Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/93149c-0829-4fcd-bd35-0f55ea33afe3/1/1FgrVACY6GX6cCkfjVp_PNMUkZ8.roa
File: 1FgrVACY6GX6cCkfjVp_PNMUkZ8.roa (raw, json)
Hash identifier: d2I0wmnqM3spvipArjFjFYyaGXGv03P9b0jZc/8LN6Y=
Subject key identifier: D4:58:2B:54:00:98:E8:65:FA:70:29:1F:8D:5A:7F:3C:D3:14:91:9F
Certificate issuer: /CN=1242466f8f8645c9f39f04874ddadf0d7136f67f
Certificate serial: 01941F8C5E55EC327C967564BA2C2C40DECE
Authority key identifier: 12:42:46:6F:8F:86:45:C9:F3:9F:04:87:4D:DA:DF:0D:71:36:F6:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EkJGb4-GRcnznwSHTdrfDXE29n8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/93149c-0829-4fcd-bd35-0f55ea33afe3/1/1FgrVACY6GX6cCkfjVp_PNMUkZ8.roa
Signing time: Wed 01 Jan 2025 01:48:00 +0000
ROA not before: Wed 01 Jan 2025 01:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206089
IP address blocks: 89.33.40.0/24 maxlen: 24
89.33.42.0/24 maxlen: 24
89.33.43.0/24 maxlen: 24
89.46.36.0/24 maxlen: 24
185.196.32.0/24 maxlen: 24
185.196.33.0/24 maxlen: 24
185.196.34.0/24 maxlen: 24
185.196.35.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e0/93149c-0829-4fcd-bd35-0f55ea33afe3/1/EkJGb4-GRcnznwSHTdrfDXE29n8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e0/93149c-0829-4fcd-bd35-0f55ea33afe3/1/EkJGb4-GRcnznwSHTdrfDXE29n8.mft
rsync://rpki.ripe.net/repository/DEFAULT/EkJGb4-GRcnznwSHTdrfDXE29n8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 22:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:5e:55:ec:32:7c:96:75:64:ba:2c:2c:40:de:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1242466f8f8645c9f39f04874ddadf0d7136f67f
Validity
Not Before: Jan 1 01:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4582b540098e865fa70291f8d5a7f3cd314919f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:c4:2f:b7:8a:cb:ea:fa:6d:ea:20:c9:7d:78:
73:a6:b0:be:54:70:d0:df:0c:a1:d9:7e:20:3d:14:
7b:e0:37:b2:12:60:7b:bd:d8:a1:33:10:0a:ed:85:
03:98:ed:47:1f:af:9b:22:a3:05:b6:10:0e:10:e4:
8a:83:ca:b6:1f:8e:26:3c:c0:b0:20:9b:11:51:e1:
ea:73:24:af:e5:22:50:59:79:30:24:21:9c:56:80:
fa:ac:4a:7f:56:0e:d5:39:41:73:b4:27:4a:84:a1:
1d:33:af:6e:49:7b:46:b9:92:3b:1a:a5:9a:01:12:
17:93:f3:9a:2b:fa:b7:d4:9b:7d:5d:df:e3:19:75:
b2:aa:83:86:73:ac:56:78:83:6b:04:42:df:f5:2e:
05:c0:a6:13:3e:d1:66:d9:64:8c:53:bb:2a:ce:ff:
e5:f6:ac:b9:be:aa:2a:e4:da:24:9a:22:0d:83:25:
6b:a5:7b:c3:0b:e9:9d:b3:65:83:18:cc:46:53:2e:
cf:07:03:17:f6:b0:da:55:2f:6a:be:dd:94:d6:2d:
00:4d:28:42:df:07:be:9c:bc:e9:a0:f4:eb:e2:cf:
45:fb:d5:ea:79:69:a8:c3:ea:f2:f2:d6:7e:36:4c:
f6:91:75:6f:0f:75:0f:68:e7:e7:6d:d7:bd:a6:b2:
c4:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:58:2B:54:00:98:E8:65:FA:70:29:1F:8D:5A:7F:3C:D3:14:91:9F
X509v3 Authority Key Identifier:
keyid:12:42:46:6F:8F:86:45:C9:F3:9F:04:87:4D:DA:DF:0D:71:36:F6:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EkJGb4-GRcnznwSHTdrfDXE29n8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/93149c-0829-4fcd-bd35-0f55ea33afe3/1/1FgrVACY6GX6cCkfjVp_PNMUkZ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/93149c-0829-4fcd-bd35-0f55ea33afe3/1/EkJGb4-GRcnznwSHTdrfDXE29n8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.40.0/24
89.33.42.0/23
89.46.36.0/24
185.196.32.0/22
Signature Algorithm: sha256WithRSAEncryption
88:18:56:62:6b:00:fd:55:f1:b2:df:bf:9a:5d:1f:9f:89:36:
e2:61:a9:73:cb:8c:83:53:a3:f9:33:1e:fb:77:f8:da:e8:68:
44:23:29:05:26:13:1e:73:05:68:e6:4b:ee:b5:cc:ba:53:3e:
55:d8:f9:f9:e1:3d:e9:6c:6f:1c:ac:db:c7:3a:c1:ee:68:e9:
c3:4c:ed:f3:50:82:ee:ad:92:de:a9:8a:79:a1:a1:00:db:be:
44:bd:ac:ed:23:5c:f3:ff:7a:ed:13:fe:85:8a:80:6e:6b:79:
0b:33:72:2c:5a:89:f9:0a:09:df:24:10:f8:17:fe:3d:2d:86:
a5:0e:24:00:bb:13:bc:1c:00:ac:c4:87:bd:d9:73:aa:7d:45:
d8:0d:67:0c:a7:7e:70:94:d5:bc:e3:0d:ba:7e:fd:0d:ea:fc:
35:ee:d9:9a:a5:aa:f0:ba:c7:88:a0:95:c4:6c:ba:2d:cb:4f:
2b:55:0d:47:42:99:a3:6d:7c:d2:1c:b1:2e:48:02:89:98:08:
c0:28:db:88:d7:07:b8:d4:25:62:05:79:ee:d9:e6:50:c5:48:
fb:30:e3:46:92:6c:8e:66:d2:81:cc:62:39:4f:c1:25:cd:48:
90:dd:95:66:af:b6:02:a8:c7:48:74:7d:7e:05:fb:96:f6:a4:
58:d8:70:0a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQfjF5V7DJ8lnVkuiwsQN7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNDI0NjZmOGY4NjQ1YzlmMzlmMDQ4NzRkZGFkZjBkNzEz
NmY2N2YwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU4MmI1NDAwOThlODY1ZmE3MDI5MWY4ZDVhN2YzY2QzMTQ5MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcQvt4rL6vpt6iDJfXhzprC+VHDQ
3wyh2X4gPRR74DeyEmB7vdihMxAK7YUDmO1HH6+bIqMFthAOEOSKg8q2H44mPMCw
IJsRUeHqcySv5SJQWXkwJCGcVoD6rEp/Vg7VOUFztCdKhKEdM69uSXtGuZI7GqWa
ARIXk/OaK/q31Jt9Xd/jGXWyqoOGc6xWeINrBELf9S4FwKYTPtFm2WSMU7sqzv/l
9qy5vqoq5NokmiINgyVrpXvDC+mds2WDGMxGUy7PBwMX9rDaVS9qvt2U1i0ATShC
3we+nLzpoPTr4s9F+9XqeWmow+ry8tZ+Nkz2kXVvD3UPaOfnbde9prLEuwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNRYK1QAmOhl+nApH41afzzTFJGfMB8GA1UdIwQY
MBaAFBJCRm+PhkXJ858Eh03a3w1xNvZ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWtKR2I0LUdSY256bndTSFRkcmZEWEUyOW44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85MzE0OWMtMDgyOS00ZmNkLWJkMzUt
MGY1NWVhMzNhZmUzLzEvMUZnclZBQ1k2R1g2Y0NrZmpWcF9QTk1Va1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85MzE0OWMtMDgyOS00ZmNkLWJkMzUtMGY1NWVhMzNhZmUz
LzEvRWtKR2I0LUdSY256bndTSFRkcmZEWEUyOW44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSEoAwQB
WSEqAwQAWS4kAwQCucQgMA0GCSqGSIb3DQEBCwUAA4IBAQCIGFZiawD9VfGy37+a
XR+fiTbiYalzy4yDU6P5Mx77d/ja6GhEIykFJhMecwVo5kvutcy6Uz5V2Pn54T3p
bG8crNvHOsHuaOnDTO3zUILurZLeqYp5oaEA275EvaztI1zz/3rtE/6FioBua3kL
M3IsWon5CgnfJBD4F/49LYalDiQAuxO8HACsxIe92XOqfUXYDWcMp35wlNW84w26
fv0N6vw17tmaparwuseIoJXEbLoty08rVQ1HQpmjbXzSHLEuSAKJmAjAKNuI1we4
1CViBXnu2eZQxUj7MONGkmyOZtKBzGI5T8ElzUiQ3ZVmr7YCqMdIdH1+BfuW9qRY
2HAK
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:10:24 2025 by rpki-client