Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/rAFu1w1Bx0eNoCfaUJG9_1EWjX4.roa
File: rAFu1w1Bx0eNoCfaUJG9_1EWjX4.roa (raw, json)
Hash identifier: 5mf7HdZINQ89AaLyLKn4CNFyyB8VpxEz+Ml/f6n9PcU=
Subject key identifier: AC:01:6E:D7:0D:41:C7:47:8D:A0:27:DA:50:91:BD:FF:51:16:8D:7E
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 01967ED72384DEBACF51A947520438632C8B
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/rAFu1w1Bx0eNoCfaUJG9_1EWjX4.roa
Signing time: Mon 28 Apr 2025 23:59:10 +0000
ROA not before: Mon 28 Apr 2025 23:59:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202870
IP address blocks: 5.152.128.0/22 maxlen: 24
45.133.154.0/23 maxlen: 24
103.129.61.0/24 maxlen: 24
104.167.28.0/22 maxlen: 24
185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.mft
rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 09 May 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7e:d7:23:84:de:ba:cf:51:a9:47:52:04:38:63:2c:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: Apr 28 23:59:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ac016ed70d41c7478da027da5091bdff51168d7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:81:c2:f8:5e:0e:42:df:90:ff:9f:84:fa:80:
20:22:e6:10:7a:4e:00:a0:43:ac:54:aa:18:90:4e:
73:75:6c:8c:23:88:6f:51:03:7f:a0:b7:c3:9d:a1:
b2:80:20:cd:bf:ae:e7:f3:1d:56:2b:36:0f:90:31:
e7:ee:87:e4:e2:d8:b0:fc:d1:33:23:24:4a:87:80:
75:8f:c1:44:50:82:6b:fc:cd:16:67:45:7f:c1:60:
15:ca:41:b6:57:7c:0e:7e:91:f4:86:01:90:1d:f8:
bf:73:24:d7:b3:82:45:8f:6a:69:93:4e:78:ec:d9:
d8:37:c3:bb:9a:f7:5a:cf:b0:b1:fb:9a:53:fd:7d:
e6:38:15:56:a0:9b:fc:6f:53:79:82:c3:f0:4c:2b:
4b:df:de:ef:21:a9:0d:21:9b:32:86:fe:75:f1:e7:
c0:84:a6:0a:53:a4:aa:a8:d7:40:1f:ee:c7:df:a5:
4b:19:ca:4e:65:9d:0b:49:55:10:04:df:5d:32:f5:
2d:3d:8d:8a:ed:d4:cf:80:96:ee:fd:0b:1b:fd:1c:
d2:29:b2:c8:cc:f3:c9:30:be:c9:2a:fa:da:4b:0c:
aa:a2:62:77:40:64:df:63:c5:fe:99:49:22:95:40:
25:81:37:8a:b7:6e:57:ba:e5:8d:13:a8:0a:72:41:
66:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:01:6E:D7:0D:41:C7:47:8D:A0:27:DA:50:91:BD:FF:51:16:8D:7E
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/rAFu1w1Bx0eNoCfaUJG9_1EWjX4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
45.133.154.0/23
103.129.61.0/24
104.167.28.0/22
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
5c:e3:b5:c8:1b:5d:45:10:7c:e0:9a:7e:fb:89:14:93:90:0a:
1b:fc:e6:42:32:26:59:20:44:5a:97:47:46:35:1c:d9:3f:8a:
70:0e:87:ea:01:7c:db:84:fe:6e:81:96:5c:b0:b1:e8:5f:76:
b2:93:2d:23:9b:1f:16:d9:f7:79:cf:eb:8d:f5:ac:98:93:d8:
b6:0f:14:08:3f:9e:d3:53:03:f7:55:0a:aa:d8:80:f0:59:c2:
d5:fb:6e:e7:ee:f3:63:1a:0d:88:73:f7:d2:a7:87:58:f6:74:
dc:16:e4:98:a9:1a:d5:31:74:19:30:6f:a1:87:d6:c7:6b:f3:
86:3c:66:ab:fc:8a:f7:30:79:fc:0b:26:c2:88:e3:09:b3:14:
e2:c5:35:c1:2e:f8:8b:ea:2d:60:73:e9:df:db:ba:b4:1b:dd:
41:6a:8b:a4:c9:fb:bd:87:5d:72:3f:ce:80:a7:a8:6d:8a:96:
4b:b1:90:5d:a2:84:b7:8e:36:1f:de:c5:49:f8:52:56:20:6c:
54:15:c0:d2:47:0e:a6:29:e9:c0:d6:51:c4:54:f6:00:7a:53:
99:d5:73:0f:2d:93:02:3d:5f:41:51:7d:68:f0:62:d4:97:f8:
06:bb:8a:60:ac:db:75:cc:f1:2e:43:42:b1:53:db:c3:6e:5c:
74:9e:6c:e9
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZZ+1yOE3rrPUalHUgQ4YyyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjUwNDI4MjM1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzAxNmVkNzBkNDFjNzQ3OGRhMDI3ZGE1MDkxYmRmZjUxMTY4ZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YHC+F4OQt+Q/5+E+oAgIuYQek4A
oEOsVKoYkE5zdWyMI4hvUQN/oLfDnaGygCDNv67n8x1WKzYPkDHn7ofk4tiw/NEz
IyRKh4B1j8FEUIJr/M0WZ0V/wWAVykG2V3wOfpH0hgGQHfi/cyTXs4JFj2ppk054
7NnYN8O7mvdaz7Cx+5pT/X3mOBVWoJv8b1N5gsPwTCtL397vIakNIZsyhv518efA
hKYKU6SqqNdAH+7H36VLGcpOZZ0LSVUQBN9dMvUtPY2K7dTPgJbu/Qsb/RzSKbLI
zPPJML7JKvraSwyqomJ3QGTfY8X+mUkilUAlgTeKt25XuuWNE6gKckFmkwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKwBbtcNQcdHjaAn2lCRvf9RFo1+MB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvckFGdTF3MUJ4MGVOb0NmYVVKRzlfMUVXalg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCBZiAAwQB
LYWaAwQAZ4E9AwQCaKccAwQCuZgsMA0EAgACMAcDBQMqB36AMA0GCSqGSIb3DQEB
CwUAA4IBAQBc47XIG11FEHzgmn77iRSTkAob/OZCMiZZIERal0dGNRzZP4pwDofq
AXzbhP5ugZZcsLHoX3ayky0jmx8W2fd5z+uN9ayYk9i2DxQIP57TUwP3VQqq2IDw
WcLV+27n7vNjGg2Ic/fSp4dY9nTcFuSYqRrVMXQZMG+hh9bHa/OGPGar/Ir3MHn8
CybCiOMJsxTixTXBLviL6i1gc+nf27q0G91Baoukyfu9h11yP86Ap6htipZLsZBd
ooS3jjYf3sVJ+FJWIGxUFcDSRw6mKenA1lHEVPYAelOZ1XMPLZMCPV9BUX1o8GLU
l/gGu4pgrNt1zPEuQ0KxU9vDblx0nmzp
-----END CERTIFICATE-----
Generated at Thu May 8 10:54:58 2025 by rpki-client