Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/JwRfQe1RRMFqmouHM8GDCbBv0qg.roa
File: JwRfQe1RRMFqmouHM8GDCbBv0qg.roa (raw, json)
Hash identifier: HeOaGIUlAHS+jA2tQ0PvTXar52BfbpysaRlaXP3EMw8=
Subject key identifier: 27:04:5F:41:ED:51:44:C1:6A:9A:8B:87:33:C1:83:09:B0:6F:D2:A8
Certificate issuer: /CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
Certificate serial: 019666F75362F08B2F2C4F80B8EABB288BE1
Authority key identifier: 8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/JwRfQe1RRMFqmouHM8GDCbBv0qg.roa
Signing time: Thu 24 Apr 2025 08:43:26 +0000
ROA not before: Thu 24 Apr 2025 08:43:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8468
IP address blocks: 46.254.0.0/21 maxlen: 24
62.249.192.0/18 maxlen: 24
78.32.0.0/15 maxlen: 24
79.143.144.0/20 maxlen: 24
81.31.96.0/19 maxlen: 24
84.45.128.0/17 maxlen: 24
87.127.0.0/16 maxlen: 24
109.224.160.0/19 maxlen: 24
156.67.240.0/20 maxlen: 24
185.81.192.0/22 maxlen: 24
185.101.148.0/22 maxlen: 24
185.129.72.0/22 maxlen: 24
185.220.12.0/22 maxlen: 24
188.39.0.0/16 maxlen: 24
195.74.96.0/19 maxlen: 24
2001:4d48::/29 maxlen: 48
2a05:8940::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/j3iWOzxPLdGHwgQ33x19nBaMq4E.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/j3iWOzxPLdGHwgQ33x19nBaMq4E.mft
rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 05:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:66:f7:53:62:f0:8b:2f:2c:4f:80:b8:ea:bb:28:8b:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
Validity
Not Before: Apr 24 08:43:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=27045f41ed5144c16a9a8b8733c18309b06fd2a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:82:34:85:d2:30:58:58:6f:2f:80:93:89:24:
17:11:f1:b8:36:3e:05:8d:37:bf:90:4f:3d:da:1e:
ec:c2:28:5a:5f:5a:fc:8e:a0:1d:fa:4b:88:17:7c:
49:6e:67:ab:59:66:22:b2:5a:d4:c1:33:e9:2c:c5:
c2:a6:5a:f8:ec:9e:7e:ae:cb:75:bb:7e:8c:d6:84:
b0:58:ac:e6:c0:f0:37:72:1d:43:6f:9b:f4:00:ce:
2a:c8:51:c9:3b:18:a1:4a:6a:f0:a7:d4:a7:00:5c:
ad:b7:5c:76:8f:4d:8d:88:ab:ae:ee:c7:69:fe:a2:
86:37:8e:24:91:e0:9b:4b:c9:c0:4e:28:28:20:78:
2d:18:e4:84:e9:4b:ab:c7:91:02:d9:78:70:b9:5a:
57:97:45:ed:38:dc:f2:50:de:7b:9d:03:2f:57:eb:
98:cb:fa:b7:27:c8:e0:c0:37:66:86:b0:4e:55:91:
a9:36:a8:2d:77:81:63:b9:83:8a:a0:0e:62:e8:b1:
64:d6:bd:c0:fe:74:f8:1d:4d:c5:82:05:41:04:2b:
9f:26:13:8e:00:25:70:ff:1a:f4:d8:2b:9a:7b:05:
1c:b8:ac:1a:11:2a:d7:78:9e:46:07:37:37:db:e1:
ba:e3:5c:1a:71:b1:cc:4b:ed:c8:9e:a9:2e:f4:f4:
a8:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:04:5F:41:ED:51:44:C1:6A:9A:8B:87:33:C1:83:09:B0:6F:D2:A8
X509v3 Authority Key Identifier:
keyid:8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/JwRfQe1RRMFqmouHM8GDCbBv0qg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/j3iWOzxPLdGHwgQ33x19nBaMq4E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.254.0.0/21
62.249.192.0/18
78.32.0.0/15
79.143.144.0/20
81.31.96.0/19
84.45.128.0/17
87.127.0.0/16
109.224.160.0/19
156.67.240.0/20
185.81.192.0/22
185.101.148.0/22
185.129.72.0/22
185.220.12.0/22
188.39.0.0/16
195.74.96.0/19
IPv6:
2001:4d48::/29
2a05:8940::/29
Signature Algorithm: sha256WithRSAEncryption
36:73:8b:33:01:50:8a:5b:77:cd:1c:b3:56:97:48:32:bf:23:
77:c3:65:b6:fe:eb:f1:0b:54:bf:9a:a4:d0:3b:34:fd:44:80:
b3:27:0e:91:e8:fd:6e:63:70:c2:e8:92:98:fb:7d:65:66:4c:
fb:7e:9b:1c:ad:d6:ee:55:4e:a4:67:07:e2:94:13:78:d6:1e:
f5:29:26:25:e6:6f:61:91:bb:ad:b1:d2:eb:e3:ca:aa:cb:81:
ec:9e:43:dc:5b:fd:c0:b7:c5:a7:e3:56:b2:53:2b:f9:b4:33:
39:93:b2:b7:49:37:71:14:3c:c9:c9:0d:cb:71:f1:e0:5a:da:
77:0d:ff:f6:04:55:ab:d2:96:8a:78:4b:37:f4:8b:5b:6c:b6:
70:f6:25:e3:e1:1a:e6:59:31:b7:a2:b9:a1:50:c5:e1:b7:00:
08:8f:13:ae:eb:46:30:f4:43:f5:3c:aa:87:52:e6:7d:41:59:
46:d6:45:7c:57:08:80:92:d7:c2:9e:4b:ba:94:de:f6:0a:d6:
12:3e:bc:c9:cf:78:85:f6:92:ae:9d:5a:06:b5:53:17:6b:18:
b5:5b:32:b1:f5:2c:42:83:15:5d:69:f9:b6:fb:99:42:d4:e6:
00:c9:e9:fe:df:b2:f4:16:e4:d1:34:9f:36:a9:24:9b:8e:3f:
68:f8:61:39
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZZm91Ni8IsvLE+AuOq7KIvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNzg5NjNiM2M0ZjJkZDE4N2MyMDQzN2RmMWQ3ZDljMTY4
Y2FiODEwHhcNMjUwNDI0MDg0MzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzA0NWY0MWVkNTE0NGMxNmE5YThiODczM2MxODMwOWIwNmZkMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlII0hdIwWFhvL4CTiSQXEfG4Nj4F
jTe/kE892h7swihaX1r8jqAd+kuIF3xJbmerWWYislrUwTPpLMXCplr47J5+rst1
u36M1oSwWKzmwPA3ch1Db5v0AM4qyFHJOxihSmrwp9SnAFytt1x2j02NiKuu7sdp
/qKGN44kkeCbS8nATigoIHgtGOSE6Uurx5EC2XhwuVpXl0XtONzyUN57nQMvV+uY
y/q3J8jgwDdmhrBOVZGpNqgtd4FjuYOKoA5i6LFk1r3A/nT4HU3FggVBBCufJhOO
ACVw/xr02CuaewUcuKwaESrXeJ5GBzc32+G641wacbHMS+3Inqku9PSoZwIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFCcEX0HtUUTBapqLhzPBgwmwb9KoMB8GA1UdIwQY
MBaAFI94ljs8Ty3Rh8IEN98dfZwWjKuBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgt
MWVmOWYyMzE5NTIyLzEvSndSZlFlMVJSTUZxbW91SE04R0RDYkJ2MHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgtMWVmOWYyMzE5NTIy
LzEvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwXQQCAAEwVwMEAy7+AAME
Bj75wAMDAU4gAwQET4+QAwQFUR9gAwQHVC2AAwMAV38DBAVt4KADBAScQ/ADBAK5
UcADBAK5ZZQDBAK5gUgDBAK53AwDAwC8JwMEBcNKYDAUBAIAAjAOAwUDIAFNSAMF
AyoFiUAwDQYJKoZIhvcNAQELBQADggEBADZzizMBUIpbd80cs1aXSDK/I3fDZbb+
6/ELVL+apNA7NP1EgLMnDpHo/W5jcMLokpj7fWVmTPt+mxyt1u5VTqRnB+KUE3jW
HvUpJiXmb2GRu62x0uvjyqrLgeyeQ9xb/cC3xafjVrJTK/m0MzmTsrdJN3EUPMnJ
Dctx8eBa2ncN//YEVavSlop4Szf0i1tstnD2JePhGuZZMbeiuaFQxeG3AAiPE67r
RjD0Q/U8qodS5n1BWUbWRXxXCICS18KeS7qU3vYK1hI+vMnPeIX2kq6dWga1Uxdr
GLVbMrH1LEKDFV1p+bb7mULU5gDJ6f7fsvQW5NE0nzapJJuOP2j4YTk=
-----END CERTIFICATE-----
Generated at Sun Apr 27 13:10:28 2025 by rpki-client