Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/V1dxs9JhyjDMxU7zwFABoBAdx60.roa
File: V1dxs9JhyjDMxU7zwFABoBAdx60.roa (raw, json)
Hash identifier: jK0rBU9juj3Cm9p+z0cyDJb76/ejVGKYQgHCoAgwZ5Q=
Subject key identifier: 57:57:71:B3:D2:61:CA:30:CC:C5:4E:F3:C0:50:01:A0:10:1D:C7:AD
Certificate issuer: /CN=c6c0fdbb65ca491cb83cc085a43e0340596ae873
Certificate serial: 0196B556DAB80FBD9D94B161CAECA992BC07
Authority key identifier: C6:C0:FD:BB:65:CA:49:1C:B8:3C:C0:85:A4:3E:03:40:59:6A:E8:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/V1dxs9JhyjDMxU7zwFABoBAdx60.roa
Signing time: Fri 09 May 2025 13:58:10 +0000
ROA not before: Fri 09 May 2025 13:58:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5631
IP address blocks: 45.150.140.0/22 maxlen: 22
79.99.88.0/22 maxlen: 22
79.173.128.0/18 maxlen: 18
79.173.128.0/19 maxlen: 19
79.173.128.0/20 maxlen: 20
79.173.128.0/21 maxlen: 21
79.173.136.0/21 maxlen: 21
79.173.144.0/21 maxlen: 21
79.173.152.0/21 maxlen: 21
79.173.160.0/19 maxlen: 19
79.173.160.0/21 maxlen: 21
79.173.168.0/21 maxlen: 21
79.173.176.0/21 maxlen: 21
79.173.184.0/21 maxlen: 21
80.252.120.0/22 maxlen: 22
83.143.224.0/21 maxlen: 21
83.143.224.0/22 maxlen: 22
83.143.228.0/22 maxlen: 22
103.110.208.0/22 maxlen: 22
109.224.248.0/21 maxlen: 21
185.108.168.0/22 maxlen: 22
185.205.172.0/22 maxlen: 22
193.178.54.0/23 maxlen: 23
193.178.112.0/23 maxlen: 23
195.167.128.0/20 maxlen: 20
195.167.128.0/21 maxlen: 21
195.167.136.0/21 maxlen: 21
195.167.138.0/24 maxlen: 24
195.167.176.0/20 maxlen: 20
195.167.176.0/21 maxlen: 21
195.167.181.0/24 maxlen: 24
195.167.182.0/24 maxlen: 24
195.167.184.0/21 maxlen: 21
195.167.184.0/24 maxlen: 24
195.167.187.0/24 maxlen: 24
209.42.4.0/22 maxlen: 22
209.42.8.0/21 maxlen: 21
2a00:5840::/32 maxlen: 32
2a02:890::/32 maxlen: 32
2a06:e40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.mft
rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 14 May 2025 07:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:b5:56:da:b8:0f:bd:9d:94:b1:61:ca:ec:a9:92:bc:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6c0fdbb65ca491cb83cc085a43e0340596ae873
Validity
Not Before: May 9 13:58:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=575771b3d261ca30ccc54ef3c05001a0101dc7ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:10:5b:33:aa:91:89:0d:87:1d:9f:6b:76:ac:
0a:39:4a:1c:a9:d2:42:f8:fd:74:4b:c9:35:58:d8:
4e:7b:28:d3:f1:29:91:83:52:a2:88:5d:92:f1:85:
94:7f:47:cb:02:f7:b9:93:c2:c7:df:4b:d1:a1:bb:
50:a0:47:47:98:85:75:f0:fd:a5:29:3b:59:d8:2a:
71:d5:98:e7:03:d7:8f:23:9d:90:2b:f2:b3:54:69:
bc:64:5f:6b:44:47:8d:a7:58:8c:d0:55:86:8e:94:
4c:e3:e8:0e:b8:7f:3e:10:6a:42:aa:1b:77:e8:14:
b0:8e:c7:61:2d:1a:ba:8b:8c:5d:d3:83:18:15:1d:
2a:95:51:03:ab:b8:81:08:1a:5b:8f:38:c2:7d:b1:
66:35:ea:35:47:35:b0:a9:2c:d4:49:84:24:97:b7:
7b:c0:82:e6:1a:ed:f6:03:2f:cb:0b:e1:e1:9e:2c:
98:f7:dc:5c:ce:2b:b0:50:32:c7:cf:6d:1e:fa:75:
22:8f:c9:5c:d8:83:12:df:6d:56:57:59:12:e9:d2:
2f:b0:d4:0b:d7:db:6a:d7:9a:5b:ae:40:11:06:45:
33:2d:ca:8f:77:6a:a0:5f:69:91:45:51:97:3f:29:
5b:0d:2e:72:8b:c2:ba:a2:01:b5:da:41:29:22:12:
0c:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:57:71:B3:D2:61:CA:30:CC:C5:4E:F3:C0:50:01:A0:10:1D:C7:AD
X509v3 Authority Key Identifier:
keyid:C6:C0:FD:BB:65:CA:49:1C:B8:3C:C0:85:A4:3E:03:40:59:6A:E8:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/V1dxs9JhyjDMxU7zwFABoBAdx60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.140.0/22
79.99.88.0/22
79.173.128.0/18
80.252.120.0/22
83.143.224.0/21
103.110.208.0/22
109.224.248.0/21
185.108.168.0/22
185.205.172.0/22
193.178.54.0/23
193.178.112.0/23
195.167.128.0/20
195.167.176.0/20
209.42.4.0-209.42.15.255
IPv6:
2a00:5840::/32
2a02:890::/32
2a06:e40::/29
Signature Algorithm: sha256WithRSAEncryption
8f:75:8a:14:bb:9b:68:cc:c6:46:0d:22:e8:f5:af:60:ae:24:
32:f4:3e:06:59:81:44:54:3d:8f:8b:e8:6f:87:c7:f7:6a:76:
76:e3:ee:58:61:3b:bf:f1:83:b6:63:53:62:29:d5:dd:f4:bd:
a7:7a:33:e7:b1:7c:0a:70:f5:93:1b:9e:a9:b2:a7:6d:e1:50:
56:9b:64:d8:91:d1:26:38:ba:54:1e:2e:5f:16:55:67:a7:ee:
c4:c7:94:fc:b7:7a:23:94:ae:dd:48:e2:4e:d5:b1:5f:d1:b5:
18:05:2d:b2:c7:7a:f0:58:5d:6a:a6:e2:9d:23:15:4c:36:99:
20:e7:d6:2a:d7:28:d0:81:8b:44:e6:7d:73:bc:81:f5:7c:72:
88:71:0b:57:d3:58:9a:90:c0:28:78:3c:29:4c:c2:6a:2f:28:
63:34:ce:eb:8b:20:f9:71:97:02:d9:af:92:02:73:83:3c:96:
db:bb:2a:91:3a:e5:ee:1e:d8:e1:fc:4c:95:3e:0f:a6:bf:d6:
af:30:c7:f3:71:8c:dc:6d:18:26:e5:8d:4f:07:a5:13:d4:5f:
0b:40:f3:d4:67:8e:73:cc:91:bb:72:9f:08:46:e5:77:7c:92:
f8:22:77:e2:86:61:f0:75:57:99:ad:37:d8:8b:2c:1b:d1:e6:
93:54:fa:76
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZa1Vtq4D72dlLFhyuypkrwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YzBmZGJiNjVjYTQ5MWNiODNjYzA4NWE0M2UwMzQwNTk2
YWU4NzMwHhcNMjUwNTA5MTM1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzU3NzFiM2QyNjFjYTMwY2NjNTRlZjNjMDUwMDFhMDEwMWRjN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BBbM6qRiQ2HHZ9rdqwKOUocqdJC
+P10S8k1WNhOeyjT8SmRg1KiiF2S8YWUf0fLAve5k8LH30vRobtQoEdHmIV18P2l
KTtZ2Cpx1ZjnA9ePI52QK/KzVGm8ZF9rREeNp1iM0FWGjpRM4+gOuH8+EGpCqht3
6BSwjsdhLRq6i4xd04MYFR0qlVEDq7iBCBpbjzjCfbFmNeo1RzWwqSzUSYQkl7d7
wILmGu32Ay/LC+HhniyY99xcziuwUDLHz20e+nUij8lc2IMS321WV1kS6dIvsNQL
19tq15pbrkARBkUzLcqPd2qgX2mRRVGXPylbDS5yi8K6ogG12kEpIhIM1wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFdXcbPSYcowzMVO88BQAaAQHcetMB8GA1UdIwQY
MBaAFMbA/btlykkcuDzAhaQ+A0BZauhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHNEOXUyWEtTUnk0UE1DRnBENERRRmxxNkhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NjY5YmItMWY2Mi00MmEzLTllOGQt
NDlhNjU0NTc4NmU2LzEvVjFkeHM5Smh5akRNeFU3endGQUJvQkFkeDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NjY5YmItMWY2Mi00MmEzLTllOGQtNDlhNjU0NTc4NmU2
LzEveHNEOXUyWEtTUnk0UE1DRnBENERRRmxxNkhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTBiBAIAATBcAwQCLZaM
AwQCT2NYAwQGT62AAwQCUPx4AwQDU4/gAwQCZ27QAwQDbeD4AwQCuWyoAwQCuc2s
AwQBwbI2AwQBwbJwAwQEw6eAAwQEw6ewMAwDBALRKgQDBATRKgAwGwQCAAIwFQMF
ACoAWEADBQAqAgiQAwUDKgYOQDANBgkqhkiG9w0BAQsFAAOCAQEAj3WKFLubaMzG
Rg0i6PWvYK4kMvQ+BlmBRFQ9j4vob4fH92p2duPuWGE7v/GDtmNTYinV3fS9p3oz
57F8CnD1kxueqbKnbeFQVptk2JHRJji6VB4uXxZVZ6fuxMeU/Ld6I5Su3UjiTtWx
X9G1GAUtssd68FhdaqbinSMVTDaZIOfWKtco0IGLROZ9c7yB9XxyiHELV9NYmpDA
KHg8KUzCai8oYzTO64sg+XGXAtmvkgJzgzyW27sqkTrl7h7Y4fxMlT4Ppr/WrzDH
83GM3G0YJuWNTwelE9RfC0Dz1GeOc8yRu3KfCEbld3yS+CJ34oZh8HVXma032Iss
G9Hmk1T6dg==
-----END CERTIFICATE-----
Generated at Tue May 13 15:57:09 2025 by rpki-client