Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/rO1h9qSs1sAphHw0dCtC3MB_h7Q.roa
File: rO1h9qSs1sAphHw0dCtC3MB_h7Q.roa (raw, json)
Hash identifier: utRDwpwUSMPrmAIPaZIRt42tFxJMEVKLC9Onf5P2fb4=
Subject key identifier: AC:ED:61:F6:A4:AC:D6:C0:29:84:7C:34:74:2B:42:DC:C0:7F:87:B4
Certificate issuer: /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial: 01961057C5A051AD7B823843229BCF455EEB
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/rO1h9qSs1sAphHw0dCtC3MB_h7Q.roa
Signing time: Mon 07 Apr 2025 13:01:49 +0000
ROA not before: Mon 07 Apr 2025 13:01:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34879
IP address blocks: 195.208.64.0/24 maxlen: 24
195.208.65.0/24 maxlen: 24
195.209.72.0/23 maxlen: 24
195.209.74.0/24 maxlen: 24
195.209.77.0/24 maxlen: 24
195.209.84.0/24 maxlen: 24
195.209.86.0/24 maxlen: 24
195.209.87.0/24 maxlen: 24
195.209.88.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 07 May 2025 05:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:10:57:c5:a0:51:ad:7b:82:38:43:22:9b:cf:45:5e:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
Validity
Not Before: Apr 7 13:01:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aced61f6a4acd6c029847c34742b42dcc07f87b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:a3:88:05:1d:25:1a:67:c1:f0:d3:61:7e:33:
15:b1:ac:1c:2a:e6:e8:65:c0:0d:a3:c5:85:07:07:
89:4d:38:8e:bb:dd:0c:c5:fc:7b:7c:76:c7:19:f1:
4e:76:60:b5:1a:48:74:e7:a1:a3:0e:9a:fd:cf:a1:
33:3d:e5:bf:b9:ab:aa:c3:70:00:e2:59:6b:ec:cf:
d5:2c:9a:05:a9:49:f2:15:78:48:c7:ed:96:7f:15:
9a:31:8e:6c:04:41:3b:9b:54:7d:67:f0:38:55:c3:
7b:c8:cc:88:b0:92:c4:dc:b2:91:09:f5:0d:3e:6a:
3c:ee:06:af:54:03:ee:78:80:a9:d8:e3:ff:5e:26:
7c:e2:d9:07:7d:c6:52:60:b0:df:77:3e:b0:f7:f0:
e1:47:db:2f:df:79:d2:3d:69:85:6f:fa:80:8f:b9:
3b:9a:18:1a:6f:8c:d3:86:62:b2:ca:89:5c:a7:20:
ff:b6:f6:3b:19:e6:98:f4:b1:8f:60:3f:dc:3e:d6:
7f:8e:6e:58:e8:57:61:2d:33:36:68:cb:c0:10:ec:
98:a9:9b:55:1f:f1:cc:5e:3c:bd:0c:0e:ca:9d:1b:
a5:18:19:ec:e8:26:1f:a2:c6:7e:1b:d5:bc:1e:d3:
f6:19:9d:32:33:c2:98:f3:d5:35:da:e3:6b:6c:f5:
3e:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:ED:61:F6:A4:AC:D6:C0:29:84:7C:34:74:2B:42:DC:C0:7F:87:B4
X509v3 Authority Key Identifier:
keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/rO1h9qSs1sAphHw0dCtC3MB_h7Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.208.64.0/23
195.209.72.0-195.209.74.255
195.209.77.0/24
195.209.84.0/24
195.209.86.0-195.209.88.255
Signature Algorithm: sha256WithRSAEncryption
b2:d6:13:41:ed:1c:78:50:8e:da:69:ca:a5:d7:bf:ed:86:de:
5b:1c:1c:41:d1:84:c7:db:d0:00:38:30:61:54:04:fb:32:48:
5f:9a:2e:dc:70:ed:cc:ab:67:47:f3:6b:ff:19:11:ba:2a:a7:
7f:8f:dd:1a:59:92:68:44:f8:4a:10:86:0a:16:11:ea:fc:c9:
ed:40:14:6b:a1:ae:6b:bb:22:d3:e9:e5:0f:e8:d0:32:ac:f6:
f6:82:0c:83:e3:0f:ab:0e:98:9f:4f:d5:eb:ee:ae:0e:04:29:
3a:55:5d:54:fd:82:bf:0f:86:d1:0d:53:b4:d9:21:c5:89:46:
69:2d:a4:be:80:84:4a:d6:3e:84:72:c4:41:67:06:1a:35:5c:
d8:eb:f6:14:06:94:5e:1d:47:3e:c7:81:bb:05:ce:43:56:96:
e8:74:49:8d:1f:2a:f2:26:b7:db:6e:a8:19:15:ab:d8:54:c5:
4a:ad:c2:79:ce:86:eb:4f:99:a3:10:4d:63:62:ef:81:ac:d3:
6b:4a:90:b1:e1:e8:1f:7e:5f:0b:9a:b8:e0:51:e7:35:9e:48:
bd:a2:a7:f7:1c:48:27:e4:10:99:d5:c8:db:ba:3d:47:d9:73:
0c:21:c9:1b:bc:c0:d3:50:ce:f2:b6:b8:0a:03:80:17:0e:9e:
1d:ac:b3:c6
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZYQV8WgUa17gjhDIpvPRV7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwNDA3MTMwMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VkNjFmNmE0YWNkNmMwMjk4NDdjMzQ3NDJiNDJkY2MwN2Y4N2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qOIBR0lGmfB8NNhfjMVsawcKubo
ZcANo8WFBweJTTiOu90Mxfx7fHbHGfFOdmC1Gkh056GjDpr9z6EzPeW/uauqw3AA
4llr7M/VLJoFqUnyFXhIx+2WfxWaMY5sBEE7m1R9Z/A4VcN7yMyIsJLE3LKRCfUN
Pmo87gavVAPueICp2OP/XiZ84tkHfcZSYLDfdz6w9/DhR9sv33nSPWmFb/qAj7k7
mhgab4zThmKyyolcpyD/tvY7GeaY9LGPYD/cPtZ/jm5Y6FdhLTM2aMvAEOyYqZtV
H/HMXjy9DA7KnRulGBns6CYfosZ+G9W8HtP2GZ0yM8KY89U12uNrbPU+bQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKztYfakrNbAKYR8NHQrQtzAf4e0MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvck8xaDlxU3Mxc0FwaEh3MGRDdEMzTUJfaDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBw9BAMAwD
BAPD0UgDBADD0UoDBADD0U0DBADD0VQwDAMEAcPRVgMEAMPRWDANBgkqhkiG9w0B
AQsFAAOCAQEAstYTQe0ceFCO2mnKpde/7YbeWxwcQdGEx9vQADgwYVQE+zJIX5ou
3HDtzKtnR/Nr/xkRuiqnf4/dGlmSaET4ShCGChYR6vzJ7UAUa6Gua7si0+nlD+jQ
Mqz29oIMg+MPqw6Yn0/V6+6uDgQpOlVdVP2Cvw+G0Q1TtNkhxYlGaS2kvoCEStY+
hHLEQWcGGjVc2Ov2FAaUXh1HPseBuwXOQ1aW6HRJjR8q8ia3226oGRWr2FTFSq3C
ec6G60+ZoxBNY2LvgazTa0qQseHoH35fC5q44FHnNZ5IvaKn9xxIJ+QQmdXI27o9
R9lzDCHJG7zA01DO8ra4CgOAFw6eHayzxg==
-----END CERTIFICATE-----
Generated at Tue May 6 15:37:30 2025 by rpki-client