Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aifnUYxS77McHNNie5GBKa2t3Ew.roa
File: aifnUYxS77McHNNie5GBKa2t3Ew.roa (raw, json)
Hash identifier: Ql6mJLCovwx1h3yN3wvPeSKwTYOm8NcgMq/CjzMWeGw=
Subject key identifier: 6A:27:E7:51:8C:52:EF:B3:1C:1C:D3:62:7B:91:81:29:AD:AD:DC:4C
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0194222011DF4F0BFA0C9BBEEE56F6327E9A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aifnUYxS77McHNNie5GBKa2t3Ew.roa
Signing time: Wed 01 Jan 2025 13:48:34 +0000
ROA not before: Wed 01 Jan 2025 13:48:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20712
IP address blocks: 45.88.21.0/24 maxlen: 24
45.88.23.0/24 maxlen: 24
45.89.37.0/24 maxlen: 24
45.89.39.0/24 maxlen: 24
45.92.3.0/24 maxlen: 24
45.140.134.0/24 maxlen: 24
91.190.97.0/24 maxlen: 24
91.190.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:11:df:4f:0b:fa:0c:9b:be:ee:56:f6:32:7e:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6a27e7518c52efb31c1cd3627b918129adaddc4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:f9:29:21:a2:24:54:42:c0:9b:e7:43:de:de:
b0:e8:de:e7:84:0d:15:06:bc:0b:ce:6d:a2:7c:8e:
6c:72:13:30:20:ee:7b:8a:e9:29:d7:7e:78:b4:1f:
4e:d5:d8:e4:e2:c4:81:6b:af:8a:6f:2c:b8:5c:be:
be:25:92:b9:d5:5b:05:d0:d5:62:8c:16:6c:67:d9:
54:a1:93:92:e2:d8:07:3d:a6:3c:66:4a:52:2e:ba:
b8:ea:e5:23:31:e4:93:c2:6d:65:65:30:10:ee:3e:
0f:c6:69:08:89:bf:c4:46:0e:24:bb:e6:cf:e9:60:
ef:90:2c:95:76:3b:ba:8b:71:9c:a2:fa:67:8f:dd:
1e:c8:2c:09:68:85:52:8d:10:e0:3d:85:eb:51:52:
1f:4b:0f:9d:b5:d3:73:40:45:16:ff:95:33:ab:4a:
03:c8:34:b0:3a:96:1a:8a:56:c9:3d:ec:26:70:02:
72:97:34:4d:32:8a:1a:9f:f4:06:2d:c2:8f:42:b2:
c9:4a:e9:e5:7c:23:c9:86:bd:82:36:c0:13:4a:a9:
39:cb:06:f7:20:84:37:ed:79:cf:2c:86:03:8a:e8:
49:0a:27:f8:1a:a0:f8:9f:ef:53:f7:55:5a:15:bc:
48:6e:67:00:e5:be:07:94:33:c6:5c:1a:c5:92:39:
95:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:27:E7:51:8C:52:EF:B3:1C:1C:D3:62:7B:91:81:29:AD:AD:DC:4C
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aifnUYxS77McHNNie5GBKa2t3Ew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.21.0/24
45.88.23.0/24
45.89.37.0/24
45.89.39.0/24
45.92.3.0/24
45.140.134.0/24
91.190.97.0/24
91.190.105.0/24
Signature Algorithm: sha256WithRSAEncryption
09:02:0c:16:5a:31:3e:23:11:e7:13:c9:60:4a:3b:76:b9:5f:
9e:f6:1b:65:ee:e7:b1:a8:54:cc:ec:43:c6:1f:f1:8f:55:ca:
46:c5:ac:52:7b:94:56:b0:bb:20:19:9e:a1:8d:45:0f:0c:0f:
3f:9b:97:d3:d1:31:da:94:e6:21:33:10:7a:55:f8:6b:43:d0:
2f:3c:0b:9c:78:93:f2:fc:4b:c8:02:c5:f1:8f:c5:0b:32:83:
0a:5c:a6:86:51:f0:cd:47:cd:09:b3:cc:e3:22:c5:9e:b5:9b:
f6:81:a7:f0:f6:af:b7:9f:ac:eb:d2:5d:47:3a:77:c4:c3:aa:
58:6b:9d:16:cf:62:93:06:63:9a:8d:e8:d2:72:59:30:1f:74:
af:1f:d0:e0:c5:8f:3b:66:3c:dd:e7:44:68:6f:da:d3:b4:e0:
fb:ad:8c:47:35:c0:bf:0a:ee:5c:0a:96:b6:89:6a:51:a9:41:
cb:42:2a:ed:a6:7e:38:d8:9a:50:c2:18:e5:da:33:cc:4c:93:
aa:a4:bd:3e:ac:7a:23:85:23:4e:93:7e:59:a7:61:14:1e:03:
7b:f2:ba:f3:f4:ba:3f:10:e0:5d:34:84:02:e9:8e:e8:b1:18:
01:a3:cb:60:db:1a:0e:d6:47:20:02:71:5b:84:ef:d8:4b:1e:
eb:a5:49:16
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQiIBHfTwv6DJu+7lb2Mn6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTI3ZTc1MThjNTJlZmIzMWMxY2QzNjI3YjkxODEyOWFkYWRkYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfkpIaIkVELAm+dD3t6w6N7nhA0V
BrwLzm2ifI5schMwIO57iukp1354tB9O1djk4sSBa6+Kbyy4XL6+JZK51VsF0NVi
jBZsZ9lUoZOS4tgHPaY8ZkpSLrq46uUjMeSTwm1lZTAQ7j4PxmkIib/ERg4ku+bP
6WDvkCyVdju6i3Gcovpnj90eyCwJaIVSjRDgPYXrUVIfSw+dtdNzQEUW/5Uzq0oD
yDSwOpYailbJPewmcAJylzRNMooan/QGLcKPQrLJSunlfCPJhr2CNsATSqk5ywb3
IIQ37XnPLIYDiuhJCif4GqD4n+9T91VaFbxIbmcA5b4HlDPGXBrFkjmV0wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGon51GMUu+zHBzTYnuRgSmtrdxMMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYWlmblVZeFM3N01jSE5OaWU1R0JLYTJ0M0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVgVAwQA
LVgXAwQALVklAwQALVknAwQALVwDAwQALYyGAwQAW75hAwQAW75pMA0GCSqGSIb3
DQEBCwUAA4IBAQAJAgwWWjE+IxHnE8lgSjt2uV+e9htl7uexqFTM7EPGH/GPVcpG
xaxSe5RWsLsgGZ6hjUUPDA8/m5fT0THalOYhMxB6VfhrQ9AvPAuceJPy/EvIAsXx
j8ULMoMKXKaGUfDNR80Js8zjIsWetZv2gafw9q+3n6zr0l1HOnfEw6pYa50Wz2KT
BmOajejSclkwH3SvH9DgxY87Zjzd50Rob9rTtOD7rYxHNcC/Cu5cCpa2iWpRqUHL
Qirtpn442JpQwhjl2jPMTJOqpL0+rHojhSNOk35Zp2EUHgN78rrz9Lo/EOBdNIQC
6Y7osRgBo8tg2xoO1kcgAnFbhO/YSx7rpUkW
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:50:10 2025 by rpki-client