Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/A1amtORnscnM2PSB_YP696Fc6yI.roa
File: A1amtORnscnM2PSB_YP696Fc6yI.roa (raw, json)
Hash identifier: Aq3GiTwOjv0e1lSvZoODVuMtZDVP3AS51B4em3QTE68=
Subject key identifier: 03:56:A6:B4:E4:67:B1:C9:CC:D8:F4:81:FD:83:FA:F7:A1:5C:EB:22
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0196B6D3B8D53DF595FC8DA421B4F40AB704
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/A1amtORnscnM2PSB_YP696Fc6yI.roa
Signing time: Fri 09 May 2025 20:54:10 +0000
ROA not before: Fri 09 May 2025 20:54:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36530
IP address blocks: 82.152.142.0/24 maxlen: 24
89.213.104.0/24 maxlen: 24
89.213.123.0/24 maxlen: 24
109.176.14.0/24 maxlen: 24
213.210.52.0/24 maxlen: 24
213.210.53.0/24 maxlen: 24
217.145.75.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 20:47:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:b6:d3:b8:d5:3d:f5:95:fc:8d:a4:21:b4:f4:0a:b7:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 9 20:54:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0356a6b4e467b1c9ccd8f481fd83faf7a15ceb22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:0b:f1:8e:b3:66:70:6f:08:a7:c3:c7:14:64:
8c:f3:48:04:81:54:e4:4b:39:65:42:7e:6f:b9:47:
cb:b8:5c:af:55:ee:be:8d:2d:95:f4:13:78:58:fb:
b6:7c:6c:56:97:42:e4:13:a8:04:e1:49:88:d2:f5:
f8:a9:ce:ab:70:2d:9d:52:80:be:0f:ea:61:d1:b6:
7d:2e:0d:41:6f:74:d9:de:e7:6f:78:53:8a:52:d4:
78:0a:57:ee:0e:85:80:7d:7a:27:04:7f:a0:2d:81:
9c:d4:2f:65:c9:b7:ba:a6:ff:38:8a:1d:c7:02:19:
e1:9b:d1:90:43:01:f7:36:20:70:38:b7:ae:ca:a3:
ea:3d:f5:7f:be:ab:e0:28:86:29:93:09:de:8a:34:
b8:97:23:11:52:26:15:b4:77:44:d6:16:19:2c:11:
a7:78:ad:14:96:95:ba:71:e7:ba:1b:c3:80:5c:d7:
a6:28:43:bd:2f:1c:44:1b:1e:14:a4:b4:cf:dc:09:
66:36:f7:b8:28:59:27:33:10:9b:ea:e8:02:78:0f:
98:75:7d:67:f4:29:35:a1:dc:cd:df:94:08:1a:78:
da:5b:77:01:2e:25:54:e3:a0:33:36:00:7a:95:59:
0c:d3:08:9e:c9:4b:dd:cb:8b:03:d7:78:8a:a9:42:
c0:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:56:A6:B4:E4:67:B1:C9:CC:D8:F4:81:FD:83:FA:F7:A1:5C:EB:22
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/A1amtORnscnM2PSB_YP696Fc6yI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.142.0/24
89.213.104.0/24
89.213.123.0/24
109.176.14.0/24
213.210.52.0/23
217.145.75.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:44:95:5f:14:7c:c4:26:96:da:03:d4:ce:a6:f1:4e:62:92:
53:01:2b:2a:cb:31:31:25:d4:e6:8d:af:b2:f8:58:fb:d3:90:
e4:7b:30:84:ba:5a:a1:19:00:bc:d0:9b:af:59:fe:03:59:15:
20:41:15:ad:73:81:0a:14:e3:16:8a:56:d3:de:04:59:07:45:
61:b8:55:88:47:21:da:47:a5:0e:c7:50:30:96:06:b2:1e:e6:
d5:4b:aa:a3:11:8e:5a:34:e4:6c:18:88:8f:e1:a7:83:a1:ab:
e2:85:25:ad:ce:c2:a9:c3:ee:07:1f:d8:f6:c1:47:74:88:2e:
bf:c9:2e:38:27:d1:04:bb:a9:ec:a1:db:57:f3:be:ec:12:8a:
eb:60:e0:cf:5f:d6:b0:70:c6:58:0f:c0:2d:26:80:c3:af:41:
11:6f:13:bb:cf:b2:7a:d5:fe:bf:7d:64:1a:58:7e:74:c1:97:
44:c3:f7:03:9e:d8:a5:4a:28:58:c2:d2:20:fd:40:50:20:07:
13:f5:db:da:90:21:f3:ee:26:0e:43:82:5e:09:f2:5c:90:59:
de:3b:b7:c1:40:ab:3b:90:53:f5:10:60:bc:27:01:5c:ff:1c:
d5:2e:8a:4f:1a:a8:9f:28:c0:7c:a2:ff:5a:44:f3:0d:5e:fb:
86:83:bd:d1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZa207jVPfWV/I2kIbT0CrcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTA5MjA1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU2YTZiNGU0NjdiMWM5Y2NkOGY0ODFmZDgzZmFmN2ExNWNlYjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QvxjrNmcG8Ip8PHFGSM80gEgVTk
SzllQn5vuUfLuFyvVe6+jS2V9BN4WPu2fGxWl0LkE6gE4UmI0vX4qc6rcC2dUoC+
D+ph0bZ9Lg1Bb3TZ3udveFOKUtR4ClfuDoWAfXonBH+gLYGc1C9lybe6pv84ih3H
Ahnhm9GQQwH3NiBwOLeuyqPqPfV/vqvgKIYpkwneijS4lyMRUiYVtHdE1hYZLBGn
eK0UlpW6cee6G8OAXNemKEO9LxxEGx4UpLTP3AlmNve4KFknMxCb6ugCeA+YdX1n
9Ck1odzN35QIGnjaW3cBLiVU46AzNgB6lVkM0wieyUvdy4sD13iKqULAOQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFANWprTkZ7HJzNj0gf2D+vehXOsiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQTFhbXRPUm5zY25NMlBTQl9ZUDY5NkZjNnlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUpiOAwQA
WdVoAwQAWdV7AwQAbbAOAwQB1dI0AwQA2ZFLMA0GCSqGSIb3DQEBCwUAA4IBAQAb
RJVfFHzEJpbaA9TOpvFOYpJTASsqyzExJdTmja+y+Fj705DkezCEulqhGQC80Juv
Wf4DWRUgQRWtc4EKFOMWilbT3gRZB0VhuFWIRyHaR6UOx1AwlgayHubVS6qjEY5a
NORsGIiP4aeDoavihSWtzsKpw+4HH9j2wUd0iC6/yS44J9EEu6nsodtX877sEorr
YODPX9awcMZYD8AtJoDDr0ERbxO7z7J61f6/fWQaWH50wZdEw/cDntilSihYwtIg
/UBQIAcT9dvakCHz7iYOQ4JeCfJckFneO7fBQKs7kFP1EGC8JwFc/xzVLopPGqif
KMB8ov9aRPMNXvuGg73R
-----END CERTIFICATE-----
Generated at Tue May 13 02:47:02 2025 by rpki-client