Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/0zqU-vNXZ2phU0OLDTydQoGFH8Q.roa
File: 0zqU-vNXZ2phU0OLDTydQoGFH8Q.roa (raw, json)
Hash identifier: +gP0NPBpHn9gACyGVaIVIcNnU3nAFyTkDtrpKge+z2I=
Subject key identifier: D3:3A:94:FA:F3:57:67:6A:61:53:43:8B:0D:3C:9D:42:81:85:1F:C4
Certificate issuer: /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial: 0196424B438D71226820B33823E40C0086CD
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/0zqU-vNXZ2phU0OLDTydQoGFH8Q.roa
Signing time: Thu 17 Apr 2025 05:49:10 +0000
ROA not before: Thu 17 Apr 2025 05:49:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398373
IP address blocks: 85.115.207.0/24 maxlen: 24
85.153.4.0/24 maxlen: 24
85.153.32.0/24 maxlen: 24
85.153.68.0/22 maxlen: 22
85.153.84.0/22 maxlen: 22
85.153.92.0/24 maxlen: 24
85.153.108.0/22 maxlen: 22
85.153.113.0/24 maxlen: 24
85.153.118.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 05:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:42:4b:43:8d:71:22:68:20:b3:38:23:e4:0c:00:86:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Validity
Not Before: Apr 17 05:49:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d33a94faf357676a6153438b0d3c9d4281851fc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b6:a6:19:08:d5:9b:01:bd:69:3b:33:71:ef:
7b:d3:3d:8e:d4:dc:4c:44:96:bf:4a:9a:59:b3:7a:
9a:c9:2b:82:96:c4:b0:fc:34:de:d0:26:a5:45:ca:
40:9d:51:58:41:36:09:d2:40:41:35:21:30:1e:88:
83:8f:9a:89:82:50:b2:cd:4b:d4:60:8f:f1:45:f0:
55:c7:3a:6d:fb:da:c0:9f:40:01:4e:30:db:fb:92:
79:05:3a:16:04:c7:d9:a1:7e:17:2b:cd:07:20:e6:
64:d5:0b:60:22:52:7e:9e:8f:44:bb:45:2c:28:4d:
72:ad:c8:64:0c:20:af:59:7e:d9:e0:21:ed:7e:5d:
08:a5:9d:a8:97:43:f6:73:2b:ef:0c:3a:e8:d7:fb:
59:76:a1:db:e7:64:15:56:95:d9:49:9e:6e:04:55:
94:c5:34:c7:01:4f:16:e0:ac:bd:ed:10:f0:25:45:
a0:90:26:5f:76:7a:9e:e7:4e:cb:8c:b1:b0:e9:c8:
ce:3d:3c:f3:1a:ad:b0:96:82:ff:b8:00:63:18:e6:
d4:2d:24:65:17:c4:b9:0b:a2:0f:ad:f2:d8:e9:82:
15:d8:b3:82:e0:a5:96:63:a1:22:5f:ba:10:31:82:
ea:4b:f9:e8:35:ef:df:47:91:17:b7:88:49:7b:3b:
c2:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:3A:94:FA:F3:57:67:6A:61:53:43:8B:0D:3C:9D:42:81:85:1F:C4
X509v3 Authority Key Identifier:
keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/0zqU-vNXZ2phU0OLDTydQoGFH8Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.115.207.0/24
85.153.4.0/24
85.153.32.0/24
85.153.68.0/22
85.153.84.0/22
85.153.92.0/24
85.153.108.0/22
85.153.113.0/24
85.153.118.0/24
Signature Algorithm: sha256WithRSAEncryption
21:58:b7:f1:36:5c:0e:8c:bb:3a:dc:53:48:30:04:90:b4:1b:
d6:23:41:73:ba:06:65:de:2f:75:7d:4c:cf:4e:b0:67:8d:80:
99:78:29:e9:87:3a:90:48:5b:bf:93:31:85:dc:75:32:24:3c:
17:dd:8d:cf:17:c8:c4:64:94:a3:48:2f:01:ce:4d:fc:f9:14:
c9:93:e1:1c:79:bb:06:0c:6f:60:9a:e1:5d:5a:45:b9:e1:c4:
19:8f:e6:13:f0:f8:bc:f4:68:b5:78:a4:c2:aa:a5:7c:81:38:
97:8b:55:77:6a:d1:b3:b4:9f:c5:a7:8c:88:9f:3b:d2:89:c2:
b7:e9:48:50:93:98:71:38:54:ff:0a:75:91:23:30:6b:96:47:
f9:17:36:e1:0d:7b:21:76:20:24:0d:8d:08:1a:44:97:00:19:
50:6a:23:e5:6e:a7:8f:5b:12:85:5c:63:b3:bb:a2:ff:5a:6e:
24:10:66:07:89:e1:18:13:c3:3f:06:2a:b9:1d:09:4a:19:e5:
41:0f:1f:d2:b1:9e:ec:30:67:00:5a:ef:24:c5:f7:7b:74:d0:
2b:12:1c:de:0f:e7:24:11:c0:2b:d1:f3:7a:0b:0c:0b:bc:9b:
4e:d6:53:22:1e:db:fd:25:97:e1:37:79:d4:92:30:2a:2c:aa:
78:9d:47:87
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZZCS0ONcSJoILM4I+QMAIbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjUwNDE3MDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzNhOTRmYWYzNTc2NzZhNjE1MzQzOGIwZDNjOWQ0MjgxODUxZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7amGQjVmwG9aTszce970z2O1NxM
RJa/SppZs3qaySuClsSw/DTe0CalRcpAnVFYQTYJ0kBBNSEwHoiDj5qJglCyzUvU
YI/xRfBVxzpt+9rAn0ABTjDb+5J5BToWBMfZoX4XK80HIOZk1QtgIlJ+no9Eu0Us
KE1yrchkDCCvWX7Z4CHtfl0IpZ2ol0P2cyvvDDro1/tZdqHb52QVVpXZSZ5uBFWU
xTTHAU8W4Ky97RDwJUWgkCZfdnqe507LjLGw6cjOPTzzGq2wloL/uABjGObULSRl
F8S5C6IPrfLY6YIV2LOC4KWWY6EiX7oQMYLqS/noNe/fR5EXt4hJezvCXwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNM6lPrzV2dqYVNDiw08nUKBhR/EMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvMHpxVS12TlhaMnBoVTBPTERUeWRRb0dGSDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVXPPAwQA
VZkEAwQAVZkgAwQCVZlEAwQCVZlUAwQAVZlcAwQCVZlsAwQAVZlxAwQAVZl2MA0G
CSqGSIb3DQEBCwUAA4IBAQAhWLfxNlwOjLs63FNIMASQtBvWI0FzugZl3i91fUzP
TrBnjYCZeCnphzqQSFu/kzGF3HUyJDwX3Y3PF8jEZJSjSC8Bzk38+RTJk+EcebsG
DG9gmuFdWkW54cQZj+YT8Pi89Gi1eKTCqqV8gTiXi1V3atGztJ/Fp4yInzvSicK3
6UhQk5hxOFT/CnWRIzBrlkf5FzbhDXshdiAkDY0IGkSXABlQaiPlbqePWxKFXGOz
u6L/Wm4kEGYHieEYE8M/Biq5HQlKGeVBDx/SsZ7sMGcAWu8kxfd7dNArEhzeD+ck
EcAr0fN6CwwLvJtO1lMiHtv9JZfhN3nUkjAqLKp4nUeH
-----END CERTIFICATE-----
Generated at Sun Apr 27 11:31:27 2025 by rpki-client