Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/9de98e-17b4-47ff-a9c9-11c3009f44df/1/2BzyKfn5TceQ5f_OzQ0CHZnS4gI.roa
File: 2BzyKfn5TceQ5f_OzQ0CHZnS4gI.roa (raw, json)
Hash identifier: QgfXzSLSDf5EWcjraHDYOpI/UP8b9CbWgxlTSxy1O3c=
Subject key identifier: D8:1C:F2:29:F9:F9:4D:C7:90:E5:FF:CE:CD:0D:02:1D:99:D2:E2:02
Certificate issuer: /CN=117a04a927019c3ce2d0c9db3a314977a0a7b35c
Certificate serial: 01942747C67FBBB8CAEF097A95F936DB46FC
Authority key identifier: 11:7A:04:A9:27:01:9C:3C:E2:D0:C9:DB:3A:31:49:77:A0:A7:B3:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EXoEqScBnDzi0MnbOjFJd6Cns1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/9de98e-17b4-47ff-a9c9-11c3009f44df/1/2BzyKfn5TceQ5f_OzQ0CHZnS4gI.roa
Signing time: Thu 02 Jan 2025 13:50:02 +0000
ROA not before: Thu 02 Jan 2025 13:50:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211298
IP address blocks: 87.236.176.0/24 maxlen: 24
185.247.137.0/24 maxlen: 24
193.163.125.0/24 maxlen: 24
2a06:4880::/32 maxlen: 32
2a06:4881::/32 maxlen: 32
2a06:4882::/32 maxlen: 32
2a06:4883::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/9de98e-17b4-47ff-a9c9-11c3009f44df/1/EXoEqScBnDzi0MnbOjFJd6Cns1w.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/9de98e-17b4-47ff-a9c9-11c3009f44df/1/EXoEqScBnDzi0MnbOjFJd6Cns1w.mft
rsync://rpki.ripe.net/repository/DEFAULT/EXoEqScBnDzi0MnbOjFJd6Cns1w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 19:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:c6:7f:bb:b8:ca:ef:09:7a:95:f9:36:db:46:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=117a04a927019c3ce2d0c9db3a314977a0a7b35c
Validity
Not Before: Jan 2 13:50:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d81cf229f9f94dc790e5ffcecd0d021d99d2e202
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f7:05:3f:8b:f8:46:1c:86:e9:fd:e7:45:1e:
ea:51:69:86:12:74:ab:18:33:a7:1e:d3:fc:7c:c6:
5e:f2:25:81:da:17:b3:1e:41:ab:a4:13:6d:d5:76:
5b:1b:8e:b3:67:fe:bc:67:ac:ae:11:5f:85:04:5d:
87:99:62:32:59:d0:7f:b8:ed:14:92:0e:24:70:2a:
15:b2:43:97:c9:14:57:ca:d7:d1:61:d0:ba:ba:72:
2b:43:4f:6d:41:04:d1:8e:15:85:c7:73:9d:5e:b9:
10:78:d4:be:9e:80:f7:f1:23:1d:e2:48:13:49:a7:
7e:f6:5a:0e:b9:e5:32:fb:b8:b5:29:f3:30:b3:37:
ea:18:b4:92:2b:1a:89:73:94:d0:c1:d5:39:66:98:
2f:b0:1f:d7:89:47:fb:bc:13:e4:6b:80:ba:72:eb:
d0:da:29:ab:74:42:d9:72:10:6a:86:7c:c3:7b:62:
14:2d:06:32:7c:f0:ad:75:f3:f4:b7:34:91:fe:4f:
79:d9:ba:9d:95:2d:c2:64:30:d8:f0:ab:d6:15:42:
b5:4b:24:6d:1b:be:ac:88:19:af:ab:0f:ed:fa:05:
41:2f:91:9e:e2:ca:c7:7e:f3:81:49:d4:d6:0c:30:
5c:d9:ad:35:80:d7:cd:11:ef:70:19:44:63:51:ae:
59:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:1C:F2:29:F9:F9:4D:C7:90:E5:FF:CE:CD:0D:02:1D:99:D2:E2:02
X509v3 Authority Key Identifier:
keyid:11:7A:04:A9:27:01:9C:3C:E2:D0:C9:DB:3A:31:49:77:A0:A7:B3:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EXoEqScBnDzi0MnbOjFJd6Cns1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9de98e-17b4-47ff-a9c9-11c3009f44df/1/2BzyKfn5TceQ5f_OzQ0CHZnS4gI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9de98e-17b4-47ff-a9c9-11c3009f44df/1/EXoEqScBnDzi0MnbOjFJd6Cns1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.236.176.0/24
185.247.137.0/24
193.163.125.0/24
IPv6:
2a06:4880::/30
Signature Algorithm: sha256WithRSAEncryption
30:67:77:11:dc:ff:8a:cf:e2:40:e7:d3:ab:49:4f:bf:ee:e1:
a8:1c:24:48:58:53:57:e8:ee:9b:95:1e:ba:e8:c4:c1:5b:ad:
65:96:ea:f3:a4:d4:83:79:3c:bd:31:33:ec:f0:e2:00:7c:b9:
91:f8:52:cd:d8:9c:6a:d7:14:0e:6b:9b:39:51:90:57:57:e6:
6d:39:da:d4:1e:d0:66:56:74:eb:d5:e6:35:88:b8:cb:2d:e6:
e5:2d:b5:94:e8:3d:37:a7:bd:27:27:63:6f:d0:64:6b:eb:7f:
42:0e:3d:08:32:0d:38:92:e6:0c:d4:b5:08:ca:99:0c:42:44:
02:89:a8:77:1d:fc:6b:36:93:93:df:75:73:ff:54:28:fa:62:
93:69:83:d8:cf:dc:9c:57:de:a6:55:52:30:5e:0c:87:c5:d2:
5a:21:8e:b6:b3:bb:5e:7a:8a:86:94:d2:a8:63:8e:19:33:5c:
c5:08:41:08:1e:69:d0:ea:77:36:61:44:52:a2:28:8f:25:78:
99:19:c8:be:ba:da:78:ac:d1:ee:38:d1:87:2f:52:48:f3:e7:
5d:12:67:52:1a:e9:19:c8:e9:5c:a2:e5:a6:77:8c:37:a7:3f:
33:8f:bd:c2:f5:a7:c7:ad:7a:3e:c6:79:50:d7:8b:77:6f:a1:
03:e5:19:bf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQnR8Z/u7jK7wl6lfk220b8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2EwNGE5MjcwMTljM2NlMmQwYzlkYjNhMzE0OTc3YTBh
N2IzNWMwHhcNMjUwMTAyMTM1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFjZjIyOWY5Zjk0ZGM3OTBlNWZmY2VjZDBkMDIxZDk5ZDJlMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/cFP4v4RhyG6f3nRR7qUWmGEnSr
GDOnHtP8fMZe8iWB2hezHkGrpBNt1XZbG46zZ/68Z6yuEV+FBF2HmWIyWdB/uO0U
kg4kcCoVskOXyRRXytfRYdC6unIrQ09tQQTRjhWFx3OdXrkQeNS+noD38SMd4kgT
Sad+9loOueUy+7i1KfMwszfqGLSSKxqJc5TQwdU5ZpgvsB/XiUf7vBPka4C6cuvQ
2imrdELZchBqhnzDe2IULQYyfPCtdfP0tzSR/k952bqdlS3CZDDY8KvWFUK1SyRt
G76siBmvqw/t+gVBL5Ge4srHfvOBSdTWDDBc2a01gNfNEe9wGURjUa5Z4wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNgc8in5+U3HkOX/zs0NAh2Z0uICMB8GA1UdIwQY
MBaAFBF6BKknAZw84tDJ2zoxSXegp7NcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVhvRXFTY0JuRHppME1uYk9qRkpkNkNuczF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85ZGU5OGUtMTdiNC00N2ZmLWE5Yzkt
MTFjMzAwOWY0NGRmLzEvMkJ6eUtmbjVUY2VRNWZfT3pRMENIWm5TNGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85ZGU5OGUtMTdiNC00N2ZmLWE5YzktMTFjMzAwOWY0NGRm
LzEvRVhvRXFTY0JuRHppME1uYk9qRkpkNkNuczF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAV+ywAwQA
ufeJAwQAwaN9MA0EAgACMAcDBQIqBkiAMA0GCSqGSIb3DQEBCwUAA4IBAQAwZ3cR
3P+Kz+JA59OrSU+/7uGoHCRIWFNX6O6blR666MTBW61llurzpNSDeTy9MTPs8OIA
fLmR+FLN2Jxq1xQOa5s5UZBXV+ZtOdrUHtBmVnTr1eY1iLjLLeblLbWU6D03p70n
J2Nv0GRr639CDj0IMg04kuYM1LUIypkMQkQCiah3HfxrNpOT33Vz/1Qo+mKTaYPY
z9ycV96mVVIwXgyHxdJaIY62s7teeoqGlNKoY44ZM1zFCEEIHmnQ6nc2YURSoiiP
JXiZGci+utp4rNHuONGHL1JI8+ddEmdSGukZyOlcouWmd4w3pz8zj73C9afHrXo+
xnlQ14t3b6ED5Rm/
-----END CERTIFICATE-----
Generated at Tue Apr 29 04:08:31 2025 by rpki-client