Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/oHg8th2m-6lkqpucCywGnTPw2Y8.roa
File: oHg8th2m-6lkqpucCywGnTPw2Y8.roa (raw, json)
Hash identifier: fBPsGM2/mDx5oeAlhLVhusnxHUP4XIwFmPZfB6dTzC0=
Subject key identifier: A0:78:3C:B6:1D:A6:FB:A9:64:AA:9B:9C:0B:2C:06:9D:33:F0:D9:8F
Certificate issuer: /CN=d99a47cdc89f46342f90b0da3c30d9ec5fd63238
Certificate serial: 01965D8B93386612B705C81DE689609D04B3
Authority key identifier: D9:9A:47:CD:C8:9F:46:34:2F:90:B0:DA:3C:30:D9:EC:5F:D6:32:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/oHg8th2m-6lkqpucCywGnTPw2Y8.roa
Signing time: Tue 22 Apr 2025 12:49:10 +0000
ROA not before: Tue 22 Apr 2025 12:49:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202870
IP address blocks: 195.32.2.0/23 maxlen: 24
195.32.4.0/22 maxlen: 24
195.32.8.0/22 maxlen: 24
195.32.24.0/22 maxlen: 24
195.32.64.0/22 maxlen: 24
195.32.70.0/23 maxlen: 24
195.32.104.0/23 maxlen: 24
195.32.106.0/24 maxlen: 24
195.32.108.0/22 maxlen: 24
195.32.112.0/21 maxlen: 24
195.32.120.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.crl
rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.mft
rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 15:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5d:8b:93:38:66:12:b7:05:c8:1d:e6:89:60:9d:04:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d99a47cdc89f46342f90b0da3c30d9ec5fd63238
Validity
Not Before: Apr 22 12:49:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0783cb61da6fba964aa9b9c0b2c069d33f0d98f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:be:61:c1:41:4e:89:9e:9f:23:89:4d:ea:9b:
7e:4d:8f:2b:ab:71:b8:7c:f3:cd:9e:1c:86:a6:3c:
ce:15:56:fb:43:5d:3a:56:18:74:a6:af:26:f8:1f:
9d:b6:f6:be:f8:8c:3e:bf:55:09:20:7d:22:d5:e3:
17:1d:3d:5e:46:65:7c:9d:c9:f4:46:aa:49:76:05:
e0:d6:f1:36:89:a0:b3:6d:a2:fb:86:81:95:bd:e1:
a2:d1:01:30:fd:cc:76:1a:c3:0e:39:66:15:6a:01:
3b:79:89:0f:d1:c3:80:ad:22:0c:f6:d8:91:20:a1:
3f:a5:ff:34:5b:5f:83:b2:5d:b4:ae:07:4d:0a:c8:
f8:0e:5c:50:67:f7:d2:0f:e8:2b:d2:15:14:0f:e8:
58:46:5b:d2:01:b6:3c:d3:b6:95:8f:c7:61:55:0c:
8e:dc:1f:87:65:0d:77:b8:02:09:7f:29:34:8f:4d:
d8:c3:3f:23:50:41:9b:44:62:86:42:df:5b:af:30:
30:22:28:df:3e:c7:2e:44:c7:a4:15:ba:92:e8:e6:
bb:9c:e5:55:8a:80:07:84:4a:95:40:d4:6f:99:a7:
4a:7d:31:bc:34:40:bc:23:1d:67:97:b7:d7:55:fc:
a0:1c:80:23:40:a2:ed:57:53:07:c5:de:61:b0:63:
6f:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:78:3C:B6:1D:A6:FB:A9:64:AA:9B:9C:0B:2C:06:9D:33:F0:D9:8F
X509v3 Authority Key Identifier:
keyid:D9:9A:47:CD:C8:9F:46:34:2F:90:B0:DA:3C:30:D9:EC:5F:D6:32:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/oHg8th2m-6lkqpucCywGnTPw2Y8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.32.2.0-195.32.11.255
195.32.24.0/22
195.32.64.0/22
195.32.70.0/23
195.32.104.0-195.32.106.255
195.32.108.0-195.32.127.255
Signature Algorithm: sha256WithRSAEncryption
22:fd:b3:64:0b:7d:70:3f:23:a1:04:79:9c:0a:6c:64:a7:d7:
f4:95:fd:bc:01:6a:4c:0c:fb:15:c3:5b:0c:f5:1d:4a:22:07:
30:18:a5:fd:c9:4e:ac:02:c4:7d:96:52:b2:bc:36:75:b7:aa:
7b:ba:b2:ac:e3:92:db:5f:4a:99:b5:40:cd:e6:0b:98:19:42:
2a:fa:18:e8:00:f1:1e:8f:7b:98:65:f0:18:b6:37:8c:68:7b:
00:48:38:26:34:21:8e:d2:22:e5:1a:95:70:bb:79:14:75:ab:
2f:70:47:dd:73:51:bb:ca:20:44:28:4c:26:62:a6:7c:e8:c0:
b5:ed:e9:94:97:be:d8:2b:32:4e:d7:98:23:30:82:80:f2:3e:
51:89:a6:7e:37:98:d9:41:bd:e0:bb:65:9f:e3:49:2e:e8:17:
c3:82:ff:02:3f:00:8c:3b:d6:d8:51:7b:a5:fd:20:71:1c:e5:
bb:29:2c:6e:48:5f:2c:76:bb:37:0e:12:5c:e9:b5:0c:dc:52:
c9:c3:88:12:77:c0:32:69:de:0c:de:93:25:7b:f7:cf:3f:49:
18:4d:fc:a0:84:b6:dd:67:54:95:0a:dc:82:f4:cb:c7:d9:be:
be:31:15:24:94:86:95:1e:9b:11:bf:b6:05:a9:bb:7a:10:8b:
a5:d1:4f:5b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZZdi5M4ZhK3Bcgd5olgnQSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OWE0N2NkYzg5ZjQ2MzQyZjkwYjBkYTNjMzBkOWVjNWZk
NjMyMzgwHhcNMjUwNDIyMTI0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDc4M2NiNjFkYTZmYmE5NjRhYTliOWMwYjJjMDY5ZDMzZjBkOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb5hwUFOiZ6fI4lN6pt+TY8rq3G4
fPPNnhyGpjzOFVb7Q106Vhh0pq8m+B+dtva++Iw+v1UJIH0i1eMXHT1eRmV8ncn0
RqpJdgXg1vE2iaCzbaL7hoGVveGi0QEw/cx2GsMOOWYVagE7eYkP0cOArSIM9tiR
IKE/pf80W1+Dsl20rgdNCsj4DlxQZ/fSD+gr0hUUD+hYRlvSAbY807aVj8dhVQyO
3B+HZQ13uAIJfyk0j03Ywz8jUEGbRGKGQt9brzAwIijfPscuRMekFbqS6Oa7nOVV
ioAHhEqVQNRvmadKfTG8NEC8Ix1nl7fXVfygHIAjQKLtV1MHxd5hsGNv6wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKB4PLYdpvupZKqbnAssBp0z8NmPMB8GA1UdIwQY
MBaAFNmaR83In0Y0L5Cw2jww2exf1jI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlpwSHpjaWZSalF2a0xEYVBERFo3Rl9XTWpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kMzBlZWYtNDk1ZS00M2JkLTkxOWMt
YTJhMGUyZGI0OWQwLzEvb0hnOHRoMm0tNmxrcXB1Y0N5d0duVFB3Mlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kMzBlZWYtNDk1ZS00M2JkLTkxOWMtYTJhMGUyZGI0OWQw
LzEvMlpwSHpjaWZSalF2a0xEYVBERFo3Rl9XTWpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAHDIAID
BALDIAgDBALDIBgDBALDIEADBAHDIEYwDAMEA8MgaAMEAMMgajAMAwQCwyBsAwQH
wyAAMA0GCSqGSIb3DQEBCwUAA4IBAQAi/bNkC31wPyOhBHmcCmxkp9f0lf28AWpM
DPsVw1sM9R1KIgcwGKX9yU6sAsR9llKyvDZ1t6p7urKs45LbX0qZtUDN5guYGUIq
+hjoAPEej3uYZfAYtjeMaHsASDgmNCGO0iLlGpVwu3kUdasvcEfdc1G7yiBEKEwm
YqZ86MC17emUl77YKzJO15gjMIKA8j5RiaZ+N5jZQb3gu2Wf40ku6BfDgv8CPwCM
O9bYUXul/SBxHOW7KSxuSF8sdrs3DhJc6bUM3FLJw4gSd8Ayad4M3pMle/fPP0kY
TfyghLbdZ1SVCtyC9MvH2b6+MRUklIaVHpsRv7YFqbt6EIul0U9b
-----END CERTIFICATE-----
Generated at Mon May 5 21:46:01 2025 by rpki-client