Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/U_LNSvlDlkkr0YEu8loP_N3lVG8.roa
File: U_LNSvlDlkkr0YEu8loP_N3lVG8.roa (raw, json)
Hash identifier: sfDFxTDzQkmKbFdSJOmY1OQKmiVJ1hkpwWXjIhD3ogw=
Subject key identifier: 53:F2:CD:4A:F9:43:96:49:2B:D1:81:2E:F2:5A:0F:FC:DD:E5:54:6F
Certificate issuer: /CN=9c28a6ed0f5cfce772d5ce5b03bb42932c8a64d0
Certificate serial: 019426D929A996B0A510A562EF42ACB85D8C
Authority key identifier: 9C:28:A6:ED:0F:5C:FC:E7:72:D5:CE:5B:03:BB:42:93:2C:8A:64:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nCim7Q9c_Ody1c5bA7tCkyyKZNA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/U_LNSvlDlkkr0YEu8loP_N3lVG8.roa
Signing time: Thu 02 Jan 2025 11:49:13 +0000
ROA not before: Thu 02 Jan 2025 11:49:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206075
IP address blocks: 31.41.249.0/24 maxlen: 24
91.218.20.0/24 maxlen: 24
185.153.55.0/24 maxlen: 24
188.239.191.0/24 maxlen: 24
193.36.132.0/24 maxlen: 24
2a07:e040::/32 maxlen: 32
2a07:e041::/32 maxlen: 32
2a07:e042::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/nCim7Q9c_Ody1c5bA7tCkyyKZNA.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/nCim7Q9c_Ody1c5bA7tCkyyKZNA.mft
rsync://rpki.ripe.net/repository/DEFAULT/nCim7Q9c_Ody1c5bA7tCkyyKZNA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:29:a9:96:b0:a5:10:a5:62:ef:42:ac:b8:5d:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c28a6ed0f5cfce772d5ce5b03bb42932c8a64d0
Validity
Not Before: Jan 2 11:49:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=53f2cd4af94396492bd1812ef25a0ffcdde5546f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:71:1c:ac:05:22:3d:3f:3d:09:cb:e1:80:66:
20:c0:7b:68:10:de:5d:d4:9f:80:a0:5f:cb:aa:c4:
57:51:31:87:f5:15:5e:1b:b3:74:9e:36:6f:a3:0f:
0e:f4:2b:13:48:35:2f:ff:20:e1:24:4a:54:7e:cd:
28:50:92:1a:cc:9a:88:73:1e:6a:58:4f:1d:08:de:
06:7f:91:75:e9:3e:b7:bc:77:37:24:3b:f3:7c:ea:
f0:93:9d:2a:ce:e7:4c:de:9a:91:05:4b:5f:25:5b:
2c:1b:67:ce:ef:9d:1e:fd:83:6a:26:7b:8a:05:7d:
cf:74:da:ef:2f:69:cb:55:cb:8e:9f:c5:e7:1f:93:
06:6a:3c:10:a7:f1:ec:8b:c2:8d:6e:91:eb:23:3d:
9b:cb:da:ec:d9:43:6e:f5:49:e4:61:a8:d7:8a:b4:
ca:48:d7:37:53:c6:f1:7a:e6:d3:3e:03:6b:d9:63:
14:41:5d:35:11:25:95:28:52:db:8e:bf:d0:09:0f:
d8:63:7e:03:79:b8:95:76:33:95:87:e1:3f:a6:6f:
4f:60:5f:9a:36:93:7c:9d:f5:5e:a9:c5:c0:4f:26:
7d:4d:a1:9a:16:05:f6:f8:d4:42:ae:79:6d:34:89:
8a:31:0b:ba:71:49:9a:ab:8b:07:ec:c8:82:b6:94:
0b:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:F2:CD:4A:F9:43:96:49:2B:D1:81:2E:F2:5A:0F:FC:DD:E5:54:6F
X509v3 Authority Key Identifier:
keyid:9C:28:A6:ED:0F:5C:FC:E7:72:D5:CE:5B:03:BB:42:93:2C:8A:64:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nCim7Q9c_Ody1c5bA7tCkyyKZNA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/U_LNSvlDlkkr0YEu8loP_N3lVG8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/73e52f-42e3-4a31-9736-a6b7600871a6/1/nCim7Q9c_Ody1c5bA7tCkyyKZNA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.249.0/24
91.218.20.0/24
185.153.55.0/24
188.239.191.0/24
193.36.132.0/24
IPv6:
2a07:e040::-2a07:e042:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
0c:a3:a6:6f:c9:4b:98:6a:ed:56:78:54:88:aa:09:13:55:30:
b7:a7:4f:9c:cb:3d:44:7b:8c:6a:77:52:9d:24:86:7d:06:51:
bb:59:89:ba:b0:87:c8:75:5f:e5:dc:88:38:48:60:3e:bf:5c:
8c:49:ef:64:6c:2d:40:9f:98:10:5a:3c:98:3b:90:53:c7:2e:
98:3c:f2:b8:d2:06:fd:48:b8:14:4e:8f:92:ae:8d:36:61:5a:
e9:b2:39:51:35:53:d9:00:bf:37:30:0f:e3:1f:16:b8:9e:78:
c9:4d:d6:84:80:de:dd:5b:22:17:bb:44:e0:d1:f0:7e:26:d2:
f8:2b:98:81:43:6e:f9:96:10:a9:90:95:dd:6f:73:4e:af:a4:
28:89:29:c0:4a:8b:6b:a2:38:db:6e:df:a2:e2:d1:e1:bd:7f:
ba:5d:c8:18:46:1b:83:73:0e:bf:d4:64:97:3d:37:3f:71:57:
dd:23:e2:62:9a:96:db:37:1b:d9:5d:13:42:2b:cf:25:a8:2c:
7d:e4:dc:0b:3b:1f:12:ae:c0:6b:c5:b8:01:b4:f3:f1:94:db:
84:1e:50:ef:d1:cf:42:9b:fd:b0:0b:a4:03:8c:7f:fc:a4:53:
f5:f3:9d:a4:ef:90:3e:53:a7:ce:2f:ed:4a:45:de:4f:87:86:
34:58:c6:2e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQm2SmplrClEKVi70KsuF2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMjhhNmVkMGY1Y2ZjZTc3MmQ1Y2U1YjAzYmI0MjkzMmM4
YTY0ZDAwHhcNMjUwMTAyMTE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2YyY2Q0YWY5NDM5NjQ5MmJkMTgxMmVmMjVhMGZmY2RkZTU1NDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXEcrAUiPT89CcvhgGYgwHtoEN5d
1J+AoF/LqsRXUTGH9RVeG7N0njZvow8O9CsTSDUv/yDhJEpUfs0oUJIazJqIcx5q
WE8dCN4Gf5F16T63vHc3JDvzfOrwk50qzudM3pqRBUtfJVssG2fO750e/YNqJnuK
BX3PdNrvL2nLVcuOn8XnH5MGajwQp/Hsi8KNbpHrIz2by9rs2UNu9UnkYajXirTK
SNc3U8bxeubTPgNr2WMUQV01ESWVKFLbjr/QCQ/YY34DebiVdjOVh+E/pm9PYF+a
NpN8nfVeqcXATyZ9TaGaFgX2+NRCrnltNImKMQu6cUmaq4sH7MiCtpQLDwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFPyzUr5Q5ZJK9GBLvJaD/zd5VRvMB8GA1UdIwQY
MBaAFJwopu0PXPznctXOWwO7QpMsimTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkNpbTdROWNfT2R5MWM1YkE3dENreXlLWk5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83M2U1MmYtNDJlMy00YTMxLTk3MzYt
YTZiNzYwMDg3MWE2LzEvVV9MTlN2bERsa2tyMFlFdThsb1BfTjNsVkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83M2U1MmYtNDJlMy00YTMxLTk3MzYtYTZiNzYwMDg3MWE2
LzEvbkNpbTdROWNfT2R5MWM1YkE3dENreXlLWk5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQAHyn5AwQA
W9oUAwQAuZk3AwQAvO+/AwQAwSSEMBYEAgACMBAwDgMFBioH4EADBQAqB+BCMA0G
CSqGSIb3DQEBCwUAA4IBAQAMo6ZvyUuYau1WeFSIqgkTVTC3p0+cyz1Ee4xqd1Kd
JIZ9BlG7WYm6sIfIdV/l3Ig4SGA+v1yMSe9kbC1An5gQWjyYO5BTxy6YPPK40gb9
SLgUTo+Sro02YVrpsjlRNVPZAL83MA/jHxa4nnjJTdaEgN7dWyIXu0Tg0fB+JtL4
K5iBQ275lhCpkJXdb3NOr6QoiSnASotrojjbbt+i4tHhvX+6XcgYRhuDcw6/1GSX
PTc/cVfdI+JimpbbNxvZXRNCK88lqCx95NwLOx8SrsBrxbgBtPPxlNuEHlDv0c9C
m/2wC6QDjH/8pFP1852k75A+U6fOL+1KRd5Ph4Y0WMYu
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:48:46 2025 by rpki-client