Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/9MjXTd2Lr1yJdEmK8CTeSoInorE.roa
File: 9MjXTd2Lr1yJdEmK8CTeSoInorE.roa (raw, json)
Hash identifier: YWK7+nRLe8UfaY8PNHmd6MYAPs7Oj1F/tL2OOejEg1M=
Subject key identifier: F4:C8:D7:4D:DD:8B:AF:5C:89:74:49:8A:F0:24:DE:4A:82:27:A2:B1
Certificate issuer: /CN=473779e6a77c7e58213198764ce2ac0e6bee6236
Certificate serial: 0196A9F2E6916CF4C76E10041459D39BC6C1
Authority key identifier: 47:37:79:E6:A7:7C:7E:58:21:31:98:76:4C:E2:AC:0E:6B:EE:62:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/9MjXTd2Lr1yJdEmK8CTeSoInorE.roa
Signing time: Wed 07 May 2025 08:53:10 +0000
ROA not before: Wed 07 May 2025 08:53:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42730
IP address blocks: 87.238.192.0/21 maxlen: 21
178.254.0.0/19 maxlen: 19
178.254.32.0/20 maxlen: 20
178.254.48.0/21 maxlen: 21
178.254.56.0/22 maxlen: 22
178.254.60.0/23 maxlen: 23
178.254.62.0/24 maxlen: 24
185.195.100.0/23 maxlen: 23
185.195.102.0/23 maxlen: 23
195.90.192.0/18 maxlen: 18
2a00:6800::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:a9:f2:e6:91:6c:f4:c7:6e:10:04:14:59:d3:9b:c6:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=473779e6a77c7e58213198764ce2ac0e6bee6236
Validity
Not Before: May 7 08:53:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f4c8d74ddd8baf5c8974498af024de4a8227a2b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:bf:cf:07:a0:f3:29:97:44:f5:ff:10:2b:0c:
dc:fe:1b:eb:25:a3:eb:6a:b2:0d:cd:ba:9d:5d:8b:
c4:93:b7:f7:5e:3a:66:65:ab:71:d7:e3:05:bb:07:
50:60:3d:14:fc:32:5f:8a:73:ba:fc:af:94:6c:5e:
c4:77:57:57:2a:57:bc:54:8a:97:57:19:79:c4:e9:
bd:bb:3e:e3:83:f5:4f:db:b9:ff:72:6f:4e:97:b0:
a4:b8:69:e3:54:f5:d8:c4:3d:d9:de:8a:1d:01:93:
fb:8c:64:f2:7a:41:68:62:9f:c8:89:55:11:2c:31:
57:28:44:24:d1:d2:9d:29:f3:df:bf:4c:5f:64:40:
2b:82:e9:52:ba:b0:cd:8a:4d:a8:1b:5b:62:b9:3e:
73:5c:fb:97:06:8c:53:80:35:69:fa:0a:28:89:aa:
53:70:54:c6:68:6b:e8:fd:11:46:01:e7:f4:aa:9e:
a7:c4:5f:88:90:11:8e:60:d7:2b:ae:58:41:4b:90:
f2:ca:1a:d9:4a:8e:c1:3e:09:f8:a0:24:98:0f:ed:
bd:df:0f:da:a8:18:f9:e6:59:2a:c6:62:c2:d5:52:
66:99:9f:0a:1e:4d:a1:8d:5b:4f:b5:13:07:25:27:
93:3d:fc:a7:0a:fb:bb:ae:bd:53:e5:12:cc:58:83:
8b:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:C8:D7:4D:DD:8B:AF:5C:89:74:49:8A:F0:24:DE:4A:82:27:A2:B1
X509v3 Authority Key Identifier:
keyid:47:37:79:E6:A7:7C:7E:58:21:31:98:76:4C:E2:AC:0E:6B:EE:62:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/9MjXTd2Lr1yJdEmK8CTeSoInorE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.238.192.0/21
178.254.0.0-178.254.62.255
185.195.100.0/22
195.90.192.0/18
IPv6:
2a00:6800::/32
Signature Algorithm: sha256WithRSAEncryption
52:eb:2a:da:0b:2d:cb:a4:10:e1:0c:7c:19:bb:87:16:8e:38:
34:85:e2:61:15:44:8b:a1:02:96:fa:df:23:85:ff:3e:71:ee:
2f:b7:a7:4a:f9:27:32:c5:ad:25:8f:15:e4:37:c6:ea:3e:dc:
d7:93:c4:15:7f:f0:ec:45:da:99:1a:ce:2b:ad:8c:90:18:5c:
cf:5c:9e:65:1a:7d:11:01:f4:03:86:ce:3d:0d:ec:74:dd:b7:
b7:d8:e5:af:b1:35:98:e2:a7:c0:d7:0f:74:77:de:6b:a3:93:
4c:d9:0b:c7:5f:67:7e:8f:2a:e9:2c:aa:8e:95:73:bf:cd:cc:
1d:11:d0:30:e5:b2:4f:94:f4:b3:51:e4:a6:22:66:c6:e9:87:
36:a8:40:f3:bf:a1:e2:d2:0a:e4:68:d1:75:b3:9f:d7:f9:c1:
cd:ea:53:37:07:40:2e:1c:53:da:6a:5f:1f:0b:35:d4:e6:a9:
0b:1b:c6:58:68:7c:81:bb:5f:f2:0d:e0:c4:e7:7d:ef:ff:42:
c8:ff:7b:c6:93:51:fe:6d:de:f5:3d:ba:8f:a0:63:f3:3c:66:
7f:96:38:2b:16:95:f9:5a:e6:ca:75:ab:68:64:44:11:6a:d0:
80:8d:e5:20:74:16:ff:98:2c:d5:63:b0:a5:9f:6e:f2:8c:9d:
3b:d8:c7:ee
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZap8uaRbPTHbhAEFFnTm8bBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Mzc3OWU2YTc3YzdlNTgyMTMxOTg3NjRjZTJhYzBlNmJl
ZTYyMzYwHhcNMjUwNTA3MDg1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM4ZDc0ZGRkOGJhZjVjODk3NDQ5OGFmMDI0ZGU0YTgyMjdhMmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb/PB6DzKZdE9f8QKwzc/hvrJaPr
arINzbqdXYvEk7f3XjpmZatx1+MFuwdQYD0U/DJfinO6/K+UbF7Ed1dXKle8VIqX
Vxl5xOm9uz7jg/VP27n/cm9Ol7CkuGnjVPXYxD3Z3oodAZP7jGTyekFoYp/IiVUR
LDFXKEQk0dKdKfPfv0xfZEArgulSurDNik2oG1tiuT5zXPuXBoxTgDVp+gooiapT
cFTGaGvo/RFGAef0qp6nxF+IkBGOYNcrrlhBS5DyyhrZSo7BPgn4oCSYD+293w/a
qBj55lkqxmLC1VJmmZ8KHk2hjVtPtRMHJSeTPfynCvu7rr1T5RLMWIOL4wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFPTI103di69ciXRJivAk3kqCJ6KxMB8GA1UdIwQY
MBaAFEc3eeanfH5YITGYdkzirA5r7mI2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpkNTVxZDhmbGdoTVpoMlRPS3NEbXZ1WWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZDc1ODMtZDEwYy00N2RiLWFlZTEt
NThkNjY0MjEwNjY5LzEvOU1qWFRkMkxyMXlKZEVtSzhDVGVTb0lub3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZDc1ODMtZDEwYy00N2RiLWFlZTEtNThkNjY0MjEwNjY5
LzEvUnpkNTVxZDhmbGdoTVpoMlRPS3NEbXZ1WWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAlBAIAATAfAwQDV+7AMAsD
AwGy/gMEALL+PgMEArnDZAMEBsNawDANBAIAAjAHAwUAKgBoADANBgkqhkiG9w0B
AQsFAAOCAQEAUusq2gsty6QQ4Qx8GbuHFo44NIXiYRVEi6EClvrfI4X/PnHuL7en
SvknMsWtJY8V5DfG6j7c15PEFX/w7EXamRrOK62MkBhcz1yeZRp9EQH0A4bOPQ3s
dN23t9jlr7E1mOKnwNcPdHfea6OTTNkLx19nfo8q6SyqjpVzv83MHRHQMOWyT5T0
s1HkpiJmxumHNqhA87+h4tIK5GjRdbOf1/nBzepTNwdALhxT2mpfHws11OapCxvG
WGh8gbtf8g3gxOd97/9CyP97xpNR/m3e9T26j6Bj8zxmf5Y4KxaV+VrmynWraGRE
EWrQgI3lIHQW/5gs1WOwpZ9u8oydO9jH7g==
-----END CERTIFICATE-----
Generated at Sun May 11 23:32:07 2025 by rpki-client