Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Joxb-Ov4mOMwVlcCtX9JgcTGC7E.roa
File: Joxb-Ov4mOMwVlcCtX9JgcTGC7E.roa (raw, json)
Hash identifier: Yl9ue+rBszk7UzJ2CKvzC8soiMg6PpgsbcWehzUF2xc=
Subject key identifier: 26:8C:5B:F8:EB:F8:98:E3:30:56:57:02:B5:7F:49:81:C4:C6:0B:B1
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 019420D65E2A72974F81DF10526CCDB2BCA3
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Joxb-Ov4mOMwVlcCtX9JgcTGC7E.roa
Signing time: Wed 01 Jan 2025 07:48:27 +0000
ROA not before: Wed 01 Jan 2025 07:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200598
IP address blocks: 24.235.22.0/23 maxlen: 24
31.187.92.0/22 maxlen: 24
66.9.96.0/20 maxlen: 24
69.72.72.0/22 maxlen: 24
77.223.192.0/21 maxlen: 24
77.223.200.0/23 maxlen: 24
79.110.184.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
83.142.200.0/21 maxlen: 24
85.204.28.0/23 maxlen: 24
86.106.28.0/23 maxlen: 24
89.20.50.0/23 maxlen: 24
89.37.60.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
89.40.236.0/23 maxlen: 24
91.210.80.0/22 maxlen: 24
91.217.106.0/23 maxlen: 24
95.215.144.0/22 maxlen: 24
121.127.48.0/20 maxlen: 24
128.0.60.0/22 maxlen: 24
141.193.108.0/22 maxlen: 24
141.193.214.0/23 maxlen: 24
162.216.138.0/23 maxlen: 24
162.250.216.0/22 maxlen: 24
168.149.248.0/23 maxlen: 24
173.214.200.0/22 maxlen: 24
176.111.54.0/23 maxlen: 24
176.222.48.0/22 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
193.91.8.0/23 maxlen: 24
195.78.90.0/23 maxlen: 24
198.14.16.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
199.48.230.0/23 maxlen: 24
204.15.4.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
217.144.108.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 02:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:5e:2a:72:97:4f:81:df:10:52:6c:cd:b2:bc:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Jan 1 07:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=268c5bf8ebf898e330565702b57f4981c4c60bb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:49:03:9f:23:e6:5a:a2:01:08:e3:ee:31:25:
56:3b:83:34:ca:b0:4d:63:81:39:a4:68:2e:3a:64:
a9:77:33:74:ca:72:af:e6:b9:fe:11:2a:4d:94:2d:
83:94:a7:ee:1e:68:53:8b:b7:51:d6:67:f0:f3:d0:
c1:57:e0:a9:c0:cb:13:ca:b2:8a:08:60:0d:ff:34:
d4:35:a3:89:00:48:a4:98:95:05:c7:53:d8:83:74:
44:17:ce:18:ce:96:8b:84:b3:a1:f7:f9:a9:1b:bb:
7c:65:d9:a8:2e:d3:a4:ae:d7:04:cd:2f:04:48:51:
d5:c5:fb:67:a5:e9:45:99:4c:b8:03:5a:7e:a9:78:
7f:d8:9b:ea:98:1a:29:19:fc:d9:65:83:36:ee:cc:
5d:3e:d2:95:0f:e5:af:c8:77:1e:16:96:c2:10:81:
c8:c0:53:58:2c:54:cf:40:01:88:81:af:9d:23:d7:
1e:75:94:c7:5b:ed:ca:d8:2c:68:f2:e5:bd:d5:68:
5c:83:32:52:66:82:35:5f:6b:8b:bf:0b:35:56:5b:
f6:cc:12:eb:ee:96:de:8c:a8:d1:a6:cc:e3:34:62:
18:01:ea:9c:68:da:a6:18:1d:a6:aa:65:a1:3d:66:
f5:c2:68:28:9f:9b:1a:78:5a:d4:50:d7:62:1b:3b:
5c:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:8C:5B:F8:EB:F8:98:E3:30:56:57:02:B5:7F:49:81:C4:C6:0B:B1
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Joxb-Ov4mOMwVlcCtX9JgcTGC7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
31.187.92.0/22
66.9.96.0/20
69.72.72.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
91.210.80.0/22
91.217.106.0/23
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
141.193.108.0/22
141.193.214.0/23
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
193.91.8.0/23
195.78.90.0/23
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
1e:ad:9a:5a:f0:f6:c4:71:4e:e0:d3:20:0e:e7:de:d1:61:d1:
bf:bb:94:3a:48:50:ac:93:73:dd:2a:d2:fa:28:c1:1f:81:93:
9a:66:ae:78:95:bf:5e:4b:31:3a:5f:9e:c9:5e:f7:f3:84:cc:
72:1f:d2:fa:ef:09:9c:13:be:4c:eb:a6:39:fc:f8:b9:ac:c3:
31:f6:d1:75:6c:ea:32:15:4c:08:1e:d4:bf:11:2e:83:7a:5b:
60:d8:82:75:26:52:41:c7:d4:dc:61:8f:82:b8:ad:d8:e0:0f:
91:78:5b:2c:36:e5:2d:27:7c:3c:f4:46:5d:f8:1c:51:a0:78:
40:57:04:75:67:ad:95:da:27:ff:ae:30:3d:4e:a7:23:05:34:
c0:dd:c4:08:c6:e8:0e:13:f7:81:7a:56:cd:59:3a:2b:10:d8:
0d:a2:ea:4f:98:27:82:9d:a9:33:55:a4:70:99:e6:d4:63:c9:
d4:26:e5:f0:d5:d2:0b:95:02:64:fe:ab:47:04:a7:44:3c:91:
2e:9a:2b:7a:21:56:0c:f5:16:9e:a5:77:40:c1:a1:fc:5f:ac:
59:de:63:8c:2e:1b:51:09:53:4b:92:f1:30:53:3e:b8:8d:3e:
fd:1e:33:30:c7:e4:24:bf:5f:29:4d:b1:a5:a9:93:eb:dc:35:
57:88:3d:d3
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISAZQg1l4qcpdPgd8QUmzNsryjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjhjNWJmOGViZjg5OGUzMzA1NjU3MDJiNTdmNDk4MWM0YzYwYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUkDnyPmWqIBCOPuMSVWO4M0yrBN
Y4E5pGguOmSpdzN0ynKv5rn+ESpNlC2DlKfuHmhTi7dR1mfw89DBV+CpwMsTyrKK
CGAN/zTUNaOJAEikmJUFx1PYg3REF84YzpaLhLOh9/mpG7t8ZdmoLtOkrtcEzS8E
SFHVxftnpelFmUy4A1p+qXh/2JvqmBopGfzZZYM27sxdPtKVD+WvyHceFpbCEIHI
wFNYLFTPQAGIga+dI9cedZTHW+3K2Cxo8uW91WhcgzJSZoI1X2uLvws1Vlv2zBLr
7pbejKjRpszjNGIYAeqcaNqmGB2mqmWhPWb1wmgon5saeFrUUNdiGztcVwIDAQAB
o4IC7zCCAuswHQYDVR0OBBYEFCaMW/jr+JjjMFZXArV/SYHExguxMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvSm94Yi1PdjRtT013VmxjQ3RYOUpnY1RHQzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAwYIKwYBBQUHAQcBAf8EgfMwgfAwge0EAgABMIHmAwQB
GOsWAwQCH7tcAwQEQglgAwQCRUhIMAwDBAZN38ADBAFN38gDBAJPbrgDBAFPi0AD
BANTjsgDBAFVzBwDBAFWahwDBAFZFDIDBAFZJTwDBAFZJ7gDBAFZKOwDBAJb0lAD
BAFb2WoDBAJf15ADBAR5fzADBAKAADwDBAKNwWwDBAGNwdYDBAGi2IoDBAKi+tgD
BAGolfgDBAKt1sgDBAGwbzYDBAKw3jADBAOy2LgDBAK81wwDBAHBWwgDBAHDTloD
BATGDhADBALGkXADBAHHMOYDBALMDwQDBAHN3NgDBALZkGwwDQYJKoZIhvcNAQEL
BQADggEBAB6tmlrw9sRxTuDTIA7n3tFh0b+7lDpIUKyTc90q0voowR+Bk5pmrniV
v15LMTpfnsle9/OEzHIf0vrvCZwTvkzrpjn8+LmswzH20XVs6jIVTAge1L8RLoN6
W2DYgnUmUkHH1Nxhj4K4rdjgD5F4Wyw25S0nfDz0Rl34HFGgeEBXBHVnrZXaJ/+u
MD1OpyMFNMDdxAjG6A4T94F6Vs1ZOisQ2A2i6k+YJ4KdqTNVpHCZ5tRjydQm5fDV
0guVAmT+q0cEp0Q8kS6aK3ohVgz1Fp6ld0DBofxfrFneY4wuG1EJU0uS8TBTPriN
Pv0eMzDH5CS/XylNsaWpk+vcNVeIPdM=
-----END CERTIFICATE-----
Generated at Wed Feb 5 11:58:34 2025 by rpki-client