Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/b0f7bf-6844-4ba4-b33d-77869a6bfe54/1/x2MfmeFdkAhvqtMnijQj44RaTsU.roa
File: x2MfmeFdkAhvqtMnijQj44RaTsU.roa (raw, json)
Hash identifier: vo8DVrtFsZbAKsU4/jySKYry7q+PSUACGGuHHoeRqBM=
Subject key identifier: C7:63:1F:99:E1:5D:90:08:6F:AA:D3:27:8A:34:23:E3:84:5A:4E:C5
Certificate issuer: /CN=0c9a402ec90b5b475ecc9bf4b1c66b238213214e
Certificate serial: 0196B412C31DD5C88D741FC748D6DC975E88
Authority key identifier: 0C:9A:40:2E:C9:0B:5B:47:5E:CC:9B:F4:B1:C6:6B:23:82:13:21:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DJpALskLW0dezJv0scZrI4ITIU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/b0f7bf-6844-4ba4-b33d-77869a6bfe54/1/x2MfmeFdkAhvqtMnijQj44RaTsU.roa
Signing time: Fri 09 May 2025 08:04:10 +0000
ROA not before: Fri 09 May 2025 08:04:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39826
IP address blocks: 109.175.236.0/24 maxlen: 24
109.175.237.0/24 maxlen: 24
109.175.238.0/24 maxlen: 24
109.175.239.0/24 maxlen: 24
185.84.144.0/22 maxlen: 22
185.84.144.0/24 maxlen: 24
185.84.145.0/24 maxlen: 24
185.84.146.0/24 maxlen: 24
185.84.147.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/b0f7bf-6844-4ba4-b33d-77869a6bfe54/1/DJpALskLW0dezJv0scZrI4ITIU4.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/b0f7bf-6844-4ba4-b33d-77869a6bfe54/1/DJpALskLW0dezJv0scZrI4ITIU4.mft
rsync://rpki.ripe.net/repository/DEFAULT/DJpALskLW0dezJv0scZrI4ITIU4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:b4:12:c3:1d:d5:c8:8d:74:1f:c7:48:d6:dc:97:5e:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c9a402ec90b5b475ecc9bf4b1c66b238213214e
Validity
Not Before: May 9 08:04:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c7631f99e15d90086faad3278a3423e3845a4ec5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:cc:54:94:28:79:d0:35:86:e8:00:67:12:10:
98:20:ff:7c:a5:5f:cc:c7:ef:32:06:0f:17:56:1c:
f3:27:45:bc:9a:25:d1:d4:96:d0:c0:7e:a6:9d:1f:
bf:9e:6b:dc:03:5a:94:19:cb:d4:7d:eb:ac:dc:a6:
0c:e5:bf:af:8f:af:54:ee:1f:e6:e5:db:19:6c:10:
b1:49:70:de:f6:56:12:1b:ac:76:00:33:cc:61:d7:
ca:e8:b0:c9:fb:16:2c:9b:81:77:93:3f:b1:24:7d:
8d:00:a5:71:97:3d:93:65:9d:51:29:3a:ea:72:80:
ab:33:04:4b:03:87:4e:fd:e8:2b:13:29:0a:2c:73:
da:73:10:34:b7:57:e9:73:39:f6:92:8b:4a:0b:f7:
27:f6:b5:13:85:22:57:70:e1:75:bc:56:5c:3e:82:
91:24:d9:5e:8d:e1:a7:7a:6b:7d:63:9b:4e:3b:d9:
c2:67:55:af:0b:9a:b2:28:0a:05:92:65:dc:30:64:
8e:5d:ad:2e:1c:a5:5d:5d:68:d6:65:46:af:a5:2b:
06:4e:9d:ab:1f:1a:d3:dc:af:fb:66:08:64:55:50:
37:27:c7:7c:1d:b1:8c:db:40:18:d5:ad:44:fc:4d:
25:7d:95:2d:f1:f3:f2:cf:9f:a0:97:20:c6:65:65:
0e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:63:1F:99:E1:5D:90:08:6F:AA:D3:27:8A:34:23:E3:84:5A:4E:C5
X509v3 Authority Key Identifier:
keyid:0C:9A:40:2E:C9:0B:5B:47:5E:CC:9B:F4:B1:C6:6B:23:82:13:21:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJpALskLW0dezJv0scZrI4ITIU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b0f7bf-6844-4ba4-b33d-77869a6bfe54/1/x2MfmeFdkAhvqtMnijQj44RaTsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b0f7bf-6844-4ba4-b33d-77869a6bfe54/1/DJpALskLW0dezJv0scZrI4ITIU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.175.236.0/22
185.84.144.0/22
Signature Algorithm: sha256WithRSAEncryption
6f:94:5b:f5:0e:a1:e4:4f:0f:1e:d8:63:0a:a3:dd:d4:f1:6d:
24:2f:b8:de:d4:8a:78:0b:2f:8d:d8:23:c1:95:16:62:64:90:
84:c3:4a:4b:af:b8:ee:c2:88:b5:27:ee:a2:55:12:0c:bb:11:
7a:2d:96:81:78:f9:66:ad:bd:e5:ac:6e:bd:b8:6e:c4:76:f2:
ec:d7:9d:ed:dc:fe:eb:9c:60:27:2a:09:3c:c8:9c:6c:69:b8:
21:24:10:58:05:3e:5f:ca:3a:62:c0:98:71:9a:e9:f7:42:77:
98:f9:da:28:08:64:11:4c:7f:70:cf:26:48:b3:7e:7a:39:92:
00:d4:80:30:08:fe:ba:8a:08:4a:2c:d5:1f:6c:f5:eb:33:91:
48:a8:8e:c1:5f:bb:18:c8:1c:80:58:6b:d3:ef:36:78:0b:3b:
8e:07:6e:66:68:7a:ae:f4:c3:95:7f:6b:16:4a:65:76:f1:3c:
08:44:7b:6c:91:af:dc:b0:ba:94:3b:03:f0:10:18:ab:d5:26:
6d:15:a3:aa:54:da:46:d3:e4:89:5a:7e:84:26:bc:0d:25:34:
69:92:e4:a8:3e:32:5c:fe:e0:0f:9a:ca:33:14:d4:98:60:74:
82:d9:ed:80:a1:0f:ba:dc:21:ff:7b:64:af:c8:01:f0:49:e4:
a5:de:a6:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZa0EsMd1ciNdB/HSNbcl16IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOWE0MDJlYzkwYjViNDc1ZWNjOWJmNGIxYzY2YjIzODIx
MzIxNGUwHhcNMjUwNTA5MDgwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzYzMWY5OWUxNWQ5MDA4NmZhYWQzMjc4YTM0MjNlMzg0NWE0ZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8xUlCh50DWG6ABnEhCYIP98pV/M
x+8yBg8XVhzzJ0W8miXR1JbQwH6mnR+/nmvcA1qUGcvUfeus3KYM5b+vj69U7h/m
5dsZbBCxSXDe9lYSG6x2ADPMYdfK6LDJ+xYsm4F3kz+xJH2NAKVxlz2TZZ1RKTrq
coCrMwRLA4dO/egrEykKLHPacxA0t1fpczn2kotKC/cn9rUThSJXcOF1vFZcPoKR
JNlejeGnemt9Y5tOO9nCZ1WvC5qyKAoFkmXcMGSOXa0uHKVdXWjWZUavpSsGTp2r
HxrT3K/7ZghkVVA3J8d8HbGM20AY1a1E/E0lfZUt8fPyz5+glyDGZWUOhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMdjH5nhXZAIb6rTJ4o0I+OEWk7FMB8GA1UdIwQY
MBaAFAyaQC7JC1tHXsyb9LHGayOCEyFOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpwQUxza0xXMGRlekp2MHNjWnJJNElUSVU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9iMGY3YmYtNjg0NC00YmE0LWIzM2Qt
Nzc4NjlhNmJmZTU0LzEveDJNZm1lRmRrQWh2cXRNbmlqUWo0NFJhVHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9iMGY3YmYtNjg0NC00YmE0LWIzM2QtNzc4NjlhNmJmZTU0
LzEvREpwQUxza0xXMGRlekp2MHNjWnJJNElUSVU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCba/sAwQC
uVSQMA0GCSqGSIb3DQEBCwUAA4IBAQBvlFv1DqHkTw8e2GMKo93U8W0kL7je1Ip4
Cy+N2CPBlRZiZJCEw0pLr7juwoi1J+6iVRIMuxF6LZaBePlmrb3lrG69uG7EdvLs
153t3P7rnGAnKgk8yJxsabghJBBYBT5fyjpiwJhxmun3QneY+dooCGQRTH9wzyZI
s356OZIA1IAwCP66ighKLNUfbPXrM5FIqI7BX7sYyByAWGvT7zZ4CzuOB25maHqu
9MOVf2sWSmV28TwIRHtska/csLqUOwPwEBir1SZtFaOqVNpG0+SJWn6EJrwNJTRp
kuSoPjJc/uAPmsozFNSYYHSC2e2AoQ+63CH/e2SvyAHwSeSl3qYi
-----END CERTIFICATE-----
Generated at Tue May 13 09:20:30 2025 by rpki-client