Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ceQ1NU8Q5LOFCrfptGZ8ANgKBHk.roa
File: ceQ1NU8Q5LOFCrfptGZ8ANgKBHk.roa (raw, json)
Hash identifier: g9zTfMNElKz4jt/7TXQINdt224atdOczSDJZz7HWcRU=
Subject key identifier: 71:E4:35:35:4F:10:E4:B3:85:0A:B7:E9:B4:66:7C:00:D8:0A:04:79
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01942220062CAD7C2A1D26B78E5E58F70704
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ceQ1NU8Q5LOFCrfptGZ8ANgKBHk.roa
Signing time: Wed 01 Jan 2025 13:48:31 +0000
ROA not before: Wed 01 Jan 2025 13:48:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1299
IP address blocks: 84.245.48.0/21 maxlen: 21
84.245.56.0/24 maxlen: 24
84.245.58.0/23 maxlen: 23
84.245.60.0/22 maxlen: 22
89.31.219.0/24 maxlen: 24
185.228.227.0/24 maxlen: 24
185.244.221.0/24 maxlen: 24
185.244.222.0/23 maxlen: 23
193.84.135.0/24 maxlen: 24
217.74.19.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:06:2c:ad:7c:2a:1d:26:b7:8e:5e:58:f7:07:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71e435354f10e4b3850ab7e9b4667c00d80a0479
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:be:e1:18:31:5e:15:d9:c7:86:9e:41:6d:0f:
bd:b4:ce:ce:0e:4f:cf:0d:2d:ae:d9:62:77:7b:2a:
60:a4:3d:f8:ed:15:8d:5b:2b:a9:02:1c:66:3c:46:
7f:02:f7:da:e9:25:62:53:0f:dd:5f:df:8e:86:2f:
0e:d3:ec:6b:2b:f8:24:3c:cc:23:e2:15:e0:64:22:
30:ec:88:ca:3a:c9:96:26:65:aa:08:f1:b9:93:9c:
56:41:56:cd:15:fc:0f:ad:e2:2a:56:00:0c:ef:84:
d2:67:e5:32:80:4c:5f:34:2c:30:fc:c5:12:b4:2e:
a5:a9:e3:90:05:89:17:ac:a7:b7:46:c7:9f:7e:28:
f3:5d:1f:e0:a6:d1:76:01:d2:32:62:d5:93:c2:ed:
1b:cf:c2:20:9a:c8:6a:c0:60:6c:5c:b2:3d:4a:e4:
1c:f8:b2:1c:75:44:ac:e6:19:dd:57:ce:3a:13:4b:
7b:76:8b:e3:b3:e5:a0:36:9a:b1:24:e4:75:02:71:
c9:74:92:17:60:8e:fb:dc:23:6b:a2:94:1d:16:f4:
6a:f1:a6:15:36:3a:d8:5d:bd:7e:e1:a7:06:28:4b:
65:70:4a:8b:3a:57:09:4e:f8:03:bf:a1:4b:f7:cc:
7d:c9:87:b5:64:8a:1d:69:da:a3:74:72:14:cf:9c:
0b:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:E4:35:35:4F:10:E4:B3:85:0A:B7:E9:B4:66:7C:00:D8:0A:04:79
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ceQ1NU8Q5LOFCrfptGZ8ANgKBHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.245.48.0-84.245.56.255
84.245.58.0-84.245.63.255
89.31.219.0/24
185.228.227.0/24
185.244.221.0-185.244.223.255
193.84.135.0/24
217.74.19.0/24
Signature Algorithm: sha256WithRSAEncryption
89:47:17:af:89:d6:b0:df:ad:86:26:f4:58:8d:e6:5a:19:3d:
c8:f3:ad:b2:47:df:87:c6:a8:f0:c4:9f:17:16:92:e7:9c:71:
9c:0e:ac:6e:e6:5f:3d:3c:b6:34:ab:a8:68:87:dd:1d:5b:65:
05:aa:7e:c6:73:e6:05:03:04:b4:fa:d9:b3:de:9a:a1:5f:1b:
97:e8:d2:67:3a:29:18:e7:8a:36:d8:d5:fd:af:1c:8c:44:b1:
df:09:05:37:e2:32:20:aa:e5:87:d5:7e:ea:99:7d:d3:67:24:
ee:db:35:1e:09:7c:1f:8c:7b:45:a4:17:9c:59:d5:ac:20:42:
91:d1:e6:1f:61:74:b4:a8:23:c3:c6:ea:0d:9c:08:87:b1:c5:
43:7a:1c:6a:74:1e:8a:17:f7:9e:8e:fa:37:10:bb:00:38:76:
f0:20:0a:0a:78:5e:2c:1b:92:4a:a2:de:20:28:26:8d:84:f1:
40:84:76:b2:be:9c:a3:de:5f:ff:df:37:b5:5b:2b:d0:64:82:
b6:2b:26:6a:7d:05:0c:b6:4f:19:93:e8:21:45:01:d6:2d:3e:
a4:21:be:22:00:11:0f:b9:6c:e5:77:fb:74:1d:99:0c:7e:23:
af:73:3b:70:66:ba:25:42:00:07:98:51:54:8e:8d:0f:1b:73:
cf:aa:e7:73
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQiIAYsrXwqHSa3jl5Y9wcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWU0MzUzNTRmMTBlNGIzODUwYWI3ZTliNDY2N2MwMGQ4MGEwNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhr7hGDFeFdnHhp5BbQ+9tM7ODk/P
DS2u2WJ3eypgpD347RWNWyupAhxmPEZ/Avfa6SViUw/dX9+Ohi8O0+xrK/gkPMwj
4hXgZCIw7IjKOsmWJmWqCPG5k5xWQVbNFfwPreIqVgAM74TSZ+UygExfNCww/MUS
tC6lqeOQBYkXrKe3RseffijzXR/gptF2AdIyYtWTwu0bz8IgmshqwGBsXLI9SuQc
+LIcdUSs5hndV846E0t7dovjs+WgNpqxJOR1AnHJdJIXYI773CNropQdFvRq8aYV
NjrYXb1+4acGKEtlcEqLOlcJTvgDv6FL98x9yYe1ZIodadqjdHIUz5wLVQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHHkNTVPEOSzhQq36bRmfADYCgR5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvY2VRMU5VOFE1TE9GQ3JmcHRHWjhBTmdLQkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBARU9TAD
BABU9TgwDAMEAVT1OgMEBlT1AAMEAFkf2wMEALnk4zAMAwQAufTdAwQFufTAAwQA
wVSHAwQA2UoTMA0GCSqGSIb3DQEBCwUAA4IBAQCJRxevidaw362GJvRYjeZaGT3I
862yR9+HxqjwxJ8XFpLnnHGcDqxu5l89PLY0q6hoh90dW2UFqn7Gc+YFAwS0+tmz
3pqhXxuX6NJnOikY54o22NX9rxyMRLHfCQU34jIgquWH1X7qmX3TZyTu2zUeCXwf
jHtFpBecWdWsIEKR0eYfYXS0qCPDxuoNnAiHscVDehxqdB6KF/eejvo3ELsAOHbw
IAoKeF4sG5JKot4gKCaNhPFAhHayvpyj3l//3ze1WyvQZIK2KyZqfQUMtk8Zk+gh
RQHWLT6kIb4iABEPuWzld/t0HZkMfiOvcztwZrolQgAHmFFUjo0PG3PPqudz
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:38:41 2025 by rpki-client