Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1CZTOdDSLwBkIcYwbG2IQq9mfGo.roa
File: 1CZTOdDSLwBkIcYwbG2IQq9mfGo.roa (raw, json)
Hash identifier: wSg5xbNwWpvI6fjc30jLfYK2OHTE0/vX/DzBzagwEEg=
Subject key identifier: D4:26:53:39:D0:D2:2F:00:64:21:C6:30:6C:6D:88:42:AF:66:7C:6A
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0196869236538EA186FD7559835E32DED8C3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1CZTOdDSLwBkIcYwbG2IQq9mfGo.roa
Signing time: Wed 30 Apr 2025 12:00:51 +0000
ROA not before: Wed 30 Apr 2025 12:00:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212830
IP address blocks: 95.214.144.0/22 maxlen: 24
185.119.48.0/22 maxlen: 24
185.128.52.0/22 maxlen: 24
185.175.152.0/22 maxlen: 24
185.199.44.0/22 maxlen: 24
185.223.60.0/22 maxlen: 24
194.124.68.0/23 maxlen: 24
194.124.68.0/24 maxlen: 24
194.124.70.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 18:19:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:86:92:36:53:8e:a1:86:fd:75:59:83:5e:32:de:d8:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Apr 30 12:00:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4265339d0d22f006421c6306c6d8842af667c6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:f2:b1:ac:a0:6f:5f:02:b4:3a:ef:17:d9:0a:
64:7c:55:a8:da:b6:be:1f:a1:19:0d:97:0f:55:16:
b6:be:48:09:f0:c8:5a:43:97:62:22:22:b4:34:a2:
7d:1f:14:39:0b:79:40:41:17:24:c5:d4:ae:6e:06:
36:80:2a:07:ed:24:82:52:2f:1f:88:5a:8c:eb:ed:
1f:9f:61:73:34:8b:af:cf:d5:1f:76:d4:c4:5a:48:
34:04:13:89:c1:ae:4b:eb:7e:83:28:b0:38:98:89:
c3:51:d3:21:21:d0:d5:4a:a9:ce:11:72:a0:98:1c:
0f:62:4b:18:a3:9e:47:bb:db:5b:ae:1b:86:cc:1d:
cc:cd:a5:3e:c1:0a:13:29:5c:59:a7:e4:5a:93:32:
b7:40:af:6f:8b:17:e5:2b:13:c3:4e:ad:ba:85:e9:
dc:15:10:9b:da:e6:32:04:ad:59:87:02:15:97:85:
35:e3:d1:3d:f6:e5:4e:ac:73:ea:28:b8:a6:58:44:
09:93:85:c9:ed:60:9f:ab:ef:62:33:c4:50:48:5c:
35:51:93:21:b4:ab:99:ed:c1:4c:7e:64:98:fd:5b:
1c:27:90:cb:22:30:d5:74:ce:fc:3a:c5:2d:a5:f3:
81:83:f3:ae:da:af:4f:d0:d3:75:f6:a1:5a:a3:e4:
52:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:26:53:39:D0:D2:2F:00:64:21:C6:30:6C:6D:88:42:AF:66:7C:6A
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1CZTOdDSLwBkIcYwbG2IQq9mfGo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.214.144.0/22
185.119.48.0/22
185.128.52.0/22
185.175.152.0/22
185.199.44.0/22
185.223.60.0/22
194.124.68.0/22
Signature Algorithm: sha256WithRSAEncryption
4a:6c:5e:4c:91:8d:d3:96:18:39:07:d0:8f:c2:40:a1:4f:c9:
35:fe:91:ec:9e:f5:a3:44:96:d3:56:f2:42:b0:57:f2:b0:5b:
11:88:55:9e:ce:30:5d:55:34:ec:bf:88:f1:58:de:c5:00:06:
c3:f7:72:1d:36:6f:45:0c:d8:10:08:8e:b9:7a:b6:05:78:1a:
17:ee:e6:82:1d:05:4f:ec:4c:64:9a:33:46:9e:3f:93:8a:f2:
cb:c4:50:42:8f:d3:14:8c:37:9f:8f:e7:62:5e:25:ba:ba:3d:
2f:98:3c:ed:c2:b4:10:b2:6b:ed:ea:6d:01:94:bd:20:ab:6f:
d6:0e:48:18:ba:be:82:75:02:e9:20:95:bb:79:7b:79:01:0c:
85:b2:fe:77:3b:2c:df:43:96:ee:a4:4d:15:b0:52:81:90:f9:
eb:2a:2f:ba:af:78:85:a0:f7:b5:46:c8:11:05:f6:a0:3f:e7:
78:33:00:1b:c4:ea:fa:fd:22:6b:df:ed:2d:be:b3:e6:f5:63:
c3:40:94:34:e0:fe:da:d9:aa:bd:3a:d9:20:da:fe:2f:1b:d8:
86:5f:51:41:ea:ab:41:4c:a2:50:48:e8:17:51:82:ed:78:ea:
63:c8:f4:d1:75:a6:91:b8:66:4e:b8:e7:0a:fa:9d:c1:43:20:
9a:29:0d:8c
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZaGkjZTjqGG/XVZg14y3tjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDMwMTIwMDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDI2NTMzOWQwZDIyZjAwNjQyMWM2MzA2YzZkODg0MmFmNjY3YzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/KxrKBvXwK0Ou8X2QpkfFWo2ra+
H6EZDZcPVRa2vkgJ8MhaQ5diIiK0NKJ9HxQ5C3lAQRckxdSubgY2gCoH7SSCUi8f
iFqM6+0fn2FzNIuvz9UfdtTEWkg0BBOJwa5L636DKLA4mInDUdMhIdDVSqnOEXKg
mBwPYksYo55Hu9tbrhuGzB3MzaU+wQoTKVxZp+RakzK3QK9vixflKxPDTq26henc
FRCb2uYyBK1ZhwIVl4U149E99uVOrHPqKLimWEQJk4XJ7WCfq+9iM8RQSFw1UZMh
tKuZ7cFMfmSY/VscJ5DLIjDVdM78OsUtpfOBg/Ou2q9P0NN19qFao+RSywIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNQmUznQ0i8AZCHGMGxtiEKvZnxqMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMUNaVE9kRFNMd0JrSWNZd2JHMklRcTltZkdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCX9aQAwQC
uXcwAwQCuYA0AwQCua+YAwQCuccsAwQCud88AwQCwnxEMA0GCSqGSIb3DQEBCwUA
A4IBAQBKbF5MkY3Tlhg5B9CPwkChT8k1/pHsnvWjRJbTVvJCsFfysFsRiFWezjBd
VTTsv4jxWN7FAAbD93IdNm9FDNgQCI65erYFeBoX7uaCHQVP7ExkmjNGnj+TivLL
xFBCj9MUjDefj+diXiW6uj0vmDztwrQQsmvt6m0BlL0gq2/WDkgYur6CdQLpIJW7
eXt5AQyFsv53OyzfQ5bupE0VsFKBkPnrKi+6r3iFoPe1RsgRBfagP+d4MwAbxOr6
/SJr3+0tvrPm9WPDQJQ04P7a2aq9Otkg2v4vG9iGX1FB6qtBTKJQSOgXUYLteOpj
yPTRdaaRuGZOuOcK+p3BQyCaKQ2M
-----END CERTIFICATE-----
Generated at Tue May 6 03:42:44 2025 by rpki-client