Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/V63W0aVBLx51NnINgD_iQeLMOyw.roa
File: V63W0aVBLx51NnINgD_iQeLMOyw.roa (raw, json)
Hash identifier: FLA4TSQ4UunV1xOhrn0rSmh7Oq3MF9Le3VUmM3hfUww=
Subject key identifier: 57:AD:D6:D1:A5:41:2F:1E:75:36:72:0D:80:3F:E2:41:E2:CC:3B:2C
Certificate issuer: /CN=3d8012fa14ace7a0c3bd2e82e0a29d9a44bfe290
Certificate serial: 019427464B72AF111B2E382A2ECE113E7333
Authority key identifier: 3D:80:12:FA:14:AC:E7:A0:C3:BD:2E:82:E0:A2:9D:9A:44:BF:E2:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/V63W0aVBLx51NnINgD_iQeLMOyw.roa
Signing time: Thu 02 Jan 2025 13:48:25 +0000
ROA not before: Thu 02 Jan 2025 13:48:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209137
IP address blocks: 5.180.168.0/22 maxlen: 22
5.180.168.0/23 maxlen: 23
5.180.168.0/24 maxlen: 24
5.180.169.0/24 maxlen: 24
5.180.170.0/23 maxlen: 23
5.180.170.0/24 maxlen: 24
5.180.171.0/24 maxlen: 24
185.170.136.0/22 maxlen: 22
185.170.136.0/23 maxlen: 23
185.170.136.0/24 maxlen: 24
185.170.137.0/24 maxlen: 24
185.170.138.0/24 maxlen: 24
185.170.139.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/PYAS-hSs56DDvS6C4KKdmkS_4pA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/PYAS-hSs56DDvS6C4KKdmkS_4pA.mft
rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 16:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:46:4b:72:af:11:1b:2e:38:2a:2e:ce:11:3e:73:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d8012fa14ace7a0c3bd2e82e0a29d9a44bfe290
Validity
Not Before: Jan 2 13:48:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=57add6d1a5412f1e7536720d803fe241e2cc3b2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:40:db:e1:44:bb:93:81:02:75:36:39:fb:59:
fc:df:33:5e:ee:ca:8e:b7:18:45:6a:76:9d:f8:62:
da:e4:9c:97:ae:b9:9d:f0:82:62:c9:2e:d4:00:02:
fd:d7:f3:b3:3b:e5:3b:01:0b:6e:fc:ed:31:87:44:
43:2c:7e:f6:2d:a6:ec:a3:51:36:06:56:b4:1a:ca:
d2:6b:48:c9:f4:05:cc:a0:be:17:68:a2:4e:28:43:
2c:c6:2d:51:1d:68:f7:e5:28:e4:36:65:63:7c:30:
ae:97:8c:c5:1c:12:bc:52:22:b9:a0:0a:74:e4:67:
b2:0d:19:20:b9:f2:cf:ad:8c:e8:62:a4:f5:c2:68:
ec:a2:a9:2f:72:93:60:04:95:0b:e3:29:71:ca:43:
05:05:bb:e0:03:cb:c0:0d:77:ee:3b:02:1e:f0:28:
24:71:40:3b:69:bf:17:23:17:9d:41:3b:19:6d:d8:
df:fb:e8:71:9c:5b:eb:e5:1e:b1:6e:2c:83:30:89:
7b:1c:82:91:61:d9:87:46:f1:33:50:cd:5f:0e:23:
68:c9:8e:3b:10:36:a5:7a:a1:d3:01:ca:f6:e1:ed:
c6:aa:a4:e9:66:dc:36:a8:c3:55:f0:08:3d:99:e4:
1d:6f:b9:1e:05:a4:8e:42:54:af:36:af:66:19:bb:
b2:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:AD:D6:D1:A5:41:2F:1E:75:36:72:0D:80:3F:E2:41:E2:CC:3B:2C
X509v3 Authority Key Identifier:
keyid:3D:80:12:FA:14:AC:E7:A0:C3:BD:2E:82:E0:A2:9D:9A:44:BF:E2:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/V63W0aVBLx51NnINgD_iQeLMOyw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/PYAS-hSs56DDvS6C4KKdmkS_4pA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.168.0/22
185.170.136.0/22
Signature Algorithm: sha256WithRSAEncryption
64:4e:a1:dd:16:19:cc:a5:71:16:e3:d7:5d:54:7e:b6:ca:f1:
c0:4a:65:a4:62:a6:d1:46:c0:7b:23:5b:47:d5:08:ca:75:cc:
8b:22:36:11:4f:35:4a:b4:fd:8c:3f:f8:71:f1:a8:8b:1b:07:
89:73:f9:af:5e:c3:90:e6:e3:67:17:dc:56:8d:da:20:89:bf:
33:11:a0:e9:3f:6a:4a:fc:7a:91:bc:60:ad:cd:4c:2e:29:3a:
95:b1:47:a1:80:e1:16:1c:9a:54:5b:0f:2f:22:bb:34:b3:3e:
56:6b:a4:ed:8d:be:58:60:f0:87:3f:a9:01:7a:d9:3b:29:e8:
32:a2:06:44:de:77:6d:7e:61:58:4e:26:9b:b4:4c:3d:de:7f:
58:7c:cc:89:9c:b5:b2:4a:9d:7f:2f:d7:97:ef:0f:83:b6:ae:
45:21:52:9c:a0:4e:75:10:39:3c:d3:43:ff:d7:3a:dd:f7:f6:
e6:ca:80:f3:e7:72:6c:19:ca:5d:d9:46:a0:4b:cd:a1:43:8c:
3c:af:15:c7:0f:c5:5b:70:fe:df:af:ce:66:c3:a2:42:9e:46:
b1:d2:69:19:28:07:dd:a9:8b:d2:a5:eb:d4:97:2e:cf:2b:e1:
0e:c0:61:05:da:8c:3d:11:c2:f1:4c:0a:ff:b5:8d:b7:e2:bd:
9b:3b:bf:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnRktyrxEbLjgqLs4RPnMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkODAxMmZhMTRhY2U3YTBjM2JkMmU4MmUwYTI5ZDlhNDRi
ZmUyOTAwHhcNMjUwMTAyMTM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2FkZDZkMWE1NDEyZjFlNzUzNjcyMGQ4MDNmZTI0MWUyY2MzYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEDb4US7k4ECdTY5+1n83zNe7sqO
txhFanad+GLa5JyXrrmd8IJiyS7UAAL91/OzO+U7AQtu/O0xh0RDLH72Labso1E2
Bla0GsrSa0jJ9AXMoL4XaKJOKEMsxi1RHWj35SjkNmVjfDCul4zFHBK8UiK5oAp0
5GeyDRkgufLPrYzoYqT1wmjsoqkvcpNgBJUL4ylxykMFBbvgA8vADXfuOwIe8Cgk
cUA7ab8XIxedQTsZbdjf++hxnFvr5R6xbiyDMIl7HIKRYdmHRvEzUM1fDiNoyY47
EDaleqHTAcr24e3GqqTpZtw2qMNV8Ag9meQdb7keBaSOQlSvNq9mGbuyrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFet1tGlQS8edTZyDYA/4kHizDssMB8GA1UdIwQY
MBaAFD2AEvoUrOegw70uguCinZpEv+KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlBUy1oU3M1NkREdlM2QzRLS2Rta1NfNHBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lZjVlZDEtYmRlZS00NjM5LTkyNDgt
NzdmODRjNTYyYTVmLzEvVjYzVzBhVkJMeDUxTm5JTmdEX2lRZUxNT3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lZjVlZDEtYmRlZS00NjM5LTkyNDgtNzdmODRjNTYyYTVm
LzEvUFlBUy1oU3M1NkREdlM2QzRLS2Rta1NfNHBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBbSoAwQC
uaqIMA0GCSqGSIb3DQEBCwUAA4IBAQBkTqHdFhnMpXEW49ddVH62yvHASmWkYqbR
RsB7I1tH1QjKdcyLIjYRTzVKtP2MP/hx8aiLGweJc/mvXsOQ5uNnF9xWjdogib8z
EaDpP2pK/HqRvGCtzUwuKTqVsUehgOEWHJpUWw8vIrs0sz5Wa6Ttjb5YYPCHP6kB
etk7KegyogZE3ndtfmFYTiabtEw93n9YfMyJnLWySp1/L9eX7w+Dtq5FIVKcoE51
EDk800P/1zrd9/bmyoDz53JsGcpd2UagS82hQ4w8rxXHD8VbcP7fr85mw6JCnkax
0mkZKAfdqYvSpevUly7PK+EOwGEF2ow9EcLxTAr/tY234r2bO7/L
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:25:09 2025 by rpki-client