Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/hRzWSLwUGIjilGhaEnm2u4T5VEE.roa
File: hRzWSLwUGIjilGhaEnm2u4T5VEE.roa (raw, json)
Hash identifier: qcTCVXGCPWpFPkqwFU9e151WlUOC4Dz1AUW7DVG4Cdc=
Subject key identifier: 85:1C:D6:48:BC:14:18:88:E2:94:68:5A:12:79:B6:BB:84:F9:54:41
Certificate issuer: /CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Certificate serial: 0194F43E7148B283CDF005B480CA01A7BB79
Authority key identifier: 83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/hRzWSLwUGIjilGhaEnm2u4T5VEE.roa
Signing time: Tue 11 Feb 2025 09:02:00 +0000
ROA not before: Tue 11 Feb 2025 09:02:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13030
IP address blocks: 37.17.232.0/21 maxlen: 21
45.80.136.0/22 maxlen: 22
77.74.80.0/21 maxlen: 21
77.109.128.0/18 maxlen: 18
77.109.128.0/19 maxlen: 19
77.109.160.0/19 maxlen: 19
80.253.88.0/21 maxlen: 21
81.6.32.0/20 maxlen: 20
82.197.160.0/19 maxlen: 19
82.197.160.0/20 maxlen: 20
82.197.176.0/20 maxlen: 20
85.195.192.0/18 maxlen: 18
85.195.192.0/20 maxlen: 20
85.195.208.0/20 maxlen: 20
85.195.224.0/19 maxlen: 19
85.195.224.0/20 maxlen: 20
85.195.240.0/20 maxlen: 20
109.202.192.0/19 maxlen: 19
141.195.80.0/20 maxlen: 20
185.72.64.0/22 maxlen: 22
185.72.67.0/24 maxlen: 24
185.137.172.0/22 maxlen: 22
185.183.192.0/22 maxlen: 22
185.201.248.0/22 maxlen: 22
185.246.104.0/22 maxlen: 22
193.47.153.0/24 maxlen: 24
193.223.80.0/20 maxlen: 20
195.134.128.0/19 maxlen: 19
212.51.128.0/19 maxlen: 19
212.51.128.0/20 maxlen: 20
212.51.144.0/20 maxlen: 20
213.144.128.0/19 maxlen: 19
213.144.128.0/20 maxlen: 20
213.144.144.0/20 maxlen: 20
217.118.192.0/21 maxlen: 21
217.118.200.0/22 maxlen: 22
2001:1620::/32 maxlen: 32
2a02:168::/30 maxlen: 30
2a02:168::/32 maxlen: 32
2a02:169::/32 maxlen: 32
2a07:600::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:f4:3e:71:48:b2:83:cd:f0:05:b4:80:ca:01:a7:bb:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Validity
Not Before: Feb 11 09:02:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=851cd648bc141888e294685a1279b6bb84f95441
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:cb:84:4c:2b:44:c3:45:c8:6f:9a:21:82:ef:
31:6e:4c:1a:75:93:7f:9b:ee:91:21:8a:5b:b0:4e:
0b:fc:01:ac:72:53:61:21:b7:29:dc:dc:7e:35:4d:
ba:73:92:b6:da:0f:77:3d:73:45:bc:d6:44:61:8a:
46:83:f9:9d:a5:ad:38:bd:21:fb:24:55:02:5e:a3:
07:71:17:6d:b6:a1:9f:0c:d4:c5:bb:d3:e0:78:e7:
50:39:a6:ed:2c:19:8d:c5:0f:57:f9:a9:99:2d:79:
7c:ca:77:b3:58:32:e1:52:fa:bd:0d:40:2d:89:a8:
4f:f2:64:d3:72:22:94:06:cf:28:28:3e:32:f2:11:
60:e9:b4:aa:ac:00:9f:6c:6a:dd:04:c6:88:43:65:
66:d9:f1:da:36:e5:fa:c3:bf:05:9a:40:70:d7:3c:
fe:88:65:1c:4f:f6:27:2c:21:cf:c4:f8:75:a3:b4:
68:1b:01:26:02:2d:21:72:3b:2b:32:6c:75:a6:8e:
58:ad:2e:4e:44:7e:2d:0d:39:02:7d:23:44:18:55:
2e:76:53:8e:8d:16:e5:71:24:ff:73:06:61:e8:4d:
b4:93:d9:98:96:26:c7:7d:cf:b0:e6:bb:5a:5b:9d:
b2:8f:78:a9:6e:81:8f:cf:71:8a:11:7a:1a:47:bb:
58:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:1C:D6:48:BC:14:18:88:E2:94:68:5A:12:79:B6:BB:84:F9:54:41
X509v3 Authority Key Identifier:
keyid:83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/hRzWSLwUGIjilGhaEnm2u4T5VEE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.17.232.0/21
45.80.136.0/22
77.74.80.0/21
77.109.128.0/18
80.253.88.0/21
81.6.32.0/20
82.197.160.0/19
85.195.192.0/18
109.202.192.0/19
141.195.80.0/20
185.72.64.0/22
185.137.172.0/22
185.183.192.0/22
185.201.248.0/22
185.246.104.0/22
193.47.153.0/24
193.223.80.0/20
195.134.128.0/19
212.51.128.0/19
213.144.128.0/19
217.118.192.0-217.118.203.255
IPv6:
2001:1620::/32
2a02:168::/30
2a07:600::/29
Signature Algorithm: sha256WithRSAEncryption
b9:93:8b:62:6e:01:92:80:57:d3:bc:6b:e0:54:b7:d0:15:fc:
8b:a3:b3:31:a1:99:a0:c9:2e:26:c7:ca:58:2c:17:cd:20:7c:
eb:b6:98:32:1c:c8:0c:a6:7b:eb:2e:cd:cb:1c:ee:3a:dc:ab:
a0:a1:ac:b8:9c:81:69:35:3c:69:a8:9c:2e:a0:57:e0:33:35:
13:74:dd:58:b8:17:af:74:95:78:7e:e7:68:66:45:a7:94:bd:
e7:77:0c:dd:81:2e:f5:80:4e:56:34:01:38:c2:b3:4d:94:b7:
ba:11:19:7c:b5:c7:59:65:48:08:39:eb:8e:1b:79:84:b4:10:
18:2a:d0:39:bb:1e:02:67:9d:73:cb:cb:90:03:c3:e6:db:b3:
d7:e0:eb:c7:7d:26:2a:4d:62:79:aa:b8:f2:a1:b7:1b:f9:c8:
f2:15:06:ef:06:f0:37:9b:cf:59:50:03:ab:4b:22:9e:3a:62:
9b:02:0b:af:e0:13:ca:89:85:bf:bd:68:a9:12:e9:1b:13:4a:
45:e3:84:57:42:0d:1e:a4:a2:d6:50:6b:63:f4:f3:08:eb:38:
33:3c:c8:f1:54:35:e0:2c:41:a2:f9:88:a2:be:f1:b1:8f:e2:
2f:28:49:12:77:77:49:c2:ae:3e:1c:31:88:33:2a:05:b8:a4:
5a:43:39:73
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAZT0PnFIsoPN8AW0gMoBp7t5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDc5NTE0OTU5Mzk3YzVlM2ZhNzZlMWVhNDk1ZThlMWY2
YzMxOWIwHhcNMjUwMjExMDkwMjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTFjZDY0OGJjMTQxODg4ZTI5NDY4NWExMjc5YjZiYjg0Zjk1NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MuETCtEw0XIb5ohgu8xbkwadZN/
m+6RIYpbsE4L/AGsclNhIbcp3Nx+NU26c5K22g93PXNFvNZEYYpGg/mdpa04vSH7
JFUCXqMHcRdttqGfDNTFu9PgeOdQOabtLBmNxQ9X+amZLXl8ynezWDLhUvq9DUAt
iahP8mTTciKUBs8oKD4y8hFg6bSqrACfbGrdBMaIQ2Vm2fHaNuX6w78FmkBw1zz+
iGUcT/YnLCHPxPh1o7RoGwEmAi0hcjsrMmx1po5YrS5ORH4tDTkCfSNEGFUudlOO
jRblcST/cwZh6E20k9mYlibHfc+w5rtaW52yj3ipboGPz3GKEXoaR7tYbwIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFIUc1ki8FBiI4pRoWhJ5truE+VRBMB8GA1UdIwQY
MBaAFINHlRSVk5fF4/p24epJXo4fbDGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUt
MWU1ZTQzMGRkNzExLzEvaFJ6V1NMd1VHSWppbEdoYUVubTJ1NFQ1VkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUtMWU1ZTQzMGRkNzEx
LzEvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTCBjQQCAAEwgYYDBAMl
EegDBAItUIgDBANNSlADBAZNbYADBANQ/VgDBARRBiADBAVSxaADBAZVw8ADBAVt
ysADBASNw1ADBAK5SEADBAK5iawDBAK5t8ADBAK5yfgDBAK59mgDBADBL5kDBATB
31ADBAXDhoADBAXUM4ADBAXVkIAwDAMEBtl2wAMEAtl2yDAbBAIAAjAVAwUAIAEW
IAMFAioCAWgDBQMqBwYAMA0GCSqGSIb3DQEBCwUAA4IBAQC5k4tibgGSgFfTvGvg
VLfQFfyLo7MxoZmgyS4mx8pYLBfNIHzrtpgyHMgMpnvrLs3LHO463Kugoay4nIFp
NTxpqJwuoFfgMzUTdN1YuBevdJV4fudoZkWnlL3ndwzdgS71gE5WNAE4wrNNlLe6
ERl8tcdZZUgIOeuOG3mEtBAYKtA5ux4CZ51zy8uQA8Pm27PX4OvHfSYqTWJ5qrjy
obcb+cjyFQbvBvA3m89ZUAOrSyKeOmKbAguv4BPKiYW/vWipEukbE0pF44RXQg0e
pKLWUGtj9PMI6zgzPMjxVDXgLEGi+YiivvGxj+IvKEkSd3dJwq4+HDGIMyoFuKRa
Qzlz
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:47:16 2025 by rpki-client