Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-2y_aIVLHaNjmpitGFqNPm7IvEo.roa
File: 1-2y_aIVLHaNjmpitGFqNPm7IvEo.roa (raw, json)
Hash identifier: fNGQgJEkAVDNTF+RFBrU/7mJ8nCCauFw8CrCD3Fi4fM=
Subject key identifier: FB:6C:BF:68:85:4B:1D:A3:63:9A:98:AD:18:5A:8D:3E:6E:C8:BC:4A
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0196863B8928742314988D1AFA7E1CE414E5
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-2y_aIVLHaNjmpitGFqNPm7IvEo.roa
Signing time: Wed 30 Apr 2025 10:26:10 +0000
ROA not before: Wed 30 Apr 2025 10:26:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200908
IP address blocks: 45.137.162.0/23 maxlen: 24
185.224.36.0/22 maxlen: 24
185.254.156.0/24 maxlen: 24
185.254.158.0/24 maxlen: 24
194.41.118.0/24 maxlen: 24
195.28.178.0/23 maxlen: 24
195.28.178.0/24 maxlen: 24
195.28.179.0/24 maxlen: 24
195.34.66.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:86:3b:89:28:74:23:14:98:8d:1a:fa:7e:1c:e4:14:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Apr 30 10:26:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fb6cbf68854b1da3639a98ad185a8d3e6ec8bc4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:f8:5a:98:51:98:fa:dc:6d:d5:43:a9:96:b9:
e1:3e:49:f5:24:3f:22:37:57:1a:b8:bf:74:b7:b4:
b8:12:ae:70:98:2d:1a:25:17:32:88:7e:07:f1:ff:
a1:16:42:0d:8f:bf:b6:7f:19:78:f9:89:ad:13:65:
e0:b2:84:90:f5:b0:a0:63:fb:59:04:1d:f9:64:86:
ce:94:13:90:64:5f:cd:1f:a1:a0:f1:12:2d:51:5f:
12:06:c0:ba:59:8f:23:6b:85:61:70:47:29:c7:c9:
62:f3:2c:03:c5:04:94:35:bf:78:ee:da:d8:f8:d1:
99:4a:d4:f2:89:56:b3:f3:fc:35:b2:0f:29:ff:57:
cc:55:36:72:6e:27:a9:20:e2:6a:ae:eb:51:15:86:
cd:49:af:42:55:2b:5a:04:b0:3d:82:11:19:13:15:
58:a0:fd:da:7e:39:b1:53:1c:74:84:a3:df:c2:d4:
3d:e1:5c:64:7b:c6:b1:c1:e0:53:dc:1b:92:4d:09:
0e:ba:52:32:50:21:5f:e4:cb:5a:63:41:e8:76:84:
00:fb:81:17:7a:b2:19:ec:1b:ee:c6:8a:40:3c:1d:
f6:03:9a:17:7b:ce:76:b9:a1:fb:28:56:08:8d:85:
35:c0:9b:46:85:33:08:c8:2f:eb:0e:8c:3e:19:2f:
ec:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:6C:BF:68:85:4B:1D:A3:63:9A:98:AD:18:5A:8D:3E:6E:C8:BC:4A
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-2y_aIVLHaNjmpitGFqNPm7IvEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.162.0/23
185.224.36.0/22
185.254.156.0/24
185.254.158.0/24
194.41.118.0/24
195.28.178.0/23
195.34.66.0/24
Signature Algorithm: sha256WithRSAEncryption
20:16:ee:bb:c0:9a:57:f4:c4:c7:88:82:af:36:11:84:98:49:
3c:e1:98:d7:fc:09:40:fc:90:82:28:35:54:e7:1c:fb:af:2d:
09:07:09:86:68:05:20:79:00:c8:da:a5:09:16:44:f2:39:fd:
08:a8:db:bf:bc:8e:35:4a:3d:b2:dd:07:bd:ec:79:93:84:b7:
6b:4f:52:42:3e:36:54:10:3c:34:52:a7:83:25:ae:50:ae:4c:
00:ef:1a:41:3b:b8:88:6d:16:61:fc:f2:c8:fd:91:09:81:08:
3d:c1:37:69:c5:e9:06:a2:ca:4c:a6:f8:5d:3d:12:ae:cf:ef:
d5:be:c3:9a:c0:05:8d:79:89:1d:5f:6f:1a:d7:ed:85:59:7e:
4b:ea:f5:d4:76:15:f2:31:44:6c:40:c7:a1:4d:df:ad:08:04:
b7:8f:84:1a:e6:b1:d2:db:1d:64:5b:48:fe:4a:b0:6d:37:f5:
4f:3e:d9:e4:17:82:d6:b7:40:a8:fe:9e:83:06:2e:99:6c:b3:
77:3d:88:55:df:c1:10:9c:50:b2:d0:b9:f2:ce:9e:41:82:8e:
81:d7:da:f4:5e:69:b6:44:85:96:68:83:d5:04:e5:f7:2f:89:
20:04:78:45:04:ab:36:8d:eb:2b:e9:81:8a:9b:90:0e:91:67:
90:66:c4:30
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZaGO4kodCMUmI0a+n4c5BTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDMwMTAyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjZjYmY2ODg1NGIxZGEzNjM5YTk4YWQxODVhOGQzZTZlYzhiYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fhamFGY+txt1UOplrnhPkn1JD8i
N1cauL90t7S4Eq5wmC0aJRcyiH4H8f+hFkINj7+2fxl4+YmtE2XgsoSQ9bCgY/tZ
BB35ZIbOlBOQZF/NH6Gg8RItUV8SBsC6WY8ja4VhcEcpx8li8ywDxQSUNb947trY
+NGZStTyiVaz8/w1sg8p/1fMVTZybiepIOJqrutRFYbNSa9CVStaBLA9ghEZExVY
oP3afjmxUxx0hKPfwtQ94Vxke8axweBT3BuSTQkOulIyUCFf5MtaY0HodoQA+4EX
erIZ7BvuxopAPB32A5oXe852uaH7KFYIjYU1wJtGhTMIyC/rDow+GS/sUwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPtsv2iFSx2jY5qYrRhajT5uyLxKMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMS0yeV9hSVZMSGFOam1waXRHRnFOUG03SXZFby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFi
Yy8xL1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBDBggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAS2JogME
ArngJAMEALn+nAMEALn+ngMEAMIpdgMEAcMcsgMEAMMiQjANBgkqhkiG9w0BAQsF
AAOCAQEAIBbuu8CaV/TEx4iCrzYRhJhJPOGY1/wJQPyQgig1VOcc+68tCQcJhmgF
IHkAyNqlCRZE8jn9CKjbv7yONUo9st0Hvex5k4S3a09SQj42VBA8NFKngyWuUK5M
AO8aQTu4iG0WYfzyyP2RCYEIPcE3acXpBqLKTKb4XT0Srs/v1b7DmsAFjXmJHV9v
GtfthVl+S+r11HYV8jFEbEDHoU3frQgEt4+EGuax0tsdZFtI/kqwbTf1Tz7Z5BeC
1rdAqP6egwYumWyzdz2IVd/BEJxQstC58s6eQYKOgdfa9F5ptkSFlmiD1QTl9y+J
IAR4RQSrNo3rK+mBipuQDpFnkGbEMA==
-----END CERTIFICATE-----
Generated at Mon May 5 19:13:38 2025 by rpki-client