Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/lhCB4VKeVIat8YaI7khS8LgNAz0.roa
File: lhCB4VKeVIat8YaI7khS8LgNAz0.roa (raw, json)
Hash identifier: QGNe/S+LDe3zqs3K0JGfp0BhDLdHDbq+MTuXcKT1Qd0=
Subject key identifier: 96:10:81:E1:52:9E:54:86:AD:F1:86:88:EE:48:52:F0:B8:0D:03:3D
Certificate issuer: /CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Certificate serial: 01955BE48E6C139B3499C23B02178F6F32BE
Authority key identifier: 2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/lhCB4VKeVIat8YaI7khS8LgNAz0.roa
Signing time: Mon 03 Mar 2025 12:04:19 +0000
ROA not before: Mon 03 Mar 2025 12:04:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28787
IP address blocks: 37.61.0.0/17 maxlen: 17
37.61.56.0/21 maxlen: 21
37.61.77.0/24 maxlen: 24
37.61.78.0/24 maxlen: 24
37.61.79.0/24 maxlen: 24
37.61.112.0/22 maxlen: 22
37.61.116.0/22 maxlen: 22
37.61.120.0/22 maxlen: 22
37.61.124.0/22 maxlen: 22
81.17.80.0/20 maxlen: 20
81.17.82.0/24 maxlen: 24
185.30.88.0/22 maxlen: 22
188.253.128.0/19 maxlen: 19
188.253.208.0/22 maxlen: 22
188.253.212.0/22 maxlen: 22
188.253.216.0/22 maxlen: 22
188.253.220.0/22 maxlen: 22
188.253.224.0/21 maxlen: 21
188.253.232.0/21 maxlen: 21
188.253.254.0/24 maxlen: 24
188.253.255.0/24 maxlen: 24
194.135.166.0/23 maxlen: 23
194.135.168.0/23 maxlen: 23
194.135.170.0/24 maxlen: 24
194.135.171.0/24 maxlen: 24
194.135.172.0/24 maxlen: 24
194.135.173.0/24 maxlen: 24
194.135.174.0/24 maxlen: 24
194.135.176.0/24 maxlen: 24
194.135.177.0/24 maxlen: 24
194.135.178.0/24 maxlen: 24
194.135.179.0/24 maxlen: 24
213.154.0.0/19 maxlen: 19
217.64.16.0/20 maxlen: 20
217.64.16.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.mft
rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 03:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:5b:e4:8e:6c:13:9b:34:99:c2:3b:02:17:8f:6f:32:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Validity
Not Before: Mar 3 12:04:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=961081e1529e5486adf18688ee4852f0b80d033d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d5:d5:30:72:61:d5:26:ca:62:d8:38:89:0e:
67:42:60:16:e3:5f:82:9e:11:35:0a:ce:bf:b8:c3:
d6:64:df:f5:55:3b:ca:b5:69:2b:a3:63:bd:44:fd:
8c:fa:fe:4a:17:fa:35:9e:1f:9b:ca:96:2a:a6:64:
95:c7:40:14:5c:34:73:82:4a:1c:89:05:92:57:84:
b2:0a:aa:62:09:d3:0f:79:dc:c5:d1:a6:ca:01:06:
83:bc:d5:68:75:8a:45:20:92:c6:d6:4b:8f:0d:64:
4e:de:f3:cf:dc:ee:18:16:10:70:df:4a:60:4d:ec:
ae:0e:7c:17:12:b2:a0:fc:78:a8:dd:0a:ef:e6:2b:
13:65:c7:f4:9a:36:00:4e:a5:7a:35:5e:9a:3f:6b:
db:73:84:07:5c:b4:a1:b9:aa:fa:55:86:c9:55:3f:
a6:6f:13:d8:0b:3a:6b:ab:51:64:88:6f:a8:ac:e0:
0d:e1:f4:11:81:bb:80:9f:c6:23:ff:da:c7:e7:19:
36:a7:a3:1f:fd:3f:a6:3e:f8:15:37:ef:a5:a4:89:
79:d6:08:f2:da:30:ce:c0:36:27:80:39:d6:c2:d3:
d4:0c:59:86:2a:55:44:a5:d0:07:49:b1:96:43:91:
cd:14:a3:83:4f:33:56:73:54:3d:71:04:c0:55:8a:
e7:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:10:81:E1:52:9E:54:86:AD:F1:86:88:EE:48:52:F0:B8:0D:03:3D
X509v3 Authority Key Identifier:
keyid:2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/lhCB4VKeVIat8YaI7khS8LgNAz0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.61.0.0/17
81.17.80.0/20
185.30.88.0/22
188.253.128.0/19
188.253.208.0-188.253.239.255
188.253.254.0/23
194.135.166.0-194.135.174.255
194.135.176.0/22
213.154.0.0/19
217.64.16.0/20
Signature Algorithm: sha256WithRSAEncryption
b3:a4:16:51:4e:6c:c2:62:6e:71:a6:83:6d:ab:f0:05:5c:fe:
87:be:5f:13:8a:ec:34:19:94:41:2c:23:f6:2b:66:ae:1a:f4:
a3:63:cb:da:d4:1c:06:74:74:63:f6:14:e4:14:07:23:ac:ab:
a6:b7:60:6d:a3:61:cf:b9:ae:a4:44:df:0d:73:5d:1d:79:dd:
3e:bd:73:c2:e7:d0:5f:b5:a8:c9:d7:c4:61:4c:c7:b6:87:d5:
7e:43:c3:b6:7e:b0:35:70:98:75:a0:56:f8:8f:bb:cc:7b:70:
d0:e3:91:e0:6e:27:3a:30:0b:65:04:a2:94:8f:01:57:8b:ad:
c7:b3:2c:07:94:ac:d9:26:a6:0b:23:dd:cc:56:38:71:ca:e5:
23:ad:08:59:9a:a1:c9:45:9f:d4:c6:6c:8b:9c:e1:64:87:2c:
7a:b1:ed:03:cd:38:33:71:eb:20:78:d3:b6:90:e7:48:30:4c:
a4:26:77:de:36:0e:17:34:e7:94:c5:28:b5:10:54:9c:69:83:
f5:1e:24:fe:25:df:f1:c3:0e:37:dd:ec:7b:87:b6:ba:72:52:
52:9b:33:3e:14:02:60:a7:cf:7d:da:09:ab:a9:94:ab:83:5a:
c9:52:82:5e:73:97:dc:2e:70:2e:97:26:bc:03:4a:55:41:e4:
d8:a2:33:61
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZVb5I5sE5s0mcI7AhePbzK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGJlMjI2MjMwZDQwOTljZWVhMGE0YTZjZjRlZDhiOTAy
MDEzNTAwHhcNMjUwMzAzMTIwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjEwODFlMTUyOWU1NDg2YWRmMTg2ODhlZTQ4NTJmMGI4MGQwMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNXVMHJh1SbKYtg4iQ5nQmAW41+C
nhE1Cs6/uMPWZN/1VTvKtWkro2O9RP2M+v5KF/o1nh+bypYqpmSVx0AUXDRzgkoc
iQWSV4SyCqpiCdMPedzF0abKAQaDvNVodYpFIJLG1kuPDWRO3vPP3O4YFhBw30pg
TeyuDnwXErKg/Hio3Qrv5isTZcf0mjYATqV6NV6aP2vbc4QHXLShuar6VYbJVT+m
bxPYCzprq1FkiG+orOAN4fQRgbuAn8Yj/9rH5xk2p6Mf/T+mPvgVN++lpIl51gjy
2jDOwDYngDnWwtPUDFmGKlVEpdAHSbGWQ5HNFKODTzNWc1Q9cQTAVYrnmwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJYQgeFSnlSGrfGGiO5IUvC4DQM9MB8GA1UdIwQY
MBaAFCsL4iYjDUCZzuoKSmz07YuQIBNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTct
ODFmNTY2MTg1YjA2LzEvbGhDQjRWS2VWSWF0OFlhSTdraFM4TGdOQXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTctODFmNTY2MTg1YjA2
LzEvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQHJT0AAwQE
URFQAwQCuR5YAwQFvP2AMAwDBAS8/dADBAS8/eADBAG8/f4wDAMEAcKHpgMEAMKH
rgMEAsKHsAMEBdWaAAMEBNlAEDANBgkqhkiG9w0BAQsFAAOCAQEAs6QWUU5swmJu
caaDbavwBVz+h75fE4rsNBmUQSwj9itmrhr0o2PL2tQcBnR0Y/YU5BQHI6yrprdg
baNhz7mupETfDXNdHXndPr1zwufQX7WoydfEYUzHtofVfkPDtn6wNXCYdaBW+I+7
zHtw0OOR4G4nOjALZQSilI8BV4utx7MsB5Ss2SamCyPdzFY4ccrlI60IWZqhyUWf
1MZsi5zhZIcserHtA804M3HrIHjTtpDnSDBMpCZ33jYOFzTnlMUotRBUnGmD9R4k
/iXf8cMON93se4e2unJSUpszPhQCYKfPfdoJq6mUq4NayVKCXnOX3C5wLpcmvANK
VUHk2KIzYQ==
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:41:15 2025 by rpki-client