Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/L_A9DGG1Lyhn9ijdvWfwPuWNlqo.roa
File: L_A9DGG1Lyhn9ijdvWfwPuWNlqo.roa (raw, json)
Hash identifier: iuIj0NOVpLZI4cGhRfSProz+dqWpJEEnC9sQ3cQR31k=
Subject key identifier: 2F:F0:3D:0C:61:B5:2F:28:67:F6:28:DD:BD:67:F0:3E:E5:8D:96:AA
Certificate issuer: /CN=3921b7f1eee90d99e294218a938753c1ea2dc267
Certificate serial: 01965CBAC9B078F6AACB594299979F677BE9
Authority key identifier: 39:21:B7:F1:EE:E9:0D:99:E2:94:21:8A:93:87:53:C1:EA:2D:C2:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OSG38e7pDZnilCGKk4dTweotwmc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/L_A9DGG1Lyhn9ijdvWfwPuWNlqo.roa
Signing time: Tue 22 Apr 2025 09:01:07 +0000
ROA not before: Tue 22 Apr 2025 09:01:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201675
IP address blocks: 45.151.220.0/22 maxlen: 22
89.21.80.0/22 maxlen: 22
149.232.242.0/23 maxlen: 23
185.67.144.0/22 maxlen: 22
2a05:1000::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/OSG38e7pDZnilCGKk4dTweotwmc.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/OSG38e7pDZnilCGKk4dTweotwmc.mft
rsync://rpki.ripe.net/repository/DEFAULT/OSG38e7pDZnilCGKk4dTweotwmc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 08:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5c:ba:c9:b0:78:f6:aa:cb:59:42:99:97:9f:67:7b:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3921b7f1eee90d99e294218a938753c1ea2dc267
Validity
Not Before: Apr 22 09:01:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ff03d0c61b52f2867f628ddbd67f03ee58d96aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b7:79:c9:4e:cc:e0:8e:27:15:60:32:37:cc:
7b:30:13:71:70:37:e6:56:a2:95:23:ac:84:c8:45:
3e:ac:54:88:05:81:ae:09:d4:be:54:b8:7f:51:b0:
2f:db:f1:f4:ab:bb:58:be:41:db:2d:df:11:e5:cf:
f1:28:aa:94:57:56:6e:df:88:4e:8f:ac:86:ad:97:
ae:cc:d9:11:33:0b:35:ba:a0:40:3c:6e:03:2b:31:
bd:8d:99:2b:75:ad:97:33:f5:9e:c7:92:ba:69:33:
88:c0:13:49:4c:2f:70:b0:0d:6a:ad:ce:38:d5:da:
be:77:1c:c0:de:a7:9e:fe:4c:ad:6f:a7:61:6b:92:
f0:58:d2:49:7f:83:8b:eb:7f:9a:69:dc:ca:be:bd:
ed:4e:99:e1:6b:0a:f7:58:d6:e2:1c:44:83:df:5f:
0f:fe:28:5f:37:bc:1e:72:79:1b:89:a2:00:ff:9a:
35:ed:a7:e0:8b:fd:a0:ac:a1:b9:a2:d2:0c:ac:16:
28:ae:cb:06:73:d4:cd:9e:06:7d:f6:e3:81:dd:0f:
de:b3:cf:51:37:44:d8:05:99:74:a9:3d:71:40:cb:
3d:00:4a:55:ae:3f:18:21:31:7b:22:ea:f2:0d:39:
32:2c:d5:1b:1d:a1:75:97:85:ab:18:d6:d9:18:4b:
44:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:F0:3D:0C:61:B5:2F:28:67:F6:28:DD:BD:67:F0:3E:E5:8D:96:AA
X509v3 Authority Key Identifier:
keyid:39:21:B7:F1:EE:E9:0D:99:E2:94:21:8A:93:87:53:C1:EA:2D:C2:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSG38e7pDZnilCGKk4dTweotwmc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/L_A9DGG1Lyhn9ijdvWfwPuWNlqo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/OSG38e7pDZnilCGKk4dTweotwmc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.220.0/22
89.21.80.0/22
149.232.242.0/23
185.67.144.0/22
IPv6:
2a05:1000::/29
Signature Algorithm: sha256WithRSAEncryption
74:82:c9:f9:32:c6:a6:84:c7:f8:5b:9a:6e:67:c3:57:76:f5:
09:d5:fc:11:7a:d8:d6:fb:8f:7e:1a:b3:0d:42:fb:bf:67:52:
20:f4:1d:5f:e4:4f:d3:9a:d6:cd:46:c2:55:59:6c:77:42:10:
55:73:3c:bb:97:2a:de:8d:af:5a:7b:26:a2:f3:fa:67:98:05:
70:08:cf:9c:18:3a:93:b5:fa:e6:80:81:3d:8a:b6:bc:07:6e:
aa:5d:ad:73:7d:8d:e5:56:3e:a6:3b:0d:eb:d7:5c:b2:7b:bf:
c2:94:0c:a7:d7:58:b3:77:dc:8e:90:d8:0b:49:ef:51:04:71:
b2:0b:48:8e:37:c9:7d:09:e7:c5:fb:ef:82:f0:7a:8a:31:ff:
aa:09:12:80:9b:c6:11:25:01:c7:19:f1:75:78:28:a3:ea:94:
a3:2f:78:b8:53:95:40:4c:e0:69:18:5f:4f:97:f8:d4:f1:d0:
89:30:c8:31:c0:b8:07:f5:50:aa:7a:8c:22:93:5f:2a:59:f0:
a9:f6:ba:a2:c9:d6:9f:68:41:fb:ea:d7:db:dc:6c:46:0c:3c:
b8:74:2a:81:bd:99:85:e7:21:c7:13:c6:7f:6a:d9:3b:c5:1c:
fd:75:8f:a7:28:44:b6:18:1f:49:30:fd:6b:96:48:56:b3:4a:
c3:99:34:d1
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZZcusmwePaqy1lCmZefZ3vpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjFiN2YxZWVlOTBkOTllMjk0MjE4YTkzODc1M2MxZWEy
ZGMyNjcwHhcNMjUwNDIyMDkwMTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmYwM2QwYzYxYjUyZjI4NjdmNjI4ZGRiZDY3ZjAzZWU1OGQ5NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLd5yU7M4I4nFWAyN8x7MBNxcDfm
VqKVI6yEyEU+rFSIBYGuCdS+VLh/UbAv2/H0q7tYvkHbLd8R5c/xKKqUV1Zu34hO
j6yGrZeuzNkRMws1uqBAPG4DKzG9jZkrda2XM/Wex5K6aTOIwBNJTC9wsA1qrc44
1dq+dxzA3qee/kytb6dha5LwWNJJf4OL63+aadzKvr3tTpnhawr3WNbiHESD318P
/ihfN7wecnkbiaIA/5o17afgi/2grKG5otIMrBYorssGc9TNngZ99uOB3Q/es89R
N0TYBZl0qT1xQMs9AEpVrj8YITF7IuryDTkyLNUbHaF1l4WrGNbZGEtERwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFC/wPQxhtS8oZ/Yo3b1n8D7ljZaqMB8GA1UdIwQY
MBaAFDkht/Hu6Q2Z4pQhipOHU8HqLcJnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NHMzhlN3BEWm5pbENHS2s0ZFR3ZW90d21jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9iZTFkYjEtNGRjNC00NjNjLWJhZjgt
MjQ0MWUxMGY2ZjhmLzEvTF9BOURHRzFMeWhuOWlqZHZXZndQdVdObHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9iZTFkYjEtNGRjNC00NjNjLWJhZjgtMjQ0MWUxMGY2Zjhm
LzEvT1NHMzhlN3BEWm5pbENHS2s0ZFR3ZW90d21jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLZfcAwQC
WRVQAwQBlejyAwQCuUOQMA0EAgACMAcDBQMqBRAAMA0GCSqGSIb3DQEBCwUAA4IB
AQB0gsn5MsamhMf4W5puZ8NXdvUJ1fwRetjW+49+GrMNQvu/Z1Ig9B1f5E/TmtbN
RsJVWWx3QhBVczy7lyreja9aeyai8/pnmAVwCM+cGDqTtfrmgIE9ira8B26qXa1z
fY3lVj6mOw3r11yye7/ClAyn11izd9yOkNgLSe9RBHGyC0iON8l9CefF+++C8HqK
Mf+qCRKAm8YRJQHHGfF1eCij6pSjL3i4U5VATOBpGF9Pl/jU8dCJMMgxwLgH9VCq
eowik18qWfCp9rqiydafaEH76tfb3GxGDDy4dCqBvZmF5yHHE8Z/atk7xRz9dY+n
KES2GB9JMP1rlkhWs0rDmTTR
-----END CERTIFICATE-----
Generated at Sun May 11 18:01:34 2025 by rpki-client