Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ee6c6a-fb55-4dc8-9dcf-22e7a37e8e38/1/INh9G5iQoMvQ_1itqGn6rIFWztw.roa
File: INh9G5iQoMvQ_1itqGn6rIFWztw.roa (raw, json)
Hash identifier: DlHpU6WxKqPj/r93yoW9dLdgNHjiaW8IJyXbLuzYYAg=
Subject key identifier: 20:D8:7D:1B:98:90:A0:CB:D0:FF:58:AD:A8:69:FA:AC:81:56:CE:DC
Certificate issuer: /CN=b7cc2da2bdb97be912a2d942ebe7eafa4651e885
Certificate serial: 0194228D64C4F95FCD4DCF18ECD77DC14368
Authority key identifier: B7:CC:2D:A2:BD:B9:7B:E9:12:A2:D9:42:EB:E7:EA:FA:46:51:E8:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t8wtor25e-kSotlC6-fq-kZR6IU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/ee6c6a-fb55-4dc8-9dcf-22e7a37e8e38/1/INh9G5iQoMvQ_1itqGn6rIFWztw.roa
Signing time: Wed 01 Jan 2025 15:47:59 +0000
ROA not before: Wed 01 Jan 2025 15:47:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44314
IP address blocks: 79.170.176.0/21 maxlen: 21
79.170.176.0/22 maxlen: 22
79.170.176.0/23 maxlen: 23
79.170.176.0/24 maxlen: 24
79.170.177.0/24 maxlen: 24
79.170.178.0/23 maxlen: 23
79.170.178.0/24 maxlen: 24
79.170.179.0/24 maxlen: 24
79.170.180.0/22 maxlen: 22
79.170.180.0/23 maxlen: 23
79.170.180.0/24 maxlen: 24
79.170.181.0/24 maxlen: 24
79.170.182.0/23 maxlen: 23
79.170.182.0/24 maxlen: 24
79.170.183.0/24 maxlen: 24
185.83.52.0/22 maxlen: 22
185.83.52.0/23 maxlen: 23
185.83.52.0/24 maxlen: 24
185.83.53.0/24 maxlen: 24
185.83.54.0/23 maxlen: 23
185.83.54.0/24 maxlen: 24
185.83.55.0/24 maxlen: 24
2a01:4e8::/32 maxlen: 32
2a01:4e8::/33 maxlen: 33
2a01:4e8::/34 maxlen: 34
2a01:4e8:127::/48 maxlen: 48
2a01:4e8:182::/48 maxlen: 48
2a01:4e8:f1d::/48 maxlen: 48
2a01:4e8:3a4d::/48 maxlen: 48
2a01:4e8:4000::/34 maxlen: 34
2a01:4e8:8000::/33 maxlen: 33
2a01:4e8:8000::/34 maxlen: 34
2a01:4e8:bce0::/48 maxlen: 48
2a01:4e8:c000::/34 maxlen: 34
2a01:4e8:c0c0::/48 maxlen: 48
2a01:4e8:c22c::/48 maxlen: 48
2a01:4e8:cafe::/48 maxlen: 48
2a01:4e8:cccc::/48 maxlen: 48
2a01:4e8:cda8::/48 maxlen: 48
2a01:4e8:feed::/48 maxlen: 48
2a01:4e8:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/ee6c6a-fb55-4dc8-9dcf-22e7a37e8e38/1/t8wtor25e-kSotlC6-fq-kZR6IU.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/ee6c6a-fb55-4dc8-9dcf-22e7a37e8e38/1/t8wtor25e-kSotlC6-fq-kZR6IU.mft
rsync://rpki.ripe.net/repository/DEFAULT/t8wtor25e-kSotlC6-fq-kZR6IU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:64:c4:f9:5f:cd:4d:cf:18:ec:d7:7d:c1:43:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b7cc2da2bdb97be912a2d942ebe7eafa4651e885
Validity
Not Before: Jan 1 15:47:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20d87d1b9890a0cbd0ff58ada869faac8156cedc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:23:bc:3d:b7:a9:5b:9b:8e:a4:15:9c:88:82:
a3:26:bb:1a:f6:7e:a7:00:09:61:7b:eb:e1:9b:8d:
f7:3b:d5:7f:82:99:55:97:32:07:7b:38:ce:23:24:
87:1b:fa:a5:2f:fc:1a:4e:8a:06:c5:c6:68:0f:d2:
ab:dc:16:21:e8:f5:7e:a6:8b:d9:9f:0b:21:58:15:
d0:ae:3f:d2:14:81:a9:dd:09:e4:0b:ad:8f:b2:27:
b2:53:20:f1:0c:4a:01:cb:e0:b4:fa:62:a4:5d:dc:
e3:a9:2d:4a:64:c1:0c:bf:f4:c5:34:95:34:b9:1c:
a4:1b:7f:96:8b:24:59:de:5e:83:99:99:dd:9b:f6:
41:b5:69:b9:bf:1b:c1:51:08:52:e1:b3:4c:3a:ec:
d3:45:80:9e:3d:03:90:a2:46:28:f0:d0:92:36:ff:
51:1b:a4:33:da:86:3a:5a:3d:0c:88:c4:f6:c5:b0:
7a:cb:1f:47:1b:9e:86:7a:02:1a:ac:f5:5c:e7:59:
97:23:60:8f:af:ac:77:6f:38:44:f3:85:ed:9e:3c:
bf:ce:e8:df:70:17:0a:d2:52:f1:54:85:36:0a:cb:
54:32:79:6d:c1:84:ec:53:38:ad:89:ab:d2:52:95:
67:17:ec:f1:bc:13:00:3f:ee:5b:ac:2a:cc:d5:d2:
87:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:D8:7D:1B:98:90:A0:CB:D0:FF:58:AD:A8:69:FA:AC:81:56:CE:DC
X509v3 Authority Key Identifier:
keyid:B7:CC:2D:A2:BD:B9:7B:E9:12:A2:D9:42:EB:E7:EA:FA:46:51:E8:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t8wtor25e-kSotlC6-fq-kZR6IU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ee6c6a-fb55-4dc8-9dcf-22e7a37e8e38/1/INh9G5iQoMvQ_1itqGn6rIFWztw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ee6c6a-fb55-4dc8-9dcf-22e7a37e8e38/1/t8wtor25e-kSotlC6-fq-kZR6IU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.170.176.0/21
185.83.52.0/22
IPv6:
2a01:4e8::/32
Signature Algorithm: sha256WithRSAEncryption
3b:2d:15:a4:b8:3c:b3:d3:65:6a:a9:a0:3e:d9:02:72:82:ad:
27:e1:f8:15:5a:89:91:f5:5a:4f:22:7d:24:fd:64:73:20:df:
17:39:38:6f:b7:e6:53:22:99:fc:77:d0:c9:8f:bf:63:51:52:
09:09:c1:f7:59:e0:55:54:b1:e5:83:d4:19:44:85:77:5b:4a:
a3:24:80:5f:9e:28:64:14:05:87:15:b3:f9:c4:6b:f4:7a:54:
53:54:ce:77:3e:f1:0f:ce:fd:ba:1f:4b:3f:0f:84:55:02:a7:
c9:31:1b:32:e2:17:6a:cd:0d:61:9e:85:04:ca:1d:a4:b7:58:
15:d6:40:66:8c:1f:96:0e:9c:b1:23:cc:96:2a:77:6d:a5:6d:
dd:ee:13:0c:2f:ea:d9:a9:40:d8:14:8b:58:1f:78:e3:6e:13:
60:4f:05:db:c1:53:82:6b:c1:5e:45:2b:d4:79:8d:55:07:bb:
4c:b3:33:b1:f3:bc:1b:01:ee:a4:ab:fc:17:51:28:51:97:e9:
0c:59:65:39:e7:b7:5a:d5:1b:83:db:e0:9d:3e:56:b4:f8:5e:
09:5b:95:b4:ff:4a:9f:de:ff:63:45:85:6b:bd:a0:3a:88:7e:
13:85:d0:38:99:56:69:db:4f:91:6a:1b:d5:f9:d8:17:b3:39:
66:46:93:8e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijWTE+V/NTc8Y7Nd9wUNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Y2MyZGEyYmRiOTdiZTkxMmEyZDk0MmViZTdlYWZhNDY1
MWU4ODUwHhcNMjUwMTAxMTU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGQ4N2QxYjk4OTBhMGNiZDBmZjU4YWRhODY5ZmFhYzgxNTZjZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSO8PbepW5uOpBWciIKjJrsa9n6n
AAlhe+vhm433O9V/gplVlzIHezjOIySHG/qlL/waTooGxcZoD9Kr3BYh6PV+povZ
nwshWBXQrj/SFIGp3QnkC62PsieyUyDxDEoBy+C0+mKkXdzjqS1KZMEMv/TFNJU0
uRykG3+WiyRZ3l6DmZndm/ZBtWm5vxvBUQhS4bNMOuzTRYCePQOQokYo8NCSNv9R
G6Qz2oY6Wj0MiMT2xbB6yx9HG56GegIarPVc51mXI2CPr6x3bzhE84Xtnjy/zujf
cBcK0lLxVIU2CstUMnltwYTsUzitiavSUpVnF+zxvBMAP+5brCrM1dKH0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCDYfRuYkKDL0P9Yrahp+qyBVs7cMB8GA1UdIwQY
MBaAFLfMLaK9uXvpEqLZQuvn6vpGUeiFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDh3dG9yMjVlLWtTb3RsQzYtZnEta1pSNklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9lZTZjNmEtZmI1NS00ZGM4LTlkY2Yt
MjJlN2EzN2U4ZTM4LzEvSU5oOUc1aVFvTXZRXzFpdHFHbjZySUZXenR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9lZTZjNmEtZmI1NS00ZGM4LTlkY2YtMjJlN2EzN2U4ZTM4
LzEvdDh3dG9yMjVlLWtTb3RsQzYtZnEta1pSNklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT6qwAwQC
uVM0MA0EAgACMAcDBQAqAQToMA0GCSqGSIb3DQEBCwUAA4IBAQA7LRWkuDyz02Vq
qaA+2QJygq0n4fgVWomR9VpPIn0k/WRzIN8XOThvt+ZTIpn8d9DJj79jUVIJCcH3
WeBVVLHlg9QZRIV3W0qjJIBfnihkFAWHFbP5xGv0elRTVM53PvEPzv26H0s/D4RV
AqfJMRsy4hdqzQ1hnoUEyh2kt1gV1kBmjB+WDpyxI8yWKndtpW3d7hMML+rZqUDY
FItYH3jjbhNgTwXbwVOCa8FeRSvUeY1VB7tMszOx87wbAe6kq/wXUShRl+kMWWU5
57da1RuD2+CdPla0+F4JW5W0/0qf3v9jRYVrvaA6iH4ThdA4mVZp20+RahvV+dgX
szlmRpOO
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:37:02 2025 by rpki-client