Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kc8iVdg0ApJng448tgtKV_4IrO0.roa
File: kc8iVdg0ApJng448tgtKV_4IrO0.roa (raw, json)
Hash identifier: LrdLTykscz/LT6a3pul6MuZ0v7o81Rni1IuCs0b2pbg=
Subject key identifier: 91:CF:22:55:D8:34:02:92:67:83:8E:3C:B6:0B:4A:57:FE:08:AC:ED
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0196CA1EFFA53E5F8A953800A7F1750D821A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kc8iVdg0ApJng448tgtKV_4IrO0.roa
Signing time: Tue 13 May 2025 14:49:11 +0000
ROA not before: Tue 13 May 2025 14:49:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36530
IP address blocks: 82.152.142.0/24 maxlen: 24
89.213.6.0/24 maxlen: 24
89.213.104.0/24 maxlen: 24
89.213.123.0/24 maxlen: 24
109.176.14.0/24 maxlen: 24
213.210.52.0/24 maxlen: 24
213.210.53.0/24 maxlen: 24
217.145.75.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 17 May 2025 17:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ca:1e:ff:a5:3e:5f:8a:95:38:00:a7:f1:75:0d:82:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 13 14:49:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91cf2255d834029267838e3cb60b4a57fe08aced
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:0b:79:93:4c:e2:bb:0a:5f:49:9f:fb:68:61:
de:2c:f9:92:f8:39:ba:21:26:cc:9b:f9:2f:24:7b:
b9:83:ba:c8:46:af:bb:57:6f:ed:46:4a:57:72:6d:
74:84:de:8d:20:bd:d0:bc:ef:ed:65:e0:2f:a2:b2:
1a:a4:e9:a0:fd:2f:09:00:33:9f:8a:6f:d8:b0:0e:
d8:a1:b7:94:02:cf:90:88:e8:07:26:c5:98:be:16:
22:cb:74:1c:af:26:56:17:6c:4c:03:b6:ff:62:e7:
7d:06:fe:b1:3a:5f:6b:c3:47:64:8f:9d:17:ac:f7:
be:71:c2:d6:41:05:9a:92:19:92:ad:fe:f2:ef:8e:
f6:e8:c4:c5:88:01:4c:3c:ae:e3:47:cf:3d:e7:1d:
b9:9b:56:4f:f4:1b:92:96:61:46:1b:40:b2:a5:2e:
f4:33:33:b3:4e:1a:b7:6f:ce:31:ed:0d:28:5b:6a:
8e:d0:3d:fe:81:c7:6c:40:17:6c:73:fc:09:7b:2c:
07:af:bf:04:d5:d2:da:53:39:08:ce:6a:1e:0b:30:
15:96:6f:7d:bf:da:a5:78:46:46:9b:f7:89:0c:2f:
1c:f8:d0:5f:82:95:2d:55:c8:46:3e:46:34:24:a6:
34:3f:66:d1:02:4b:40:b8:d4:82:0c:c6:87:47:62:
17:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:CF:22:55:D8:34:02:92:67:83:8E:3C:B6:0B:4A:57:FE:08:AC:ED
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kc8iVdg0ApJng448tgtKV_4IrO0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.142.0/24
89.213.6.0/24
89.213.104.0/24
89.213.123.0/24
109.176.14.0/24
213.210.52.0/23
217.145.75.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:bb:9c:21:40:f4:cf:2b:84:96:a7:10:2e:16:98:ae:b2:c0:
c4:42:38:c3:db:cc:47:1f:3d:90:07:ee:86:68:d0:73:1f:25:
37:dc:c2:e7:5e:6e:93:6b:be:1d:e6:db:f3:61:95:8a:35:67:
c0:42:2b:e0:59:64:57:11:17:67:db:57:d0:56:c4:47:cd:eb:
01:88:77:68:12:8a:d8:82:3b:d3:2e:df:06:9d:5f:7c:91:0a:
8b:a4:80:a9:b0:98:25:69:9f:84:ca:06:79:60:24:8b:20:75:
24:5c:73:c6:7f:02:0a:ad:90:bc:b8:cc:40:e6:aa:30:ac:d2:
46:a3:bc:31:05:f2:57:32:71:95:b7:b0:b4:ec:80:38:31:d7:
8c:63:b3:2b:76:13:24:b9:cf:8b:0a:81:c8:fb:bc:11:27:99:
56:43:c4:51:d9:12:ec:2b:3b:14:15:0d:f3:72:e1:f1:5e:3f:
e6:1d:a4:da:45:4d:0b:96:68:d0:b4:c6:a8:1a:1e:2e:5c:3f:
4d:22:d6:ea:b0:b4:17:c8:0a:1d:86:61:5a:57:d2:21:3b:02:
30:df:0e:52:ab:b1:c1:72:c3:99:f0:af:9d:6b:5d:a5:9d:bf:
a3:55:9d:47:0a:18:84:20:05:52:a4:1c:87:47:f2:54:28:55:
bf:88:92:ca
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZbKHv+lPl+KlTgAp/F1DYIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTEzMTQ0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWNmMjI1NWQ4MzQwMjkyNjc4MzhlM2NiNjBiNGE1N2ZlMDhhY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3At5k0ziuwpfSZ/7aGHeLPmS+Dm6
ISbMm/kvJHu5g7rIRq+7V2/tRkpXcm10hN6NIL3QvO/tZeAvorIapOmg/S8JADOf
im/YsA7YobeUAs+QiOgHJsWYvhYiy3QcryZWF2xMA7b/Yud9Bv6xOl9rw0dkj50X
rPe+ccLWQQWakhmSrf7y74726MTFiAFMPK7jR8895x25m1ZP9BuSlmFGG0CypS70
MzOzThq3b84x7Q0oW2qO0D3+gcdsQBdsc/wJeywHr78E1dLaUzkIzmoeCzAVlm99
v9qleEZGm/eJDC8c+NBfgpUtVchGPkY0JKY0P2bRAktAuNSCDMaHR2IXqQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJHPIlXYNAKSZ4OOPLYLSlf+CKztMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva2M4aVZkZzBBcEpuZzQ0OHRndEtWXzRJck8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUpiOAwQA
WdUGAwQAWdVoAwQAWdV7AwQAbbAOAwQB1dI0AwQA2ZFLMA0GCSqGSIb3DQEBCwUA
A4IBAQCMu5whQPTPK4SWpxAuFpiussDEQjjD28xHHz2QB+6GaNBzHyU33MLnXm6T
a74d5tvzYZWKNWfAQivgWWRXERdn21fQVsRHzesBiHdoEorYgjvTLt8GnV98kQqL
pICpsJglaZ+EygZ5YCSLIHUkXHPGfwIKrZC8uMxA5qowrNJGo7wxBfJXMnGVt7C0
7IA4MdeMY7MrdhMkuc+LCoHI+7wRJ5lWQ8RR2RLsKzsUFQ3zcuHxXj/mHaTaRU0L
lmjQtMaoGh4uXD9NItbqsLQXyAodhmFaV9IhOwIw3w5Sq7HBcsOZ8K+da12lnb+j
VZ1HChiEIAVSpByHR/JUKFW/iJLK
-----END CERTIFICATE-----
Generated at Sat May 17 02:21:34 2025 by rpki-client