Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LkWj5PAf-bLlOqIxvLFBYS2vjsk.roa
File: LkWj5PAf-bLlOqIxvLFBYS2vjsk.roa (raw, json)
Hash identifier: GV1HhuOSIGYRHOoGyfgjDmEDWLrIifyxI2fX6/H6eW8=
Subject key identifier: 2E:45:A3:E4:F0:1F:F9:B2:E5:3A:A2:31:BC:B1:41:61:2D:AF:8E:C9
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019685DC513FA68E1E73B55D8F7EC3CBC7FC
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LkWj5PAf-bLlOqIxvLFBYS2vjsk.roa
Signing time: Wed 30 Apr 2025 08:42:10 +0000
ROA not before: Wed 30 Apr 2025 08:42:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 45.90.17.0/24 maxlen: 24
176.125.248.0/24 maxlen: 24
185.240.122.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:85:dc:51:3f:a6:8e:1e:73:b5:5d:8f:7e:c3:cb:c7:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Apr 30 08:42:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2e45a3e4f01ff9b2e53aa231bcb141612daf8ec9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:9b:bf:5a:84:ee:87:1b:c0:f8:a0:c8:12:ee:
38:2b:c3:83:7f:52:57:d9:28:d7:c7:27:13:40:56:
fa:05:ca:58:6c:22:c0:0b:8d:aa:0d:e6:3d:37:63:
bd:c5:ca:80:92:7e:73:a7:8d:0e:19:96:4f:47:48:
f5:11:79:47:2c:82:7f:e3:1c:b7:e7:6c:43:f5:b8:
07:f8:e7:17:41:19:2d:e7:f2:e1:b9:e5:18:db:8c:
e2:51:06:26:09:4b:e3:e9:cd:c3:2a:4f:a8:43:85:
f2:51:8e:3a:bb:d3:62:85:61:b5:8b:22:e1:f4:52:
2f:1c:2b:05:cd:3b:31:c4:d8:97:f9:3d:a9:7f:39:
39:10:32:2c:66:af:a7:f0:7f:d2:32:56:1b:0e:69:
95:3e:37:fb:ab:3d:7c:43:24:2c:a8:24:03:01:1d:
a8:81:c2:bd:58:c4:9c:06:e1:20:df:69:e3:ef:df:
84:eb:60:df:18:a6:ba:7d:bf:86:51:e7:a6:96:c0:
33:af:df:72:cb:82:e2:c0:3e:bf:5f:a3:49:73:7b:
86:3b:05:33:eb:27:61:96:db:05:38:e9:0a:dc:4c:
ca:98:e9:7c:c7:d2:9f:fa:c3:6e:1e:bc:4e:35:56:
ec:19:29:9c:03:60:f9:5c:bc:68:f2:dc:43:ac:90:
41:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:45:A3:E4:F0:1F:F9:B2:E5:3A:A2:31:BC:B1:41:61:2D:AF:8E:C9
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LkWj5PAf-bLlOqIxvLFBYS2vjsk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.17.0/24
176.125.248.0/24
185.240.122.0/24
185.251.231.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:2f:26:ff:aa:30:50:f2:76:ee:fd:d1:ed:10:1f:47:5e:3f:
27:1a:0c:97:9e:ed:19:86:f3:d2:6d:2a:10:e7:88:af:a9:88:
33:0e:0e:82:18:fe:d0:9d:2f:11:09:69:68:23:28:8d:48:c8:
33:44:9f:d8:72:2c:0d:43:06:47:e3:2c:9c:95:02:b6:9e:3f:
0b:05:e5:a5:08:2e:1e:a5:65:ae:f8:73:07:10:53:b9:c4:c5:
b5:1b:92:c1:c3:32:05:a0:0c:8e:c6:8c:af:55:47:e7:5e:71:
da:c5:78:08:d6:e7:f6:fa:f5:f7:a9:c7:ac:8f:62:1c:7c:6b:
3b:7e:8b:69:ce:ec:2e:cb:87:43:6e:b4:59:9a:f3:48:a7:1e:
28:05:8e:39:a2:c7:b5:f1:7a:d3:64:e0:9e:7a:1f:7e:2f:08:
4a:71:a5:9b:52:e5:d5:63:b9:09:60:e2:1e:19:9a:ef:02:77:
4d:f9:d7:f3:ee:a5:ee:29:47:59:48:af:e2:6d:7d:b6:dd:ca:
68:9a:a7:27:aa:45:6a:35:b5:8d:9d:6e:11:68:69:69:56:cc:
2b:13:04:a0:29:f9:77:2c:93:2b:21:ce:be:0b:74:98:46:5d:
ca:2c:7a:ac:b0:24:7d:da:d8:20:21:8e:3e:1a:5a:06:95:ad:
f7:21:f6:d4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZaF3FE/po4ec7Vdj37Dy8f8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDMwMDg0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQ1YTNlNGYwMWZmOWIyZTUzYWEyMzFiY2IxNDE2MTJkYWY4ZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZu/WoTuhxvA+KDIEu44K8ODf1JX
2SjXxycTQFb6BcpYbCLAC42qDeY9N2O9xcqAkn5zp40OGZZPR0j1EXlHLIJ/4xy3
52xD9bgH+OcXQRkt5/LhueUY24ziUQYmCUvj6c3DKk+oQ4XyUY46u9NihWG1iyLh
9FIvHCsFzTsxxNiX+T2pfzk5EDIsZq+n8H/SMlYbDmmVPjf7qz18QyQsqCQDAR2o
gcK9WMScBuEg32nj79+E62DfGKa6fb+GUeemlsAzr99yy4LiwD6/X6NJc3uGOwUz
6ydhltsFOOkK3EzKmOl8x9Kf+sNuHrxONVbsGSmcA2D5XLxo8txDrJBBzQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFC5Fo+TwH/my5TqiMbyxQWEtr47JMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTGtXajVQQWYtYkxsT3FJeHZMRkJZUzJ2anNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVoRAwQA
sH34AwQAufB6AwQAufvnMA0GCSqGSIb3DQEBCwUAA4IBAQC0Lyb/qjBQ8nbu/dHt
EB9HXj8nGgyXnu0ZhvPSbSoQ54ivqYgzDg6CGP7QnS8RCWloIyiNSMgzRJ/YciwN
QwZH4yyclQK2nj8LBeWlCC4epWWu+HMHEFO5xMW1G5LBwzIFoAyOxoyvVUfnXnHa
xXgI1uf2+vX3qcesj2IcfGs7fotpzuwuy4dDbrRZmvNIpx4oBY45ose18XrTZOCe
eh9+LwhKcaWbUuXVY7kJYOIeGZrvAndN+dfz7qXuKUdZSK/ibX223cpomqcnqkVq
NbWNnW4RaGlpVswrEwSgKfl3LJMrIc6+C3SYRl3KLHqssCR92tggIY4+GloGla33
IfbU
-----END CERTIFICATE-----
Generated at Mon May 5 17:34:09 2025 by rpki-client