Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/xZnyBjCkriJ1YeC3VfWZrgA556Q.roa
File: xZnyBjCkriJ1YeC3VfWZrgA556Q.roa (raw, json)
Hash identifier: 293GfITlnhmhe1K2eILEjZ2R6DzcMg4jFXcmpOzbL/0=
Subject key identifier: C5:99:F2:06:30:A4:AE:22:75:61:E0:B7:55:F5:99:AE:00:39:E7:A4
Certificate issuer: /CN=6fe561f84c5bab17d503bf93d3c3d325c2a2252e
Certificate serial: 01942369F5B9D2EFC5DFE896B8E23A3E240F
Authority key identifier: 6F:E5:61:F8:4C:5B:AB:17:D5:03:BF:93:D3:C3:D3:25:C2:A2:25:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b-Vh-ExbqxfVA7-T08PTJcKiJS4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/xZnyBjCkriJ1YeC3VfWZrgA556Q.roa
Signing time: Wed 01 Jan 2025 19:48:54 +0000
ROA not before: Wed 01 Jan 2025 19:48:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21032
IP address blocks: 109.226.128.0/18 maxlen: 24
185.133.112.0/22 maxlen: 24
188.209.160.0/19 maxlen: 24
2a0d:c80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/b-Vh-ExbqxfVA7-T08PTJcKiJS4.crl
rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/b-Vh-ExbqxfVA7-T08PTJcKiJS4.mft
rsync://rpki.ripe.net/repository/DEFAULT/b-Vh-ExbqxfVA7-T08PTJcKiJS4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:f5:b9:d2:ef:c5:df:e8:96:b8:e2:3a:3e:24:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6fe561f84c5bab17d503bf93d3c3d325c2a2252e
Validity
Not Before: Jan 1 19:48:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c599f20630a4ae227561e0b755f599ae0039e7a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:46:22:fb:87:61:64:a5:df:f3:b8:ef:43:d2:
e9:24:58:07:31:bd:57:b0:6a:c5:49:5f:c2:72:68:
d0:e5:72:13:7c:56:6d:4b:a2:de:70:b3:2c:f6:83:
52:4f:65:fe:57:ec:ff:0f:a0:3d:a8:a2:2e:b4:f6:
bb:31:36:58:23:8f:6f:1a:39:68:42:e4:49:2a:5d:
88:00:4e:e7:76:8f:b5:99:ca:11:0a:c0:6a:57:55:
ac:20:d4:d8:1c:87:38:de:47:9d:d2:ad:e2:6a:5e:
3f:ff:4b:67:a8:53:cc:92:92:d7:f3:4b:a6:68:c6:
55:f7:3d:72:00:5f:c9:e9:1c:83:91:03:49:aa:f6:
ec:02:0a:2e:ca:7e:02:ab:e3:1b:05:cd:45:28:e0:
2f:b1:fe:70:4f:29:90:01:2d:0f:b1:21:d2:66:71:
80:ec:01:d3:9b:76:c5:80:d8:a3:fc:91:5f:18:27:
81:55:97:1e:f8:f2:bc:73:ff:dd:32:8a:56:a6:c7:
f9:1d:c1:3f:1a:b8:ac:ac:63:1d:aa:b1:e6:b1:6d:
7d:c6:a2:95:28:e3:32:4b:2e:22:b0:44:15:a6:17:
64:fd:11:af:c1:e1:de:51:bb:23:c6:7b:68:e6:b6:
00:c4:0b:51:5e:97:8e:c1:5f:86:1c:1b:e1:02:83:
c8:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:99:F2:06:30:A4:AE:22:75:61:E0:B7:55:F5:99:AE:00:39:E7:A4
X509v3 Authority Key Identifier:
keyid:6F:E5:61:F8:4C:5B:AB:17:D5:03:BF:93:D3:C3:D3:25:C2:A2:25:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b-Vh-ExbqxfVA7-T08PTJcKiJS4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/xZnyBjCkriJ1YeC3VfWZrgA556Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/b-Vh-ExbqxfVA7-T08PTJcKiJS4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.226.128.0/18
185.133.112.0/22
188.209.160.0/19
IPv6:
2a0d:c80::/29
Signature Algorithm: sha256WithRSAEncryption
13:c7:28:10:6d:89:5c:bb:b6:c5:1a:0e:59:8e:c6:82:1f:b3:
75:f2:57:89:ef:da:16:c5:fe:b2:99:a4:71:9f:65:57:9f:ce:
a9:fb:22:bf:22:f5:19:cf:ed:b7:9b:fa:22:df:e9:59:dd:c4:
1c:6e:0c:c1:2c:cd:6e:a2:61:2f:d5:ec:12:e0:71:80:97:cc:
11:5a:7f:81:b2:13:09:2c:27:4b:6c:06:9d:a0:a0:61:15:6c:
61:0b:5d:16:8a:33:f0:ec:4c:1b:1b:84:3b:be:d7:c6:ce:94:
6c:b6:22:ec:4f:4e:44:37:17:7e:b2:de:68:4a:82:3c:33:fc:
1c:7f:2f:33:5d:72:f6:0a:22:4f:e2:1c:4f:be:17:f3:48:0f:
92:67:c6:f2:0f:fe:82:0c:cc:93:7a:15:fb:c1:d8:e0:f3:ac:
6c:86:19:0c:35:af:00:6e:66:ab:f5:ca:06:f2:96:84:47:57:
62:74:a6:82:7a:57:55:2e:4b:92:38:32:85:d7:28:52:09:5f:
9c:0a:bd:2f:8c:3a:ba:f9:e7:1b:e3:43:d1:3d:d0:99:35:2a:
96:60:cf:e6:35:e6:a3:25:bb:c8:f9:e1:16:86:24:50:8b:e6:
9f:89:a3:63:a5:87:79:0e:dd:1e:07:2b:cd:8a:be:58:6a:3e:
61:57:b3:ff
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQjafW50u/F3+iWuOI6PiQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZTU2MWY4NGM1YmFiMTdkNTAzYmY5M2QzYzNkMzI1YzJh
MjI1MmUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk5ZjIwNjMwYTRhZTIyNzU2MWUwYjc1NWY1OTlhZTAwMzllN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6EYi+4dhZKXf87jvQ9LpJFgHMb1X
sGrFSV/CcmjQ5XITfFZtS6LecLMs9oNST2X+V+z/D6A9qKIutPa7MTZYI49vGjlo
QuRJKl2IAE7ndo+1mcoRCsBqV1WsINTYHIc43ked0q3ial4//0tnqFPMkpLX80um
aMZV9z1yAF/J6RyDkQNJqvbsAgouyn4Cq+MbBc1FKOAvsf5wTymQAS0PsSHSZnGA
7AHTm3bFgNij/JFfGCeBVZce+PK8c//dMopWpsf5HcE/GrisrGMdqrHmsW19xqKV
KOMySy4isEQVphdk/RGvweHeUbsjxnto5rYAxAtRXpeOwV+GHBvhAoPIUQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMWZ8gYwpK4idWHgt1X1ma4AOeekMB8GA1UdIwQY
MBaAFG/lYfhMW6sX1QO/k9PD0yXCoiUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYi1WaC1FeGJxeGZWQTctVDA4UFRKY0tpSlM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC82MjY2YWYtZmZiYi00NDYyLWJhYTYt
NTczOWVkODNjNjkxLzEveFpueUJqQ2tyaUoxWWVDM1ZmV1pyZ0E1NTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC82MjY2YWYtZmZiYi00NDYyLWJhYTYtNTczOWVkODNjNjkx
LzEvYi1WaC1FeGJxeGZWQTctVDA4UFRKY0tpSlM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGbeKAAwQC
uYVwAwQFvNGgMA0EAgACMAcDBQMqDQyAMA0GCSqGSIb3DQEBCwUAA4IBAQATxygQ
bYlcu7bFGg5ZjsaCH7N18leJ79oWxf6ymaRxn2VXn86p+yK/IvUZz+23m/oi3+lZ
3cQcbgzBLM1uomEv1ewS4HGAl8wRWn+BshMJLCdLbAadoKBhFWxhC10WijPw7Ewb
G4Q7vtfGzpRstiLsT05ENxd+st5oSoI8M/wcfy8zXXL2CiJP4hxPvhfzSA+SZ8by
D/6CDMyTehX7wdjg86xshhkMNa8Abmar9coG8paER1didKaCeldVLkuSODKF1yhS
CV+cCr0vjDq6+ecb40PRPdCZNSqWYM/mNeajJbvI+eEWhiRQi+afiaNjpYd5Dt0e
ByvNir5Yaj5hV7P/
-----END CERTIFICATE-----
Generated at Tue Apr 22 21:25:33 2025 by rpki-client