Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/ZdB9xKTpmE5hnLIq03x2S--VZhk.roa
File: ZdB9xKTpmE5hnLIq03x2S--VZhk.roa (raw, json)
Hash identifier: sJNWpiCDd7rJ3H/Q1tfBrOgTL8SsbyZ5IthK8cBTE8Y=
Subject key identifier: 65:D0:7D:C4:A4:E9:98:4E:61:9C:B2:2A:D3:7C:76:4B:EF:95:66:19
Certificate issuer: /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial: 01969F635945716FA6FDF9CEDBC27324183D
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/ZdB9xKTpmE5hnLIq03x2S--VZhk.roa
Signing time: Mon 05 May 2025 07:40:10 +0000
ROA not before: Mon 05 May 2025 07:40:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6939
IP address blocks: 107.150.162.0/23 maxlen: 23
162.222.88.0/23 maxlen: 23
167.160.4.0/24 maxlen: 24
167.160.11.0/24 maxlen: 24
167.160.19.0/24 maxlen: 24
167.160.21.0/24 maxlen: 24
167.160.27.0/24 maxlen: 24
167.160.30.0/24 maxlen: 24
185.162.72.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 15 May 2025 05:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:9f:63:59:45:71:6f:a6:fd:f9:ce:db:c2:73:24:18:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Validity
Not Before: May 5 07:40:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=65d07dc4a4e9984e619cb22ad37c764bef956619
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:41:ca:fb:4a:77:91:98:34:b7:e9:1d:25:92:
92:30:4e:61:29:43:12:ef:4a:b1:32:38:2b:eb:bd:
4d:fb:b4:1d:08:6c:6e:72:04:e5:dd:b9:78:1c:38:
e0:94:69:07:06:a5:4b:34:dc:70:39:48:ff:08:10:
b5:68:c8:87:28:89:69:43:98:2c:33:d2:9c:a4:d8:
f7:41:35:73:f4:a8:1c:43:c1:22:0d:a9:5a:4e:75:
c2:f5:8f:8a:7b:ca:2c:ad:61:9a:eb:64:3a:82:dd:
f1:a0:7b:62:d0:b8:90:9d:f4:c1:1f:49:02:55:e5:
00:25:d6:7d:3d:77:e1:3e:3f:3c:52:22:99:98:86:
58:d9:77:c7:56:00:72:cf:d0:45:96:e8:c0:af:54:
fd:bc:68:b5:e4:c4:9a:06:8f:b3:03:c2:f3:04:ec:
5a:44:b5:a3:c0:9b:51:7d:f8:6a:9a:52:19:bd:3b:
cf:30:46:6b:b9:2c:98:03:e8:16:7b:9a:51:21:2c:
54:f7:22:43:75:81:b0:ea:80:49:4a:fc:4f:24:c8:
41:1a:6c:12:14:e0:87:fc:63:0d:fd:50:3b:0a:cf:
c6:57:c3:f6:d5:f3:85:b4:e1:15:a4:e4:e8:1b:3e:
db:2c:03:f3:c8:1e:be:17:fb:8b:cf:03:9f:f6:72:
06:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:D0:7D:C4:A4:E9:98:4E:61:9C:B2:2A:D3:7C:76:4B:EF:95:66:19
X509v3 Authority Key Identifier:
keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/ZdB9xKTpmE5hnLIq03x2S--VZhk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
107.150.162.0/23
162.222.88.0/23
167.160.4.0/24
167.160.11.0/24
167.160.19.0/24
167.160.21.0/24
167.160.27.0/24
167.160.30.0/24
185.162.72.0/23
Signature Algorithm: sha256WithRSAEncryption
53:99:e5:2a:22:84:22:93:2c:f9:af:4e:6e:0b:26:b1:4a:d9:
09:79:62:e5:24:6d:89:3d:9c:9e:73:aa:76:54:d4:ce:92:59:
61:db:1e:38:9b:93:55:3d:a3:f5:d5:3a:0b:9f:fa:22:cc:a8:
45:d5:2f:f0:e5:02:7f:4a:e2:65:e4:17:79:fc:57:a1:0a:22:
8f:2a:06:83:67:15:47:16:66:30:93:95:c4:d2:e3:4f:63:c7:
8d:a4:52:6f:0d:5c:1f:7b:9f:23:76:26:17:49:ca:b2:c3:48:
4d:d7:28:a5:46:10:f4:dd:33:8b:4b:fa:ed:24:46:3a:da:fe:
1d:bc:3f:13:6c:a7:8f:f9:ee:ee:87:a2:f9:5a:62:8e:4e:a3:
00:c7:85:77:df:65:8e:e2:a0:10:6f:3b:dd:89:30:f6:0d:3a:
84:cf:26:e7:db:7d:e8:f6:84:b0:0d:5d:ef:cb:90:ee:7a:1c:
76:a9:b8:0e:3b:9f:f7:99:c8:9e:f4:c0:81:57:f7:e4:5d:02:
6c:26:3a:3e:c1:a6:c8:78:19:7b:39:cb:11:fb:53:5f:f0:c5:
f9:17:f6:f8:d2:9f:45:68:e1:c2:2d:69:ba:12:c9:c0:ce:d4:
b8:1c:5f:02:e0:65:a9:b2:ec:ef:63:96:3d:3d:10:31:fe:4e:
1a:3b:1c:84
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZafY1lFcW+m/fnO28JzJBg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwNTA1MDc0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQwN2RjNGE0ZTk5ODRlNjE5Y2IyMmFkMzdjNzY0YmVmOTU2NjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkHK+0p3kZg0t+kdJZKSME5hKUMS
70qxMjgr671N+7QdCGxucgTl3bl4HDjglGkHBqVLNNxwOUj/CBC1aMiHKIlpQ5gs
M9KcpNj3QTVz9KgcQ8EiDalaTnXC9Y+Ke8osrWGa62Q6gt3xoHti0LiQnfTBH0kC
VeUAJdZ9PXfhPj88UiKZmIZY2XfHVgByz9BFlujAr1T9vGi15MSaBo+zA8LzBOxa
RLWjwJtRffhqmlIZvTvPMEZruSyYA+gWe5pRISxU9yJDdYGw6oBJSvxPJMhBGmwS
FOCH/GMN/VA7Cs/GV8P21fOFtOEVpOToGz7bLAPzyB6+F/uLzwOf9nIG4wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGXQfcSk6ZhOYZyyKtN8dkvvlWYZMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvWmRCOXhLVHBtRTVobkxJcTAzeDJTLS1WWmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBa5aiAwQB
ot5YAwQAp6AEAwQAp6ALAwQAp6ATAwQAp6AVAwQAp6AbAwQAp6AeAwQBuaJIMA0G
CSqGSIb3DQEBCwUAA4IBAQBTmeUqIoQikyz5r05uCyaxStkJeWLlJG2JPZyec6p2
VNTOkllh2x44m5NVPaP11ToLn/oizKhF1S/w5QJ/SuJl5Bd5/FehCiKPKgaDZxVH
FmYwk5XE0uNPY8eNpFJvDVwfe58jdiYXScqyw0hN1yilRhD03TOLS/rtJEY62v4d
vD8TbKeP+e7uh6L5WmKOTqMAx4V332WO4qAQbzvdiTD2DTqEzybn233o9oSwDV3v
y5Duehx2qbgOO5/3mcie9MCBV/fkXQJsJjo+wabIeBl7OcsR+1Nf8MX5F/b40p9F
aOHCLWm6EsnAztS4HF8C4GWpsuzvY5Y9PRAx/k4aOxyE
-----END CERTIFICATE-----
Generated at Wed May 14 10:33:56 2025 by rpki-client