Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/EFrmvdYAVAISDnJyY9LHHEwKIkE.roa
File: EFrmvdYAVAISDnJyY9LHHEwKIkE.roa (raw, json)
Hash identifier: VVoG4KmLy8MCQlXZBg6STGy/fzjISq/IYVzwvcg57xg=
Subject key identifier: 10:5A:E6:BD:D6:00:54:02:12:0E:72:72:63:D2:C7:1C:4C:0A:22:41
Certificate issuer: /CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
Certificate serial: 0194206856563E8C02CFF396423B2F6F59C8
Authority key identifier: 04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/EFrmvdYAVAISDnJyY9LHHEwKIkE.roa
Signing time: Wed 01 Jan 2025 05:48:16 +0000
ROA not before: Wed 01 Jan 2025 05:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39176
IP address blocks: 185.86.52.0/23 maxlen: 23
185.86.52.0/24 maxlen: 24
185.86.53.0/24 maxlen: 24
185.86.54.0/24 maxlen: 24
185.86.55.0/24 maxlen: 24
2a05:b500:52::/48 maxlen: 48
2a05:b500:53::/48 maxlen: 48
2a05:b500:54::/48 maxlen: 48
2a05:b500:55::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 07:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:56:56:3e:8c:02:cf:f3:96:42:3b:2f:6f:59:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
Validity
Not Before: Jan 1 05:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=105ae6bdd6005402120e727263d2c71c4c0a2241
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:b7:ea:79:d7:03:ed:da:20:2d:dc:22:93:06:
9d:15:15:13:e5:c8:7c:e2:75:1c:fc:be:c4:f6:d8:
46:db:3d:ea:3f:27:6d:00:98:81:7a:b2:aa:e0:1a:
fb:57:53:68:33:70:52:fc:8e:05:dd:48:ce:45:2c:
4e:85:c8:6b:84:87:37:86:61:26:21:bf:8a:db:ca:
09:9a:d1:9e:36:3c:2d:84:e3:38:42:94:51:c4:62:
38:54:80:f7:d6:14:a9:fa:19:3c:3d:c1:8c:2e:2c:
5d:79:be:8f:4d:11:df:ec:c7:cb:61:92:aa:f8:b7:
75:b8:a6:20:d1:3b:7b:9e:e2:a6:13:b0:73:ce:ff:
bd:ae:c5:9e:5b:f5:a3:6a:ed:80:d0:3f:f3:df:c0:
af:7d:69:b4:ad:b0:00:ed:d7:31:b3:2e:b8:90:2a:
bc:63:ca:45:29:8c:1b:b6:a3:1a:79:cb:0f:31:23:
39:4a:a9:ad:82:e9:26:6c:86:62:f3:b4:72:36:5d:
50:ba:17:91:47:50:ab:41:2c:90:46:b3:e3:7c:44:
dc:d8:6c:ef:57:14:a6:00:d1:7d:a7:46:06:5d:18:
14:41:9c:f8:e4:3d:5c:d4:7f:e2:c3:48:ce:67:28:
3d:e1:fa:8f:49:d0:ad:dc:d3:4f:41:38:15:1a:6f:
e1:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:5A:E6:BD:D6:00:54:02:12:0E:72:72:63:D2:C7:1C:4C:0A:22:41
X509v3 Authority Key Identifier:
keyid:04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/EFrmvdYAVAISDnJyY9LHHEwKIkE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.86.52.0/22
IPv6:
2a05:b500:52::-2a05:b500:55:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
82:89:6b:51:1b:20:af:28:0c:6f:92:27:27:48:60:df:65:a1:
25:32:7b:5c:e6:0a:fd:23:98:a0:ef:f9:e3:eb:2a:7e:96:67:
7f:9f:01:ec:11:79:bb:49:3f:4a:3a:c9:97:51:02:16:7f:78:
f1:33:65:0c:b4:af:6e:05:90:7b:ac:60:c9:f2:73:70:3a:06:
25:93:15:cc:0a:f9:9e:8a:52:7e:3d:49:48:e0:9d:e7:e5:ed:
17:05:2c:2e:1d:cf:2f:f7:11:a7:c9:18:1e:fc:86:29:5a:ac:
0e:cd:39:0c:4f:13:af:b2:b3:57:fc:15:8f:54:46:8b:91:29:
e8:e9:ba:cc:ac:21:16:63:ab:26:0f:ab:f1:b4:0b:83:be:46:
93:83:b9:cd:4c:83:47:45:af:00:36:e2:f3:94:8b:9e:3d:60:
6f:34:73:95:3f:ce:be:36:8e:ca:b7:00:ef:20:4f:8b:17:cc:
38:30:b2:5d:ca:da:a2:c8:9a:d7:e4:31:3a:88:bd:8b:cf:be:
e6:d1:af:9d:11:b1:38:45:13:ff:94:b8:37:09:c6:5c:12:b3:
84:d8:fc:a8:cd:50:b5:9c:ee:9e:ba:73:77:95:6d:32:1b:a9:
35:c2:a4:98:64:6e:33:ac:3d:8f:e7:24:3c:b3:cc:4f:31:76:
a1:62:b9:3f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQgaFZWPowCz/OWQjsvb1nIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NzMyYjk4NWY4ZjYzZmY4YWU4ZWFjN2M3MDgzMmIzMGNl
ZTgwYWQwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDVhZTZiZGQ2MDA1NDAyMTIwZTcyNzI2M2QyYzcxYzRjMGEyMjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7fqedcD7dogLdwikwadFRUT5ch8
4nUc/L7E9thG2z3qPydtAJiBerKq4Br7V1NoM3BS/I4F3UjORSxOhchrhIc3hmEm
Ib+K28oJmtGeNjwthOM4QpRRxGI4VID31hSp+hk8PcGMLixdeb6PTRHf7MfLYZKq
+Ld1uKYg0Tt7nuKmE7Bzzv+9rsWeW/Wjau2A0D/z38CvfWm0rbAA7dcxsy64kCq8
Y8pFKYwbtqMaecsPMSM5SqmtgukmbIZi87RyNl1QuheRR1CrQSyQRrPjfETc2Gzv
VxSmANF9p0YGXRgUQZz45D1c1H/iw0jOZyg94fqPSdCt3NNPQTgVGm/hJQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFBBa5r3WAFQCEg5ycmPSxxxMCiJBMB8GA1UdIwQY
MBaAFARzK5hfj2P/iujqx8cIMrMM7oCtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDct
YWRhMjcwODI1MjE4LzEvRUZybXZkWUFWQUlTRG5KeVk5TEhIRXdLSWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDctYWRhMjcwODI1MjE4
LzEvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQCuVY0MBoE
AgACMBQwEgMHASoFtQAAUgMHASoFtQAAVDANBgkqhkiG9w0BAQsFAAOCAQEAgolr
URsgrygMb5InJ0hg32WhJTJ7XOYK/SOYoO/54+sqfpZnf58B7BF5u0k/SjrJl1EC
Fn948TNlDLSvbgWQe6xgyfJzcDoGJZMVzAr5nopSfj1JSOCd5+XtFwUsLh3PL/cR
p8kYHvyGKVqsDs05DE8Tr7KzV/wVj1RGi5Ep6Om6zKwhFmOrJg+r8bQLg75Gk4O5
zUyDR0WvADbi85SLnj1gbzRzlT/OvjaOyrcA7yBPixfMODCyXcraosia1+QxOoi9
i8++5tGvnRGxOEUT/5S4NwnGXBKzhNj8qM1QtZzunrpzd5VtMhupNcKkmGRuM6w9
j+ckPLPMTzF2oWK5Pw==
-----END CERTIFICATE-----
Generated at Tue Apr 8 09:38:45 2025 by rpki-client