Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/623561-0715-4277-a0be-3411c6fb4fca/1/2eW0jHQdI0PX8UwWvlZQ4skR9I8.roa
File: 2eW0jHQdI0PX8UwWvlZQ4skR9I8.roa (raw, json)
Hash identifier: +WLJjWRtmXlHhquy3CtPGHVAGrkpSztXcIg8okyclX8=
Subject key identifier: D9:E5:B4:8C:74:1D:23:43:D7:F1:4C:16:BE:56:50:E2:C9:11:F4:8F
Certificate issuer: /CN=7abe11843dbe80340b2460fc160ec6b9b88f222a
Certificate serial: 0194F4A5059DC17B05FAF45F7D708206493C
Authority key identifier: 7A:BE:11:84:3D:BE:80:34:0B:24:60:FC:16:0E:C6:B9:B8:8F:22:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/er4RhD2-gDQLJGD8Fg7GubiPIio.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/623561-0715-4277-a0be-3411c6fb4fca/1/2eW0jHQdI0PX8UwWvlZQ4skR9I8.roa
Signing time: Tue 11 Feb 2025 10:54:03 +0000
ROA not before: Tue 11 Feb 2025 10:54:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213744
IP address blocks: 91.142.129.0/24 maxlen: 24
212.233.68.0/22 maxlen: 22
212.233.68.0/23 maxlen: 23
212.233.68.0/24 maxlen: 24
212.233.69.0/24 maxlen: 24
212.233.70.0/23 maxlen: 23
212.233.70.0/24 maxlen: 24
212.233.71.0/24 maxlen: 24
2a13:6d40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/623561-0715-4277-a0be-3411c6fb4fca/1/er4RhD2-gDQLJGD8Fg7GubiPIio.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/623561-0715-4277-a0be-3411c6fb4fca/1/er4RhD2-gDQLJGD8Fg7GubiPIio.mft
rsync://rpki.ripe.net/repository/DEFAULT/er4RhD2-gDQLJGD8Fg7GubiPIio.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 22:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:f4:a5:05:9d:c1:7b:05:fa:f4:5f:7d:70:82:06:49:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7abe11843dbe80340b2460fc160ec6b9b88f222a
Validity
Not Before: Feb 11 10:54:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9e5b48c741d2343d7f14c16be5650e2c911f48f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:f6:cf:ef:3b:a1:f8:7a:a5:c3:06:ce:0c:08:
f9:c1:53:62:c4:95:9f:70:2b:e1:f9:85:80:98:4e:
45:55:48:6b:ca:b4:f0:b1:ff:68:2b:b9:dc:99:ee:
9a:5e:54:49:ca:d4:9f:6c:db:6e:eb:0f:b2:e0:8d:
82:cb:e2:b1:3a:0f:cf:70:90:34:16:57:66:20:be:
19:d4:39:1b:22:f5:b6:b1:d5:eb:18:40:af:f0:cc:
c8:cb:64:9b:9c:41:16:71:23:51:26:75:03:79:b7:
22:38:04:4a:13:f9:e8:24:2f:a5:0c:0f:bf:be:d8:
63:26:7f:f5:06:e3:46:8f:3c:f4:ed:cc:5e:47:0e:
a8:bf:8c:45:b2:3e:44:ca:aa:d0:aa:1f:36:cd:31:
94:14:df:e5:10:26:04:77:11:84:6a:a5:fe:ad:56:
42:4f:da:a8:0b:53:c6:6f:4f:ed:0c:4b:fa:05:22:
2f:2d:61:34:be:c8:7c:76:31:c5:60:ae:cf:39:32:
fc:a9:11:97:e5:4f:4c:08:d9:a0:b1:a4:29:fd:8b:
2b:b7:7f:b0:d5:6d:aa:a0:3e:01:80:10:2a:5f:e8:
fc:0d:9f:7f:f8:75:61:b6:5a:f7:6c:44:c4:46:28:
b4:5f:2c:0e:fd:b3:87:5d:d1:e8:f2:8b:38:f0:56:
09:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:E5:B4:8C:74:1D:23:43:D7:F1:4C:16:BE:56:50:E2:C9:11:F4:8F
X509v3 Authority Key Identifier:
keyid:7A:BE:11:84:3D:BE:80:34:0B:24:60:FC:16:0E:C6:B9:B8:8F:22:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/er4RhD2-gDQLJGD8Fg7GubiPIio.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/623561-0715-4277-a0be-3411c6fb4fca/1/2eW0jHQdI0PX8UwWvlZQ4skR9I8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/623561-0715-4277-a0be-3411c6fb4fca/1/er4RhD2-gDQLJGD8Fg7GubiPIio.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.142.129.0/24
212.233.68.0/22
IPv6:
2a13:6d40::/29
Signature Algorithm: sha256WithRSAEncryption
16:55:6a:a9:6e:e7:ef:c8:cd:bb:c5:0a:40:8f:8f:fe:6d:4c:
97:48:7e:a6:4a:56:af:e8:e2:46:18:5e:00:72:dd:9a:9a:eb:
e5:bd:25:60:9a:71:e1:ec:1d:4a:46:99:af:e9:a5:8b:88:84:
98:c9:e3:b4:ac:24:59:24:ed:85:59:dc:e0:5b:ec:e1:3c:af:
ba:67:e7:83:03:01:35:71:85:0a:f8:69:74:92:62:ad:71:0a:
fc:36:3b:76:0b:04:b5:76:4d:16:fc:67:a7:34:98:fd:20:d6:
d9:d6:41:07:32:88:f9:31:1a:73:d7:7c:34:4d:31:e4:ab:79:
a1:40:a4:e9:f7:99:18:44:a0:8a:c0:22:91:c6:78:de:34:b1:
ec:8b:0f:77:b1:70:76:1e:28:96:92:45:9b:3b:9c:69:7d:3b:
d9:b4:4d:31:c1:af:4d:4e:57:00:37:76:f7:98:a1:d8:2d:8d:
2b:9e:11:91:c0:d8:c6:99:3a:6c:84:c1:e9:66:6e:2e:6c:9e:
5f:fe:bc:44:48:61:43:18:5c:83:12:e8:3b:65:43:ec:df:1b:
ca:b1:3e:7b:49:24:75:bd:9f:fd:d8:de:6b:fe:f5:10:4e:12:
1d:1f:55:3e:3c:39:85:90:81:75:82:d6:3e:25:a7:da:f4:01:
fb:76:47:18
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZT0pQWdwXsF+vRffXCCBkk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYmUxMTg0M2RiZTgwMzQwYjI0NjBmYzE2MGVjNmI5Yjg4
ZjIyMmEwHhcNMjUwMjExMTA1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWU1YjQ4Yzc0MWQyMzQzZDdmMTRjMTZiZTU2NTBlMmM5MTFmNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fbP7zuh+HqlwwbODAj5wVNixJWf
cCvh+YWAmE5FVUhryrTwsf9oK7ncme6aXlRJytSfbNtu6w+y4I2Cy+KxOg/PcJA0
FldmIL4Z1DkbIvW2sdXrGECv8MzIy2SbnEEWcSNRJnUDebciOARKE/noJC+lDA+/
vthjJn/1BuNGjzz07cxeRw6ov4xFsj5EyqrQqh82zTGUFN/lECYEdxGEaqX+rVZC
T9qoC1PGb0/tDEv6BSIvLWE0vsh8djHFYK7POTL8qRGX5U9MCNmgsaQp/Ysrt3+w
1W2qoD4BgBAqX+j8DZ9/+HVhtlr3bETERii0XywO/bOHXdHo8os48FYJNQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNnltIx0HSND1/FMFr5WUOLJEfSPMB8GA1UdIwQY
MBaAFHq+EYQ9voA0CyRg/BYOxrm4jyIqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXI0UmhEMi1nRFFMSkdEOEZnN0d1YmlQSWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82MjM1NjEtMDcxNS00Mjc3LWEwYmUt
MzQxMWM2ZmI0ZmNhLzEvMmVXMGpIUWRJMFBYOFV3V3ZsWlE0c2tSOUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82MjM1NjEtMDcxNS00Mjc3LWEwYmUtMzQxMWM2ZmI0ZmNh
LzEvZXI0UmhEMi1nRFFMSkdEOEZnN0d1YmlQSWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW46BAwQC
1OlEMA0EAgACMAcDBQMqE21AMA0GCSqGSIb3DQEBCwUAA4IBAQAWVWqpbufvyM27
xQpAj4/+bUyXSH6mSlav6OJGGF4Act2amuvlvSVgmnHh7B1KRpmv6aWLiISYyeO0
rCRZJO2FWdzgW+zhPK+6Z+eDAwE1cYUK+Gl0kmKtcQr8Njt2CwS1dk0W/GenNJj9
INbZ1kEHMoj5MRpz13w0TTHkq3mhQKTp95kYRKCKwCKRxnjeNLHsiw93sXB2HiiW
kkWbO5xpfTvZtE0xwa9NTlcAN3b3mKHYLY0rnhGRwNjGmTpshMHpZm4ubJ5f/rxE
SGFDGFyDEug7ZUPs3xvKsT57SSR1vZ/92N5r/vUQThIdH1U+PDmFkIF1gtY+Jafa
9AH7dkcY
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:21:41 2025 by rpki-client