Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/P9fynBw8iFPWe2POj98vvDRaPtc.roa
File: P9fynBw8iFPWe2POj98vvDRaPtc.roa (raw, json)
Hash identifier: m8Rxo+QbvFH1YWY7cSkBLnzvBIux4jAWF3d5bVoDOqo=
Subject key identifier: 3F:D7:F2:9C:1C:3C:88:53:D6:7B:63:CE:8F:DF:2F:BC:34:5A:3E:D7
Certificate issuer: /CN=7d4d1c8790a913e832c733dff778dee79129700a
Certificate serial: 0194258F90B766FE8C97DE7AA54DF53A6A86
Authority key identifier: 7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/P9fynBw8iFPWe2POj98vvDRaPtc.roa
Signing time: Thu 02 Jan 2025 05:49:13 +0000
ROA not before: Thu 02 Jan 2025 05:49:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12337
IP address blocks: 62.128.0.0/19 maxlen: 24
89.250.128.0/20 maxlen: 24
185.227.12.0/22 maxlen: 24
188.92.112.0/21 maxlen: 24
192.109.102.0/24 maxlen: 24
194.31.2.0/24 maxlen: 24
194.59.179.0/24 maxlen: 24
213.95.0.0/16 maxlen: 24
213.155.64.0/19 maxlen: 24
213.183.0.0/19 maxlen: 24
2001:780::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.mft
rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 07:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:90:b7:66:fe:8c:97:de:7a:a5:4d:f5:3a:6a:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d4d1c8790a913e832c733dff778dee79129700a
Validity
Not Before: Jan 2 05:49:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3fd7f29c1c3c8853d67b63ce8fdf2fbc345a3ed7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:db:d2:10:c5:8b:3c:e0:1d:44:55:88:57:98:
fb:fa:e0:4b:a0:88:36:22:d4:86:7e:2a:75:93:64:
48:95:25:03:df:29:4f:9a:df:b9:45:b1:df:d8:2f:
06:44:0e:7a:d5:0b:95:ca:0e:ac:a2:f6:53:3d:fc:
75:b0:8f:70:3e:86:c9:69:a9:c4:de:a5:f7:6b:d1:
ba:58:05:b8:8e:25:13:ee:a3:23:1e:2f:ab:ca:39:
eb:15:98:9b:5a:ba:3f:3e:2b:98:19:b5:f8:b6:dd:
ab:49:a9:36:3a:07:16:dc:0a:03:d5:44:36:cc:c6:
04:39:92:a5:9c:53:a4:d6:55:ac:48:31:8d:3e:7d:
a4:89:de:c1:8c:d1:1b:6b:e4:55:a2:da:b7:ee:49:
f9:c7:6f:06:a1:63:5f:27:7c:01:75:cf:e3:a6:9d:
7e:ad:51:fb:38:d7:dc:43:ee:22:b8:a2:f8:9a:45:
32:9c:22:42:b8:53:81:73:48:40:1e:2d:60:4a:10:
f3:53:79:24:ba:d2:47:ea:b8:03:ee:54:dc:8d:09:
6d:24:df:c5:eb:a8:8b:4f:69:1f:78:1c:6f:66:6d:
d7:03:1c:52:db:37:a4:ae:5a:c0:15:d5:1d:ed:3b:
78:40:80:ce:a8:ce:0c:06:b6:86:57:35:9a:26:57:
9b:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:D7:F2:9C:1C:3C:88:53:D6:7B:63:CE:8F:DF:2F:BC:34:5A:3E:D7
X509v3 Authority Key Identifier:
keyid:7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/P9fynBw8iFPWe2POj98vvDRaPtc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.128.0.0/19
89.250.128.0/20
185.227.12.0/22
188.92.112.0/21
192.109.102.0/24
194.31.2.0/24
194.59.179.0/24
213.95.0.0/16
213.155.64.0/19
213.183.0.0/19
IPv6:
2001:780::/32
Signature Algorithm: sha256WithRSAEncryption
25:f6:cf:76:57:05:05:8e:f6:90:b6:7f:4b:82:d7:a4:ba:c7:
86:79:d6:35:06:d1:0b:c9:37:41:a7:f6:41:d3:43:d0:c8:1c:
80:bd:84:19:3c:aa:7b:33:fa:5c:f0:00:23:25:40:32:ea:7d:
35:0e:12:02:e7:e5:63:8a:a4:f1:02:a5:a7:4a:92:9a:98:77:
e2:16:b1:36:b4:db:b0:a9:bf:ba:db:06:2a:2b:c6:50:e5:58:
f8:46:96:6a:13:85:a4:47:e2:04:00:52:e5:4a:33:55:40:0e:
ff:44:6c:e1:c6:4c:49:a3:f2:06:52:e7:92:3f:a8:ef:fb:8b:
8d:94:ea:07:5a:81:23:af:01:26:bb:65:ac:b6:06:56:cf:cf:
cb:0a:36:d6:ac:bf:c4:ac:cd:e6:59:fb:fe:06:fb:dd:5f:06:
71:55:dd:2f:e7:83:fa:c3:36:5c:d4:00:29:85:5d:f8:95:da:
fd:69:22:82:1f:dd:da:b5:62:79:5b:33:37:27:0e:60:73:54:
f4:2e:e8:7e:aa:7a:b7:0d:17:d6:95:c9:b7:ab:53:d5:cf:73:
57:73:e8:d0:ab:13:d7:7c:a6:b7:80:49:79:a8:2c:7a:27:b9:
39:20:36:31:44:26:32:00:d6:45:47:33:df:11:18:48:e7:ab:
e1:64:df:33
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZQlj5C3Zv6Ml956pU31OmqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGQxYzg3OTBhOTEzZTgzMmM3MzNkZmY3NzhkZWU3OTEy
OTcwMGEwHhcNMjUwMTAyMDU0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ3ZjI5YzFjM2M4ODUzZDY3YjYzY2U4ZmRmMmZiYzM0NWEzZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29vSEMWLPOAdRFWIV5j7+uBLoIg2
ItSGfip1k2RIlSUD3ylPmt+5RbHf2C8GRA561QuVyg6sovZTPfx1sI9wPobJaanE
3qX3a9G6WAW4jiUT7qMjHi+ryjnrFZibWro/PiuYGbX4tt2rSak2OgcW3AoD1UQ2
zMYEOZKlnFOk1lWsSDGNPn2kid7BjNEba+RVotq37kn5x28GoWNfJ3wBdc/jpp1+
rVH7ONfcQ+4iuKL4mkUynCJCuFOBc0hAHi1gShDzU3kkutJH6rgD7lTcjQltJN/F
66iLT2kfeBxvZm3XAxxS2zekrlrAFdUd7Tt4QIDOqM4MBraGVzWaJlebNwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFD/X8pwcPIhT1ntjzo/fL7w0Wj7XMB8GA1UdIwQY
MBaAFH1NHIeQqRPoMscz3/d43ueRKXAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUt
ZjhkNjYyYjk2ZGFiLzEvUDlmeW5CdzhpRlBXZTJQT2o5OHZ2RFJhUHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUtZjhkNjYyYjk2ZGFi
LzEvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBBBAIAATA7AwQFPoAAAwQE
WfqAAwQCueMMAwQDvFxwAwQAwG1mAwQAwh8CAwQAwjuzAwMA1V8DBAXVm0ADBAXV
twAwDQQCAAIwBwMFACABB4AwDQYJKoZIhvcNAQELBQADggEBACX2z3ZXBQWO9pC2
f0uC16S6x4Z51jUG0QvJN0Gn9kHTQ9DIHIC9hBk8qnsz+lzwACMlQDLqfTUOEgLn
5WOKpPECpadKkpqYd+IWsTa027Cpv7rbBiorxlDlWPhGlmoThaRH4gQAUuVKM1VA
Dv9EbOHGTEmj8gZS55I/qO/7i42U6gdagSOvASa7Zay2BlbPz8sKNtasv8SszeZZ
+/4G+91fBnFV3S/ng/rDNlzUACmFXfiV2v1pIoIf3dq1YnlbMzcnDmBzVPQu6H6q
ercNF9aVyberU9XPc1dz6NCrE9d8preASXmoLHonuTkgNjFEJjIA1kVHM98RGEjn
q+Fk3zM=
-----END CERTIFICATE-----
Generated at Wed Apr 9 15:57:51 2025 by rpki-client