Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/2NIi98dN4sD0TIk71akteZnx1sw.roa
File: 2NIi98dN4sD0TIk71akteZnx1sw.roa (raw, json)
Hash identifier: k2get3lC4qal5WwpLqouWUlNle+TBDTdoCPLPn4qxTI=
Subject key identifier: D8:D2:22:F7:C7:4D:E2:C0:F4:4C:89:3B:D5:A9:2D:79:99:F1:D6:CC
Certificate issuer: /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial: 0195B33DD9C7AD0C2844C11BAB5AF81564F0
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/2NIi98dN4sD0TIk71akteZnx1sw.roa
Signing time: Thu 20 Mar 2025 11:08:49 +0000
ROA not before: Thu 20 Mar 2025 11:08:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199952
IP address blocks: 45.66.64.0/22 maxlen: 24
92.119.108.0/22 maxlen: 24
152.89.100.0/22 maxlen: 24
185.29.68.0/22 maxlen: 24
185.29.70.0/23 maxlen: 24
185.69.8.0/22 maxlen: 24
185.88.52.0/22 maxlen: 24
185.110.76.0/22 maxlen: 24
185.223.240.0/22 maxlen: 24
185.227.8.0/22 maxlen: 24
2a04:41c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b3:3d:d9:c7:ad:0c:28:44:c1:1b:ab:5a:f8:15:64:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Validity
Not Before: Mar 20 11:08:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8d222f7c74de2c0f44c893bd5a92d7999f1d6cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:2b:83:d9:a9:96:6e:ad:a3:01:fc:6c:9d:28:
f6:63:3a:67:e4:9b:7d:e7:9c:6f:01:04:18:6d:53:
2c:3a:87:e6:2d:78:8d:19:11:5f:c4:46:8c:b2:74:
9a:a1:6c:db:ba:d3:9d:d9:54:f7:17:ab:1d:b4:23:
4f:8b:fe:1e:61:15:10:3a:29:a6:53:7f:ef:b8:9a:
b6:a8:0a:88:6f:59:33:28:db:a8:90:9c:98:be:3f:
19:ca:a9:b7:05:29:dd:11:f7:8c:47:09:8d:5f:f7:
7b:aa:3e:64:39:19:21:dd:8a:45:d7:1f:04:9d:75:
35:30:69:6b:07:45:75:51:28:aa:6d:42:9e:da:a7:
00:2f:db:27:e7:a5:e7:26:1c:a8:98:eb:c5:f3:a0:
21:08:7f:1e:8f:78:cc:cb:ce:b6:93:49:6c:b3:c6:
90:6f:3c:56:a1:91:d3:23:ef:11:60:36:d8:9e:97:
70:d0:c3:bc:f6:80:34:b0:9b:94:28:db:da:a2:91:
3d:35:82:d3:f5:ba:d4:c5:89:91:dc:3d:18:68:1f:
0d:34:5a:90:b2:5d:88:e8:36:9b:29:b2:f8:c6:c3:
82:77:2d:2a:45:ca:fb:7a:2a:2a:17:e4:b5:ac:62:
f6:82:7f:30:56:80:03:11:7d:45:2a:5b:7c:65:97:
c5:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:D2:22:F7:C7:4D:E2:C0:F4:4C:89:3B:D5:A9:2D:79:99:F1:D6:CC
X509v3 Authority Key Identifier:
keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/2NIi98dN4sD0TIk71akteZnx1sw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.64.0/22
92.119.108.0/22
152.89.100.0/22
185.29.68.0/22
185.69.8.0/22
185.88.52.0/22
185.110.76.0/22
185.223.240.0/22
185.227.8.0/22
IPv6:
2a04:41c0::/29
Signature Algorithm: sha256WithRSAEncryption
0f:ce:82:6e:07:ad:9d:3f:68:51:5f:4b:68:25:7a:66:0f:91:
07:90:c6:25:84:ed:9a:41:af:02:63:1c:44:4c:89:e2:06:99:
52:14:0d:74:97:16:70:2f:d5:fc:60:aa:6c:b1:d3:f7:2a:07:
81:3d:70:94:93:d2:39:96:14:e2:52:af:fb:12:04:d1:0b:56:
24:dc:fc:d9:09:39:91:a8:09:c5:bd:db:65:e5:6b:a5:30:1e:
54:83:b1:d8:9f:53:56:a9:2a:60:04:6c:e9:79:99:65:33:2c:
9b:5a:1e:fb:bd:93:32:c5:44:d1:86:b8:7b:cc:96:a6:58:b7:
9e:37:21:f8:49:19:4e:5d:97:36:14:4d:2c:9c:23:a8:1c:93:
4e:71:fd:30:a1:bd:78:e1:32:d3:a5:6c:13:77:c9:5a:0a:9b:
58:23:56:5e:c2:ae:c1:4d:e3:8b:bc:ab:1b:6f:e9:64:dd:31:
43:61:fb:b5:46:96:b9:0d:bf:08:59:6c:ea:a0:87:c0:7f:8c:
01:bd:47:b1:c0:e3:bf:6f:0b:83:15:77:f7:15:49:be:2d:cb:
36:44:9e:8b:ba:61:cc:26:a0:d6:df:b9:ba:9a:c2:70:8b:11:
39:44:c8:80:d1:80:7f:5d:a7:83:01:c8:cb:b0:8d:27:a1:ac:
99:3c:7c:e5
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZWzPdnHrQwoRMEbq1r4FWTwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMzIwMTEwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGQyMjJmN2M3NGRlMmMwZjQ0Yzg5M2JkNWE5MmQ3OTk5ZjFkNmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCuD2amWbq2jAfxsnSj2Yzpn5Jt9
55xvAQQYbVMsOofmLXiNGRFfxEaMsnSaoWzbutOd2VT3F6sdtCNPi/4eYRUQOimm
U3/vuJq2qAqIb1kzKNuokJyYvj8Zyqm3BSndEfeMRwmNX/d7qj5kORkh3YpF1x8E
nXU1MGlrB0V1USiqbUKe2qcAL9sn56XnJhyomOvF86AhCH8ej3jMy862k0lss8aQ
bzxWoZHTI+8RYDbYnpdw0MO89oA0sJuUKNvaopE9NYLT9brUxYmR3D0YaB8NNFqQ
sl2I6DabKbL4xsOCdy0qRcr7eioqF+S1rGL2gn8wVoADEX1FKlt8ZZfFTQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNjSIvfHTeLA9EyJO9WpLXmZ8dbMMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvMk5JaTk4ZE40c0QwVElrNzFha3RlWm54MXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCLUJAAwQC
XHdsAwQCmFlkAwQCuR1EAwQCuUUIAwQCuVg0AwQCuW5MAwQCud/wAwQCueMIMA0E
AgACMAcDBQMqBEHAMA0GCSqGSIb3DQEBCwUAA4IBAQAPzoJuB62dP2hRX0toJXpm
D5EHkMYlhO2aQa8CYxxETIniBplSFA10lxZwL9X8YKpssdP3KgeBPXCUk9I5lhTi
Uq/7EgTRC1Yk3PzZCTmRqAnFvdtl5WulMB5Ug7HYn1NWqSpgBGzpeZllMyybWh77
vZMyxUTRhrh7zJamWLeeNyH4SRlOXZc2FE0snCOoHJNOcf0wob144TLTpWwTd8la
CptYI1Zewq7BTeOLvKsbb+lk3TFDYfu1Rpa5Db8IWWzqoIfAf4wBvUexwOO/bwuD
FXf3FUm+Lcs2RJ6LumHMJqDW37m6msJwixE5RMiA0YB/XaeDAcjLsI0noayZPHzl
-----END CERTIFICATE-----
Generated at Wed Apr 16 06:42:13 2025 by rpki-client