Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/hecINikDAmK8G3Hw6ahvsRHRwW8.roa
File: hecINikDAmK8G3Hw6ahvsRHRwW8.roa (raw, json)
Hash identifier: o+ggObSSPivM7xABVityZZJaZTXdzbRjqX3nGVmT/3M=
Subject key identifier: 85:E7:08:36:29:03:02:62:BC:1B:71:F0:E9:A8:6F:B1:11:D1:C1:6F
Certificate issuer: /CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Certificate serial: 0194228D831B3B6A4C6F48741A19DAB378FD
Authority key identifier: 04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/hecINikDAmK8G3Hw6ahvsRHRwW8.roa
Signing time: Wed 01 Jan 2025 15:48:06 +0000
ROA not before: Wed 01 Jan 2025 15:48:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8257
IP address blocks: 85.135.128.0/17 maxlen: 20
176.61.192.0/18 maxlen: 18
176.61.192.0/20 maxlen: 20
176.61.208.0/20 maxlen: 20
176.61.224.0/21 maxlen: 21
176.61.232.0/21 maxlen: 21
178.253.128.0/18 maxlen: 18
178.253.128.0/19 maxlen: 19
178.253.160.0/19 maxlen: 19
185.37.240.0/22 maxlen: 22
188.112.64.0/18 maxlen: 18
188.112.64.0/19 maxlen: 19
188.112.96.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.mft
rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 22:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:83:1b:3b:6a:4c:6f:48:74:1a:19:da:b3:78:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Validity
Not Before: Jan 1 15:48:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85e7083629030262bc1b71f0e9a86fb111d1c16f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:58:98:52:34:bf:41:f7:4d:78:80:f6:26:b3:
be:47:08:5e:25:8d:87:49:f1:ec:10:b2:af:7d:02:
ec:e3:f4:c9:69:bf:49:40:57:f7:8a:a2:63:4a:72:
79:96:4d:b9:df:04:b1:b0:9b:03:7d:1f:e6:8f:d7:
ec:27:ce:73:5f:5a:96:95:0f:78:f5:cb:98:48:83:
cb:f4:3d:0d:d0:31:f4:7c:35:41:7a:83:59:21:97:
ad:9c:72:76:fe:3a:7d:67:03:90:10:30:44:c8:b7:
90:0c:aa:ee:9a:8e:32:5c:72:45:94:fe:63:15:3f:
b2:77:4a:bd:91:5b:e6:0a:55:ff:48:31:17:8d:8d:
c7:25:95:e5:19:11:cb:a8:b0:14:62:e2:f3:c6:16:
71:9e:37:3f:c1:85:a1:4f:06:c2:9e:7e:83:60:09:
b1:7e:a1:70:e8:09:f3:7f:ea:ad:94:f0:01:66:4f:
ef:0b:ee:2f:f9:28:4a:dd:b7:d6:0b:f1:95:34:82:
1c:c7:ac:fa:17:1c:8c:4b:1a:a6:82:1a:64:33:45:
b7:67:4e:6c:ad:6e:21:c5:84:54:1d:5a:e8:02:52:
e8:c1:a0:47:b0:4c:4b:f6:8b:f4:75:23:5a:47:3d:
71:06:af:d3:f9:c7:db:2c:04:41:fe:1c:9a:ff:d3:
88:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:E7:08:36:29:03:02:62:BC:1B:71:F0:E9:A8:6F:B1:11:D1:C1:6F
X509v3 Authority Key Identifier:
keyid:04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/hecINikDAmK8G3Hw6ahvsRHRwW8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.135.128.0/17
176.61.192.0/18
178.253.128.0/18
185.37.240.0/22
188.112.64.0/18
Signature Algorithm: sha256WithRSAEncryption
9f:d4:6c:c5:50:03:91:46:5a:67:0a:d3:2b:53:4c:47:fc:c9:
9d:1b:14:c0:13:de:a2:dd:25:ed:46:4d:ac:79:0c:28:91:f1:
b3:32:23:bc:d7:dd:1e:b6:bf:1d:b2:b3:03:1c:ae:27:26:28:
bf:47:7e:f6:41:f3:74:8c:7e:5f:0f:fd:34:2d:59:2e:4c:45:
fd:f8:29:26:01:ea:2c:5a:db:2a:5c:ac:8c:71:0f:21:bb:20:
29:84:e8:a4:2c:99:49:7e:57:2a:8e:3f:93:f8:31:12:6a:36:
88:37:00:e8:95:2e:f5:08:f4:20:0e:16:18:55:ee:f8:e7:d9:
39:b5:33:9f:74:6e:ae:52:cb:8d:aa:b2:8c:b0:9b:2e:0e:ad:
8f:68:38:fe:22:a4:3d:da:47:bb:f8:20:af:b9:80:9d:8d:f9:
09:55:f1:fb:8a:45:1e:c0:d1:9a:96:68:91:db:dc:52:f7:8d:
b7:c8:b1:4c:bf:00:72:79:03:fb:f1:e2:86:36:ec:13:31:0c:
f0:ee:e2:2d:07:19:46:b2:cf:12:5b:18:c3:e6:8a:09:c1:8f:
89:51:f8:e2:0c:53:b9:64:07:7a:cd:57:3f:b6:b7:9e:04:49:
97:45:53:d3:9f:66:a0:04:ad:50:a4:48:d2:2d:6b:6d:5b:73:
41:b4:de:46
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQijYMbO2pMb0h0Ghnas3j9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTJhZTJjZDA5NDMzMzAxOGM0MWRhYWZiNDc0YzZjZmE4
MGQwN2QwHhcNMjUwMTAxMTU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWU3MDgzNjI5MDMwMjYyYmMxYjcxZjBlOWE4NmZiMTExZDFjMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1iYUjS/QfdNeID2JrO+RwheJY2H
SfHsELKvfQLs4/TJab9JQFf3iqJjSnJ5lk253wSxsJsDfR/mj9fsJ85zX1qWlQ94
9cuYSIPL9D0N0DH0fDVBeoNZIZetnHJ2/jp9ZwOQEDBEyLeQDKrumo4yXHJFlP5j
FT+yd0q9kVvmClX/SDEXjY3HJZXlGRHLqLAUYuLzxhZxnjc/wYWhTwbCnn6DYAmx
fqFw6Anzf+qtlPABZk/vC+4v+ShK3bfWC/GVNIIcx6z6FxyMSxqmghpkM0W3Z05s
rW4hxYRUHVroAlLowaBHsExL9ov0dSNaRz1xBq/T+cfbLARB/hya/9OI9QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIXnCDYpAwJivBtx8Omob7ER0cFvMB8GA1UdIwQY
MBaAFASirizQlDMwGMQdqvtHTGz6gNB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMt
NmU2ZThkOTMwM2U5LzEvaGVjSU5pa0RBbUs4RzNIdzZhaHZzUkhSd1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMtNmU2ZThkOTMwM2U5
LzEvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQHVYeAAwQG
sD3AAwQGsv2AAwQCuSXwAwQGvHBAMA0GCSqGSIb3DQEBCwUAA4IBAQCf1GzFUAOR
RlpnCtMrU0xH/MmdGxTAE96i3SXtRk2seQwokfGzMiO8190etr8dsrMDHK4nJii/
R372QfN0jH5fD/00LVkuTEX9+CkmAeosWtsqXKyMcQ8huyAphOikLJlJflcqjj+T
+DESajaINwDolS71CPQgDhYYVe7459k5tTOfdG6uUsuNqrKMsJsuDq2PaDj+IqQ9
2ke7+CCvuYCdjfkJVfH7ikUewNGalmiR29xS9423yLFMvwByeQP78eKGNuwTMQzw
7uItBxlGss8SWxjD5ooJwY+JUfjiDFO5ZAd6zVc/treeBEmXRVPTn2agBK1QpEjS
LWttW3NBtN5G
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:57:30 2025 by rpki-client