Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/FWiPIHCHDr0uKdyZ_foi8pOa3qE.roa
File: FWiPIHCHDr0uKdyZ_foi8pOa3qE.roa (raw, json)
Hash identifier: DmpIUKQykitdg60h0JYisIxDWolUrUFXqS52YO726hw=
Subject key identifier: 15:68:8F:20:70:87:0E:BD:2E:29:DC:99:FD:FA:22:F2:93:9A:DE:A1
Certificate issuer: /CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
Certificate serial: 019482CC626F0E59E223D51D2A89113CDAC4
Authority key identifier: 79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/FWiPIHCHDr0uKdyZ_foi8pOa3qE.roa
Signing time: Mon 20 Jan 2025 08:20:20 +0000
ROA not before: Mon 20 Jan 2025 08:20:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41678
IP address blocks: 89.185.128.0/21 maxlen: 21
89.185.129.0/24 maxlen: 24
89.185.136.0/21 maxlen: 21
89.185.143.0/24 maxlen: 24
89.185.144.0/20 maxlen: 20
89.185.154.0/24 maxlen: 24
89.185.157.0/24 maxlen: 24
194.46.0.0/19 maxlen: 19
194.46.96.0/20 maxlen: 20
194.46.112.0/21 maxlen: 21
194.46.112.0/22 maxlen: 22
194.46.132.0/22 maxlen: 22
194.46.152.0/22 maxlen: 22
194.46.160.0/24 maxlen: 24
194.46.161.0/24 maxlen: 24
194.46.164.0/22 maxlen: 22
194.46.168.0/21 maxlen: 21
194.46.176.0/20 maxlen: 20
212.108.64.0/20 maxlen: 20
212.108.77.0/24 maxlen: 24
212.108.92.0/22 maxlen: 22
212.108.94.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/eXpIzBPiAOLT84r4MxjRvK9vYzE.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/eXpIzBPiAOLT84r4MxjRvK9vYzE.mft
rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 20:22:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:82:cc:62:6f:0e:59:e2:23:d5:1d:2a:89:11:3c:da:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
Validity
Not Before: Jan 20 08:20:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=15688f2070870ebd2e29dc99fdfa22f2939adea1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:1e:6c:d1:f5:9f:6f:eb:80:b5:99:5f:83:08:
af:ee:04:c8:e9:a2:d7:8e:00:e8:fb:dc:cb:54:0f:
8d:ed:bf:32:42:c6:c2:1f:12:a7:f3:b3:ce:1c:7f:
86:75:1c:02:83:9c:0a:f4:66:c6:09:3b:d6:3e:a3:
c0:1b:35:24:ec:1f:f6:d6:7c:e7:73:31:9f:5a:83:
ff:74:42:24:93:29:a7:5b:cc:bb:ee:55:0f:af:1d:
1b:ff:7e:32:00:72:ec:ea:e4:b1:3f:b2:12:38:08:
3a:fc:b7:8a:cb:24:d2:75:31:74:c6:ac:c3:60:47:
0b:ae:d2:1c:53:c1:0d:84:2c:4d:55:66:a9:54:bf:
09:1f:39:ce:9c:97:a9:84:1b:6f:df:95:63:29:96:
6a:8e:79:26:6b:47:61:37:8d:ef:e7:7d:37:87:62:
67:d0:cf:ad:a4:f2:f7:50:ab:59:15:de:0f:8b:96:
dc:07:a6:10:c5:6b:38:a9:e9:f0:55:bb:d7:6f:0c:
5c:15:86:20:d5:ee:32:7b:02:eb:8a:18:be:72:59:
f0:1f:1e:ce:04:f7:e0:ef:18:69:3e:45:01:48:f0:
cf:f5:c0:54:9b:6c:16:7b:fb:1f:8d:d3:c8:6a:7a:
f3:12:74:12:36:16:56:7b:09:3c:e8:c9:d4:97:b5:
c5:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:68:8F:20:70:87:0E:BD:2E:29:DC:99:FD:FA:22:F2:93:9A:DE:A1
X509v3 Authority Key Identifier:
keyid:79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/FWiPIHCHDr0uKdyZ_foi8pOa3qE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/eXpIzBPiAOLT84r4MxjRvK9vYzE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.185.128.0/19
194.46.0.0/19
194.46.96.0-194.46.119.255
194.46.132.0/22
194.46.152.0/22
194.46.160.0/23
194.46.164.0-194.46.191.255
212.108.64.0/20
212.108.92.0/22
Signature Algorithm: sha256WithRSAEncryption
a3:1c:fd:39:ad:05:2f:a9:09:30:fa:ce:9a:26:c7:fd:4e:66:
fb:16:35:ea:7e:b4:42:6e:d3:73:a8:f9:2b:5a:e7:75:78:30:
8d:29:9b:a6:d3:c8:c1:b8:1e:06:f7:fd:73:d0:79:b5:2b:b6:
d2:1b:e0:83:74:94:02:53:24:e5:5a:c7:89:4b:c3:40:3c:cf:
40:1e:68:30:2c:3d:ac:05:29:76:c7:e5:c4:95:02:d3:96:01:
f9:d0:65:48:7e:b3:8c:c4:60:29:c8:01:e9:0b:b0:e5:33:cf:
cd:72:9f:85:0b:d4:91:6d:09:ef:45:85:3f:63:2b:96:3b:0b:
a5:91:6a:7a:b0:7e:84:e7:ac:0e:6f:c4:b4:a2:7f:60:93:d3:
87:82:88:0e:c1:1f:38:e8:f8:b9:d5:64:15:3f:39:5f:85:c7:
0a:d6:d9:f1:5e:62:db:f8:c3:c3:89:5f:a8:20:17:85:13:46:
83:bd:5a:2f:c1:ae:9d:67:95:ca:1a:2c:5f:78:97:33:15:56:
74:2a:88:97:b7:6c:a4:d8:21:a3:a0:6a:f9:a3:5d:6a:26:1a:
3b:2c:2a:e4:75:fd:3a:1e:1c:fc:2c:2a:95:e7:53:b8:0c:68:
ff:cd:e8:f9:7d:13:18:ac:2f:a3:98:f2:8c:86:25:6e:ab:75:
69:85:30:a0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZSCzGJvDlniI9UdKokRPNrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5N2E0OGNjMTNlMjAwZTJkM2YzOGFmODMzMThkMWJjYWY2
ZjYzMzEwHhcNMjUwMTIwMDgyMDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTY4OGYyMDcwODcwZWJkMmUyOWRjOTlmZGZhMjJmMjkzOWFkZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2B5s0fWfb+uAtZlfgwiv7gTI6aLX
jgDo+9zLVA+N7b8yQsbCHxKn87POHH+GdRwCg5wK9GbGCTvWPqPAGzUk7B/21nzn
czGfWoP/dEIkkymnW8y77lUPrx0b/34yAHLs6uSxP7ISOAg6/LeKyyTSdTF0xqzD
YEcLrtIcU8ENhCxNVWapVL8JHznOnJephBtv35VjKZZqjnkma0dhN43v5303h2Jn
0M+tpPL3UKtZFd4Pi5bcB6YQxWs4qenwVbvXbwxcFYYg1e4yewLrihi+clnwHx7O
BPfg7xhpPkUBSPDP9cBUm2wWe/sfjdPIanrzEnQSNhZWewk86MnUl7XFzQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBVojyBwhw69Lincmf36IvKTmt6hMB8GA1UdIwQY
MBaAFHl6SMwT4gDi0/OK+DMY0byvb2MxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhwSXpCUGlBT0xUODRyNE14alJ2Szl2WXpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iOWNlYTAtNjkyOC00NTg0LWIzMjEt
N2Q3ZjRiNjM0ODQ5LzEvRldpUElIQ0hEcjB1S2R5Wl9mb2k4cE9hM3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iOWNlYTAtNjkyOC00NTg0LWIzMjEtN2Q3ZjRiNjM0ODQ5
LzEvZVhwSXpCUGlBT0xUODRyNE14alJ2Szl2WXpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQFWbmAAwQF
wi4AMAwDBAXCLmADBAPCLnADBALCLoQDBALCLpgDBAHCLqAwDAMEAsIupAMEBsIu
gAMEBNRsQAMEAtRsXDANBgkqhkiG9w0BAQsFAAOCAQEAoxz9Oa0FL6kJMPrOmibH
/U5m+xY16n60Qm7Tc6j5K1rndXgwjSmbptPIwbgeBvf9c9B5tSu20hvgg3SUAlMk
5VrHiUvDQDzPQB5oMCw9rAUpdsflxJUC05YB+dBlSH6zjMRgKcgB6Quw5TPPzXKf
hQvUkW0J70WFP2MrljsLpZFqerB+hOesDm/EtKJ/YJPTh4KIDsEfOOj4udVkFT85
X4XHCtbZ8V5i2/jDw4lfqCAXhRNGg71aL8GunWeVyhosX3iXMxVWdCqIl7dspNgh
o6Bq+aNdaiYaOywq5HX9Oh4c/CwqledTuAxo/83o+X0TGKwvo5jyjIYlbqt1aYUw
oA==
-----END CERTIFICATE-----
Generated at Wed Apr 23 02:55:18 2025 by rpki-client