Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MH1dmz13T9C7jCGIOBBz6RYrJUs.roa
File: MH1dmz13T9C7jCGIOBBz6RYrJUs.roa (raw, json)
Hash identifier: lQ5Czk4t951akEF6HwAVPN/Kw5sfM3ihSfMRa+ahvYA=
Subject key identifier: 30:7D:5D:9B:3D:77:4F:D0:BB:8C:21:88:38:10:73:E9:16:2B:25:4B
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019422202813BB6762899C365BE7A5DE935D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MH1dmz13T9C7jCGIOBBz6RYrJUs.roa
Signing time: Wed 01 Jan 2025 13:48:40 +0000
ROA not before: Wed 01 Jan 2025 13:48:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137409
IP address blocks: 45.8.70.0/24 maxlen: 24
45.130.202.0/23 maxlen: 24
45.133.4.0/24 maxlen: 24
45.133.5.0/24 maxlen: 24
45.133.6.0/24 maxlen: 24
45.133.7.0/24 maxlen: 24
89.34.126.0/23 maxlen: 24
185.165.45.0/24 maxlen: 24
185.245.7.0/24 maxlen: 24
188.213.202.0/24 maxlen: 24
194.5.82.0/24 maxlen: 24
194.5.83.0/24 maxlen: 24
194.61.40.0/24 maxlen: 24
194.61.41.0/24 maxlen: 24
203.25.124.0/24 maxlen: 24
204.75.229.0/24 maxlen: 24
220.158.199.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:28:13:bb:67:62:89:9c:36:5b:e7:a5:de:93:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=307d5d9b3d774fd0bb8c2188381073e9162b254b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:38:35:01:78:bf:ad:b5:48:96:ec:16:78:2e:
b9:83:fa:72:f5:74:95:30:a1:ee:5f:2e:a4:75:fa:
8f:f6:e6:e6:e6:66:30:45:dd:90:f6:a1:4e:81:85:
b2:e3:a9:d8:d4:34:b2:87:0a:48:e7:6d:9b:a4:2b:
8e:5a:a7:65:64:a6:49:fa:c8:df:25:14:77:ba:c4:
75:ea:db:17:eb:d5:8d:c2:d6:0a:01:5c:3c:59:0c:
2b:a7:8d:21:cc:46:a9:7f:a8:60:06:07:fb:ce:a0:
f5:95:3c:7d:d0:fb:1d:74:12:20:b2:84:8a:96:80:
29:62:4f:11:ef:42:e5:ca:af:7d:b6:9a:f6:ff:b0:
b3:34:86:6d:82:dd:6c:91:f2:ba:74:f5:92:da:2c:
ec:2f:96:43:2a:ca:b6:1e:ea:90:fc:32:20:84:8f:
d5:df:6b:6c:a6:7b:0a:8e:08:19:8a:25:16:de:d9:
48:5d:e3:4c:38:21:0e:87:f2:0f:37:09:fa:a8:77:
f5:62:ad:3e:09:e1:e7:c4:c1:e2:01:1a:47:ef:b7:
9b:65:82:d9:67:b7:d6:7a:5f:5c:b0:b7:43:7b:28:
0f:0f:4c:7a:ed:09:03:1f:f7:aa:d7:2b:9c:69:00:
7a:15:76:a3:ad:c7:29:e4:56:e5:f5:1c:08:d9:f0:
8e:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:7D:5D:9B:3D:77:4F:D0:BB:8C:21:88:38:10:73:E9:16:2B:25:4B
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MH1dmz13T9C7jCGIOBBz6RYrJUs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.70.0/24
45.130.202.0/23
45.133.4.0/22
89.34.126.0/23
185.165.45.0/24
185.245.7.0/24
188.213.202.0/24
194.5.82.0/23
194.61.40.0/23
203.25.124.0/24
204.75.229.0/24
220.158.199.0/24
Signature Algorithm: sha256WithRSAEncryption
08:3f:65:7a:13:af:89:67:83:a2:62:d1:ca:7c:c5:2b:15:3c:
39:34:0d:c1:25:b7:c3:13:ad:06:05:4c:69:01:c9:41:8a:72:
c6:75:2f:c9:71:f8:a7:2f:45:20:ea:25:5c:66:bd:50:69:26:
f6:ab:d2:97:f7:3b:95:d4:ed:29:39:76:94:f8:48:b9:97:19:
4e:02:53:ef:63:d2:9e:0f:03:4d:f6:7a:06:5f:71:71:27:73:
07:f9:3d:10:45:ba:17:aa:53:52:79:c1:02:b8:8d:ba:5a:a4:
42:d3:5a:c8:46:5e:4e:8c:96:84:5d:2f:1a:c1:d6:d7:cb:9d:
6a:32:2e:59:ac:06:cb:c3:c5:18:b0:d0:42:9d:a7:55:ad:fb:
b9:28:1e:b8:7d:20:8c:70:81:ab:c3:d2:88:98:8b:2e:bb:df:
6e:d1:0c:28:0f:e6:46:bc:02:6f:0b:fa:da:f6:7b:41:ff:54:
f5:71:f5:fd:bd:7f:a2:dc:33:a0:07:ae:be:40:28:a3:21:c0:
73:a0:00:bc:19:8f:bd:2a:d1:00:f8:85:af:9a:3f:82:16:f4:
07:d9:1e:f8:d8:81:33:3d:62:f6:17:7d:13:10:14:11:17:5e:
a1:1d:a9:95:3f:45:77:ee:85:39:c8:a9:07:cc:7a:2a:67:9a:
7d:a8:37:e3
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQiICgTu2diiZw2W+el3pNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDdkNWQ5YjNkNzc0ZmQwYmI4YzIxODgzODEwNzNlOTE2MmIyNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDg1AXi/rbVIluwWeC65g/py9XSV
MKHuXy6kdfqP9ubm5mYwRd2Q9qFOgYWy46nY1DSyhwpI522bpCuOWqdlZKZJ+sjf
JRR3usR16tsX69WNwtYKAVw8WQwrp40hzEapf6hgBgf7zqD1lTx90PsddBIgsoSK
loApYk8R70Llyq99tpr2/7CzNIZtgt1skfK6dPWS2izsL5ZDKsq2HuqQ/DIghI/V
32tspnsKjggZiiUW3tlIXeNMOCEOh/IPNwn6qHf1Yq0+CeHnxMHiARpH77ebZYLZ
Z7fWel9csLdDeygPD0x67QkDH/eq1yucaQB6FXajrccp5Fbl9RwI2fCOMwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFDB9XZs9d0/Qu4whiDgQc+kWKyVLMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTUgxZG16MTNUOUM3akNHSU9CQno2UllySlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQhGAwQB
LYLKAwQCLYUEAwQBWSJ+AwQAuaUtAwQAufUHAwQAvNXKAwQBwgVSAwQBwj0oAwQA
yxl8AwQAzEvlAwQA3J7HMA0GCSqGSIb3DQEBCwUAA4IBAQAIP2V6E6+JZ4OiYtHK
fMUrFTw5NA3BJbfDE60GBUxpAclBinLGdS/JcfinL0Ug6iVcZr1QaSb2q9KX9zuV
1O0pOXaU+Ei5lxlOAlPvY9KeDwNN9noGX3FxJ3MH+T0QRboXqlNSecECuI26WqRC
01rIRl5OjJaEXS8awdbXy51qMi5ZrAbLw8UYsNBCnadVrfu5KB64fSCMcIGrw9KI
mIsuu99u0QwoD+ZGvAJvC/ra9ntB/1T1cfX9vX+i3DOgB66+QCijIcBzoAC8GY+9
KtEA+IWvmj+CFvQH2R742IEzPWL2F30TEBQRF16hHamVP0V37oU5yKkHzHoqZ5p9
qDfj
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:51:00 2025 by rpki-client