Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/a32567-780f-4509-b710-97eaf9aa786f/1/_XpEMn72FeEctOAcMkQobteNSkY.roa
File: _XpEMn72FeEctOAcMkQobteNSkY.roa (raw, json)
Hash identifier: bnxUUX45W8TpYP9Drk2/xMaW53mScgsvGUmVXogbW1Q=
Subject key identifier: FD:7A:44:32:7E:F6:15:E1:1C:B4:E0:1C:32:44:28:6E:D7:8D:4A:46
Certificate issuer: /CN=6d555e6c14b94d756d93a83a502c7f1577f9af49
Certificate serial: 0196806F75B4F16CFAE2DC5C35560344ABEB
Authority key identifier: 6D:55:5E:6C:14:B9:4D:75:6D:93:A8:3A:50:2C:7F:15:77:F9:AF:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bVVebBS5TXVtk6g6UCx_FXf5r0k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/a32567-780f-4509-b710-97eaf9aa786f/1/_XpEMn72FeEctOAcMkQobteNSkY.roa
Signing time: Tue 29 Apr 2025 07:25:10 +0000
ROA not before: Tue 29 Apr 2025 07:25:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42307
IP address blocks: 91.192.28.0/22 maxlen: 22
194.55.248.0/22 maxlen: 22
2001:67c:274::/48 maxlen: 48
2a0c:ccc0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/a32567-780f-4509-b710-97eaf9aa786f/1/bVVebBS5TXVtk6g6UCx_FXf5r0k.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/a32567-780f-4509-b710-97eaf9aa786f/1/bVVebBS5TXVtk6g6UCx_FXf5r0k.mft
rsync://rpki.ripe.net/repository/DEFAULT/bVVebBS5TXVtk6g6UCx_FXf5r0k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:80:6f:75:b4:f1:6c:fa:e2:dc:5c:35:56:03:44:ab:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d555e6c14b94d756d93a83a502c7f1577f9af49
Validity
Not Before: Apr 29 07:25:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fd7a44327ef615e11cb4e01c3244286ed78d4a46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:f3:c5:5f:b7:32:1c:96:27:3a:ce:f9:22:77:
fd:07:20:0b:b0:45:13:a4:8c:54:f1:4d:e5:c2:ab:
ea:1c:e2:c1:e5:df:a5:4e:ed:c9:51:e1:e9:18:f8:
2f:b2:08:a4:ae:b4:26:c4:08:80:ac:15:d2:cd:d6:
62:51:f5:6c:2c:76:e6:85:51:ea:43:e1:c9:9c:c8:
0e:1d:1f:7f:89:47:4f:6f:a9:9b:8d:c3:83:04:11:
5b:04:83:f1:63:b9:16:bf:59:85:21:1e:4f:84:d8:
0d:44:6e:6a:e5:4d:91:63:d7:1b:f7:59:b8:cc:37:
f9:68:c5:41:ac:cf:06:af:8e:1c:65:93:94:48:48:
46:0b:46:10:8d:1f:d0:03:ce:f5:fe:89:79:0c:10:
de:28:fa:9d:a7:84:2f:3a:a8:18:23:78:ca:ef:f0:
85:99:43:7d:e7:16:c9:85:c5:d7:1c:c2:8b:23:a6:
8d:58:c2:6a:76:b9:8d:d0:69:7a:e7:e0:51:76:f1:
22:ec:c1:53:63:35:34:4d:5e:ea:8a:3d:07:24:b4:
37:00:60:76:8c:74:84:d6:d3:67:4a:f9:c0:46:06:
b6:e8:22:8b:2e:d7:22:14:34:34:57:47:23:ef:1b:
db:1a:d5:9a:50:d5:34:ce:74:7f:5a:ee:74:43:27:
3f:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:7A:44:32:7E:F6:15:E1:1C:B4:E0:1C:32:44:28:6E:D7:8D:4A:46
X509v3 Authority Key Identifier:
keyid:6D:55:5E:6C:14:B9:4D:75:6D:93:A8:3A:50:2C:7F:15:77:F9:AF:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bVVebBS5TXVtk6g6UCx_FXf5r0k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a32567-780f-4509-b710-97eaf9aa786f/1/_XpEMn72FeEctOAcMkQobteNSkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a32567-780f-4509-b710-97eaf9aa786f/1/bVVebBS5TXVtk6g6UCx_FXf5r0k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.192.28.0/22
194.55.248.0/22
IPv6:
2001:67c:274::/48
2a0c:ccc0::/29
Signature Algorithm: sha256WithRSAEncryption
a3:6a:23:85:46:30:13:dd:37:16:53:51:93:db:e4:3f:31:07:
92:3b:30:dc:d6:ce:09:7e:91:cd:6a:44:7a:2d:b8:e7:b2:7d:
13:2a:90:10:4b:36:39:1f:5d:bd:53:94:f7:f5:37:8d:62:ec:
e1:2a:a7:38:39:c1:60:7e:a2:ae:80:32:0f:ed:0f:6e:e6:d7:
d2:96:47:dd:5c:cd:25:a5:ce:34:39:53:82:45:63:cc:40:18:
49:a4:51:c0:a8:05:90:f8:2a:ca:03:7e:8a:3b:52:19:6e:ff:
a2:1c:6a:1d:ce:bd:1c:1d:99:ab:53:d8:58:29:d3:3d:69:6c:
f2:a7:f6:b4:ad:d4:61:6e:40:f3:ab:8a:34:23:de:b6:48:6e:
88:a1:7c:d6:62:d0:e6:16:c6:ce:d5:ee:41:e5:c5:37:5c:e7:
91:f4:34:ab:54:84:6a:91:9f:bb:6f:71:f9:25:17:76:56:1a:
35:01:4e:cb:b2:88:5b:54:d9:4b:ec:e5:b3:0d:3b:2e:10:cd:
f7:33:5f:61:f7:03:cd:8e:d4:7d:7b:44:25:71:7e:a5:23:e5:
29:cf:b6:54:b3:aa:55:42:f2:67:11:09:d6:af:58:b7:87:d6:
2a:6e:a4:99:4f:bd:1e:ba:9d:36:d4:7e:5f:15:a8:a1:a9:a6:
c5:55:3a:bb
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZaAb3W08Wz64txcNVYDRKvrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNTU1ZTZjMTRiOTRkNzU2ZDkzYTgzYTUwMmM3ZjE1Nzdm
OWFmNDkwHhcNMjUwNDI5MDcyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDdhNDQzMjdlZjYxNWUxMWNiNGUwMWMzMjQ0Mjg2ZWQ3OGQ0YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvPFX7cyHJYnOs75Inf9ByALsEUT
pIxU8U3lwqvqHOLB5d+lTu3JUeHpGPgvsgikrrQmxAiArBXSzdZiUfVsLHbmhVHq
Q+HJnMgOHR9/iUdPb6mbjcODBBFbBIPxY7kWv1mFIR5PhNgNRG5q5U2RY9cb91m4
zDf5aMVBrM8Gr44cZZOUSEhGC0YQjR/QA871/ol5DBDeKPqdp4QvOqgYI3jK7/CF
mUN95xbJhcXXHMKLI6aNWMJqdrmN0Gl65+BRdvEi7MFTYzU0TV7qij0HJLQ3AGB2
jHSE1tNnSvnARga26CKLLtciFDQ0V0cj7xvbGtWaUNU0znR/Wu50Qyc/dQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFP16RDJ+9hXhHLTgHDJEKG7XjUpGMB8GA1UdIwQY
MBaAFG1VXmwUuU11bZOoOlAsfxV3+a9JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlZWZWJCUzVUWFZ0azZnNlVDeF9GWGY1cjBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hMzI1NjctNzgwZi00NTA5LWI3MTAt
OTdlYWY5YWE3ODZmLzEvX1hwRU1uNzJGZUVjdE9BY01rUW9idGVOU2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hMzI1NjctNzgwZi00NTA5LWI3MTAtOTdlYWY5YWE3ODZm
LzEvYlZWZWJCUzVUWFZ0azZnNlVDeF9GWGY1cjBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQCW8AcAwQC
wjf4MBYEAgACMBADBwAgAQZ8AnQDBQMqDMzAMA0GCSqGSIb3DQEBCwUAA4IBAQCj
aiOFRjAT3TcWU1GT2+Q/MQeSOzDc1s4JfpHNakR6Lbjnsn0TKpAQSzY5H129U5T3
9TeNYuzhKqc4OcFgfqKugDIP7Q9u5tfSlkfdXM0lpc40OVOCRWPMQBhJpFHAqAWQ
+CrKA36KO1IZbv+iHGodzr0cHZmrU9hYKdM9aWzyp/a0rdRhbkDzq4o0I962SG6I
oXzWYtDmFsbO1e5B5cU3XOeR9DSrVIRqkZ+7b3H5JRd2Vho1AU7LsohbVNlL7OWz
DTsuEM33M19h9wPNjtR9e0QlcX6lI+Upz7ZUs6pVQvJnEQnWr1i3h9YqbqSZT70e
up021H5fFaihqabFVTq7
-----END CERTIFICATE-----
Generated at Sun May 11 11:02:29 2025 by rpki-client