Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/aCzvft-4bbV7rBYNhvjtTU8ZwVY.roa
File: aCzvft-4bbV7rBYNhvjtTU8ZwVY.roa (raw, json)
Hash identifier: LyfD0ZqEZ95kmtswsVkI/tj5kthO2U488G+9z2mp6gg=
Subject key identifier: 68:2C:EF:7E:DF:B8:6D:B5:7B:AC:16:0D:86:F8:ED:4D:4F:19:C1:56
Certificate issuer: /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial: 0194221F877284189D3A6C2178B824E8EB8C
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/aCzvft-4bbV7rBYNhvjtTU8ZwVY.roa
Signing time: Wed 01 Jan 2025 13:47:59 +0000
ROA not before: Wed 01 Jan 2025 13:47:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25206
IP address blocks: 89.252.216.0/22 maxlen: 22
89.252.216.0/24 maxlen: 24
89.252.217.0/24 maxlen: 24
89.252.218.0/24 maxlen: 24
89.252.219.0/24 maxlen: 24
89.252.232.0/21 maxlen: 21
89.252.232.0/22 maxlen: 22
89.252.232.0/24 maxlen: 24
89.252.233.0/24 maxlen: 24
89.252.234.0/24 maxlen: 24
89.252.235.0/24 maxlen: 24
89.252.236.0/24 maxlen: 24
89.252.237.0/24 maxlen: 24
89.252.238.0/24 maxlen: 24
89.252.239.0/24 maxlen: 24
89.252.248.0/22 maxlen: 22
89.252.248.0/24 maxlen: 24
89.252.249.0/24 maxlen: 24
89.252.250.0/24 maxlen: 24
89.252.251.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:87:72:84:18:9d:3a:6c:21:78:b8:24:e8:eb:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Validity
Not Before: Jan 1 13:47:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=682cef7edfb86db57bac160d86f8ed4d4f19c156
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:74:70:6a:a6:4e:1f:63:ef:f2:7b:7c:27:07:
ee:7d:c1:a6:bf:83:1b:76:dd:a4:1d:8a:fd:2a:58:
71:ef:2f:b3:1e:3b:34:ca:a5:90:7e:f2:54:32:b0:
ff:2a:47:36:9a:54:c1:a7:02:d2:56:d4:0a:d2:60:
03:08:f9:d7:74:cc:f6:dc:47:4c:fb:bf:6a:3b:ba:
ac:de:9a:1e:f6:05:7f:e0:49:b9:dd:e6:e2:a4:99:
04:1c:13:4b:ec:63:e0:79:a8:5f:f8:08:12:81:ba:
7f:af:4f:5d:1c:2e:b2:67:de:5e:ea:e5:fb:fd:73:
12:4d:57:41:ad:78:49:6b:bd:52:c6:36:8f:e8:cb:
45:9e:77:3e:bd:b1:a2:61:0b:14:5a:1f:ef:d8:51:
07:84:d6:21:b7:ca:6e:71:45:0a:df:69:c5:65:ec:
be:8d:49:e9:74:14:34:f0:dd:4d:e1:58:bd:c1:9d:
14:0f:4c:25:c7:12:a0:02:f7:a0:9b:d3:c7:ad:13:
a5:6b:8a:9c:ed:df:57:31:0f:74:23:9d:21:5e:ac:
0f:d8:10:47:2a:63:55:b2:b2:af:06:91:92:6f:7c:
4b:76:1c:3c:b4:24:f0:be:06:25:e7:95:3a:8c:6f:
b3:7b:73:8e:d7:83:ef:ab:93:18:5d:d3:c7:1e:14:
94:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:2C:EF:7E:DF:B8:6D:B5:7B:AC:16:0D:86:F8:ED:4D:4F:19:C1:56
X509v3 Authority Key Identifier:
keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/aCzvft-4bbV7rBYNhvjtTU8ZwVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.252.216.0/22
89.252.232.0/21
89.252.248.0/22
Signature Algorithm: sha256WithRSAEncryption
16:3f:c2:bb:96:25:5c:57:19:49:8a:d8:32:cc:fc:f0:cd:30:
7e:40:43:ba:24:b1:a1:f6:67:b4:20:4a:c1:05:5b:e0:ac:c5:
db:66:87:92:82:5c:7e:cd:4a:c0:dd:28:57:6c:25:e8:68:d4:
d9:20:90:fa:2b:a3:3f:1c:15:d0:1c:19:da:9b:14:5e:a3:0a:
a7:cf:cf:91:c8:17:4a:d4:3b:d5:d7:f9:fb:5b:f7:d7:15:af:
fb:6d:69:3e:97:86:df:1b:b6:cb:5b:b9:5d:e0:25:cd:e6:14:
d5:a6:60:8f:4b:ca:6f:cb:04:f3:99:8c:65:94:6e:52:55:10:
ce:e8:5a:90:82:5c:61:86:ec:07:df:4e:58:1c:46:13:0a:ca:
a3:71:75:e8:cd:fe:20:9b:a7:cd:c6:81:5e:79:db:32:34:61:
19:f3:0a:aa:d1:8d:f6:cf:37:ad:a5:9d:a6:67:79:26:b0:c4:
ee:e9:a8:35:2a:36:f7:74:91:1b:e9:4c:78:51:3b:70:b8:0e:
33:c9:8e:24:58:e3:a4:bb:3d:e7:8f:78:32:cf:2c:50:ef:49:
6b:9c:63:5d:cf:b3:13:45:81:fb:c0:24:97:d2:bc:da:8d:9b:
09:9c:1a:32:a4:53:06:ff:e7:1b:e4:7f:b8:a5:d3:dc:c9:d4:
d1:63:01:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiH4dyhBidOmwheLgk6OuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJjZWY3ZWRmYjg2ZGI1N2JhYzE2MGQ4NmY4ZWQ0ZDRmMTljMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinRwaqZOH2Pv8nt8JwfufcGmv4Mb
dt2kHYr9Klhx7y+zHjs0yqWQfvJUMrD/Kkc2mlTBpwLSVtQK0mADCPnXdMz23EdM
+79qO7qs3poe9gV/4Em53ebipJkEHBNL7GPgeahf+AgSgbp/r09dHC6yZ95e6uX7
/XMSTVdBrXhJa71SxjaP6MtFnnc+vbGiYQsUWh/v2FEHhNYht8pucUUK32nFZey+
jUnpdBQ08N1N4Vi9wZ0UD0wlxxKgAvegm9PHrROla4qc7d9XMQ90I50hXqwP2BBH
KmNVsrKvBpGSb3xLdhw8tCTwvgYl55U6jG+ze3OO14Pvq5MYXdPHHhSUVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGgs737fuG21e6wWDYb47U1PGcFWMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvYUN6dmZ0LTRiYlY3ckJZTmh2anRUVThad1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCWfzYAwQD
WfzoAwQCWfz4MA0GCSqGSIb3DQEBCwUAA4IBAQAWP8K7liVcVxlJitgyzPzwzTB+
QEO6JLGh9me0IErBBVvgrMXbZoeSglx+zUrA3ShXbCXoaNTZIJD6K6M/HBXQHBna
mxReowqnz8+RyBdK1DvV1/n7W/fXFa/7bWk+l4bfG7bLW7ld4CXN5hTVpmCPS8pv
ywTzmYxllG5SVRDO6FqQglxhhuwH305YHEYTCsqjcXXozf4gm6fNxoFeedsyNGEZ
8wqq0Y32zzetpZ2mZ3kmsMTu6ag1Kjb3dJEb6Ux4UTtwuA4zyY4kWOOkuz3nj3gy
zyxQ70lrnGNdz7MTRYH7wCSX0rzajZsJnBoypFMG/+cb5H+4pdPcydTRYwHs
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:17:34 2025 by rpki-client