Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/a9IIp-lXURHEn6uSzx2MIUjwzYE.roa
File: a9IIp-lXURHEn6uSzx2MIUjwzYE.roa (raw, json)
Hash identifier: YetmOWjx1SbjgITF8TkhpSIqAkvzS7Zo40g3IaxEfoc=
Subject key identifier: 6B:D2:08:A7:E9:57:51:11:C4:9F:AB:92:CF:1D:8C:21:48:F0:CD:81
Certificate issuer: /CN=08fcaaf8d17dd1a65795f714b267f1bce21938b9
Certificate serial: 01941FFA60E978E1934CC4B2582B84118277
Authority key identifier: 08:FC:AA:F8:D1:7D:D1:A6:57:95:F7:14:B2:67:F1:BC:E2:19:38:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CPyq-NF90aZXlfcUsmfxvOIZOLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/a9IIp-lXURHEn6uSzx2MIUjwzYE.roa
Signing time: Wed 01 Jan 2025 03:48:10 +0000
ROA not before: Wed 01 Jan 2025 03:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205929
IP address blocks: 185.221.61.0/24 maxlen: 24
2a06:89c3:5010::/48 maxlen: 48
2a06:89c4:a000::/48 maxlen: 48
2a06:89c4:c000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/CPyq-NF90aZXlfcUsmfxvOIZOLk.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/CPyq-NF90aZXlfcUsmfxvOIZOLk.mft
rsync://rpki.ripe.net/repository/DEFAULT/CPyq-NF90aZXlfcUsmfxvOIZOLk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 15 Jan 2025 15:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:60:e9:78:e1:93:4c:c4:b2:58:2b:84:11:82:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08fcaaf8d17dd1a65795f714b267f1bce21938b9
Validity
Not Before: Jan 1 03:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6bd208a7e9575111c49fab92cf1d8c2148f0cd81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:64:de:8b:22:c4:b6:28:ae:76:81:a6:f2:08:
82:50:da:25:fa:c8:b6:65:d0:2c:0d:ce:03:b0:6a:
d2:4c:04:06:a3:13:60:4f:fb:a8:7e:01:f3:f3:a0:
f2:d3:a5:77:9c:49:1a:9c:3a:9c:25:dd:6b:7d:80:
63:a9:b2:dc:dc:24:b5:f4:e2:09:07:f6:40:b7:e0:
ad:b0:72:86:a5:b5:db:f3:2a:0a:79:72:74:4f:e4:
de:71:9d:89:de:6f:1d:75:ed:fe:e1:50:10:f6:bd:
c6:68:95:08:f3:31:fc:69:47:55:8d:01:e3:7f:c6:
27:f9:3f:22:87:06:81:f5:c8:de:5d:b4:41:65:c1:
7a:78:1b:0d:9b:7c:38:05:ca:11:cb:22:e8:01:11:
28:03:e9:98:58:0d:10:da:d6:59:fe:c0:a5:c6:36:
23:7d:85:fd:44:b2:36:48:65:0e:35:5b:94:d3:18:
b1:d9:8e:8a:5e:ae:8d:7d:06:0a:95:57:1c:88:25:
d8:24:cb:67:df:df:16:ea:e6:28:4c:70:18:9c:2c:
81:1d:95:09:4b:26:d8:1d:05:9b:a4:c1:1f:e9:0a:
be:6f:a1:35:31:80:96:5e:e5:c0:b2:27:42:f9:30:
2a:b3:fc:13:32:eb:c9:cd:b8:e8:99:21:cf:8f:ea:
46:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:D2:08:A7:E9:57:51:11:C4:9F:AB:92:CF:1D:8C:21:48:F0:CD:81
X509v3 Authority Key Identifier:
keyid:08:FC:AA:F8:D1:7D:D1:A6:57:95:F7:14:B2:67:F1:BC:E2:19:38:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPyq-NF90aZXlfcUsmfxvOIZOLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/a9IIp-lXURHEn6uSzx2MIUjwzYE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0680ae-22f9-43be-90a8-77eeeaf71d08/1/CPyq-NF90aZXlfcUsmfxvOIZOLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.221.61.0/24
IPv6:
2a06:89c3:5010::/48
2a06:89c4:a000::/48
2a06:89c4:c000::/36
Signature Algorithm: sha256WithRSAEncryption
34:01:93:e9:35:cf:c6:60:21:97:95:cc:85:06:57:28:1a:1d:
74:58:f7:19:33:49:5d:85:24:b9:b7:fb:9b:c4:f9:d8:93:b1:
21:55:94:37:3d:83:4d:a2:64:ff:71:ec:1a:9a:e9:f7:10:b8:
52:9a:0e:79:0e:b5:e1:77:17:22:1e:66:01:2a:5f:fd:b7:20:
99:bf:3f:f8:d6:2b:21:3c:7e:55:d6:ed:fc:eb:81:02:97:bd:
e6:f9:08:52:bf:88:2c:a7:26:9f:6b:78:09:a1:98:a8:2e:f3:
2f:85:ec:6c:ed:2a:44:9f:2e:57:07:f4:7e:29:a5:ce:02:78:
ec:cd:ec:8e:a0:a6:ad:f1:45:2d:7a:a4:63:64:91:03:38:1e:
5b:f1:55:d1:9d:97:72:92:d2:c1:71:cd:ca:45:29:f1:61:63:
f4:0b:43:72:7c:c3:22:e4:a8:5f:4c:76:9a:e4:f6:bf:d3:0b:
2d:73:2e:b0:3f:f6:2c:1f:54:6a:fb:f7:aa:15:c4:06:8f:53:
76:1a:bf:d7:2a:55:7b:69:0b:d9:d9:3e:e8:a3:f5:2c:76:ef:
72:2b:90:50:d5:04:70:ea:02:df:4b:fa:47:7b:b0:f2:f9:eb:
29:f4:2c:d8:0a:33:fd:e8:f6:61:4d:3c:5f:af:27:85:b4:b6:
3b:da:cf:40
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQf+mDpeOGTTMSyWCuEEYJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmNhYWY4ZDE3ZGQxYTY1Nzk1ZjcxNGIyNjdmMWJjZTIx
OTM4YjkwHhcNMjUwMTAxMDM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQyMDhhN2U5NTc1MTExYzQ5ZmFiOTJjZjFkOGMyMTQ4ZjBjZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGTeiyLEtiiudoGm8giCUNol+si2
ZdAsDc4DsGrSTAQGoxNgT/uofgHz86Dy06V3nEkanDqcJd1rfYBjqbLc3CS19OIJ
B/ZAt+CtsHKGpbXb8yoKeXJ0T+TecZ2J3m8dde3+4VAQ9r3GaJUI8zH8aUdVjQHj
f8Yn+T8ihwaB9cjeXbRBZcF6eBsNm3w4BcoRyyLoAREoA+mYWA0Q2tZZ/sClxjYj
fYX9RLI2SGUONVuU0xix2Y6KXq6NfQYKlVcciCXYJMtn398W6uYoTHAYnCyBHZUJ
SybYHQWbpMEf6Qq+b6E1MYCWXuXAsidC+TAqs/wTMuvJzbjomSHPj+pGnQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFGvSCKfpV1ERxJ+rks8djCFI8M2BMB8GA1UdIwQY
MBaAFAj8qvjRfdGmV5X3FLJn8bziGTi5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1B5cS1ORjkwYVpYbGZjVXNtZnh2T0laT0xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wNjgwYWUtMjJmOS00M2JlLTkwYTgt
NzdlZWVhZjcxZDA4LzEvYTlJSXAtbFhVUkhFbjZ1U3p4Mk1JVWp3ellFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wNjgwYWUtMjJmOS00M2JlLTkwYTgtNzdlZWVhZjcxZDA4
LzEvQ1B5cS1ORjkwYVpYbGZjVXNtZnh2T0laT0xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAMBAIAATAGAwQAud09MCAE
AgACMBoDBwAqBonDUBADBwAqBonEoAADBgQqBonEwDANBgkqhkiG9w0BAQsFAAOC
AQEANAGT6TXPxmAhl5XMhQZXKBoddFj3GTNJXYUkubf7m8T52JOxIVWUNz2DTaJk
/3HsGprp9xC4UpoOeQ614XcXIh5mASpf/bcgmb8/+NYrITx+Vdbt/OuBApe95vkI
Ur+ILKcmn2t4CaGYqC7zL4XsbO0qRJ8uVwf0fimlzgJ47M3sjqCmrfFFLXqkY2SR
AzgeW/FV0Z2XcpLSwXHNykUp8WFj9AtDcnzDIuSoX0x2muT2v9MLLXMusD/2LB9U
avv3qhXEBo9Tdhq/1ypVe2kL2dk+6KP1LHbvciuQUNUEcOoC30v6R3uw8vnrKfQs
2Aoz/ej2YU08X68nhbS2O9rPQA==
-----END CERTIFICATE-----
Generated at Tue Jan 14 21:09:07 2025 by rpki-client on console-ams.rpki-client.org