Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/MS2eFccf4vEvkGRnlPG3imTckEg.roa
File: MS2eFccf4vEvkGRnlPG3imTckEg.roa (raw, json)
Hash identifier: +v5mVYQhL/JfyFrRFVMWxQ02mierIx6iDDJ3fFkdoPo=
Subject key identifier: 31:2D:9E:15:C7:1F:E2:F1:2F:90:64:67:94:F1:B7:8A:64:DC:90:48
Certificate issuer: /CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
Certificate serial: 01942825BB0A8449D0BEB432CDF328FD5800
Authority key identifier: 38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/MS2eFccf4vEvkGRnlPG3imTckEg.roa
Signing time: Thu 02 Jan 2025 17:52:28 +0000
ROA not before: Thu 02 Jan 2025 17:52:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198090
IP address blocks: 91.199.170.0/24 maxlen: 24
91.231.164.0/22 maxlen: 22
91.231.164.0/24 maxlen: 24
91.231.165.0/24 maxlen: 24
91.231.166.0/24 maxlen: 24
91.231.167.0/24 maxlen: 24
91.237.16.0/23 maxlen: 23
91.237.16.0/24 maxlen: 24
91.237.17.0/24 maxlen: 24
185.30.68.0/22 maxlen: 22
185.30.68.0/24 maxlen: 24
185.30.69.0/24 maxlen: 24
185.30.70.0/24 maxlen: 24
185.30.71.0/24 maxlen: 24
185.114.80.0/22 maxlen: 22
185.114.80.0/24 maxlen: 24
185.114.81.0/24 maxlen: 24
185.114.82.0/24 maxlen: 24
185.114.83.0/24 maxlen: 24
185.246.36.0/22 maxlen: 22
185.246.36.0/24 maxlen: 24
185.246.37.0/24 maxlen: 24
185.246.38.0/24 maxlen: 24
185.246.39.0/24 maxlen: 24
2a06:6d40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.mft
rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 05:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:bb:0a:84:49:d0:be:b4:32:cd:f3:28:fd:58:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
Validity
Not Before: Jan 2 17:52:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=312d9e15c71fe2f12f90646794f1b78a64dc9048
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:39:cf:f8:57:5a:dd:42:35:ed:ee:e0:3e:33:
8f:2a:24:2c:55:f7:0a:47:04:93:37:a1:a1:b3:5e:
c5:4a:92:ec:04:0d:34:5f:b0:f6:9d:44:fc:48:1a:
9b:98:02:b4:d0:fe:45:79:85:2f:b3:2e:32:b8:ba:
24:e7:62:f1:29:a7:52:0f:82:d9:f0:83:1e:d5:ba:
a5:d2:b3:ef:07:b4:ad:83:56:65:6e:21:d5:54:2d:
6d:9d:0a:92:53:94:f3:6a:85:3c:aa:4d:9e:93:28:
0d:04:af:ea:a8:d7:f6:1b:ca:7b:66:80:be:de:92:
d9:29:63:88:81:63:f3:aa:27:23:9b:31:7c:58:c9:
16:53:92:db:24:ad:a0:9d:4d:24:18:64:b9:b6:e8:
b3:f8:be:c2:3b:15:41:08:6b:7d:1e:f0:df:67:d4:
72:34:95:2c:94:65:69:18:64:44:29:ca:3d:ec:c9:
a6:59:26:df:f3:5f:d4:2e:cf:02:f3:64:de:2b:90:
ab:97:b5:01:1f:5e:c3:17:b4:54:f5:6c:58:fb:c7:
ee:c9:4a:cb:7e:b5:ba:9b:62:b9:67:29:4d:58:4e:
e8:15:ea:06:f9:7f:c6:f1:8b:16:a5:b8:18:5d:9f:
9e:f9:ee:22:fd:96:5b:a0:51:6f:d1:bc:1d:50:6a:
d5:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:2D:9E:15:C7:1F:E2:F1:2F:90:64:67:94:F1:B7:8A:64:DC:90:48
X509v3 Authority Key Identifier:
keyid:38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/MS2eFccf4vEvkGRnlPG3imTckEg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.199.170.0/24
91.231.164.0/22
91.237.16.0/23
185.30.68.0/22
185.114.80.0/22
185.246.36.0/22
IPv6:
2a06:6d40::/29
Signature Algorithm: sha256WithRSAEncryption
42:73:46:9a:70:5f:d3:50:5b:b8:41:46:fb:93:ad:36:ec:8a:
72:59:23:45:06:7d:3d:94:86:19:56:42:ce:9e:76:d3:5f:3d:
ba:a9:68:d4:34:2b:3f:2e:2b:b5:29:63:f7:f6:12:4a:31:19:
95:17:6b:5d:11:e2:63:06:82:66:1d:26:35:8e:d7:43:5e:01:
20:14:d4:54:91:8a:77:2d:09:4d:8a:31:2d:d3:37:c0:03:3a:
16:3a:95:d9:5c:ed:60:99:12:6e:3b:96:79:2b:dc:88:4f:c3:
a1:99:11:d5:19:1b:a3:c7:37:49:d1:46:ab:04:8d:3c:51:44:
4e:a0:ce:da:2b:e1:40:1d:9c:b3:d5:e9:ff:09:ae:12:97:23:
d2:bd:6d:9f:17:96:07:df:42:22:87:fc:45:cc:7e:24:63:00:
64:af:02:5a:69:ae:00:b0:bc:8a:8c:50:3e:7b:21:86:18:01:
e3:12:6a:78:97:12:e0:ed:ef:c8:0c:3a:d7:f5:ab:cf:e1:46:
d7:1e:88:fb:e6:a5:b5:3d:24:cb:90:46:2b:b5:d4:79:b4:e8:
22:38:26:cf:f5:da:80:fc:49:59:4c:99:92:4b:2f:5f:1d:b1:
b7:37:0d:70:f8:86:02:7d:40:6b:dd:11:3b:23:b7:99:a2:52:
39:7d:00:4b
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQoJbsKhEnQvrQyzfMo/VgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGVmN2ZmNWI1NGY1M2ZjZjIzMTJhYmUyZWMzZjU5NThi
YTE0MjUwHhcNMjUwMTAyMTc1MjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTJkOWUxNWM3MWZlMmYxMmY5MDY0Njc5NGYxYjc4YTY0ZGM5MDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTnP+Fda3UI17e7gPjOPKiQsVfcK
RwSTN6Ghs17FSpLsBA00X7D2nUT8SBqbmAK00P5FeYUvsy4yuLok52LxKadSD4LZ
8IMe1bql0rPvB7Stg1ZlbiHVVC1tnQqSU5TzaoU8qk2ekygNBK/qqNf2G8p7ZoC+
3pLZKWOIgWPzqicjmzF8WMkWU5LbJK2gnU0kGGS5tuiz+L7COxVBCGt9HvDfZ9Ry
NJUslGVpGGREKco97MmmWSbf81/ULs8C82TeK5Crl7UBH17DF7RU9WxY+8fuyUrL
frW6m2K5ZylNWE7oFeoG+X/G8YsWpbgYXZ+e+e4i/ZZboFFv0bwdUGrVzwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDEtnhXHH+LxL5BkZ5Txt4pk3JBIMB8GA1UdIwQY
MBaAFDgO9/9bVPU/zyMSq+LsP1lYuhQlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0E3M18xdFU5VF9QSXhLcjR1d19XVmk2RkNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kOTEyNTUtMzI0My00YTQ3LTk0NmEt
ZjA0Y2MxYzIzMGNmLzEvTVMyZUZjY2Y0dkV2a0dSbmxQRzNpbVRja0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kOTEyNTUtMzI0My00YTQ3LTk0NmEtZjA0Y2MxYzIzMGNm
LzEvT0E3M18xdFU5VF9QSXhLcjR1d19XVmk2RkNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAW8eqAwQC
W+ekAwQBW+0QAwQCuR5EAwQCuXJQAwQCufYkMA0EAgACMAcDBQMqBm1AMA0GCSqG
SIb3DQEBCwUAA4IBAQBCc0aacF/TUFu4QUb7k6027IpyWSNFBn09lIYZVkLOnnbT
Xz26qWjUNCs/Liu1KWP39hJKMRmVF2tdEeJjBoJmHSY1jtdDXgEgFNRUkYp3LQlN
ijEt0zfAAzoWOpXZXO1gmRJuO5Z5K9yIT8OhmRHVGRujxzdJ0UarBI08UUROoM7a
K+FAHZyz1en/Ca4SlyPSvW2fF5YH30Iih/xFzH4kYwBkrwJaaa4AsLyKjFA+eyGG
GAHjEmp4lxLg7e/IDDrX9avP4UbXHoj75qW1PSTLkEYrtdR5tOgiOCbP9dqA/ElZ
TJmSSy9fHbG3Nw1w+IYCfUBr3RE7I7eZolI5fQBL
-----END CERTIFICATE-----
Generated at Thu Apr 10 12:06:00 2025 by rpki-client