Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4a0e8d-0bbe-4213-98b1-1a116a534483/1/I1KraudGgIPbGqrokKSi33-L_jY.roa
File: I1KraudGgIPbGqrokKSi33-L_jY.roa (raw, json)
Hash identifier: L9033CVRp8ri3N0mtJw6UMfr2TqSPrf8oAPr6Y4O13o=
Subject key identifier: 23:52:AB:6A:E7:46:80:83:DB:1A:AA:E8:90:A4:A2:DF:7F:8B:FE:36
Certificate issuer: /CN=8b9e36bb6fef9328f518e4b105fc212c152a8c68
Certificate serial: 01941F8C4A2FFF51E1065A80BBE88CDE2D51
Authority key identifier: 8B:9E:36:BB:6F:EF:93:28:F5:18:E4:B1:05:FC:21:2C:15:2A:8C:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i542u2_vkyj1GOSxBfwhLBUqjGg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/4a0e8d-0bbe-4213-98b1-1a116a534483/1/I1KraudGgIPbGqrokKSi33-L_jY.roa
Signing time: Wed 01 Jan 2025 01:47:55 +0000
ROA not before: Wed 01 Jan 2025 01:47:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207790
IP address blocks: 89.56.0.0/16 maxlen: 24
89.57.0.0/18 maxlen: 24
89.57.64.0/18 maxlen: 24
89.57.128.0/18 maxlen: 24
89.57.192.0/18 maxlen: 24
185.12.88.0/22 maxlen: 22
2a03:7840::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/aa/4a0e8d-0bbe-4213-98b1-1a116a534483/1/i542u2_vkyj1GOSxBfwhLBUqjGg.crl
rsync://rpki.ripe.net/repository/DEFAULT/aa/4a0e8d-0bbe-4213-98b1-1a116a534483/1/i542u2_vkyj1GOSxBfwhLBUqjGg.mft
rsync://rpki.ripe.net/repository/DEFAULT/i542u2_vkyj1GOSxBfwhLBUqjGg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 22:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:4a:2f:ff:51:e1:06:5a:80:bb:e8:8c:de:2d:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b9e36bb6fef9328f518e4b105fc212c152a8c68
Validity
Not Before: Jan 1 01:47:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2352ab6ae7468083db1aaae890a4a2df7f8bfe36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:75:75:13:a1:2a:4e:8e:a7:f9:63:2d:42:93:
c8:bf:e2:53:c5:80:e2:38:3a:cf:88:44:96:c5:d1:
e2:be:c4:0b:14:66:f6:89:45:0f:27:5c:12:0c:e0:
96:93:90:06:76:17:7c:f3:65:fd:40:b8:67:b6:b1:
44:49:35:14:ed:be:78:5e:ca:80:a1:17:4b:8d:03:
18:bd:90:e9:00:8b:41:0a:72:d8:37:99:54:b0:36:
02:b5:d3:0a:4b:22:ac:ca:3f:e0:56:71:5a:84:a5:
4c:d3:a2:9e:ce:94:e0:1b:10:75:a2:b0:28:cf:c5:
ea:c6:0f:70:ad:bc:fd:e8:1f:1a:33:6e:4c:69:bf:
90:3e:7a:c0:05:40:60:4d:d1:ba:1c:a3:39:da:2f:
42:64:6b:b5:d2:9d:e6:e8:d2:f7:72:1a:b3:ca:43:
77:b7:7b:fd:f2:db:9c:84:05:4d:84:82:bf:48:59:
67:50:77:35:78:cc:c1:98:a9:0d:18:7e:3d:ce:2a:
66:0b:ca:2f:f2:b0:48:fa:7d:da:c9:be:21:4f:c1:
87:01:1e:e4:9d:c7:a5:79:26:40:2d:8f:c9:50:e2:
47:82:c3:02:fe:59:04:42:a8:ad:27:ea:d8:8c:19:
cc:d8:7b:e1:60:87:12:b8:c1:82:17:c3:aa:d9:e8:
9f:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:52:AB:6A:E7:46:80:83:DB:1A:AA:E8:90:A4:A2:DF:7F:8B:FE:36
X509v3 Authority Key Identifier:
keyid:8B:9E:36:BB:6F:EF:93:28:F5:18:E4:B1:05:FC:21:2C:15:2A:8C:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i542u2_vkyj1GOSxBfwhLBUqjGg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4a0e8d-0bbe-4213-98b1-1a116a534483/1/I1KraudGgIPbGqrokKSi33-L_jY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4a0e8d-0bbe-4213-98b1-1a116a534483/1/i542u2_vkyj1GOSxBfwhLBUqjGg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.56.0.0/15
185.12.88.0/22
IPv6:
2a03:7840::/29
Signature Algorithm: sha256WithRSAEncryption
60:3f:78:0f:db:6d:ff:23:37:e2:0c:e0:84:20:99:19:6f:5f:
fd:dc:87:ea:51:31:8d:76:6a:87:6f:76:2c:eb:19:c3:52:48:
20:fe:03:71:45:65:59:60:11:14:48:36:54:ac:34:09:5b:e2:
80:d2:ad:0d:d7:05:d7:7f:d1:b6:66:6b:3e:14:79:a0:2e:d5:
a1:bf:d3:ac:a4:67:13:c0:ae:9a:7e:df:60:a7:f0:a6:de:9f:
5c:bf:ee:3a:ad:e5:e8:40:1d:c3:80:e2:64:8f:d3:64:e3:86:
bb:07:c3:dc:ab:b9:e2:36:c9:da:83:ab:78:a1:3b:0f:d1:93:
29:3e:0e:e7:c9:73:61:2b:79:a5:9b:8e:1a:ef:42:e6:7d:c5:
86:ac:d1:79:95:35:cf:b2:03:52:eb:53:51:d8:40:19:63:d9:
56:15:fd:b7:27:5d:78:14:d5:91:c7:cd:d7:68:1e:8b:2f:86:
8a:16:4f:f9:66:b4:76:83:88:89:f2:cd:37:6b:f7:af:5c:4a:
00:5a:e2:cf:8d:0a:26:8a:01:5b:6f:71:2a:7b:a5:d6:22:ce:
7f:ca:12:02:1b:6d:ac:fb:c9:c3:f7:c2:d2:41:b0:b9:d5:57:
3d:26:cd:a0:88:56:76:22:26:8d:83:a5:65:80:3f:2d:0a:91:
c0:ce:4a:c9
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQfjEov/1HhBlqAu+iM3i1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOWUzNmJiNmZlZjkzMjhmNTE4ZTRiMTA1ZmMyMTJjMTUy
YThjNjgwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzUyYWI2YWU3NDY4MDgzZGIxYWFhZTg5MGE0YTJkZjdmOGJmZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknV1E6EqTo6n+WMtQpPIv+JTxYDi
ODrPiESWxdHivsQLFGb2iUUPJ1wSDOCWk5AGdhd882X9QLhntrFESTUU7b54XsqA
oRdLjQMYvZDpAItBCnLYN5lUsDYCtdMKSyKsyj/gVnFahKVM06KezpTgGxB1orAo
z8Xqxg9wrbz96B8aM25Mab+QPnrABUBgTdG6HKM52i9CZGu10p3m6NL3chqzykN3
t3v98tuchAVNhIK/SFlnUHc1eMzBmKkNGH49zipmC8ov8rBI+n3ayb4hT8GHAR7k
nceleSZALY/JUOJHgsMC/lkEQqitJ+rYjBnM2HvhYIcSuMGCF8Oq2eifyQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCNSq2rnRoCD2xqq6JCkot9/i/42MB8GA1UdIwQY
MBaAFIueNrtv75Mo9RjksQX8ISwVKoxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTU0MnUyX3ZreWoxR09TeEJmd2hMQlVxakdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80YTBlOGQtMGJiZS00MjEzLTk4YjEt
MWExMTZhNTM0NDgzLzEvSTFLcmF1ZEdnSVBiR3Fyb2tLU2kzMy1MX2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80YTBlOGQtMGJiZS00MjEzLTk4YjEtMWExMTZhNTM0NDgz
LzEvaTU0MnUyX3ZreWoxR09TeEJmd2hMQlVxakdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMBWTgDBAK5
DFgwDQQCAAIwBwMFAyoDeEAwDQYJKoZIhvcNAQELBQADggEBAGA/eA/bbf8jN+IM
4IQgmRlvX/3ch+pRMY12aodvdizrGcNSSCD+A3FFZVlgERRINlSsNAlb4oDSrQ3X
Bdd/0bZmaz4UeaAu1aG/06ykZxPArpp+32Cn8Kben1y/7jqt5ehAHcOA4mSP02Tj
hrsHw9yrueI2ydqDq3ihOw/Rkyk+DufJc2EreaWbjhrvQuZ9xYas0XmVNc+yA1Lr
U1HYQBlj2VYV/bcnXXgU1ZHHzddoHosvhooWT/lmtHaDiInyzTdr969cSgBa4s+N
CiaKAVtvcSp7pdYizn/KEgIbbaz7ycP3wtJBsLnVVz0mzaCIVnYiJo2DpWWAPy0K
kcDOSsk=
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:30:49 2025 by rpki-client