Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/R0-mbrlkQj2Gy6Nt6WDL988hyv8.roa
File: R0-mbrlkQj2Gy6Nt6WDL988hyv8.roa (raw, json)
Hash identifier: TNdehcbateMNki61iSUqlN2sgtl/UwdBnEcO8z3cSF0=
Subject key identifier: 47:4F:A6:6E:B9:64:42:3D:86:CB:A3:6D:E9:60:CB:F7:CF:21:CA:FF
Certificate issuer: /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial: 01963EF07F1E37A25BAE1ECAA22CFBB50526
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/R0-mbrlkQj2Gy6Nt6WDL988hyv8.roa
Signing time: Wed 16 Apr 2025 14:11:10 +0000
ROA not before: Wed 16 Apr 2025 14:11:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 185.213.22.0/24 maxlen: 24
2a11:840:1::/48 maxlen: 48
2a11:840:2::/48 maxlen: 48
2a11:840:4::/48 maxlen: 48
2a11:840:9::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 07 May 2025 16:14:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:3e:f0:7f:1e:37:a2:5b:ae:1e:ca:a2:2c:fb:b5:05:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
Validity
Not Before: Apr 16 14:11:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=474fa66eb964423d86cba36de960cbf7cf21caff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:52:b7:d6:7c:3f:fa:76:ff:fe:20:a4:b7:a5:
9c:12:6d:fa:2f:86:eb:2c:07:dc:8a:84:5b:f6:f9:
e3:4c:ed:fb:66:72:45:69:fb:7c:0d:1f:fc:e8:1a:
e4:49:2d:e7:0a:fa:7d:d3:b5:1d:c1:17:54:66:75:
9b:f6:78:1d:48:15:4f:2d:9c:14:dc:68:98:39:dd:
5d:d5:f2:60:ef:dd:68:82:52:fa:3a:58:39:27:52:
63:a3:b5:4f:73:6c:55:20:33:6e:41:c8:10:e4:41:
f1:4c:4c:a0:ea:61:e1:d0:37:90:7b:14:4a:1a:12:
2e:5d:1f:fe:0d:7a:50:5e:16:29:aa:4f:f1:ab:18:
d5:e2:d8:14:1f:db:eb:5c:f0:52:ae:c0:12:5b:e6:
54:c7:8b:c9:95:73:4c:6f:14:0f:77:19:32:f8:a4:
d4:16:7b:a6:66:4a:ff:c6:b4:a3:4d:33:5c:1a:a3:
4c:3d:5f:e6:7f:63:f9:c8:f0:86:e4:49:9d:bd:d5:
fb:9e:c2:94:10:1b:aa:e5:f7:74:68:c7:82:ba:20:
f0:75:82:4e:5e:8b:a7:40:8a:56:40:b4:93:cd:10:
42:9f:84:27:38:56:24:bb:62:8a:5c:a6:a0:3d:91:
54:84:36:c5:18:8c:0c:3d:70:da:af:74:17:12:a4:
97:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:4F:A6:6E:B9:64:42:3D:86:CB:A3:6D:E9:60:CB:F7:CF:21:CA:FF
X509v3 Authority Key Identifier:
keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/R0-mbrlkQj2Gy6Nt6WDL988hyv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.213.22.0/24
IPv6:
2a11:840:1::-2a11:840:2:ffff:ffff:ffff:ffff:ffff
2a11:840:4::/48
2a11:840:9::/48
Signature Algorithm: sha256WithRSAEncryption
87:fc:f4:bd:4f:1f:b9:1e:f0:72:c3:b7:28:50:d5:da:0e:91:
0d:07:67:37:a9:3f:23:7b:59:24:42:c6:98:05:01:98:e0:53:
86:00:40:1c:3a:2a:15:6e:1b:ba:eb:ab:4a:47:17:da:70:88:
95:1c:67:0a:2c:e4:a7:62:f5:9d:fd:d2:9d:36:b3:c9:43:ea:
d5:cc:e4:23:c5:9a:88:70:7d:dc:b9:9c:9e:63:82:c0:71:e6:
a9:c7:cd:ad:54:00:b2:4a:f2:21:51:6b:f0:57:ba:93:9c:8a:
82:04:91:3b:00:f0:fb:51:f6:72:ca:d9:e7:99:79:6a:75:6b:
35:fc:82:39:5a:5b:90:21:f9:7b:93:07:c6:cf:58:3b:53:e5:
72:f5:2a:c2:b9:63:c9:2b:f1:4f:00:ff:ce:0b:83:60:75:e9:
9d:7f:a5:60:1a:df:b8:6b:9e:9e:fb:be:c0:04:48:d6:bf:b9:
aa:30:09:2b:a9:6e:5b:09:0e:3f:7b:69:de:a5:68:e0:7f:92:
bb:98:83:59:e1:00:6e:90:3c:11:70:e6:d7:67:6f:6b:34:47:
4b:7f:76:24:e9:78:83:1a:7e:d3:0c:87:9f:7c:c5:b1:0c:8d:
bb:c9:2f:7a:d4:c8:f2:9b:49:c2:23:b6:34:9c:45:6d:9d:1a:
c6:24:1f:68
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZY+8H8eN6Jbrh7Koiz7tQUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjUwNDE2MTQxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzRmYTY2ZWI5NjQ0MjNkODZjYmEzNmRlOTYwY2JmN2NmMjFjYWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lK31nw/+nb//iCkt6WcEm36L4br
LAfcioRb9vnjTO37ZnJFaft8DR/86BrkSS3nCvp907UdwRdUZnWb9ngdSBVPLZwU
3GiYOd1d1fJg791oglL6Olg5J1Jjo7VPc2xVIDNuQcgQ5EHxTEyg6mHh0DeQexRK
GhIuXR/+DXpQXhYpqk/xqxjV4tgUH9vrXPBSrsASW+ZUx4vJlXNMbxQPdxky+KTU
FnumZkr/xrSjTTNcGqNMPV/mf2P5yPCG5EmdvdX7nsKUEBuq5fd0aMeCuiDwdYJO
XounQIpWQLSTzRBCn4QnOFYku2KKXKagPZFUhDbFGIwMPXDar3QXEqSXZwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFEdPpm65ZEI9hsujbelgy/fPIcr/MB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvUjAtbWJybGtRajJHeTZOdDZXREw5ODhoeXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAMBAIAATAGAwQAudUWMCwE
AgACMCYwEgMHACoRCEAAAQMHACoRCEAAAgMHACoRCEAABAMHACoRCEAACTANBgkq
hkiG9w0BAQsFAAOCAQEAh/z0vU8fuR7wcsO3KFDV2g6RDQdnN6k/I3tZJELGmAUB
mOBThgBAHDoqFW4buuurSkcX2nCIlRxnCizkp2L1nf3SnTazyUPq1czkI8WaiHB9
3LmcnmOCwHHmqcfNrVQAskryIVFr8Fe6k5yKggSROwDw+1H2csrZ55l5anVrNfyC
OVpbkCH5e5MHxs9YO1PlcvUqwrljySvxTwD/zguDYHXpnX+lYBrfuGuenvu+wARI
1r+5qjAJK6luWwkOP3tp3qVo4H+Su5iDWeEAbpA8EXDm12dvazRHS392JOl4gxp+
0wyHn3zFsQyNu8kvetTI8ptJwiO2NJxFbZ0axiQfaA==
-----END CERTIFICATE-----
Generated at Wed May 7 02:01:15 2025 by rpki-client