Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/AJ9UR0K52e-eJyRRnZHEVEMor8s.roa
File: AJ9UR0K52e-eJyRRnZHEVEMor8s.roa (raw, json)
Hash identifier: k+7ixD3UQG1Cq0XsXwoDAyKeC/1leNeN6sw+263vqqQ=
Subject key identifier: 00:9F:54:47:42:B9:D9:EF:9E:27:24:51:9D:91:C4:54:43:28:AF:CB
Certificate issuer: /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial: 01966CC324F422C0C37DAA4CC03442EF604B
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/AJ9UR0K52e-eJyRRnZHEVEMor8s.roa
Signing time: Fri 25 Apr 2025 11:44:10 +0000
ROA not before: Fri 25 Apr 2025 11:44:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58172
IP address blocks: 85.116.178.0/24 maxlen: 24
85.116.179.0/24 maxlen: 24
85.116.180.0/24 maxlen: 24
85.116.181.0/24 maxlen: 24
85.116.183.0/24 maxlen: 24
85.116.184.0/23 maxlen: 23
85.116.186.0/23 maxlen: 23
85.116.188.0/23 maxlen: 23
85.116.190.0/24 maxlen: 24
85.116.191.0/24 maxlen: 24
91.132.148.0/24 maxlen: 24
91.132.149.0/24 maxlen: 24
91.132.150.0/24 maxlen: 24
91.132.151.0/24 maxlen: 24
91.239.101.0/24 maxlen: 24
128.127.96.0/24 maxlen: 24
128.127.97.0/24 maxlen: 24
128.127.98.0/24 maxlen: 24
128.127.99.0/24 maxlen: 24
128.127.100.0/24 maxlen: 24
128.127.101.0/24 maxlen: 24
128.127.102.0/24 maxlen: 24
128.127.103.0/24 maxlen: 24
178.20.176.0/24 maxlen: 24
178.20.177.0/24 maxlen: 24
178.20.178.0/24 maxlen: 24
178.20.179.0/24 maxlen: 24
178.20.180.0/24 maxlen: 24
178.20.181.0/24 maxlen: 24
178.20.182.0/24 maxlen: 24
178.20.183.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.mft
rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 01 May 2025 17:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6c:c3:24:f4:22:c0:c3:7d:aa:4c:c0:34:42:ef:60:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Validity
Not Before: Apr 25 11:44:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=009f544742b9d9ef9e2724519d91c4544328afcb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:67:e0:1a:8d:ae:9a:90:61:30:f3:59:6a:21:
a8:fb:9d:eb:e2:39:50:f1:b4:8d:02:ac:17:ba:52:
3c:85:b2:2d:e9:f2:ca:28:8c:d2:59:d8:b7:31:49:
e4:e7:ff:a9:d4:73:22:fe:dd:11:33:d2:e7:f3:f1:
fe:2c:a3:c0:98:4b:b0:67:59:eb:9b:97:87:5d:46:
85:0b:12:c3:1e:87:52:ad:26:4c:64:39:d9:f1:dd:
77:46:e0:f6:1c:62:c2:c1:73:f3:60:99:1c:a6:fe:
df:0e:47:fe:cd:13:14:bd:84:40:c9:c3:79:45:13:
ff:6a:9a:9b:5f:4a:71:f6:68:89:51:67:0c:92:c4:
89:16:a6:dd:5b:d4:9e:03:18:11:1d:ad:ce:a4:d8:
10:d8:fa:8c:42:79:12:d2:d0:a0:c6:7d:da:ee:43:
58:a0:55:b1:f0:17:eb:56:b9:ad:54:7a:47:e3:31:
56:ee:b7:ed:d2:6c:cd:c9:96:13:a1:27:b0:8a:2d:
56:f7:d7:e6:3b:1f:3a:74:de:33:86:e8:1f:e8:af:
30:1d:cb:54:d0:fb:54:1e:55:2d:ff:d0:7e:b6:71:
b0:f1:6f:e8:9b:38:23:9d:e1:17:9c:78:e8:f4:a7:
89:42:56:06:ae:4e:02:5c:bc:c7:2d:a3:6b:3a:7a:
9c:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:9F:54:47:42:B9:D9:EF:9E:27:24:51:9D:91:C4:54:43:28:AF:CB
X509v3 Authority Key Identifier:
keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/AJ9UR0K52e-eJyRRnZHEVEMor8s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.178.0-85.116.181.255
85.116.183.0-85.116.191.255
91.132.148.0/22
91.239.101.0/24
128.127.96.0/21
178.20.176.0/21
Signature Algorithm: sha256WithRSAEncryption
a0:b0:10:7a:53:c0:14:b8:d1:62:a1:87:85:a0:5c:89:6d:01:
51:21:08:62:51:3f:ba:41:f0:0f:d3:68:20:65:91:12:2f:ba:
cf:73:df:a1:9d:a4:9b:16:01:30:17:4c:bd:ba:fe:2f:7b:b0:
e3:72:a3:cf:d9:43:45:2a:34:e7:83:55:ef:f1:90:03:25:65:
59:80:40:a7:a9:73:e8:a6:d6:a0:ff:d5:16:90:76:b2:20:90:
f2:0a:af:a2:95:a2:9b:fd:8c:da:97:e8:61:c2:54:ed:b7:e6:
67:b9:13:2d:a0:a7:7b:e9:f7:56:a4:0c:ea:de:f2:3c:d4:e7:
3d:e0:29:1c:a6:5d:93:ce:56:2b:cd:7e:1c:81:e6:7f:32:be:
ec:7c:af:ef:6f:60:10:ab:28:1c:cd:1f:2a:62:5f:f0:16:d1:
c0:71:06:f5:32:bf:54:9f:2e:17:11:f2:d1:5b:ed:18:b8:fc:
91:7d:8f:2d:65:26:49:30:3b:20:d5:19:2b:ec:8c:47:b5:69:
8d:cd:ba:66:01:13:53:fb:65:8e:1c:dc:08:1c:e4:95:bc:4d:
25:2f:6d:c2:c1:4c:91:8e:d6:d2:87:2c:49:4e:e4:02:5b:76:
f6:69:9d:d2:c4:6a:de:5e:fc:a6:b1:e0:5a:d2:c9:4e:86:49:
18:a9:e0:53
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZZswyT0IsDDfapMwDRC72BLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjUwNDI1MTE0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDlmNTQ0NzQyYjlkOWVmOWUyNzI0NTE5ZDkxYzQ1NDQzMjhhZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WfgGo2umpBhMPNZaiGo+53r4jlQ
8bSNAqwXulI8hbIt6fLKKIzSWdi3MUnk5/+p1HMi/t0RM9Ln8/H+LKPAmEuwZ1nr
m5eHXUaFCxLDHodSrSZMZDnZ8d13RuD2HGLCwXPzYJkcpv7fDkf+zRMUvYRAycN5
RRP/apqbX0px9miJUWcMksSJFqbdW9SeAxgRHa3OpNgQ2PqMQnkS0tCgxn3a7kNY
oFWx8BfrVrmtVHpH4zFW7rft0mzNyZYToSewii1W99fmOx86dN4zhugf6K8wHctU
0PtUHlUt/9B+tnGw8W/omzgjneEXnHjo9KeJQlYGrk4CXLzHLaNrOnqcIwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFACfVEdCudnvnickUZ2RxFRDKK/LMB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEvQUo5VVIwSzUyZS1lSnlSUm5aSEVWRU1vcjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAFVdLID
BAFVdLQwDAMEAFV0twMEBlV0gAMEAluElAMEAFvvZQMEA4B/YAMEA7IUsDANBgkq
hkiG9w0BAQsFAAOCAQEAoLAQelPAFLjRYqGHhaBciW0BUSEIYlE/ukHwD9NoIGWR
Ei+6z3PfoZ2kmxYBMBdMvbr+L3uw43Kjz9lDRSo054NV7/GQAyVlWYBAp6lz6KbW
oP/VFpB2siCQ8gqvopWim/2M2pfoYcJU7bfmZ7kTLaCne+n3VqQM6t7yPNTnPeAp
HKZdk85WK81+HIHmfzK+7Hyv729gEKsoHM0fKmJf8BbRwHEG9TK/VJ8uFxHy0Vvt
GLj8kX2PLWUmSTA7INUZK+yMR7Vpjc26ZgETU/tljhzcCBzklbxNJS9twsFMkY7W
0ocsSU7kAlt29mmd0sRq3l78prHgWtLJToZJGKngUw==
-----END CERTIFICATE-----
Generated at Thu May 1 02:57:26 2025 by rpki-client