Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/9AJVL74Koo20QslQbsW5LgWmuN0.roa
File: 9AJVL74Koo20QslQbsW5LgWmuN0.roa (raw, json)
Hash identifier: ywfcVkqztZIsa4yV5w7CN7DaKI/bsZeXQWa9VUzq1PU=
Subject key identifier: F4:02:55:2F:BE:0A:A2:8D:B4:42:C9:50:6E:C5:B9:2E:05:A6:B8:DD
Certificate issuer: /CN=db239685409f64ba1c3a54a8ef141c924e71d892
Certificate serial: 01942067FFE79B63F53D6A79D6811D9E9633
Authority key identifier: DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/9AJVL74Koo20QslQbsW5LgWmuN0.roa
Signing time: Wed 01 Jan 2025 05:47:54 +0000
ROA not before: Wed 01 Jan 2025 05:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35012
IP address blocks: 46.17.64.0/21 maxlen: 21
46.17.64.0/24 maxlen: 24
46.17.65.0/24 maxlen: 24
46.17.66.0/24 maxlen: 24
46.17.67.0/24 maxlen: 24
46.17.68.0/24 maxlen: 24
46.17.69.0/24 maxlen: 24
46.17.70.0/24 maxlen: 24
46.17.71.0/24 maxlen: 24
91.195.164.0/23 maxlen: 23
91.195.164.0/24 maxlen: 24
91.195.165.0/24 maxlen: 24
91.198.159.0/24 maxlen: 24
185.129.164.0/22 maxlen: 22
185.129.164.0/24 maxlen: 24
185.129.165.0/24 maxlen: 24
185.129.166.0/24 maxlen: 24
185.129.167.0/24 maxlen: 24
193.58.233.0/24 maxlen: 24
193.238.148.0/22 maxlen: 22
193.238.148.0/24 maxlen: 24
193.238.149.0/24 maxlen: 24
193.238.150.0/24 maxlen: 24
193.238.151.0/24 maxlen: 24
195.238.251.0/24 maxlen: 24
2a00:6000::/32 maxlen: 32
2a00:6000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl
rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.mft
rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 17:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:ff:e7:9b:63:f5:3d:6a:79:d6:81:1d:9e:96:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=db239685409f64ba1c3a54a8ef141c924e71d892
Validity
Not Before: Jan 1 05:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f402552fbe0aa28db442c9506ec5b92e05a6b8dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:96:9d:d9:68:a5:44:b9:c0:56:11:69:56:cc:
74:08:e3:30:47:8f:a4:ae:4d:58:bb:ad:95:1d:34:
cd:ab:bd:86:d4:c4:1c:d9:6d:64:81:4e:f3:af:25:
c4:76:c7:36:d2:68:54:be:0e:14:8c:89:9d:53:b1:
e6:98:50:82:af:ab:33:4d:8c:c2:24:92:c6:8a:cf:
67:1d:39:a2:8d:1e:17:08:8c:b4:b6:0d:9b:1b:0d:
83:b5:81:21:7b:44:d8:37:50:ef:1c:07:cb:3e:9b:
1a:16:9d:35:bb:4c:22:a7:0c:39:77:b5:2f:a5:15:
3f:68:8a:e1:2f:94:03:f7:db:cf:e7:be:f3:74:d8:
53:2d:f6:f4:53:99:fc:b6:bf:39:2f:6c:20:36:67:
1b:08:70:88:93:2b:86:7a:02:7f:8a:73:88:6d:cd:
95:b8:ea:a1:db:e4:0b:a3:11:ff:74:75:60:00:57:
98:15:c5:5a:9e:e8:6b:b8:98:dc:6f:19:cc:aa:19:
34:15:c6:f5:72:aa:f8:e2:44:dd:e3:43:a0:20:04:
7f:83:64:84:aa:c0:4d:e6:75:4c:60:77:10:13:dc:
d6:29:ac:ab:1a:9c:97:8e:78:4c:fc:08:5f:ce:83:
f8:d3:b7:a8:29:81:1f:c7:d5:c6:61:e9:ce:92:f9:
9a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:02:55:2F:BE:0A:A2:8D:B4:42:C9:50:6E:C5:B9:2E:05:A6:B8:DD
X509v3 Authority Key Identifier:
keyid:DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/9AJVL74Koo20QslQbsW5LgWmuN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.64.0/21
91.195.164.0/23
91.198.159.0/24
185.129.164.0/22
193.58.233.0/24
193.238.148.0/22
195.238.251.0/24
IPv6:
2a00:6000::/32
Signature Algorithm: sha256WithRSAEncryption
76:1b:8e:dc:9a:6f:64:27:06:b3:69:6f:b3:74:2e:f9:26:95:
6b:8d:d9:3b:dc:99:32:7c:5d:b9:e1:39:10:a4:86:91:c4:a9:
27:3b:f0:cb:30:67:06:2f:25:e9:18:6c:60:c4:cc:8d:64:2f:
02:a5:c9:80:30:27:ab:78:90:29:30:78:f1:f7:93:0f:eb:94:
f8:06:67:35:8e:01:3e:69:1a:ea:fc:d2:bf:6b:f6:52:1a:b5:
55:f5:e8:33:59:96:5d:7d:f0:71:ec:ac:be:d5:db:b2:e2:ba:
e0:49:e6:63:8b:50:85:e6:83:10:66:59:44:2a:ff:fc:27:db:
3e:20:ab:2e:c1:ca:3d:22:bb:27:64:e8:51:4b:fa:6b:5e:66:
64:e0:4b:c0:ee:1f:7a:26:21:ce:3e:00:45:74:6f:8f:92:6a:
b5:c1:48:62:dc:23:ad:ea:ef:2e:0e:ce:af:4b:6b:26:f3:5c:
4f:a2:d4:5f:24:55:42:8e:ad:6d:d8:2d:4f:03:c2:fd:2e:3c:
28:de:ce:b9:ac:2f:00:a7:9e:91:33:19:19:41:ad:c8:cc:ed:
7d:3f:a3:a1:e0:56:77:47:f9:90:42:dc:6a:25:94:9d:ac:0e:
7c:a2:26:b3:e0:18:d1:a7:d4:a3:c7:31:ab:52:c3:2c:04:96:
5e:92:50:d3
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQgZ//nm2P1PWp51oEdnpYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjM5Njg1NDA5ZjY0YmExYzNhNTRhOGVmMTQxYzkyNGU3
MWQ4OTIwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDAyNTUyZmJlMGFhMjhkYjQ0MmM5NTA2ZWM1YjkyZTA1YTZiOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZad2WilRLnAVhFpVsx0COMwR4+k
rk1Yu62VHTTNq72G1MQc2W1kgU7zryXEdsc20mhUvg4UjImdU7HmmFCCr6szTYzC
JJLGis9nHTmijR4XCIy0tg2bGw2DtYEhe0TYN1DvHAfLPpsaFp01u0wipww5d7Uv
pRU/aIrhL5QD99vP577zdNhTLfb0U5n8tr85L2wgNmcbCHCIkyuGegJ/inOIbc2V
uOqh2+QLoxH/dHVgAFeYFcVanuhruJjcbxnMqhk0Fcb1cqr44kTd40OgIAR/g2SE
qsBN5nVMYHcQE9zWKayrGpyXjnhM/AhfzoP407eoKYEfx9XGYenOkvma2QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFPQCVS++CqKNtELJUG7FuS4FprjdMB8GA1UdIwQY
MBaAFNsjloVAn2S6HDpUqO8UHJJOcdiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmIt
MmVmNDQ3ZTFiMDhjLzEvOUFKVkw3NEtvbzIwUXNsUWJzVzVMZ1dtdU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmItMmVmNDQ3ZTFiMDhj
LzEvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLhFAAwQB
W8OkAwQAW8afAwQCuYGkAwQAwTrpAwQCwe6UAwQAw+77MA0EAgACMAcDBQAqAGAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2G47cmm9kJwazaW+zdC75JpVrjdk73JkyfF25
4TkQpIaRxKknO/DLMGcGLyXpGGxgxMyNZC8CpcmAMCereJApMHjx95MP65T4Bmc1
jgE+aRrq/NK/a/ZSGrVV9egzWZZdffBx7Ky+1duy4rrgSeZji1CF5oMQZllEKv/8
J9s+IKsuwco9IrsnZOhRS/prXmZk4EvA7h96JiHOPgBFdG+Pkmq1wUhi3COt6u8u
Ds6vS2sm81xPotRfJFVCjq1t2C1PA8L9Ljwo3s65rC8Ap56RMxkZQa3IzO19P6Oh
4FZ3R/mQQtxqJZSdrA58oiaz4BjRp9SjxzGrUsMsBJZeklDT
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:46:08 2025 by rpki-client