Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dmJBJCbOsxFHYV54s5XT2GTl6vk.roa
File: dmJBJCbOsxFHYV54s5XT2GTl6vk.roa (raw, json)
Hash identifier: GVjCWb9CYYeq0/1WYCrTXPRArgEihAqlunCNhswblCU=
Subject key identifier: 76:62:41:24:26:CE:B3:11:47:61:5E:78:B3:95:D3:D8:64:E5:EA:F9
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01942220099297DD11B9018BBB6A04EB356E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dmJBJCbOsxFHYV54s5XT2GTl6vk.roa
Signing time: Wed 01 Jan 2025 13:48:32 +0000
ROA not before: Wed 01 Jan 2025 13:48:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5511
IP address blocks: 45.83.29.0/24 maxlen: 24
45.88.20.0/24 maxlen: 24
45.88.22.0/24 maxlen: 24
45.89.36.0/24 maxlen: 24
45.89.38.0/24 maxlen: 24
45.92.2.0/24 maxlen: 24
45.134.138.0/24 maxlen: 24
45.143.54.0/24 maxlen: 24
45.145.46.0/24 maxlen: 24
45.146.187.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
87.247.148.0/22 maxlen: 24
91.190.96.0/24 maxlen: 24
91.190.99.0/24 maxlen: 24
91.190.104.0/24 maxlen: 24
91.217.250.0/24 maxlen: 24
178.239.205.0/24 maxlen: 24
185.184.135.0/24 maxlen: 24
185.205.189.0/24 maxlen: 24
188.240.75.0/24 maxlen: 24
217.74.16.0/24 maxlen: 24
2a0b:64c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:09:92:97:dd:11:b9:01:8b:bb:6a:04:eb:35:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7662412426ceb31147615e78b395d3d864e5eaf9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c7:ca:12:d9:74:b8:2e:20:6a:e7:08:50:cd:
9a:bd:a2:a6:87:c3:9c:ac:fa:62:4a:a8:e7:1d:6b:
ca:9a:d6:09:76:03:ba:f9:41:f6:4a:92:7f:2b:15:
44:10:d2:9c:7e:8f:85:12:88:d9:fa:dd:a6:33:24:
0b:9a:a5:5d:07:bb:d0:8c:95:b3:dd:63:6a:9e:2e:
ee:28:80:cd:1e:34:61:b6:41:ab:6f:7b:3a:71:0c:
10:52:08:8b:03:86:ef:69:e0:8c:05:e2:d3:c4:55:
c9:59:b0:8e:cf:08:5a:90:79:a4:76:41:9f:fa:41:
b6:b9:68:a8:1d:1e:e2:74:dc:57:37:32:ed:c9:0c:
f0:d5:cf:0b:38:e3:40:ab:ab:41:db:8f:85:8a:c2:
ef:c5:ad:9a:a2:0f:cb:96:97:a4:ee:38:20:e6:1c:
8e:3a:71:cf:97:00:b7:16:f7:ae:3b:94:15:7e:01:
e2:60:85:75:80:2f:4a:4e:0a:e1:c5:1a:85:aa:db:
a0:22:ff:f0:16:20:20:75:4b:f1:0c:9e:f1:77:33:
50:76:58:e5:a3:a6:ef:51:34:75:ff:aa:2e:cd:29:
03:ea:28:16:45:60:0e:57:dd:2e:d1:77:d3:31:c8:
48:f0:36:f4:ff:23:90:23:d9:2f:57:ed:51:d7:a9:
4b:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:62:41:24:26:CE:B3:11:47:61:5E:78:B3:95:D3:D8:64:E5:EA:F9
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dmJBJCbOsxFHYV54s5XT2GTl6vk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.29.0/24
45.88.20.0/24
45.88.22.0/24
45.89.36.0/24
45.89.38.0/24
45.92.2.0/24
45.134.138.0/24
45.143.54.0/24
45.145.46.0/24
45.146.187.0/24
45.156.157.0/24
87.247.148.0/22
91.190.96.0/24
91.190.99.0/24
91.190.104.0/24
91.217.250.0/24
178.239.205.0/24
185.184.135.0/24
185.205.189.0/24
188.240.75.0/24
217.74.16.0/24
IPv6:
2a0b:64c1::/32
Signature Algorithm: sha256WithRSAEncryption
0b:a3:53:5b:ce:52:c1:ad:88:2f:01:0e:37:b0:c7:f9:db:0f:
3e:a7:0d:bf:02:67:c9:6c:d2:5d:1f:0b:23:71:09:0b:9d:13:
a4:4b:8b:2c:e5:a2:b9:ba:75:3a:b4:92:dd:80:50:38:53:e4:
35:01:03:77:f6:2a:82:1b:ab:97:6b:67:db:fc:b0:71:2d:45:
f0:fe:6a:5e:ff:90:51:24:d1:78:d5:25:3b:3f:1c:29:8e:06:
61:4d:1f:c5:10:a9:25:6b:d4:81:a3:92:1e:6d:a9:ec:09:6e:
fd:4b:65:0b:40:5e:b3:d0:d0:ef:18:68:34:3e:7c:c7:c7:8e:
ab:9f:aa:07:f0:72:aa:d9:e0:67:80:3a:2c:9a:f4:0e:11:38:
cf:55:15:9c:fd:b8:be:68:57:85:ac:3c:f6:6b:e2:36:b7:2b:
a9:3e:fa:53:b1:d3:15:52:e5:8b:4f:d2:12:cf:4f:d1:cd:42:
2d:12:bd:25:50:4b:b1:bb:61:b3:c7:fd:d1:95:bd:4d:ce:1c:
bf:53:0e:2a:fc:f5:34:08:8b:66:20:f7:d2:76:c6:75:86:ce:
9d:11:e2:b3:07:5b:a2:42:70:76:05:d8:8b:6e:61:76:87:5e:
4d:41:92:c1:36:83:ce:1a:d2:d0:9e:fd:68:0e:99:3d:5c:e2:
5b:0b:4c:9e
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZQiIAmSl90RuQGLu2oE6zVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjYyNDEyNDI2Y2ViMzExNDc2MTVlNzhiMzk1ZDNkODY0ZTVlYWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8fKEtl0uC4gaucIUM2avaKmh8Oc
rPpiSqjnHWvKmtYJdgO6+UH2SpJ/KxVEENKcfo+FEojZ+t2mMyQLmqVdB7vQjJWz
3WNqni7uKIDNHjRhtkGrb3s6cQwQUgiLA4bvaeCMBeLTxFXJWbCOzwhakHmkdkGf
+kG2uWioHR7idNxXNzLtyQzw1c8LOONAq6tB24+FisLvxa2aog/Llpek7jgg5hyO
OnHPlwC3FveuO5QVfgHiYIV1gC9KTgrhxRqFqtugIv/wFiAgdUvxDJ7xdzNQdljl
o6bvUTR1/6ouzSkD6igWRWAOV90u0XfTMchI8Db0/yOQI9kvV+1R16lLSwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFHZiQSQmzrMRR2FeeLOV09hk5er5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZG1KQkpDYk9zeEZIWVY1NHM1WFQyR1RsNnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBhAQCAAEwfgMEAC1T
HQMEAC1YFAMEAC1YFgMEAC1ZJAMEAC1ZJgMEAC1cAgMEAC2GigMEAC2PNgMEAC2R
LgMEAC2SuwMEAC2cnQMEAlf3lAMEAFu+YAMEAFu+YwMEAFu+aAMEAFvZ+gMEALLv
zQMEALm4hwMEALnNvQMEALzwSwMEANlKEDANBAIAAjAHAwUAKgtkwTANBgkqhkiG
9w0BAQsFAAOCAQEAC6NTW85Swa2ILwEON7DH+dsPPqcNvwJnyWzSXR8LI3EJC50T
pEuLLOWiubp1OrSS3YBQOFPkNQEDd/Yqghurl2tn2/ywcS1F8P5qXv+QUSTReNUl
Oz8cKY4GYU0fxRCpJWvUgaOSHm2p7Alu/UtlC0Bes9DQ7xhoND58x8eOq5+qB/By
qtngZ4A6LJr0DhE4z1UVnP24vmhXhaw89mviNrcrqT76U7HTFVLli0/SEs9P0c1C
LRK9JVBLsbths8f90ZW9Tc4cv1MOKvz1NAiLZiD30nbGdYbOnRHiswdbokJwdgXY
i25hdodeTUGSwTaDzhrS0J79aA6ZPVziWwtMng==
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:44:39 2025 by rpki-client