Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/dfead7-586a-4b35-b199-dfe45f672f81/1/iHSrTbxet8j5uaWQ6yDr02jRxjY.roa
File: iHSrTbxet8j5uaWQ6yDr02jRxjY.roa (raw, json)
Hash identifier: oCfYmcjvyzUP7DhCDsHSSh72gSgXxnVFLGRLc0v5Xfo=
Subject key identifier: 88:74:AB:4D:BC:5E:B7:C8:F9:B9:A5:90:EB:20:EB:D3:68:D1:C6:36
Certificate issuer: /CN=1f7142b45b5ce39016e25e09b2fed579a9bd77d6
Certificate serial: 0194222035C1E5D29957EF98E015C8BAEA50
Authority key identifier: 1F:71:42:B4:5B:5C:E3:90:16:E2:5E:09:B2:FE:D5:79:A9:BD:77:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H3FCtFtc45AW4l4Jsv7Veam9d9Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/dfead7-586a-4b35-b199-dfe45f672f81/1/iHSrTbxet8j5uaWQ6yDr02jRxjY.roa
Signing time: Wed 01 Jan 2025 13:48:43 +0000
ROA not before: Wed 01 Jan 2025 13:48:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198539
IP address blocks: 185.228.112.0/23 maxlen: 23
185.228.114.0/24 maxlen: 24
185.228.115.0/24 maxlen: 24
194.50.141.0/24 maxlen: 24
194.50.142.0/24 maxlen: 24
194.50.143.0/24 maxlen: 24
2a0d:e00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/dfead7-586a-4b35-b199-dfe45f672f81/1/H3FCtFtc45AW4l4Jsv7Veam9d9Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/dfead7-586a-4b35-b199-dfe45f672f81/1/H3FCtFtc45AW4l4Jsv7Veam9d9Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/H3FCtFtc45AW4l4Jsv7Veam9d9Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 04:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:35:c1:e5:d2:99:57:ef:98:e0:15:c8:ba:ea:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f7142b45b5ce39016e25e09b2fed579a9bd77d6
Validity
Not Before: Jan 1 13:48:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8874ab4dbc5eb7c8f9b9a590eb20ebd368d1c636
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:a8:c4:90:7c:22:12:31:50:72:f0:9d:8b:95:
49:c9:7b:da:b7:f5:e7:43:c3:bb:af:7f:5b:83:c7:
e0:ba:a6:e8:72:66:0c:7f:0c:0b:25:15:bc:ec:3f:
e3:27:89:1d:4d:30:f1:26:49:ec:aa:df:c3:70:49:
12:f3:99:95:61:c9:53:ff:8c:00:e5:8b:5b:00:a5:
e2:14:8f:11:61:1d:e3:60:6d:53:ed:d2:ab:44:cd:
5c:87:80:11:14:53:9b:b5:05:0d:63:ab:10:c0:1c:
5d:57:c6:52:44:43:e3:1d:7d:91:c0:d2:1b:c5:5e:
40:83:1d:78:86:f3:25:0f:ef:86:a1:48:ec:7f:11:
11:42:60:1e:9d:2f:69:21:c5:73:6b:80:72:b6:46:
41:ed:98:9d:40:10:a5:78:b4:69:c2:d4:dc:67:cd:
57:9d:a9:87:c1:6c:87:9e:1f:e9:21:42:7c:33:71:
e4:63:29:3e:21:df:42:6f:59:d6:06:4d:f1:c8:af:
78:71:d1:c6:e4:23:08:91:80:4e:33:d0:2f:c6:25:
a2:05:2f:d8:de:47:aa:bb:a5:ee:2c:cf:f8:19:e9:
ef:b5:a9:d4:3a:95:05:c6:98:ed:bd:8f:50:cd:32:
db:4b:66:66:7e:61:27:83:ae:d5:b3:9d:c6:d1:86:
f3:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:74:AB:4D:BC:5E:B7:C8:F9:B9:A5:90:EB:20:EB:D3:68:D1:C6:36
X509v3 Authority Key Identifier:
keyid:1F:71:42:B4:5B:5C:E3:90:16:E2:5E:09:B2:FE:D5:79:A9:BD:77:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H3FCtFtc45AW4l4Jsv7Veam9d9Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/dfead7-586a-4b35-b199-dfe45f672f81/1/iHSrTbxet8j5uaWQ6yDr02jRxjY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/dfead7-586a-4b35-b199-dfe45f672f81/1/H3FCtFtc45AW4l4Jsv7Veam9d9Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.228.112.0/22
194.50.141.0-194.50.143.255
IPv6:
2a0d:e00::/29
Signature Algorithm: sha256WithRSAEncryption
d7:a1:57:64:bb:f5:a1:75:09:86:43:4c:cf:d1:61:02:2e:e3:
aa:76:5c:8a:03:d2:a0:8d:a1:d6:f8:c5:9d:aa:7e:e1:e1:5e:
b8:8f:8b:68:f8:7e:87:2c:bc:ae:69:a7:54:59:42:5b:59:66:
c3:c1:8d:bc:75:31:60:6c:d4:f7:a6:6f:aa:8d:a3:06:a7:3e:
bc:af:45:61:a3:8e:1f:5d:8a:50:a1:95:48:7a:2f:3d:16:0a:
e4:c8:23:0b:2d:04:8c:7c:ab:eb:c7:50:68:b2:55:99:1a:7a:
22:9b:79:39:6a:2e:5a:ed:d5:4d:cf:fa:76:70:cb:2a:ac:ca:
6f:5a:df:50:fe:7b:05:53:c1:93:5c:88:fd:d1:cc:a2:3e:86:
e6:3f:7e:9e:b6:7b:7e:7c:35:31:4e:0c:b3:56:67:45:c1:b9:
e2:29:ba:2f:93:60:11:e4:0f:48:3b:1d:38:64:8e:80:73:73:
04:7b:56:7f:60:00:a4:a7:c0:a3:ff:d5:06:05:05:c3:57:01:
28:1c:3c:68:3e:86:8d:8c:e5:24:7a:98:74:68:ff:0c:73:94:
63:7d:21:4a:2d:da:b4:86:bc:d7:f0:f9:73:b2:e5:34:b4:fc:
04:3b:95:6e:d6:9f:65:72:63:ba:88:d3:b2:8a:02:43:dc:30:
f0:00:f1:cc
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQiIDXB5dKZV++Y4BXIuupQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNzE0MmI0NWI1Y2UzOTAxNmUyNWUwOWIyZmVkNTc5YTli
ZDc3ZDYwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc0YWI0ZGJjNWViN2M4ZjliOWE1OTBlYjIwZWJkMzY4ZDFjNjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnajEkHwiEjFQcvCdi5VJyXvat/Xn
Q8O7r39bg8fguqbocmYMfwwLJRW87D/jJ4kdTTDxJknsqt/DcEkS85mVYclT/4wA
5YtbAKXiFI8RYR3jYG1T7dKrRM1ch4ARFFObtQUNY6sQwBxdV8ZSREPjHX2RwNIb
xV5Agx14hvMlD++GoUjsfxERQmAenS9pIcVza4BytkZB7ZidQBCleLRpwtTcZ81X
namHwWyHnh/pIUJ8M3HkYyk+Id9Cb1nWBk3xyK94cdHG5CMIkYBOM9AvxiWiBS/Y
3kequ6XuLM/4GenvtanUOpUFxpjtvY9QzTLbS2ZmfmEng67Vs53G0YbzPwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIh0q028XrfI+bmlkOsg69No0cY2MB8GA1UdIwQY
MBaAFB9xQrRbXOOQFuJeCbL+1XmpvXfWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDNGQ3RGdGM0NUFXNGw0SnN2N1ZlYW05ZDlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9kZmVhZDctNTg2YS00YjM1LWIxOTkt
ZGZlNDVmNjcyZjgxLzEvaUhTclRieGV0OGo1dWFXUTZ5RHIwMmpSeGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9kZmVhZDctNTg2YS00YjM1LWIxOTktZGZlNDVmNjcyZjgx
LzEvSDNGQ3RGdGM0NUFXNGw0SnN2N1ZlYW05ZDlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCueRwMAwD
BADCMo0DBATCMoAwDQQCAAIwBwMFAyoNDgAwDQYJKoZIhvcNAQELBQADggEBANeh
V2S79aF1CYZDTM/RYQIu46p2XIoD0qCNodb4xZ2qfuHhXriPi2j4focsvK5pp1RZ
QltZZsPBjbx1MWBs1Pemb6qNowanPryvRWGjjh9dilChlUh6Lz0WCuTIIwstBIx8
q+vHUGiyVZkaeiKbeTlqLlrt1U3P+nZwyyqsym9a31D+ewVTwZNciP3RzKI+huY/
fp62e358NTFODLNWZ0XBueIpui+TYBHkD0g7HThkjoBzcwR7Vn9gAKSnwKP/1QYF
BcNXASgcPGg+ho2M5SR6mHRo/wxzlGN9IUot2rSGvNfw+XOy5TS0/AQ7lW7Wn2Vy
Y7qI07KKAkPcMPAA8cw=
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:56:04 2025 by rpki-client