Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/URhndB2z4bBAh3ApjFvckcVFg-o.roa
File: URhndB2z4bBAh3ApjFvckcVFg-o.roa (raw, json)
Hash identifier: 8fCApbL0btkJ/iY0cLD4A30Cl8V8tS6A1W9MGWYX73Q=
Subject key identifier: 51:18:67:74:1D:B3:E1:B0:40:87:70:29:8C:5B:DC:91:C5:45:83:EA
Certificate issuer: /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial: 01955BACB3EB6B11EC0AD4FC8F211EC9F980
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/URhndB2z4bBAh3ApjFvckcVFg-o.roa
Signing time: Mon 03 Mar 2025 11:03:19 +0000
ROA not before: Mon 03 Mar 2025 11:03:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 178.236.224.0/23 maxlen: 24
178.236.226.0/24 maxlen: 24
178.236.227.0/24 maxlen: 24
178.236.235.0/24 maxlen: 24
178.236.236.0/24 maxlen: 24
178.236.238.0/23 maxlen: 24
185.2.49.0/24 maxlen: 24
185.2.50.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:5b:ac:b3:eb:6b:11:ec:0a:d4:fc:8f:21:1e:c9:f9:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Validity
Not Before: Mar 3 11:03:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=511867741db3e1b0408770298c5bdc91c54583ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:62:46:8e:ad:23:fd:e6:95:9a:2f:83:ef:89:
fb:c5:5f:33:4d:e8:a3:66:2a:ca:1c:59:bf:32:c8:
e1:2b:ab:62:3b:d8:ea:97:7f:47:18:26:79:d1:80:
54:6d:4e:16:c3:37:2b:6a:88:6c:41:ee:f9:b8:69:
37:e6:4f:c3:f2:56:7b:ba:fa:45:9c:88:0f:aa:a1:
58:d9:76:36:70:9e:f8:a4:b4:44:12:b3:e3:d0:4b:
6d:6d:2e:50:33:0e:03:12:07:95:52:f0:c3:90:ea:
7a:46:6b:38:33:28:42:08:f7:13:64:2b:5d:1c:d0:
b7:83:c3:37:0b:6d:5d:1c:19:3a:5f:f1:d3:cf:f4:
c0:e0:49:20:8e:b8:4e:69:54:53:fc:ae:88:56:24:
69:b3:8d:01:21:02:02:22:22:f5:0e:95:76:a6:a1:
a0:90:9f:17:f8:84:75:1a:63:4e:e4:88:bb:dc:b7:
14:a6:58:bf:1f:11:19:f8:55:b0:ea:fe:93:1c:66:
cf:e7:e1:5b:c1:59:85:60:22:35:1a:26:ca:bd:c7:
24:6a:b6:76:3f:aa:2e:ba:93:4b:e6:12:d4:5a:82:
25:83:9b:48:42:81:50:7c:7d:1a:61:b4:48:bb:4d:
89:22:41:34:86:15:a2:58:bf:a6:1d:9b:ad:f4:16:
7c:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:18:67:74:1D:B3:E1:B0:40:87:70:29:8C:5B:DC:91:C5:45:83:EA
X509v3 Authority Key Identifier:
keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/URhndB2z4bBAh3ApjFvckcVFg-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.236.224.0/22
178.236.235.0-178.236.236.255
178.236.238.0/23
185.2.49.0-185.2.51.255
Signature Algorithm: sha256WithRSAEncryption
5b:23:39:b9:17:7c:ad:24:eb:95:d1:8a:d6:70:40:d9:02:92:
cd:fc:e4:08:de:66:42:66:47:e6:3f:56:8b:e5:ea:23:72:c3:
2b:c7:21:d4:83:ce:ff:9a:e6:b2:aa:4e:7f:1d:b9:1c:75:b6:
ea:45:50:be:a8:5e:52:6c:fd:2d:7c:6b:4d:44:3a:fd:5f:ee:
f4:e0:7f:33:8a:b9:c4:c5:7b:3b:70:2d:6b:5c:df:48:09:36:
1d:fa:6b:ce:96:26:a0:64:78:11:70:0d:d0:f6:c8:f0:19:37:
52:07:48:67:e6:b2:01:ee:75:d5:e6:1d:e5:50:3f:a8:00:3b:
0c:8e:58:a7:83:7d:fd:01:82:7f:b3:be:22:69:0f:44:f0:2b:
9d:0e:ef:d9:e3:38:38:cf:89:30:f2:57:df:ac:72:ed:b5:08:
58:1c:d4:f0:18:b6:ab:b7:e5:39:d2:8d:82:59:6c:29:45:14:
8f:ff:e3:2d:26:87:6a:57:a1:bd:51:82:13:77:b0:d6:34:c0:
3f:9e:18:b2:0a:ea:dc:b7:6e:2f:ef:bc:0c:eb:58:34:05:fc:
c8:37:2b:6a:e7:92:c1:2f:cf:13:cc:dd:e3:f1:c2:c7:a2:c6:
a4:00:56:8b:35:02:f2:9a:37:1c:94:e0:64:87:59:0b:4f:0c:
15:aa:90:ae
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZVbrLPraxHsCtT8jyEeyfmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjUwMzAzMTEwMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTE4Njc3NDFkYjNlMWIwNDA4NzcwMjk4YzViZGM5MWM1NDU4M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWJGjq0j/eaVmi+D74n7xV8zTeij
ZirKHFm/MsjhK6tiO9jql39HGCZ50YBUbU4WwzcraohsQe75uGk35k/D8lZ7uvpF
nIgPqqFY2XY2cJ74pLREErPj0EttbS5QMw4DEgeVUvDDkOp6Rms4MyhCCPcTZCtd
HNC3g8M3C21dHBk6X/HTz/TA4EkgjrhOaVRT/K6IViRps40BIQICIiL1DpV2pqGg
kJ8X+IR1GmNO5Ii73LcUpli/HxEZ+FWw6v6THGbP5+FbwVmFYCI1GibKvcckarZ2
P6ouupNL5hLUWoIlg5tIQoFQfH0aYbRIu02JIkE0hhWiWL+mHZut9BZ8SwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFFEYZ3Qds+GwQIdwKYxb3JHFRYPqMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvVVJobmRCMno0YkJBaDNBcGpGdmNrY1ZGZy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCsuzgMAwD
BACy7OsDBACy7OwDBAGy7O4wDAMEALkCMQMEArkCMDANBgkqhkiG9w0BAQsFAAOC
AQEAWyM5uRd8rSTrldGK1nBA2QKSzfzkCN5mQmZH5j9Wi+XqI3LDK8ch1IPO/5rm
sqpOfx25HHW26kVQvqheUmz9LXxrTUQ6/V/u9OB/M4q5xMV7O3Ata1zfSAk2Hfpr
zpYmoGR4EXAN0PbI8Bk3UgdIZ+ayAe511eYd5VA/qAA7DI5Yp4N9/QGCf7O+ImkP
RPArnQ7v2eM4OM+JMPJX36xy7bUIWBzU8Bi2q7flOdKNgllsKUUUj//jLSaHaleh
vVGCE3ew1jTAP54Ysgrq3LduL++8DOtYNAX8yDcraueSwS/PE8zd4/HCx6LGpABW
izUC8po3HJTgZIdZC08MFaqQrg==
-----END CERTIFICATE-----
Generated at Sat Apr 5 11:10:00 2025 by rpki-client