3b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:05:BD:1F:35:6D:B2:AF:04:EE:A0:3B:96:DB:DC:C2:37:EF:18:E7
X509v3 Authority Key Identifier:
keyid:4A:8A:E7:87:15:25:BE:2E:A4:D0:DF:FD:AE:4F:3A:8B:FF:37:24:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SornhxUlvi6k0N_9rk86i_83JJY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/fa6cc2-27af-416c-a134-98f7454ba6ce/1/8gW9HzVtsq8E7qA7ltvcwjfvGOc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/fa6cc2-27af-416c-a134-98f7454ba6ce/1/SornhxUlvi6k0N_9rk86i_83JJY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
134.101.32.0/19
185.102.240.0/22
212.110.232.0-212.110.247.255
Signature Algorithm: sha256WithRSAEncryption
83:f0:61:70:0e:c7:fb:3b:6a:03:71:ab:e3:0e:0a:08:fd:a2:
41:a5:c1:a3:3f:1d:aa:bf:8f:4d:0e:49:92:37:11:c5:36:8d:
5f:1b:79:30:95:f9:9e:53:61:b9:88:40:af:75:7a:ed:3a:55:
18:22:94:95:c6:71:39:50:cf:3b:e8:55:15:95:9b:b6:0f:f6:
de:a1:8d:28:5f:dd:59:42:45:80:67:bc:48:b1:c8:4e:c7:90:
0f:d7:a0:91:6d:c8:d2:5e:50:11:fb:c5:05:cb:90:6d:c5:e9:
87:0d:1d:88:7d:cf:34:7a:0b:c1:e4:61:ce:04:20:06:6a:8e:
46:b8:fa:a5:36:f1:3d:63:75:17:d4:dd:28:7c:20:88:01:a3:
32:d8:d8:35:87:85:c1:3e:c9:8b:7b:3f:fa:0b:d6:5b:49:a1:
d6:14:88:e1:4d:56:f4:3c:23:97:1f:99:c4:a4:f5:ec:04:86:
5c:21:d8:e7:b9:26:9c:f8:cc:10:04:37:09:a0:17:cf:a4:53:
9a:a9:63:5f:1c:99:34:a6:61:72:28:a6:55:e9:41:f6:56:7d:
c8:41:72:57:24:73:84:eb:ae:72:d6:ae:f5:02:5b:d8:6f:c3:
f7:e8:c2:95:2c:ca:57:d2:6b:1e:a0:69:3e:36:7f:b2:94:0d:
57:4e:a6:c5
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZXIE7ZLNysfxdYHA0uKJ7JUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOGFlNzg3MTUyNWJlMmVhNGQwZGZmZGFlNGYzYThiZmYz
NzI0OTYwHhcNMjUwMzI0MTIxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjA1YmQxZjM1NmRiMmFmMDRlZWEwM2I5NmRiZGNjMjM3ZWYxOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhQIipJl3ouITwvRbWlUTHHiEGea
pS3wijqkVzf6Q6c5iPfagyj/8TfBzyDx6xJjErIJfe3EeppzZTHsnpGHXLh/lX4k
1A+F2gwt9RVlWS3qnw2CH1bZnsJqotpX0YrotVLNKhWC10dD5oNIdFsIdJUkz44O
yAnx2OzAMdHTrJ2oRRSgsgNOueF9IRw0ng8Od/t7tDapsJv3eMv6wogE/bLkYgoU
DmaPYTs/okOBzhNDOLmYthhChKIE7ulclz48PNZyDQzrnazhV6icB3cIx3YeYA9N
pmwl5XR2yTaIkMyKMd/8XRFlSWBCyWMTMM4ZQSiahDJ4uD3V3c0yw6Y7MwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPIFvR81bbKvBO6gO5bb3MI37xjnMB8GA1UdIwQY
MBaAFEqK54cVJb4upNDf/a5POov/NySWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU29ybmh4VWx2aTZrME5fOXJrODZpXzgzSkpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mYTZjYzItMjdhZi00MTZjLWExMzQt
OThmNzQ1NGJhNmNlLzEvOGdXOUh6VnRzcThFN3FBN2x0dmN3amZ2R09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mYTZjYzItMjdhZi00MTZjLWExMzQtOThmNzQ1NGJhNmNl
LzEvU29ybmh4VWx2aTZrME5fOXJrODZpXzgzSkpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQFhmUgAwQC
uWbwMAwDBAPUbugDBAPUbvAwDQYJKoZIhvcNAQELBQADggEBAIPwYXAOx/s7agNx
q+MOCgj9okGlwaM/Haq/j00OSZI3EcU2jV8beTCV+Z5TYbmIQK91eu06VRgilJXG
cTlQzzvoVRWVm7YP9t6hjShf3VlCRYBnvEixyE7HkA/XoJFtyNJeUBH7xQXLkG3F
6YcNHYh9zzR6C8HkYc4EIAZqjka4+qU28T1jdRfU3Sh8IIgBozLY2DWHhcE+yYt7
P/oL1ltJodYUiOFNVvQ8I5cfmcSk9ewEhlwh2Oe5Jpz4zBAENwmgF8+kU5qpY18c
mTSmYXIoplXpQfZWfchBclckc4TrrnLWrvUCW9hvw/fowpUsylfSax6gaT42f7KU
DVdOpsU=
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:56:17 2025 by rpki-client