Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/sIxfC6vb_F45uySffIKtVbXqOYs.roa
File: sIxfC6vb_F45uySffIKtVbXqOYs.roa (raw, json)
Hash identifier: ++32p2bkxPyvz4Hx8QLxSpYxKyhb3oHx1J6fv7+P8ts=
Subject key identifier: B0:8C:5F:0B:AB:DB:FC:5E:39:BB:24:9F:7C:82:AD:55:B5:EA:39:8B
Certificate issuer: /CN=ad109dee6fbdc256df911460ccc915d066a8ff8b
Certificate serial: 0194236A055C29D7CD2066E344DB22A94A32
Authority key identifier: AD:10:9D:EE:6F:BD:C2:56:DF:91:14:60:CC:C9:15:D0:66:A8:FF:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/sIxfC6vb_F45uySffIKtVbXqOYs.roa
Signing time: Wed 01 Jan 2025 19:48:58 +0000
ROA not before: Wed 01 Jan 2025 19:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33924
IP address blocks: 84.20.64.0/19 maxlen: 19
84.20.64.0/20 maxlen: 20
84.20.64.0/21 maxlen: 21
84.20.64.0/22 maxlen: 22
84.20.64.0/24 maxlen: 24
84.20.65.0/24 maxlen: 24
84.20.66.0/24 maxlen: 24
84.20.67.0/24 maxlen: 24
84.20.68.0/22 maxlen: 22
84.20.68.0/24 maxlen: 24
84.20.69.0/24 maxlen: 24
84.20.70.0/24 maxlen: 24
84.20.71.0/24 maxlen: 24
84.20.72.0/22 maxlen: 22
84.20.72.0/24 maxlen: 24
84.20.73.0/24 maxlen: 24
84.20.74.0/24 maxlen: 24
84.20.75.0/24 maxlen: 24
84.20.76.0/22 maxlen: 22
84.20.76.0/23 maxlen: 23
84.20.76.0/24 maxlen: 24
84.20.77.0/24 maxlen: 24
84.20.78.0/23 maxlen: 23
84.20.78.0/24 maxlen: 24
84.20.79.0/24 maxlen: 24
84.20.80.0/21 maxlen: 21
84.20.80.0/22 maxlen: 22
84.20.80.0/24 maxlen: 24
84.20.81.0/24 maxlen: 24
84.20.82.0/24 maxlen: 24
84.20.83.0/24 maxlen: 24
84.20.84.0/22 maxlen: 22
84.20.84.0/24 maxlen: 24
84.20.85.0/24 maxlen: 24
84.20.86.0/24 maxlen: 24
84.20.87.0/24 maxlen: 24
84.20.88.0/22 maxlen: 22
84.20.88.0/23 maxlen: 23
84.20.88.0/24 maxlen: 24
84.20.89.0/24 maxlen: 24
84.20.90.0/24 maxlen: 24
84.20.91.0/24 maxlen: 24
84.20.92.0/24 maxlen: 24
84.20.95.0/24 maxlen: 24
2a00:6b80::/29 maxlen: 29
2a00:6b80::/32 maxlen: 32
2a00:6b81::/32 maxlen: 32
2a00:6b82::/32 maxlen: 32
2a00:6b83::/32 maxlen: 32
2a00:6b84::/32 maxlen: 32
2a00:6b85::/32 maxlen: 32
2a00:6b86::/32 maxlen: 32
2a00:6b87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.mft
rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 10:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:05:5c:29:d7:cd:20:66:e3:44:db:22:a9:4a:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad109dee6fbdc256df911460ccc915d066a8ff8b
Validity
Not Before: Jan 1 19:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b08c5f0babdbfc5e39bb249f7c82ad55b5ea398b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:8e:11:ff:d6:a9:0e:18:cc:97:40:fc:73:59:
5c:e4:ab:ca:0e:5f:ba:e2:be:d1:89:dd:cc:c7:a6:
90:e9:fe:e1:cb:88:9c:9f:98:c0:41:ef:d3:a0:38:
a2:00:21:11:8b:97:72:78:2d:22:76:20:99:a6:f7:
33:c5:b7:6c:96:1d:26:37:8f:61:9d:89:3d:fd:d1:
5a:07:ca:60:60:f3:a8:04:9f:ed:a7:9d:61:84:14:
47:32:b3:c7:72:2a:c0:1a:0b:58:8f:71:48:a4:60:
8b:fb:ee:8c:be:42:47:fd:35:8b:a3:6e:6a:7a:e2:
db:7a:81:3f:63:ea:89:c9:9e:58:44:f4:d4:4d:1a:
fc:44:bc:b4:c9:c4:10:10:b3:96:ac:12:91:e4:6f:
83:0d:20:6d:c9:23:b8:08:7e:64:c7:2b:d6:34:ab:
69:b5:30:ab:1f:a4:cf:1c:4c:ca:59:44:99:14:29:
bb:af:99:a9:1f:58:2e:3c:79:60:eb:e2:3c:78:03:
4f:a5:c2:aa:e7:88:3f:6c:92:fc:14:81:06:7b:91:
cc:71:a8:16:1c:5a:35:55:cd:e5:04:62:1f:fd:3c:
98:16:7c:bd:48:92:92:5c:e8:0d:01:94:de:27:4c:
8e:80:8e:05:69:28:74:ba:65:a2:d7:0b:e5:ef:00:
40:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:8C:5F:0B:AB:DB:FC:5E:39:BB:24:9F:7C:82:AD:55:B5:EA:39:8B
X509v3 Authority Key Identifier:
keyid:AD:10:9D:EE:6F:BD:C2:56:DF:91:14:60:CC:C9:15:D0:66:A8:FF:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/sIxfC6vb_F45uySffIKtVbXqOYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.20.64.0/19
IPv6:
2a00:6b80::/29
Signature Algorithm: sha256WithRSAEncryption
b1:4a:c3:a8:7d:34:3f:81:bb:fa:2d:96:b3:0c:5a:39:d4:f9:
d1:a9:75:b5:55:dd:5e:14:ae:d6:f0:af:40:8a:91:4e:0f:7e:
a6:71:32:5b:e2:23:67:12:01:16:49:a7:aa:26:96:68:84:83:
4e:9a:0b:26:c8:8c:44:14:cc:9e:74:e2:2f:f5:64:c5:ee:23:
c4:30:1c:cb:f3:13:0a:1a:ac:3f:44:29:94:68:ae:cc:09:bf:
b2:17:65:75:c3:b7:c6:ac:87:e2:b4:d4:0a:c3:1e:44:d6:05:
2d:eb:bc:89:3c:46:7a:b3:31:82:0d:e7:18:d1:f2:62:69:22:
75:f9:f2:fe:a7:ad:34:76:40:28:ee:27:e2:03:2f:65:f3:ee:
b3:99:80:c1:d1:95:cd:bd:4b:c5:56:c0:ad:74:1e:8a:9a:1e:
8e:a3:d8:9a:65:7d:c9:62:e0:97:1a:78:cc:0f:7c:d9:75:05:
85:a5:1c:d8:88:99:96:d8:c0:91:48:5f:fd:77:72:dc:9d:24:
6a:3d:11:fa:cb:f5:57:1e:4e:65:8d:2a:18:e3:cb:fd:66:3e:
66:8a:7c:c2:a9:df:1e:22:f5:67:5e:54:0b:6c:12:85:df:ab:
26:cc:78:8e:eb:65:8c:a1:de:2d:64:2e:84:c5:60:1d:3f:11:
f4:9d:d4:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjagVcKdfNIGbjRNsiqUoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMTA5ZGVlNmZiZGMyNTZkZjkxMTQ2MGNjYzkxNWQwNjZh
OGZmOGIwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDhjNWYwYmFiZGJmYzVlMzliYjI0OWY3YzgyYWQ1NWI1ZWEzOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo4R/9apDhjMl0D8c1lc5KvKDl+6
4r7Rid3Mx6aQ6f7hy4icn5jAQe/ToDiiACERi5dyeC0idiCZpvczxbdslh0mN49h
nYk9/dFaB8pgYPOoBJ/tp51hhBRHMrPHcirAGgtYj3FIpGCL++6MvkJH/TWLo25q
euLbeoE/Y+qJyZ5YRPTUTRr8RLy0ycQQELOWrBKR5G+DDSBtySO4CH5kxyvWNKtp
tTCrH6TPHEzKWUSZFCm7r5mpH1guPHlg6+I8eANPpcKq54g/bJL8FIEGe5HMcagW
HFo1Vc3lBGIf/TyYFny9SJKSXOgNAZTeJ0yOgI4FaSh0umWi1wvl7wBAkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLCMXwur2/xeObskn3yCrVW16jmLMB8GA1UdIwQY
MBaAFK0Qne5vvcJW35EUYMzJFdBmqP+LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclJDZDdtLTl3bGJma1JSZ3pNa1YwR2FvXzRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80NjE1YmUtZTU2Ni00MjUzLTgzZWYt
ZjY2MjZiNjMzODNlLzEvc0l4ZkM2dmJfRjQ1dXlTZmZJS3RWYlhxT1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80NjE1YmUtZTU2Ni00MjUzLTgzZWYtZjY2MjZiNjMzODNl
LzEvclJDZDdtLTl3bGJma1JSZ3pNa1YwR2FvXzRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFVBRAMA0E
AgACMAcDBQMqAGuAMA0GCSqGSIb3DQEBCwUAA4IBAQCxSsOofTQ/gbv6LZazDFo5
1PnRqXW1Vd1eFK7W8K9AipFOD36mcTJb4iNnEgEWSaeqJpZohINOmgsmyIxEFMye
dOIv9WTF7iPEMBzL8xMKGqw/RCmUaK7MCb+yF2V1w7fGrIfitNQKwx5E1gUt67yJ
PEZ6szGCDecY0fJiaSJ1+fL+p600dkAo7ifiAy9l8+6zmYDB0ZXNvUvFVsCtdB6K
mh6Oo9iaZX3JYuCXGnjMD3zZdQWFpRzYiJmW2MCRSF/9d3LcnSRqPRH6y/VXHk5l
jSoY48v9Zj5minzCqd8eIvVnXlQLbBKF36smzHiO62WMod4tZC6ExWAdPxH0ndRw
-----END CERTIFICATE-----
Generated at Tue Apr 22 15:50:32 2025 by rpki-client