Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1gHYW02m8wuDxRJvz0LBSVkV_ug.roa
File: 1gHYW02m8wuDxRJvz0LBSVkV_ug.roa (raw, json)
Hash identifier: CJ+bxguZgm0WfWv2+aS7+Xb+H+xqOH2X8SpFwbtpdcM=
Subject key identifier: D6:01:D8:5B:4D:A6:F3:0B:83:C5:12:6F:CF:42:C1:49:59:15:FE:E8
Certificate issuer: /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial: 0196B46F3BC7F408E921B408A1E3F6775FCA
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1gHYW02m8wuDxRJvz0LBSVkV_ug.roa
Signing time: Fri 09 May 2025 09:45:10 +0000
ROA not before: Fri 09 May 2025 09:45:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208258
IP address blocks: 45.144.244.0/23 maxlen: 24
45.144.246.0/24 maxlen: 24
45.151.156.0/23 maxlen: 24
45.151.158.0/24 maxlen: 24
45.154.238.0/24 maxlen: 24
45.154.239.0/24 maxlen: 24
185.208.208.0/24 maxlen: 24
185.208.209.0/24 maxlen: 24
185.208.210.0/24 maxlen: 24
185.208.211.0/24 maxlen: 24
185.227.82.0/24 maxlen: 24
185.228.83.0/24 maxlen: 24
185.243.112.0/24 maxlen: 24
185.243.113.0/24 maxlen: 24
194.146.48.0/24 maxlen: 24
195.26.6.0/24 maxlen: 24
195.26.7.0/24 maxlen: 24
2a0b:3c40:1::/48 maxlen: 48
2a0b:3c40:9::/48 maxlen: 48
2a0b:3c40:11::/48 maxlen: 48
2a0b:3c40:12::/48 maxlen: 48
2a0b:3c40:15::/48 maxlen: 48
2a0b:3c40:16::/48 maxlen: 48
2a0b:3c40:17::/48 maxlen: 48
2a0b:3c40:20::/48 maxlen: 48
2a0b:3c40:21::/48 maxlen: 48
2a0b:3c40:25::/48 maxlen: 48
2a0b:3c40:fca6::/48 maxlen: 48
2a0e:5540::/48 maxlen: 48
2a0e:5540:10::/48 maxlen: 48
2a0e:5540:11::/48 maxlen: 48
2a0e:5540:12::/48 maxlen: 48
2a0e:5540:100::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 09:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:b4:6f:3b:c7:f4:08:e9:21:b4:08:a1:e3:f6:77:5f:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Validity
Not Before: May 9 09:45:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d601d85b4da6f30b83c5126fcf42c1495915fee8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:f7:98:e2:37:67:d3:e4:95:a8:a7:12:01:97:
fb:ee:0e:61:7b:2c:a1:4a:42:31:75:d2:e0:76:08:
cc:11:46:e3:63:2d:b2:f8:99:d6:1f:43:4f:42:06:
99:42:50:58:61:c6:aa:a7:95:70:1a:e2:11:05:b3:
e6:ec:c7:32:7d:1e:d8:f3:d5:1e:a1:98:e1:3a:6d:
03:e4:11:a3:03:ae:95:0d:80:00:3b:eb:9f:53:90:
dd:66:40:2f:e5:1f:a6:b2:9a:66:a0:76:fa:3b:d1:
9f:81:15:7a:eb:ba:aa:b3:1a:48:af:ea:49:c9:4b:
d7:45:61:b6:27:8f:08:99:fe:79:2f:46:42:40:5b:
6a:d1:cd:a4:8a:34:ab:6a:37:25:75:de:23:0b:09:
31:8c:db:3f:ad:9b:87:f1:bd:99:7e:98:2a:a0:88:
2a:67:e9:83:ca:00:90:e6:32:51:80:a3:89:73:c2:
f0:e7:5f:c9:0c:a0:10:ae:0c:f4:27:d2:b9:30:37:
37:59:50:e2:33:a4:17:17:6d:27:98:74:29:fa:71:
6c:ce:7d:47:ec:ca:48:47:95:6f:15:cd:1b:3f:15:
8f:71:3b:98:bf:e7:f6:d6:23:28:7f:ee:f1:96:ad:
a4:ca:93:7f:64:c3:a0:c1:76:f9:16:61:c8:97:01:
db:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:01:D8:5B:4D:A6:F3:0B:83:C5:12:6F:CF:42:C1:49:59:15:FE:E8
X509v3 Authority Key Identifier:
keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/1gHYW02m8wuDxRJvz0LBSVkV_ug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.244.0-45.144.246.255
45.151.156.0-45.151.158.255
45.154.238.0/23
185.208.208.0/22
185.227.82.0/24
185.228.83.0/24
185.243.112.0/23
194.146.48.0/24
195.26.6.0/23
IPv6:
2a0b:3c40:1::/48
2a0b:3c40:9::/48
2a0b:3c40:11::-2a0b:3c40:12:ffff:ffff:ffff:ffff:ffff
2a0b:3c40:15::-2a0b:3c40:17:ffff:ffff:ffff:ffff:ffff
2a0b:3c40:20::/47
2a0b:3c40:25::/48
2a0b:3c40:fca6::/48
2a0e:5540::/48
2a0e:5540:10::-2a0e:5540:12:ffff:ffff:ffff:ffff:ffff
2a0e:5540:100::/48
Signature Algorithm: sha256WithRSAEncryption
25:3c:cf:84:e4:1a:7a:46:58:d7:eb:0c:f9:e6:c4:15:d2:9d:
f4:35:7b:c9:75:8c:02:59:91:5f:30:d1:a0:34:b2:16:61:0c:
f9:c7:f0:cd:f3:f9:f9:3d:9b:ec:7b:f4:6a:c1:94:c6:b9:7c:
c6:0e:0f:e8:5d:61:de:8b:65:da:40:81:8d:9a:fa:97:b9:8e:
9c:19:72:c5:32:4d:65:70:9d:05:b4:66:d0:e5:fd:d2:70:fb:
9a:8b:bc:1f:aa:35:ce:2b:0a:1c:29:cb:fe:56:be:e5:e0:00:
c5:3d:3c:b6:c1:17:04:1c:63:67:18:df:f8:8b:da:91:35:21:
57:62:4b:69:31:20:f4:8d:5c:3c:2b:6a:9c:d0:8c:3f:6a:2f:
73:64:49:a2:86:24:61:74:ec:74:1e:41:89:c5:c7:49:58:10:
d2:a9:55:72:1d:6e:f1:ee:61:07:1e:50:2f:2e:36:c3:e2:01:
cc:b9:ca:9f:ab:5c:dc:4e:97:c4:be:c5:89:34:46:fa:27:7f:
43:97:47:3a:5d:6d:db:5c:14:b2:44:73:f2:46:0e:1b:47:d0:
9e:91:a9:98:d0:42:7c:03:8e:f8:51:71:e2:c6:3b:3c:21:a0:
4b:33:19:7c:1e:4b:cd:4c:75:71:dd:52:e3:22:77:76:54:3f:
76:8f:b0:dc
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISAZa0bzvH9AjpIbQIoeP2d1/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwNTA5MDk0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjAxZDg1YjRkYTZmMzBiODNjNTEyNmZjZjQyYzE0OTU5MTVmZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/eY4jdn0+SVqKcSAZf77g5heyyh
SkIxddLgdgjMEUbjYy2y+JnWH0NPQgaZQlBYYcaqp5VwGuIRBbPm7McyfR7Y89Ue
oZjhOm0D5BGjA66VDYAAO+ufU5DdZkAv5R+msppmoHb6O9GfgRV667qqsxpIr+pJ
yUvXRWG2J48Imf55L0ZCQFtq0c2kijSrajcldd4jCwkxjNs/rZuH8b2ZfpgqoIgq
Z+mDygCQ5jJRgKOJc8Lw51/JDKAQrgz0J9K5MDc3WVDiM6QXF20nmHQp+nFszn1H
7MpIR5VvFc0bPxWPcTuYv+f21iMof+7xlq2kypN/ZMOgwXb5FmHIlwHbZQIDAQAB
o4IC0DCCAswwHQYDVR0OBBYEFNYB2FtNpvMLg8USb89CwUlZFf7oMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvMWdIWVcwMm04d3VEeFJKdnowTEJTVmtWX3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHlBggrBgEFBQcBBwEB/wSB1TCB0jBMBAIAATBGMAwDBAIt
kPQDBAAtkPYwDAMEAi2XnAMEAC2XngMEAS2a7gMEArnQ0AMEALnjUgMEALnkUwME
AbnzcAMEAMKSMAMEAcMaBjCBgQQCAAIwewMHACoLPEAAAQMHACoLPEAACTASAwcA
Kgs8QAARAwcAKgs8QAASMBIDBwAqCzxAABUDBwMqCzxAABADBwEqCzxAACADBwAq
CzxAACUDBwAqCzxA/KYDBwAqDlVAAAAwEgMHBCoOVUAAEAMHACoOVUAAEgMHACoO
VUABADANBgkqhkiG9w0BAQsFAAOCAQEAJTzPhOQaekZY1+sM+ebEFdKd9DV7yXWM
AlmRXzDRoDSyFmEM+cfwzfP5+T2b7Hv0asGUxrl8xg4P6F1h3otl2kCBjZr6l7mO
nBlyxTJNZXCdBbRm0OX90nD7mou8H6o1zisKHCnL/la+5eAAxT08tsEXBBxjZxjf
+IvakTUhV2JLaTEg9I1cPCtqnNCMP2ovc2RJooYkYXTsdB5BicXHSVgQ0qlVch1u
8e5hBx5QLy42w+IBzLnKn6tc3E6XxL7FiTRG+id/Q5dHOl1t21wUskRz8kYOG0fQ
npGpmNBCfAOO+FFx4sY7PCGgSzMZfB5LzUx1cd1S4yJ3dlQ/do+w3A==
-----END CERTIFICATE-----
Generated at Mon May 12 15:49:29 2025 by rpki-client