Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Yi0nd0HQTo9UHyApKJKZ_31fLCY.roa
File: Yi0nd0HQTo9UHyApKJKZ_31fLCY.roa (raw, json)
Hash identifier: v4qPaeNlpozaTJfY+bZOEAyAqTWnNdm8Vt4Lx3Z6MKw=
Subject key identifier: 62:2D:27:77:41:D0:4E:8F:54:1F:20:29:28:92:99:FF:7D:5F:2C:26
Certificate issuer: /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial: 01966D8ABAA9AE776822FEB3D5285E9E0974
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Yi0nd0HQTo9UHyApKJKZ_31fLCY.roa
Signing time: Fri 25 Apr 2025 15:22:10 +0000
ROA not before: Fri 25 Apr 2025 15:22:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59437
IP address blocks: 85.234.64.0/24 maxlen: 24
85.234.84.0/24 maxlen: 24
85.234.86.0/24 maxlen: 24
93.119.168.0/24 maxlen: 24
93.119.169.0/24 maxlen: 24
93.119.170.0/24 maxlen: 24
109.61.121.0/24 maxlen: 24
2a03:90c0:680::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 07 May 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6d:8a:ba:a9:ae:77:68:22:fe:b3:d5:28:5e:9e:09:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Validity
Not Before: Apr 25 15:22:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=622d277741d04e8f541f2029289299ff7d5f2c26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:09:61:54:ff:db:d1:43:c2:fa:17:7b:a0:96:
81:56:c8:b4:85:a3:99:ee:76:db:b3:5a:5c:53:5f:
f7:91:6b:10:fd:3a:39:89:4e:87:09:34:c5:fb:c5:
55:2b:58:e7:79:73:e7:85:87:bc:ce:4f:63:25:a3:
45:37:2a:57:26:25:39:86:46:e5:5d:75:a0:cf:d2:
53:cd:bb:a3:66:41:fb:90:fe:eb:4e:21:7c:b8:45:
78:0b:d7:10:4a:dd:f4:22:ce:16:6c:4f:a1:27:7c:
20:97:67:0f:fe:65:9e:17:35:67:7b:a3:7e:c5:12:
dd:44:1f:8e:e4:b3:6c:a2:7a:c2:ff:fc:95:d5:ec:
10:a3:5a:df:16:5c:9b:74:8e:60:6f:79:8c:b2:95:
89:27:28:cb:fa:b8:36:90:8a:14:d7:11:6b:bc:9f:
0d:f0:47:cb:98:ea:36:9c:63:e4:a1:7a:27:c5:c1:
18:49:17:43:ea:1e:42:8e:fd:46:5b:6d:a0:30:cc:
a1:ca:43:bd:a7:1f:d3:88:b6:78:c1:9d:87:e3:ce:
8c:68:5a:ac:0f:60:43:b7:fd:78:5d:a7:39:62:23:
8b:15:d0:e7:59:00:ef:33:3e:fe:03:7e:d2:18:ae:
69:11:34:61:15:2e:90:46:cc:5f:5c:c0:55:6e:0d:
d1:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:2D:27:77:41:D0:4E:8F:54:1F:20:29:28:92:99:FF:7D:5F:2C:26
X509v3 Authority Key Identifier:
keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Yi0nd0HQTo9UHyApKJKZ_31fLCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.234.64.0/24
85.234.84.0/24
85.234.86.0/24
93.119.168.0-93.119.170.255
109.61.121.0/24
IPv6:
2a03:90c0:680::/44
Signature Algorithm: sha256WithRSAEncryption
25:5d:e4:35:bd:91:12:38:44:c1:5a:3c:0e:e4:72:49:19:f9:
8b:69:02:aa:21:69:b3:5f:6e:53:02:eb:1b:4d:ee:39:bc:96:
da:9e:20:81:b3:73:67:be:b2:46:1f:87:13:77:00:c8:1e:a8:
15:1b:56:66:ec:ae:4f:67:ce:a1:7c:8d:e6:40:2e:3b:74:20:
3c:cb:76:43:67:53:47:af:20:98:ff:1f:f2:42:03:e3:53:a9:
e2:d1:6a:39:02:86:6d:2b:dc:ef:ab:d3:c0:d8:71:aa:b5:ff:
22:7d:a1:17:a2:3a:d7:5d:8e:27:d1:59:14:b2:57:91:c3:67:
ce:8f:a3:20:c7:9e:c1:ea:3d:a5:9a:2f:b1:4a:2b:7f:2d:13:
b6:f9:16:44:76:51:d2:e5:fd:cf:be:a4:2a:25:03:08:cd:cb:
c7:aa:54:d8:f6:59:b4:a7:f2:e7:a9:a3:19:25:ec:51:5d:cb:
90:81:e7:06:09:73:0e:1e:69:b0:14:90:c0:48:eb:a6:3e:1c:
8f:3d:b1:30:fa:22:21:e0:1d:86:48:2c:21:9b:dc:16:0d:38:
89:96:e0:3c:8b:c0:f8:6e:68:09:ea:b5:57:ba:b2:83:03:d8:
63:d6:d1:72:dc:73:5f:10:75:6f:e4:79:10:bb:fe:31:6e:bd:
5b:be:ba:64
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZZtirqprndoIv6z1Shengl0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjUwNDI1MTUyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJkMjc3NzQxZDA0ZThmNTQxZjIwMjkyODkyOTlmZjdkNWYyYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6AlhVP/b0UPC+hd7oJaBVsi0haOZ
7nbbs1pcU1/3kWsQ/To5iU6HCTTF+8VVK1jneXPnhYe8zk9jJaNFNypXJiU5hkbl
XXWgz9JTzbujZkH7kP7rTiF8uEV4C9cQSt30Is4WbE+hJ3wgl2cP/mWeFzVne6N+
xRLdRB+O5LNsonrC//yV1ewQo1rfFlybdI5gb3mMspWJJyjL+rg2kIoU1xFrvJ8N
8EfLmOo2nGPkoXonxcEYSRdD6h5Cjv1GW22gMMyhykO9px/TiLZ4wZ2H486MaFqs
D2BDt/14Xac5YiOLFdDnWQDvMz7+A37SGK5pETRhFS6QRsxfXMBVbg3RwwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFGItJ3dB0E6PVB8gKSiSmf99XywmMB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvWWkwbmQwSFFUbzlVSHlBcEtKS1pfMzFmTENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmAwQAVepAAwQA
VepUAwQAVepWMAwDBANdd6gDBABdd6oDBABtPXkwDwQCAAIwCQMHBCoDkMAGgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJV3kNb2REjhEwVo8DuRySRn5i2kCqiFps19uUwLr
G03uObyW2p4ggbNzZ76yRh+HE3cAyB6oFRtWZuyuT2fOoXyN5kAuO3QgPMt2Q2dT
R68gmP8f8kID41Op4tFqOQKGbSvc76vTwNhxqrX/In2hF6I6112OJ9FZFLJXkcNn
zo+jIMeeweo9pZovsUorfy0TtvkWRHZR0uX9z76kKiUDCM3Lx6pU2PZZtKfy56mj
GSXsUV3LkIHnBglzDh5psBSQwEjrpj4cjz2xMPoiIeAdhkgsIZvcFg04iZbgPIvA
+G5oCeq1V7qygwPYY9bRctxzXxB1b+R5ELv+MW69W766ZA==
-----END CERTIFICATE-----
Generated at Tue May 6 10:08:15 2025 by rpki-client