Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/853996-6cbb-4d42-8778-b1d7ac9ea321/1/PJ_-iRXGR5kveJvnaBWIwG-ft74.roa
File: PJ_-iRXGR5kveJvnaBWIwG-ft74.roa (raw, json)
Hash identifier: lpKsBNInX/l4lejvtga0/MnEJsq53AADQslEJzx9StQ=
Subject key identifier: 3C:9F:FE:89:15:C6:47:99:2F:78:9B:E7:68:15:88:C0:6F:9F:B7:BE
Certificate issuer: /CN=089523953939f8a5e464b1cc7719ebeb9467ca3f
Certificate serial: 0194236A229BCF7FA6DD2DCDC457E32120B1
Authority key identifier: 08:95:23:95:39:39:F8:A5:E4:64:B1:CC:77:19:EB:EB:94:67:CA:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CJUjlTk5-KXkZLHMdxnr65Rnyj8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/853996-6cbb-4d42-8778-b1d7ac9ea321/1/PJ_-iRXGR5kveJvnaBWIwG-ft74.roa
Signing time: Wed 01 Jan 2025 19:49:05 +0000
ROA not before: Wed 01 Jan 2025 19:49:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12353
IP address blocks: 5.43.0.0/18 maxlen: 18
5.158.0.0/18 maxlen: 18
5.249.0.0/17 maxlen: 17
37.28.192.0/18 maxlen: 18
46.189.128.0/17 maxlen: 17
77.54.0.0/16 maxlen: 16
78.137.192.0/18 maxlen: 18
83.174.0.0/18 maxlen: 18
87.103.0.0/17 maxlen: 17
89.114.0.0/15 maxlen: 15
93.108.0.0/16 maxlen: 16
94.60.0.0/14 maxlen: 14
95.136.0.0/17 maxlen: 17
148.63.0.0/16 maxlen: 16
148.69.0.0/16 maxlen: 16
148.71.0.0/16 maxlen: 16
149.90.0.0/16 maxlen: 16
161.230.0.0/16 maxlen: 16
178.166.0.0/17 maxlen: 17
185.37.208.0/22 maxlen: 22
188.37.0.0/16 maxlen: 16
192.160.245.0/24 maxlen: 24
192.160.246.0/23 maxlen: 23
192.160.248.0/23 maxlen: 23
192.160.251.0/24 maxlen: 24
212.18.160.0/19 maxlen: 19
213.30.0.0/17 maxlen: 17
2001:818::/29 maxlen: 29
2001:818::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/853996-6cbb-4d42-8778-b1d7ac9ea321/1/CJUjlTk5-KXkZLHMdxnr65Rnyj8.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/853996-6cbb-4d42-8778-b1d7ac9ea321/1/CJUjlTk5-KXkZLHMdxnr65Rnyj8.mft
rsync://rpki.ripe.net/repository/DEFAULT/CJUjlTk5-KXkZLHMdxnr65Rnyj8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 22:02:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:22:9b:cf:7f:a6:dd:2d:cd:c4:57:e3:21:20:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=089523953939f8a5e464b1cc7719ebeb9467ca3f
Validity
Not Before: Jan 1 19:49:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c9ffe8915c647992f789be7681588c06f9fb7be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:dd:12:75:63:09:45:e0:ec:cd:39:0e:0c:66:
35:42:60:81:b7:ae:05:7c:ee:e5:41:7b:89:79:b3:
1e:c9:31:91:e1:bd:61:d6:88:19:6e:2b:3a:d8:bb:
61:09:18:6d:1d:00:77:cd:8b:62:86:75:16:43:e1:
c6:79:30:e6:7e:b9:7c:66:11:ce:37:e0:85:14:95:
a2:0e:43:a9:fa:fb:8d:81:39:9a:42:ae:bd:e4:e3:
66:53:ec:7e:2b:1e:f5:4a:fc:2e:63:c6:89:96:7a:
95:1b:c0:93:13:37:96:cd:c8:14:18:5a:52:27:b7:
54:e1:6f:56:f0:bf:f3:bb:3a:a9:75:60:f8:1c:d6:
b4:0b:01:95:1a:60:ce:e2:97:61:be:a2:70:63:36:
36:3b:2c:a1:8b:f3:7c:37:6d:8a:1d:9b:2e:c1:f4:
38:d1:54:4c:38:97:26:9a:fc:68:18:50:8f:a1:b7:
c1:a6:62:c2:07:fc:3c:d7:60:7f:88:14:03:4c:e3:
90:5a:f7:ec:f6:5c:f3:8e:c0:a6:1f:db:32:dd:b2:
fa:28:d7:34:63:b5:1c:43:53:ab:a0:59:c8:eb:2c:
f7:cb:ec:ab:e0:84:43:ea:3b:fa:c4:17:72:0c:f1:
1b:50:a9:c0:f0:6d:ff:0e:b5:ed:77:1b:d6:8a:57:
dc:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:9F:FE:89:15:C6:47:99:2F:78:9B:E7:68:15:88:C0:6F:9F:B7:BE
X509v3 Authority Key Identifier:
keyid:08:95:23:95:39:39:F8:A5:E4:64:B1:CC:77:19:EB:EB:94:67:CA:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJUjlTk5-KXkZLHMdxnr65Rnyj8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/853996-6cbb-4d42-8778-b1d7ac9ea321/1/PJ_-iRXGR5kveJvnaBWIwG-ft74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/853996-6cbb-4d42-8778-b1d7ac9ea321/1/CJUjlTk5-KXkZLHMdxnr65Rnyj8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.43.0.0/18
5.158.0.0/18
5.249.0.0/17
37.28.192.0/18
46.189.128.0/17
77.54.0.0/16
78.137.192.0/18
83.174.0.0/18
87.103.0.0/17
89.114.0.0/15
93.108.0.0/16
94.60.0.0/14
95.136.0.0/17
148.63.0.0/16
148.69.0.0/16
148.71.0.0/16
149.90.0.0/16
161.230.0.0/16
178.166.0.0/17
185.37.208.0/22
188.37.0.0/16
192.160.245.0-192.160.249.255
192.160.251.0/24
212.18.160.0/19
213.30.0.0/17
IPv6:
2001:818::/29
Signature Algorithm: sha256WithRSAEncryption
a8:4b:50:a9:11:9d:cc:41:f8:3d:84:17:3b:fd:67:7e:3d:1e:
f9:0e:d4:93:28:49:73:91:4b:4d:23:21:ab:53:6d:80:42:f0:
0c:88:d9:11:cf:36:7f:eb:2e:13:13:89:8b:eb:8c:29:91:60:
1b:0e:a4:77:ba:ef:2c:0a:17:78:33:27:84:89:3d:0f:6f:e9:
56:97:7f:10:e7:cf:77:c2:28:52:8b:10:1e:ac:c5:8b:62:4f:
31:ee:10:a2:2d:7c:e8:bc:4b:d4:54:59:ca:d6:8d:8d:a1:39:
a3:39:64:2b:5c:75:18:76:d9:e0:74:d1:66:f8:a4:47:42:e0:
39:81:37:46:d8:aa:c7:16:b1:98:0c:43:55:dd:c1:ff:cf:fb:
83:c6:1a:ee:d1:b9:23:38:6c:d0:32:06:51:30:1e:fc:f1:91:
ea:85:29:0a:6a:11:d4:d9:2c:b8:6e:91:da:e6:26:d7:be:57:
10:ac:1b:7d:05:ea:d2:ad:c2:02:ab:32:fc:bc:ab:30:af:49:
6b:20:fd:b9:21:82:a1:a8:81:7b:33:be:f4:4b:59:2e:d1:cc:
38:8b:3b:06:2a:bc:90:75:0c:41:68:d7:ec:bf:11:d9:52:f1:
8d:51:14:20:ea:04:26:e2:a4:8a:2f:7e:97:b4:ba:a6:90:ff:
92:f9:d9:dd
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAZQjaiKbz3+m3S3NxFfjISCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUyMzk1MzkzOWY4YTVlNDY0YjFjYzc3MTllYmViOTQ2
N2NhM2YwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzlmZmU4OTE1YzY0Nzk5MmY3ODliZTc2ODE1ODhjMDZmOWZiN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy90SdWMJReDszTkODGY1QmCBt64F
fO7lQXuJebMeyTGR4b1h1ogZbis62LthCRhtHQB3zYtihnUWQ+HGeTDmfrl8ZhHO
N+CFFJWiDkOp+vuNgTmaQq695ONmU+x+Kx71SvwuY8aJlnqVG8CTEzeWzcgUGFpS
J7dU4W9W8L/zuzqpdWD4HNa0CwGVGmDO4pdhvqJwYzY2Oyyhi/N8N22KHZsuwfQ4
0VRMOJcmmvxoGFCPobfBpmLCB/w812B/iBQDTOOQWvfs9lzzjsCmH9sy3bL6KNc0
Y7UcQ1OroFnI6yz3y+yr4IRD6jv6xBdyDPEbUKnA8G3/DrXtdxvWilfccQIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFDyf/okVxkeZL3ib52gViMBvn7e+MB8GA1UdIwQY
MBaAFAiVI5U5Ofil5GSxzHcZ6+uUZ8o/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVamxUazUtS1hrWkxITWR4bnI2NVJueWo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84NTM5OTYtNmNiYi00ZDQyLTg3Nzgt
YjFkN2FjOWVhMzIxLzEvUEpfLWlSWEdSNWt2ZUp2bmFCV0l3Ry1mdDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84NTM5OTYtNmNiYi00ZDQyLTg3NzgtYjFkN2FjOWVhMzIx
LzEvQ0pVamxUazUtS1hrWkxITWR4bnI2NVJueWo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTCBmwQCAAEwgZQDBAYF
KwADBAYFngADBAcF+QADBAYlHMADBAcuvYADAwBNNgMEBk6JwAMEBlOuAAMEB1dn
AAMDAVlyAwMAXWwDAwJePAMEB1+IAAMDAJQ/AwMAlEUDAwCURwMDAJVaAwMAoeYD
BAeypgADBAK5JdADAwC8JTAMAwQAwKD1AwQBwKD4AwQAwKD7AwQF1BKgAwQH1R4A
MA0EAgACMAcDBQMgAQgYMA0GCSqGSIb3DQEBCwUAA4IBAQCoS1CpEZ3MQfg9hBc7
/Wd+PR75DtSTKElzkUtNIyGrU22AQvAMiNkRzzZ/6y4TE4mL64wpkWAbDqR3uu8s
Chd4MyeEiT0Pb+lWl38Q5893wihSixAerMWLYk8x7hCiLXzovEvUVFnK1o2NoTmj
OWQrXHUYdtngdNFm+KRHQuA5gTdG2KrHFrGYDENV3cH/z/uDxhru0bkjOGzQMgZR
MB788ZHqhSkKahHU2Sy4bpHa5ibXvlcQrBt9BerSrcICqzL8vKswr0lrIP25IYKh
qIF7M770S1ku0cw4izsGKryQdQxBaNfsvxHZUvGNURQg6gQm4qSKL36XtLqmkP+S
+dnd
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:27:51 2025 by rpki-client