Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/638a9c-ec64-45de-bc2e-2be7edc7932d/1/PMihf48EDZLf86f7BmXfYmZbV4M.roa
File: PMihf48EDZLf86f7BmXfYmZbV4M.roa (raw, json)
Hash identifier: kAi2yEZhpDZ5dFlA+0hzmB2XiAS3L8tb6zCyB/FGwDw=
Subject key identifier: 3C:C8:A1:7F:8F:04:0D:92:DF:F3:A7:FB:06:65:DF:62:66:5B:57:83
Certificate issuer: /CN=234f08fa4222535c0af26a0d7347dbf172547196
Certificate serial: 019680517CEC2C58ACE5F44B7ACE8C3A56FE
Authority key identifier: 23:4F:08:FA:42:22:53:5C:0A:F2:6A:0D:73:47:DB:F1:72:54:71:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I08I-kIiU1wK8moNc0fb8XJUcZY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/638a9c-ec64-45de-bc2e-2be7edc7932d/1/PMihf48EDZLf86f7BmXfYmZbV4M.roa
Signing time: Tue 29 Apr 2025 06:52:26 +0000
ROA not before: Tue 29 Apr 2025 06:52:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210506
IP address blocks: 62.3.38.0/24 maxlen: 24
185.225.189.0/24 maxlen: 24
193.105.88.0/24 maxlen: 24
194.26.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/638a9c-ec64-45de-bc2e-2be7edc7932d/1/I08I-kIiU1wK8moNc0fb8XJUcZY.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/638a9c-ec64-45de-bc2e-2be7edc7932d/1/I08I-kIiU1wK8moNc0fb8XJUcZY.mft
rsync://rpki.ripe.net/repository/DEFAULT/I08I-kIiU1wK8moNc0fb8XJUcZY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 20:47:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:80:51:7c:ec:2c:58:ac:e5:f4:4b:7a:ce:8c:3a:56:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=234f08fa4222535c0af26a0d7347dbf172547196
Validity
Not Before: Apr 29 06:52:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3cc8a17f8f040d92dff3a7fb0665df62665b5783
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:6a:73:af:84:e9:bc:dc:91:b4:0a:6b:b8:90:
23:27:d0:f2:b7:a6:24:dc:21:72:d2:1d:42:93:22:
b3:d8:10:bd:df:c8:19:9c:54:d4:97:57:21:08:c5:
49:dd:1d:ad:fa:cc:8d:55:29:0d:44:8d:13:12:a5:
68:67:6a:c6:7c:35:14:d4:f2:bc:1c:ce:7a:f5:53:
7b:f2:73:94:bc:64:3a:e7:b1:57:c1:f8:2c:c8:c1:
fb:39:d8:aa:e3:52:f1:77:20:cc:c4:22:63:9e:c1:
bc:92:ab:25:bb:4b:99:24:56:23:a2:3d:9b:f7:a8:
50:b0:69:1c:e0:c0:a3:08:e6:e0:ec:7d:d7:3b:71:
8c:6a:bb:8a:2c:14:7d:79:af:23:6a:ba:ea:06:f4:
45:61:4f:16:2f:db:17:df:ac:7a:e3:7f:77:58:92:
f7:61:b6:08:63:49:ae:05:c7:f9:c6:15:36:fa:a2:
40:5e:72:90:4a:0a:e9:5e:a5:24:5d:24:c3:3c:4d:
71:b0:96:ef:48:34:9b:80:b3:fa:fd:38:c9:6d:89:
5c:ba:d9:54:42:db:aa:bd:05:fe:d1:55:5b:4a:d6:
26:67:a9:47:43:a3:8b:cb:9c:91:48:7e:74:c7:05:
1b:64:02:6e:14:83:41:b3:9b:a4:49:33:1d:26:f0:
11:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:C8:A1:7F:8F:04:0D:92:DF:F3:A7:FB:06:65:DF:62:66:5B:57:83
X509v3 Authority Key Identifier:
keyid:23:4F:08:FA:42:22:53:5C:0A:F2:6A:0D:73:47:DB:F1:72:54:71:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I08I-kIiU1wK8moNc0fb8XJUcZY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/638a9c-ec64-45de-bc2e-2be7edc7932d/1/PMihf48EDZLf86f7BmXfYmZbV4M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/638a9c-ec64-45de-bc2e-2be7edc7932d/1/I08I-kIiU1wK8moNc0fb8XJUcZY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.3.38.0/24
185.225.189.0/24
193.105.88.0/24
194.26.201.0/24
Signature Algorithm: sha256WithRSAEncryption
43:c8:55:42:eb:1f:b0:58:04:fe:2a:98:a9:c1:cb:e7:b8:85:
59:89:9b:d3:24:e2:50:cd:77:cb:ac:70:2b:51:22:08:4c:32:
b1:22:bd:ba:74:8e:e1:69:64:1a:c1:f7:d9:cc:13:7e:28:74:
59:ca:28:15:ce:f5:6a:5d:51:5b:cb:14:96:96:0e:54:fb:f9:
76:e4:fc:33:61:ea:3e:5b:f8:04:b9:57:9f:06:b3:f7:68:bd:
5b:40:68:ea:d4:46:20:30:c1:8a:cd:6b:fc:5a:01:92:d4:bc:
00:07:bd:83:9b:c0:26:f6:d8:38:85:b4:cf:0e:a0:6b:58:16:
79:2f:16:9c:ac:d2:b5:56:7d:27:4c:57:3f:b0:9a:3c:df:32:
f4:16:78:56:03:27:62:22:27:06:f7:6d:dd:88:5b:f5:29:a0:
04:b6:5b:69:06:cf:bd:30:ad:e1:e5:c5:e9:3f:ff:cc:71:e5:
5a:0a:06:64:03:76:8f:34:dc:00:11:3b:ea:53:48:7b:6e:3f:
43:8f:fc:f1:73:a0:27:7f:96:93:46:64:2e:79:22:d9:a6:5b:
72:98:4e:d9:9b:36:36:92:25:8a:2e:30:f0:13:fc:35:d4:c7:
47:c0:69:8e:47:e9:59:ed:f7:1b:0b:90:67:c8:f5:ca:5d:0d:
ec:47:fb:3a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZaAUXzsLFis5fRLes6MOlb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGYwOGZhNDIyMjUzNWMwYWYyNmEwZDczNDdkYmYxNzI1
NDcxOTYwHhcNMjUwNDI5MDY1MjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M4YTE3ZjhmMDQwZDkyZGZmM2E3ZmIwNjY1ZGY2MjY2NWI1NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmpzr4TpvNyRtApruJAjJ9Dyt6Yk
3CFy0h1CkyKz2BC938gZnFTUl1chCMVJ3R2t+syNVSkNRI0TEqVoZ2rGfDUU1PK8
HM569VN78nOUvGQ657FXwfgsyMH7Odiq41LxdyDMxCJjnsG8kqslu0uZJFYjoj2b
96hQsGkc4MCjCObg7H3XO3GMaruKLBR9ea8jarrqBvRFYU8WL9sX36x64393WJL3
YbYIY0muBcf5xhU2+qJAXnKQSgrpXqUkXSTDPE1xsJbvSDSbgLP6/TjJbYlcutlU
QtuqvQX+0VVbStYmZ6lHQ6OLy5yRSH50xwUbZAJuFINBs5ukSTMdJvARowIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDzIoX+PBA2S3/On+wZl32JmW1eDMB8GA1UdIwQY
MBaAFCNPCPpCIlNcCvJqDXNH2/FyVHGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTA4SS1rSWlVMXdLOG1vTmMwZmI4WEpVY1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82MzhhOWMtZWM2NC00NWRlLWJjMmUt
MmJlN2VkYzc5MzJkLzEvUE1paGY0OEVEWkxmODZmN0JtWGZZbVpiVjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82MzhhOWMtZWM2NC00NWRlLWJjMmUtMmJlN2VkYzc5MzJk
LzEvSTA4SS1rSWlVMXdLOG1vTmMwZmI4WEpVY1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAPgMmAwQA
ueG9AwQAwWlYAwQAwhrJMA0GCSqGSIb3DQEBCwUAA4IBAQBDyFVC6x+wWAT+Kpip
wcvnuIVZiZvTJOJQzXfLrHArUSIITDKxIr26dI7haWQawffZzBN+KHRZyigVzvVq
XVFbyxSWlg5U+/l25PwzYeo+W/gEuVefBrP3aL1bQGjq1EYgMMGKzWv8WgGS1LwA
B72Dm8Am9tg4hbTPDqBrWBZ5LxacrNK1Vn0nTFc/sJo83zL0FnhWAydiIicG923d
iFv1KaAEtltpBs+9MK3h5cXpP//MceVaCgZkA3aPNNwAETvqU0h7bj9Dj/zxc6An
f5aTRmQueSLZpltymE7ZmzY2kiWKLjDwE/w11MdHwGmOR+lZ7fcbC5BnyPXKXQ3s
R/s6
-----END CERTIFICATE-----
Generated at Tue May 13 06:01:04 2025 by rpki-client