Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/2dM7caYHjQmMbQTjUURIFyN-HqY.roa
File: 2dM7caYHjQmMbQTjUURIFyN-HqY.roa (raw, json)
Hash identifier: SKuPPeQD7+UMshDjZNpj2AYyO5I8fSs8iz9aXlgF7fQ=
Subject key identifier: D9:D3:3B:71:A6:07:8D:09:8C:6D:04:E3:51:44:48:17:23:7E:1E:A6
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 019423D7245F575EB255D6812E9A134166DA
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/2dM7caYHjQmMbQTjUURIFyN-HqY.roa
Signing time: Wed 01 Jan 2025 21:48:09 +0000
ROA not before: Wed 01 Jan 2025 21:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207569
IP address blocks: 5.180.136.0/24 maxlen: 24
5.180.137.0/24 maxlen: 24
5.252.116.0/24 maxlen: 24
45.9.74.0/24 maxlen: 24
45.89.64.0/24 maxlen: 24
45.133.245.0/24 maxlen: 24
45.133.246.0/24 maxlen: 24
46.17.106.0/24 maxlen: 24
85.209.0.0/24 maxlen: 24
95.214.8.0/24 maxlen: 24
139.28.220.0/24 maxlen: 24
139.28.221.0/24 maxlen: 24
185.17.2.0/24 maxlen: 24
185.58.207.0/24 maxlen: 24
185.94.167.0/24 maxlen: 24
185.104.250.0/24 maxlen: 24
185.105.118.0/24 maxlen: 24
185.125.228.0/24 maxlen: 24
185.125.231.0/24 maxlen: 24
185.188.181.0/24 maxlen: 24
193.109.84.0/24 maxlen: 24
193.124.180.0/24 maxlen: 24
193.124.181.0/24 maxlen: 24
194.53.54.0/24 maxlen: 24
194.67.200.0/24 maxlen: 24
195.66.87.0/24 maxlen: 24
2a0a:9300::/32 maxlen: 32
2a0a:9300:1::/48 maxlen: 48
2a0a:9300:aaaa::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 10:07:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:24:5f:57:5e:b2:55:d6:81:2e:9a:13:41:66:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Jan 1 21:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9d33b71a6078d098c6d04e351444817237e1ea6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a1:93:f3:f4:fc:9b:aa:74:14:13:78:ef:b0:
e4:66:35:7b:e2:96:97:3d:a2:96:89:83:75:fe:ea:
41:68:81:53:c0:2d:01:66:bd:50:a5:64:59:88:d0:
5e:a2:49:e8:cb:f6:c8:c5:d1:e5:fd:36:60:2b:ee:
78:88:96:ee:77:db:13:93:e5:50:0b:da:b5:25:92:
14:b7:dd:e8:69:4f:b4:ec:5a:a0:24:87:3b:2a:a5:
da:3a:c1:00:5c:2b:e5:08:27:0f:ee:b2:19:7a:f3:
9f:fe:22:1d:08:b0:d4:96:4f:69:bc:36:6a:bc:b7:
70:7d:3a:eb:d6:53:0e:e8:88:52:1b:22:63:a7:aa:
1c:71:72:e8:86:f5:96:49:09:ef:e9:8b:cc:fc:a4:
41:86:8b:14:67:03:a2:bd:74:81:98:92:86:3f:95:
bd:13:e1:3b:c3:1f:9f:6b:b6:7b:06:da:85:c3:66:
8d:63:3d:4e:a6:7b:f4:0a:ee:20:35:15:b5:71:56:
9f:62:fc:b0:41:6e:1a:07:64:54:11:07:34:a7:ec:
91:60:a2:1f:4e:f6:39:44:0f:58:00:2d:e8:72:73:
64:dc:06:fb:70:e9:5e:4b:89:f8:0f:d6:6d:8b:fd:
9d:a8:40:9f:62:c3:2d:51:55:99:94:a5:7c:d0:59:
a9:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:D3:3B:71:A6:07:8D:09:8C:6D:04:E3:51:44:48:17:23:7E:1E:A6
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/2dM7caYHjQmMbQTjUURIFyN-HqY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.136.0/23
5.252.116.0/24
45.9.74.0/24
45.89.64.0/24
45.133.245.0-45.133.246.255
46.17.106.0/24
85.209.0.0/24
95.214.8.0/24
139.28.220.0/23
185.17.2.0/24
185.58.207.0/24
185.94.167.0/24
185.104.250.0/24
185.105.118.0/24
185.125.228.0/24
185.125.231.0/24
185.188.181.0/24
193.109.84.0/24
193.124.180.0/23
194.53.54.0/24
194.67.200.0/24
195.66.87.0/24
IPv6:
2a0a:9300::/32
Signature Algorithm: sha256WithRSAEncryption
31:8f:cb:82:68:27:6b:82:d9:0f:0d:8a:89:54:f7:f3:74:89:
aa:4c:96:e8:4d:51:93:d3:bd:56:29:7a:f8:6b:37:a3:d5:71:
39:c3:84:81:68:73:3b:23:1b:8f:d2:9d:eb:72:86:59:77:bd:
61:58:d8:b3:ef:35:e5:9d:0c:d2:f3:cf:b6:ec:51:8d:a9:e5:
9a:2d:d8:fd:2a:73:23:cc:74:65:4a:07:0b:16:14:35:00:12:
a3:ea:a3:69:0e:af:f2:bb:03:3e:9a:74:08:72:9f:93:c3:a3:
da:81:df:72:30:fc:65:11:c0:c1:27:33:02:e6:e9:63:b2:0e:
f6:0c:6c:5d:11:ca:d7:b2:7e:09:f6:44:b9:27:68:61:72:e1:
72:86:7b:89:96:f5:25:14:e0:57:0f:5c:c4:91:b0:3a:7c:6a:
75:aa:c5:11:c5:bd:b0:ab:a8:0a:56:e3:ec:80:b9:15:7f:15:
43:0a:e9:22:58:83:d6:46:ca:e2:0d:84:b8:8b:4e:e4:a0:29:
f8:27:bf:57:4c:20:dc:2b:6a:b4:b9:e8:8a:71:ed:a1:df:4d:
d4:74:5e:10:90:6c:e2:c8:cb:8a:59:61:7a:55:c4:8e:29:89:
7f:db:6d:fc:ae:15:c2:4e:8c:df:ae:6f:9b:26:f5:94:fe:17:
78:62:06:ec
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQj1yRfV16yVdaBLpoTQWbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWQzM2I3MWE2MDc4ZDA5OGM2ZDA0ZTM1MTQ0NDgxNzIzN2UxZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6GT8/T8m6p0FBN477DkZjV74paX
PaKWiYN1/upBaIFTwC0BZr1QpWRZiNBeoknoy/bIxdHl/TZgK+54iJbud9sTk+VQ
C9q1JZIUt93oaU+07FqgJIc7KqXaOsEAXCvlCCcP7rIZevOf/iIdCLDUlk9pvDZq
vLdwfTrr1lMO6IhSGyJjp6occXLohvWWSQnv6YvM/KRBhosUZwOivXSBmJKGP5W9
E+E7wx+fa7Z7BtqFw2aNYz1Opnv0Cu4gNRW1cVafYvywQW4aB2RUEQc0p+yRYKIf
TvY5RA9YAC3ocnNk3Ab7cOleS4n4D9Zti/2dqECfYsMtUVWZlKV80Fmp0QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFNnTO3GmB40JjG0E41FESBcjfh6mMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvMmRNN2NhWUhqUW1NYlFUalVVUklGeU4tSHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG4BggrBgEFBQcBBwEB/wSBqDCBpTCBkwQCAAEwgYwDBAEF
tIgDBAAF/HQDBAAtCUoDBAAtWUAwDAMEAC2F9QMEAC2F9gMEAC4RagMEAFXRAAME
AF/WCAMEAYsc3AMEALkRAgMEALk6zwMEALlepwMEALlo+gMEALlpdgMEALl95AME
ALl95wMEALm8tQMEAMFtVAMEAcF8tAMEAMI1NgMEAMJDyAMEAMNCVzANBAIAAjAH
AwUAKgqTADANBgkqhkiG9w0BAQsFAAOCAQEAMY/Lgmgna4LZDw2KiVT383SJqkyW
6E1Rk9O9Vil6+Gs3o9VxOcOEgWhzOyMbj9Kd63KGWXe9YVjYs+815Z0M0vPPtuxR
janlmi3Y/SpzI8x0ZUoHCxYUNQASo+qjaQ6v8rsDPpp0CHKfk8Oj2oHfcjD8ZRHA
wSczAubpY7IO9gxsXRHK17J+CfZEuSdoYXLhcoZ7iZb1JRTgVw9cxJGwOnxqdarF
EcW9sKuoClbj7IC5FX8VQwrpIliD1kbK4g2EuItO5KAp+Ce/V0wg3CtqtLnoinHt
od9N1HReEJBs4sjLillhelXEjimJf9tt/K4Vwk6M365vmyb1lP4XeGIG7A==
-----END CERTIFICATE-----
Generated at Sun Apr 6 17:52:56 2025 by rpki-client