Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_K1cxcuKKMxWcw4Sf0hmiTdmrjI.roa
File: _K1cxcuKKMxWcw4Sf0hmiTdmrjI.roa (raw, json)
Hash identifier: QLCgg60HwIlP0nt5WJM52C8C5Ci5tJUcgTzba9JrllY=
Subject key identifier: FC:AD:5C:C5:CB:8A:28:CC:56:73:0E:12:7F:48:66:89:37:66:AE:32
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01968C8D44FF0FAB3A3E2F323588BDEEF255
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_K1cxcuKKMxWcw4Sf0hmiTdmrjI.roa
Signing time: Thu 01 May 2025 15:53:10 +0000
ROA not before: Thu 01 May 2025 15:53:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200017
IP address blocks: 82.152.14.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
82.153.245.0/24 maxlen: 24
89.213.117.0/24 maxlen: 24
109.176.24.0/24 maxlen: 24
109.176.26.0/24 maxlen: 24
212.38.68.0/24 maxlen: 24
212.38.74.0/24 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 11 May 2025 13:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:8c:8d:44:ff:0f:ab:3a:3e:2f:32:35:88:bd:ee:f2:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 1 15:53:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fcad5cc5cb8a28cc56730e127f4866893766ae32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2f:9d:5a:14:d3:61:33:90:bc:31:2d:71:fd:
bd:c5:61:12:60:5e:71:d9:a7:1f:af:cf:3f:5e:9a:
69:b0:66:2a:e5:e7:9d:76:80:bf:c0:b1:b7:75:a4:
15:fd:e2:f7:7c:a6:c4:e5:0f:25:0d:54:db:fc:6b:
96:c3:93:db:4b:9e:a3:c1:94:94:a3:0e:32:e4:04:
9f:04:67:a8:a6:27:c7:4d:6b:c1:d5:66:6c:1b:17:
a3:ca:e6:93:b8:02:fb:b7:b2:a9:f1:f5:d5:92:3e:
6a:b2:ae:c3:82:c2:66:40:22:fc:7c:1e:fb:ce:25:
6f:c4:12:9c:91:d2:b6:df:7b:a5:f8:af:05:1f:1b:
29:69:aa:bc:2c:0d:12:96:7b:5e:45:4f:80:1b:17:
e3:08:63:3e:bc:75:80:14:28:25:95:d2:60:26:41:
e1:6a:28:a0:70:f8:30:38:49:10:85:ab:18:35:2d:
0d:82:71:a9:ed:47:f9:5c:ef:c5:4a:dd:7f:0a:fc:
8a:7c:2c:c6:a8:bd:a7:43:8b:be:72:09:02:77:00:
fe:46:4c:e3:f4:c8:1c:0d:a7:cc:05:03:65:52:fb:
e4:da:6e:9e:16:63:6e:91:b3:55:45:9c:0d:c1:06:
ac:44:eb:ef:df:a8:e2:93:52:2b:49:14:b0:0c:32:
fb:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:AD:5C:C5:CB:8A:28:CC:56:73:0E:12:7F:48:66:89:37:66:AE:32
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_K1cxcuKKMxWcw4Sf0hmiTdmrjI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.14.0/24
82.153.1.0/24
82.153.245.0/24
89.213.117.0/24
109.176.24.0/24
109.176.26.0/24
212.38.68.0/24
212.38.74.0/24
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:12:45:49:fa:65:e2:8a:84:10:ab:cd:af:8e:b0:bf:4b:56:
b2:be:9c:54:48:11:4d:f5:f8:54:f8:cf:4c:ca:7f:d1:76:9c:
6b:f3:3c:46:02:7e:bb:7c:0a:b0:55:2d:99:26:d6:fd:6e:ce:
62:55:e4:61:f2:f0:9f:23:8e:f3:ce:b0:c2:cf:50:82:cf:90:
a9:80:14:d8:8c:48:32:8e:d8:74:ea:88:e1:29:03:5c:a0:da:
02:81:53:d6:7f:24:a5:c1:5f:ac:8d:48:df:a6:ab:7e:66:0e:
2a:8f:ab:65:e3:74:a5:6b:c5:29:49:91:30:6e:e0:ec:90:4f:
5d:94:df:05:56:0a:aa:26:05:24:94:a2:02:d1:3e:fa:ea:e1:
74:61:4a:5a:45:da:86:91:de:66:f2:a4:58:b0:17:2d:95:94:
3f:eb:1b:f8:fd:16:8b:57:20:bd:5a:84:eb:f7:16:c5:09:67:
83:fc:10:38:f9:4a:5c:d1:ed:89:39:fd:c5:e8:0c:c2:3f:21:
c6:c9:80:19:3f:c9:46:61:91:80:3b:dc:fe:b5:1d:1b:43:34:
04:a6:08:71:6a:2a:aa:64:96:14:b5:e1:69:81:06:6c:87:42:
10:91:5b:d4:a4:e7:06:cd:5d:23:74:f4:cf:40:83:5b:4f:03:
5b:0a:6e:dd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZaMjUT/D6s6Pi8yNYi97vJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTAxMTU1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FkNWNjNWNiOGEyOGNjNTY3MzBlMTI3ZjQ4NjY4OTM3NjZhZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC+dWhTTYTOQvDEtcf29xWESYF5x
2acfr88/XpppsGYq5eeddoC/wLG3daQV/eL3fKbE5Q8lDVTb/GuWw5PbS56jwZSU
ow4y5ASfBGeopifHTWvB1WZsGxejyuaTuAL7t7Kp8fXVkj5qsq7DgsJmQCL8fB77
ziVvxBKckdK233ul+K8FHxspaaq8LA0SlnteRU+AGxfjCGM+vHWAFCglldJgJkHh
aiigcPgwOEkQhasYNS0NgnGp7Uf5XO/FSt1/CvyKfCzGqL2nQ4u+cgkCdwD+Rkzj
9MgcDafMBQNlUvvk2m6eFmNukbNVRZwNwQasROvv36jik1IrSRSwDDL7XQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPytXMXLiijMVnMOEn9IZok3Zq4yMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX0sxY3hjdUtLTXhXY3c0U2YwaG1pVGRtcmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUpgOAwQA
UpkBAwQAUpn1AwQAWdV1AwQAbbAYAwQAbbAaAwQA1CZEAwQA1CZKAwQA1ZgqMA0G
CSqGSIb3DQEBCwUAA4IBAQBrEkVJ+mXiioQQq82vjrC/S1ayvpxUSBFN9fhU+M9M
yn/Rdpxr8zxGAn67fAqwVS2ZJtb9bs5iVeRh8vCfI47zzrDCz1CCz5CpgBTYjEgy
jth06ojhKQNcoNoCgVPWfySlwV+sjUjfpqt+Zg4qj6tl43Sla8UpSZEwbuDskE9d
lN8FVgqqJgUklKIC0T766uF0YUpaRdqGkd5m8qRYsBctlZQ/6xv4/RaLVyC9WoTr
9xbFCWeD/BA4+Upc0e2JOf3F6AzCPyHGyYAZP8lGYZGAO9z+tR0bQzQEpghxaiqq
ZJYUteFpgQZsh0IQkVvUpOcGzV0jdPTPQINbTwNbCm7d
-----END CERTIFICATE-----
Generated at Sat May 10 16:42:19 2025 by rpki-client