Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RbSKQuOw8kl12L9WwkAn99047xQ.roa
File: RbSKQuOw8kl12L9WwkAn99047xQ.roa (raw, json)
Hash identifier: 14SNbPXLCWTxZX4CbOSioXT1yCSUUu7YmAhilMOO4mI=
Subject key identifier: 45:B4:8A:42:E3:B0:F2:49:75:D8:BF:56:C2:40:27:F7:DD:38:EF:14
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0196C1041019C868B41FEF15E983F42763ED
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RbSKQuOw8kl12L9WwkAn99047xQ.roa
Signing time: Sun 11 May 2025 20:23:10 +0000
ROA not before: Sun 11 May 2025 20:23:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.250.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 15 May 2025 08:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c1:04:10:19:c8:68:b4:1f:ef:15:e9:83:f4:27:63:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 11 20:23:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=45b48a42e3b0f24975d8bf56c24027f7dd38ef14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c3:26:35:64:54:a1:42:f3:77:14:11:38:32:
96:17:fe:54:0c:fa:3d:7b:1f:c7:c6:d7:e9:c1:52:
6e:a2:24:4d:53:3c:db:02:cd:f8:80:7e:a5:6c:1f:
4f:62:b9:07:b5:56:15:95:25:b7:00:68:fa:06:01:
04:a7:94:bd:0a:33:08:e4:65:35:6e:67:ee:44:59:
98:76:4a:32:fb:70:8e:37:d2:20:e3:6d:49:f2:0d:
cf:c5:fc:16:4f:d2:e6:8f:ad:1b:cf:35:70:99:d3:
2c:e2:98:3e:f6:3f:34:34:03:55:10:19:42:9b:ff:
d2:e5:5e:4d:bd:e6:92:98:27:0a:92:0a:c9:62:d4:
df:a6:02:9f:0d:b7:bf:c1:c4:c7:fe:cb:12:2c:1d:
f3:b0:ef:17:3b:2d:82:41:cb:fa:02:bb:b9:d2:eb:
7e:75:12:21:0a:a2:ac:8f:55:dc:b3:a6:bf:be:67:
8c:e7:a7:26:38:bb:41:d0:9d:24:b7:cc:71:88:8d:
94:12:5f:d1:0c:a1:62:66:62:1f:4b:27:0e:1a:33:
75:3e:49:c0:e6:15:9b:78:97:81:d8:df:dc:64:68:
8c:12:be:1e:63:f1:79:cc:e9:c0:38:ea:7b:92:d3:
de:c7:f2:c2:eb:1d:84:d7:f1:ff:a4:8a:5e:2b:1d:
56:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:B4:8A:42:E3:B0:F2:49:75:D8:BF:56:C2:40:27:F7:DD:38:EF:14
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RbSKQuOw8kl12L9WwkAn99047xQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
82.152.111.0/24
82.152.250.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.250.0/24
89.213.136.0/24
89.213.153.0/24
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
185.49.125.0/24
213.152.61.0-213.152.62.255
Signature Algorithm: sha256WithRSAEncryption
74:e3:a1:67:7b:39:88:bf:44:d1:ac:9e:fa:a7:0c:80:66:57:
2a:56:90:7f:80:75:36:6f:57:3a:a9:3f:9d:16:d3:1f:d2:82:
14:f3:c0:7e:8d:89:f7:3e:6a:58:e6:bd:0c:f2:74:d6:41:34:
a1:75:0e:e2:db:f2:03:c6:31:62:f6:c3:2d:c8:6a:f1:d8:8f:
4b:be:43:4f:af:37:14:c0:36:21:b4:07:7e:c0:de:0b:62:47:
96:75:56:c5:ba:92:a7:aa:1b:41:25:74:bc:46:35:fd:92:36:
8f:d8:b6:e0:da:da:94:2a:41:3c:f0:3c:5b:d9:ff:d8:f4:86:
59:bb:37:18:9c:f7:39:9a:4f:3b:6b:8c:3d:d9:4a:ec:58:e6:
47:71:f6:2c:ec:67:ba:5c:f0:20:a3:45:64:d3:25:22:85:ed:
7c:8f:b3:d0:3c:a0:a2:82:f2:c8:4a:90:69:c2:46:d2:11:36:
38:c3:d2:a5:82:92:3e:37:08:c6:89:8c:ca:ed:39:d9:15:24:
cb:7d:54:3f:c5:de:6a:5e:f7:94:d3:c7:78:5c:01:ba:94:c0:
47:eb:15:9a:fa:54:31:fe:a7:6c:7d:f9:03:0a:86:88:27:aa:
f4:98:6b:12:0d:1e:ed:33:e6:8e:43:e1:66:42:fa:b1:7a:54:
40:62:1a:73
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZbBBBAZyGi0H+8V6YP0J2PtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTExMjAyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWI0OGE0MmUzYjBmMjQ5NzVkOGJmNTZjMjQwMjdmN2RkMzhlZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMMmNWRUoULzdxQRODKWF/5UDPo9
ex/HxtfpwVJuoiRNUzzbAs34gH6lbB9PYrkHtVYVlSW3AGj6BgEEp5S9CjMI5GU1
bmfuRFmYdkoy+3CON9Ig421J8g3PxfwWT9Lmj60bzzVwmdMs4pg+9j80NANVEBlC
m//S5V5NveaSmCcKkgrJYtTfpgKfDbe/wcTH/ssSLB3zsO8XOy2CQcv6Aru50ut+
dRIhCqKsj1Xcs6a/vmeM56cmOLtB0J0kt8xxiI2UEl/RDKFiZmIfSycOGjN1PknA
5hWbeJeB2N/cZGiMEr4eY/F5zOnAOOp7ktPex/LC6x2E1/H/pIpeKx1WiwIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFEW0ikLjsPJJddi/VsJAJ/fdOO8UMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUmJTS1F1T3c4a2wxMkw5V3drQW45OTA0N3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+gME
AFnViAMEAFnVmQMEAG2w0QMEAG2w0wMEA22w2AMEAG2w+QMEALkxfTAMAwQA1Zg9
AwQA1Zg+MA0GCSqGSIb3DQEBCwUAA4IBAQB046FnezmIv0TRrJ76pwyAZlcqVpB/
gHU2b1c6qT+dFtMf0oIU88B+jYn3PmpY5r0M8nTWQTShdQ7i2/IDxjFi9sMtyGrx
2I9LvkNPrzcUwDYhtAd+wN4LYkeWdVbFupKnqhtBJXS8RjX9kjaP2Lbg2tqUKkE8
8Dxb2f/Y9IZZuzcYnPc5mk87a4w92UrsWOZHcfYs7Ge6XPAgo0Vk0yUihe18j7PQ
PKCigvLISpBpwkbSETY4w9KlgpI+NwjGiYzK7TnZFSTLfVQ/xd5qXveU08d4XAG6
lMBH6xWa+lQx/qdsffkDCoaIJ6r0mGsSDR7tM+aOQ+FmQvqxelRAYhpz
-----END CERTIFICATE-----
Generated at Wed May 14 14:41:02 2025 by rpki-client