Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/PKwMXWtc8zi6lG0zPr4Lt6yvauU.roa
File: PKwMXWtc8zi6lG0zPr4Lt6yvauU.roa (raw, json)
Hash identifier: b1FZV9Y7SIyLBl239X/9J22IOe+GTQHWzBo3nom91OY=
Subject key identifier: 3C:AC:0C:5D:6B:5C:F3:38:BA:94:6D:33:3E:BE:0B:B7:AC:AF:6A:E5
Certificate issuer: /CN=f10d39eddb008d1b89df9741960dbf2044f657fb
Certificate serial: 0194228D22DCA8838B3E2355EF8068163D18
Authority key identifier: F1:0D:39:ED:DB:00:8D:1B:89:DF:97:41:96:0D:BF:20:44:F6:57:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/PKwMXWtc8zi6lG0zPr4Lt6yvauU.roa
Signing time: Wed 01 Jan 2025 15:47:42 +0000
ROA not before: Wed 01 Jan 2025 15:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39923
IP address blocks: 91.238.219.0/24 maxlen: 24
109.68.0.0/21 maxlen: 21
109.68.160.0/21 maxlen: 21
109.68.160.0/24 maxlen: 24
109.68.161.0/24 maxlen: 24
109.68.162.0/24 maxlen: 24
109.68.163.0/24 maxlen: 24
109.68.164.0/24 maxlen: 24
109.68.165.0/24 maxlen: 24
109.68.166.0/24 maxlen: 24
109.68.167.0/24 maxlen: 24
185.35.164.0/22 maxlen: 22
185.35.164.0/24 maxlen: 24
185.35.165.0/24 maxlen: 24
185.35.166.0/24 maxlen: 24
185.35.167.0/24 maxlen: 24
185.58.96.0/22 maxlen: 22
185.58.96.0/24 maxlen: 24
185.58.97.0/24 maxlen: 24
185.58.98.0/24 maxlen: 24
185.58.99.0/24 maxlen: 24
185.111.204.0/22 maxlen: 22
185.111.204.0/24 maxlen: 24
185.111.205.0/24 maxlen: 24
185.111.206.0/24 maxlen: 24
185.111.207.0/24 maxlen: 24
194.145.127.0/24 maxlen: 24
194.145.152.0/24 maxlen: 24
194.145.155.0/24 maxlen: 24
194.146.23.0/24 maxlen: 24
195.189.202.0/23 maxlen: 23
195.189.202.0/24 maxlen: 24
195.189.203.0/24 maxlen: 24
2a02:2a08::/32 maxlen: 32
2a04:6480::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.mft
rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 18:34:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:22:dc:a8:83:8b:3e:23:55:ef:80:68:16:3d:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f10d39eddb008d1b89df9741960dbf2044f657fb
Validity
Not Before: Jan 1 15:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3cac0c5d6b5cf338ba946d333ebe0bb7acaf6ae5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:e9:7a:1d:84:96:cd:32:34:bc:dc:b9:5c:d1:
d5:0d:f4:db:92:ae:33:c5:92:4e:93:b1:16:42:fe:
48:fb:9f:e4:58:d1:4e:14:22:89:be:19:c8:a9:7e:
ad:f7:a9:97:63:ef:4f:3a:30:df:37:ba:46:45:86:
73:a4:f4:bc:6a:c9:57:51:31:33:c9:d4:d0:3c:4d:
d6:87:64:20:f6:9b:9c:15:b1:70:c8:23:f5:df:5e:
95:62:0a:66:af:29:a7:fb:63:0a:9d:61:bc:62:87:
8c:1e:e2:60:21:3c:ad:1d:d9:49:82:06:49:0c:42:
90:7e:55:a1:89:f6:cb:93:09:80:f1:88:33:d9:1e:
fc:ae:0e:ed:26:19:6a:c1:cc:27:58:2c:13:67:d6:
8f:6f:a9:0c:ee:06:3c:e2:a9:44:3f:5c:ca:87:9e:
f9:59:ea:e5:16:c7:5c:3e:2b:71:d5:5f:b0:d7:dd:
94:79:2f:8f:e8:ed:d0:19:dd:4d:b2:07:da:64:7e:
42:92:fa:ac:28:d7:e7:d3:cc:23:ab:12:7a:27:77:
87:b0:b8:f2:42:e4:ea:e3:ce:41:bf:8d:bd:23:e7:
bc:a3:48:99:55:10:c2:33:0e:2b:03:13:6f:7b:ec:
60:f5:ea:f5:71:ec:45:fb:45:d6:ae:7b:58:93:55:
74:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:AC:0C:5D:6B:5C:F3:38:BA:94:6D:33:3E:BE:0B:B7:AC:AF:6A:E5
X509v3 Authority Key Identifier:
keyid:F1:0D:39:ED:DB:00:8D:1B:89:DF:97:41:96:0D:BF:20:44:F6:57:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/PKwMXWtc8zi6lG0zPr4Lt6yvauU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.238.219.0/24
109.68.0.0/21
109.68.160.0/21
185.35.164.0/22
185.58.96.0/22
185.111.204.0/22
194.145.127.0/24
194.145.152.0/24
194.145.155.0/24
194.146.23.0/24
195.189.202.0/23
IPv6:
2a02:2a08::/32
2a04:6480::/29
Signature Algorithm: sha256WithRSAEncryption
1c:eb:22:bd:a3:77:44:90:e2:35:17:3f:19:a3:4e:8f:55:e7:
48:4d:c4:4d:e7:78:95:b3:41:8f:98:34:50:ef:59:b8:cf:3f:
d9:c2:35:1b:b5:69:b5:54:17:10:a2:ba:31:34:cb:49:de:cd:
9b:63:75:7e:99:17:29:20:b5:ee:37:2b:e4:32:b0:de:50:25:
a6:ed:73:40:d4:14:05:f2:f4:72:96:38:77:f0:c7:33:30:3b:
9c:c4:75:8c:f2:f8:d7:41:a7:70:23:a4:bc:2d:35:52:b1:db:
fb:19:5e:95:52:77:e0:c2:62:85:9e:44:cc:41:bf:eb:1d:75:
e1:e8:c7:ff:f2:fb:00:db:eb:b3:ea:59:97:c9:c3:7c:7b:ba:
a4:55:25:c2:8f:52:4e:84:18:3b:60:b3:85:2e:09:bb:43:1e:
ea:6b:d5:e0:aa:ae:c3:60:1d:c7:6a:f8:12:be:0d:ee:98:3d:
08:97:06:c9:69:5e:35:eb:50:ca:8f:34:b7:2e:03:4b:70:b7:
0b:af:2a:8b:e6:81:6e:d8:ca:2c:f3:24:0b:da:2d:73:93:24:
40:9a:e5:e3:55:07:d2:4b:f6:c1:78:c5:24:2d:09:3b:31:6a:
69:34:fd:23:af:da:da:72:14:78:2d:fa:c8:e2:fd:69:3f:07:
50:e5:a2:a4
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZQijSLcqIOLPiNV74BoFj0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMGQzOWVkZGIwMDhkMWI4OWRmOTc0MTk2MGRiZjIwNDRm
NjU3ZmIwHhcNMjUwMTAxMTU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FjMGM1ZDZiNWNmMzM4YmE5NDZkMzMzZWJlMGJiN2FjYWY2YWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlul6HYSWzTI0vNy5XNHVDfTbkq4z
xZJOk7EWQv5I+5/kWNFOFCKJvhnIqX6t96mXY+9POjDfN7pGRYZzpPS8aslXUTEz
ydTQPE3Wh2Qg9pucFbFwyCP1316VYgpmrymn+2MKnWG8YoeMHuJgITytHdlJggZJ
DEKQflWhifbLkwmA8Ygz2R78rg7tJhlqwcwnWCwTZ9aPb6kM7gY84qlEP1zKh575
WerlFsdcPitx1V+w192UeS+P6O3QGd1NsgfaZH5CkvqsKNfn08wjqxJ6J3eHsLjy
QuTq485Bv429I+e8o0iZVRDCMw4rAxNve+xg9er1cexF+0XWrntYk1V0FQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFDysDF1rXPM4upRtMz6+C7esr2rlMB8GA1UdIwQY
MBaAFPENOe3bAI0bid+XQZYNvyBE9lf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFEwNTdkc0FqUnVKMzVkQmxnMl9JRVQyVl9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mNzBlMWEtNzMyZS00ZTZiLWIzYjUt
ZjU2MmI4OTc0ZDhiLzEvUEt3TVhXdGM4emk2bEcwelByNEx0Nnl2YXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mNzBlMWEtNzMyZS00ZTZiLWIzYjUtZjU2MmI4OTc0ZDhi
LzEvOFEwNTdkc0FqUnVKMzVkQmxnMl9JRVQyVl9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQAW+7bAwQD
bUQAAwQDbUSgAwQCuSOkAwQCuTpgAwQCuW/MAwQAwpF/AwQAwpGYAwQAwpGbAwQA
wpIXAwQBw73KMBQEAgACMA4DBQAqAioIAwUDKgRkgDANBgkqhkiG9w0BAQsFAAOC
AQEAHOsivaN3RJDiNRc/GaNOj1XnSE3ETed4lbNBj5g0UO9ZuM8/2cI1G7VptVQX
EKK6MTTLSd7Nm2N1fpkXKSC17jcr5DKw3lAlpu1zQNQUBfL0cpY4d/DHMzA7nMR1
jPL410GncCOkvC01UrHb+xlelVJ34MJihZ5EzEG/6x114ejH//L7ANvrs+pZl8nD
fHu6pFUlwo9SToQYO2CzhS4Ju0Me6mvV4Kquw2Adx2r4Er4N7pg9CJcGyWleNetQ
yo80ty4DS3C3C68qi+aBbtjKLPMkC9otc5MkQJrl41UH0kv2wXjFJC0JOzFqaTT9
I6/a2nIUeC36yOL9aT8HUOWipA==
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:31:07 2025 by rpki-client