Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/dFfIOZTNjmtKOcc4023M78S_S70.roa
File: dFfIOZTNjmtKOcc4023M78S_S70.roa (raw, json)
Hash identifier: 6CGV9j9qdPqI4pKlwtB9DN8T1F/5NX7UDdZenv7Vpak=
Subject key identifier: 74:57:C8:39:94:CD:8E:6B:4A:39:C7:38:D3:6D:CC:EF:C4:BF:4B:BD
Certificate issuer: /CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Certificate serial: 01961F5AE27C790FD5842E6F64031D62851A
Authority key identifier: 2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/dFfIOZTNjmtKOcc4023M78S_S70.roa
Signing time: Thu 10 Apr 2025 10:59:31 +0000
ROA not before: Thu 10 Apr 2025 10:59:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210976
IP address blocks: 89.19.208.0/24 maxlen: 24
89.19.209.0/24 maxlen: 24
89.19.210.0/24 maxlen: 24
89.19.211.0/24 maxlen: 24
89.19.212.0/24 maxlen: 24
89.19.213.0/24 maxlen: 24
89.19.214.0/24 maxlen: 24
89.19.215.0/24 maxlen: 24
89.19.216.0/24 maxlen: 24
89.19.217.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 13:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:1f:5a:e2:7c:79:0f:d5:84:2e:6f:64:03:1d:62:85:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Validity
Not Before: Apr 10 10:59:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7457c83994cd8e6b4a39c738d36dccefc4bf4bbd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:6b:77:a1:d2:a8:d8:1d:b1:be:7b:08:de:0a:
12:a1:09:76:b9:a8:f9:16:a1:b0:b5:09:d1:c3:0c:
4e:d2:2b:04:18:f0:6d:22:45:99:cc:b4:a9:cc:26:
0b:25:90:51:21:51:3e:64:67:1d:c6:8d:9b:6f:10:
2e:89:b5:05:7d:3d:7b:db:db:90:91:b5:6e:c0:76:
bf:ad:03:4c:6b:bf:d6:2e:32:6f:d9:f3:eb:7f:3a:
17:bd:0a:a6:60:70:2e:d7:d8:42:4a:ce:88:b5:b3:
4c:2d:cc:d4:12:d7:2f:07:20:4d:68:22:25:fd:e6:
31:a0:45:f3:92:38:cc:14:54:e7:12:64:1c:ef:36:
c2:8d:79:e2:e5:68:d8:16:52:81:85:57:60:08:b4:
08:7a:a4:7e:ec:c1:a0:36:b2:68:b9:6b:50:6e:33:
15:11:16:f1:50:e2:15:c3:f5:49:b3:5d:dc:5c:77:
d7:85:32:23:b9:55:32:0f:52:09:aa:cb:99:99:ea:
00:22:81:2d:a5:66:60:82:11:4a:49:90:63:c6:ad:
73:7e:66:44:a9:f6:8d:e3:8b:86:7e:51:4d:9a:64:
4f:65:1c:55:de:10:9a:e9:43:2b:a7:37:15:f0:84:
ae:dd:17:35:ce:43:2e:77:2b:62:0f:84:a5:ac:35:
d6:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:57:C8:39:94:CD:8E:6B:4A:39:C7:38:D3:6D:CC:EF:C4:BF:4B:BD
X509v3 Authority Key Identifier:
keyid:2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/dFfIOZTNjmtKOcc4023M78S_S70.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.208.0-89.19.217.255
Signature Algorithm: sha256WithRSAEncryption
a4:d3:29:ba:33:d5:0a:27:cb:fa:63:74:8d:ae:fe:2e:8a:6e:
ff:05:45:34:52:a5:5b:f6:66:1b:ab:55:0e:bc:14:9f:42:2f:
29:bb:68:86:4a:a5:40:6b:37:56:7d:06:9d:70:4c:cd:72:e1:
a3:8d:60:80:d1:15:85:58:69:d1:37:0c:f8:18:55:67:11:c1:
e0:50:8f:c4:f0:3b:b6:5d:ad:3c:86:a6:d4:ef:ae:b4:45:da:
c5:6c:1e:d6:ee:3f:13:67:dc:8d:a8:0f:46:04:12:eb:00:eb:
8f:14:e4:24:1c:48:9b:d4:a9:92:2e:b8:ba:cf:b8:23:19:ba:
c2:6e:f3:89:df:85:74:e3:2f:0d:28:82:a3:62:48:04:84:61:
53:6a:86:75:d3:76:44:8b:02:19:e9:d4:55:04:1b:5f:53:1b:
fd:91:1b:44:27:94:a2:68:6a:5e:fb:da:5c:0c:e7:86:fd:0f:
ce:a6:db:1a:b9:09:e4:1e:55:72:e7:a4:06:92:28:96:9e:90:
26:85:d3:a9:39:2d:82:8b:d2:13:5b:a4:b3:27:89:cb:43:5b:
a4:4b:03:ae:8c:d4:7c:04:f5:15:7e:a2:9a:d0:17:89:ef:2e:
6e:98:cc:1e:02:01:c2:b0:37:3a:d5:e5:d6:0d:c1:2c:cf:27:
b4:81:e1:48
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZYfWuJ8eQ/VhC5vZAMdYoUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJiNjkxYjI0ZjI4NzkyNTNlM2E2YTQ1ZTBiNWM1MjY3
M2IwOWQwHhcNMjUwNDEwMTA1OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDU3YzgzOTk0Y2Q4ZTZiNGEzOWM3MzhkMzZkY2NlZmM0YmY0YmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2t3odKo2B2xvnsI3goSoQl2uaj5
FqGwtQnRwwxO0isEGPBtIkWZzLSpzCYLJZBRIVE+ZGcdxo2bbxAuibUFfT1729uQ
kbVuwHa/rQNMa7/WLjJv2fPrfzoXvQqmYHAu19hCSs6ItbNMLczUEtcvByBNaCIl
/eYxoEXzkjjMFFTnEmQc7zbCjXni5WjYFlKBhVdgCLQIeqR+7MGgNrJouWtQbjMV
ERbxUOIVw/VJs13cXHfXhTIjuVUyD1IJqsuZmeoAIoEtpWZgghFKSZBjxq1zfmZE
qfaN44uGflFNmmRPZRxV3hCa6UMrpzcV8ISu3Rc1zkMudytiD4SlrDXWcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHRXyDmUzY5rSjnHONNtzO/Ev0u9MB8GA1UdIwQY
MBaAFC7rtpGyTyh5JT46akXgtcUmc7CdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAt
ZGEzZTExOTJjZGY2LzEvZEZmSU9aVE5qbXRLT2NjNDAyM003OFNfUzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAtZGEzZTExOTJjZGY2
LzEvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARZE9AD
BAFZE9gwDQYJKoZIhvcNAQELBQADggEBAKTTKboz1Qony/pjdI2u/i6Kbv8FRTRS
pVv2ZhurVQ68FJ9CLym7aIZKpUBrN1Z9Bp1wTM1y4aONYIDRFYVYadE3DPgYVWcR
weBQj8TwO7ZdrTyGptTvrrRF2sVsHtbuPxNn3I2oD0YEEusA648U5CQcSJvUqZIu
uLrPuCMZusJu84nfhXTjLw0ogqNiSASEYVNqhnXTdkSLAhnp1FUEG19TG/2RG0Qn
lKJoal772lwM54b9D86m2xq5CeQeVXLnpAaSKJaekCaF06k5LYKL0hNbpLMnictD
W6RLA66M1HwE9RV+oprQF4nvLm6YzB4CAcKwNzrV5dYNwSzPJ7SB4Ug=
-----END CERTIFICATE-----
Generated at Sun May 11 18:52:11 2025 by rpki-client