Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/sZ40szF_81b8iZ343Q6aVpk7QZc.roa
File: sZ40szF_81b8iZ343Q6aVpk7QZc.roa (raw, json)
Hash identifier: ieSiCVj+T4ruST7AZXMVQI1ECh5LKhbuRyks+nO6HIc=
Subject key identifier: B1:9E:34:B3:31:7F:F3:56:FC:89:9D:F8:DD:0E:9A:56:99:3B:41:97
Certificate issuer: /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial: 0195D6E9516AA87F76271111F8E4AC70EFB2
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/sZ40szF_81b8iZ343Q6aVpk7QZc.roa
Signing time: Thu 27 Mar 2025 09:22:49 +0000
ROA not before: Thu 27 Mar 2025 09:22:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209406
IP address blocks: 89.248.237.0/24 maxlen: 24
217.199.219.0/24 maxlen: 24
2a03:220:f000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 01:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d6:e9:51:6a:a8:7f:76:27:11:11:f8:e4:ac:70:ef:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Validity
Not Before: Mar 27 09:22:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b19e34b3317ff356fc899df8dd0e9a56993b4197
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:69:36:3e:e0:d0:d4:2d:e9:d3:e6:91:ec:cc:
53:7b:76:15:5f:32:81:73:e7:e6:6f:f3:e1:41:11:
67:f4:87:b9:74:fc:0a:ca:69:13:c1:cc:b9:d0:74:
3c:ad:a0:ed:da:43:04:bd:2b:f0:d2:11:1c:69:16:
c5:04:f6:d7:9e:3b:a0:ee:c5:23:8d:38:32:a1:b6:
99:c3:1a:ea:ee:5a:da:e2:74:3c:64:ad:8a:fb:68:
85:b0:1a:2c:b1:c6:bf:ff:e4:a1:a8:50:01:46:4c:
76:fc:15:c2:ae:72:b9:b6:ab:79:08:92:4b:2b:72:
0b:29:96:21:9a:ae:8f:e9:f8:02:25:99:96:3a:57:
a3:7a:66:e4:cc:d2:87:33:d2:f5:1d:2b:1f:c8:1a:
90:ae:5d:6e:e9:59:d0:55:ef:06:64:ad:10:21:e6:
11:d7:dd:2b:17:3f:03:ec:6a:fe:d8:17:70:61:ff:
76:33:c2:0c:d2:d6:9d:0f:33:14:4e:85:83:6b:1c:
be:2a:30:eb:6c:17:19:22:50:c9:59:7c:88:7d:f9:
dd:1b:f3:2d:a2:9c:a4:54:15:5a:d0:7e:7d:66:00:
02:9a:90:df:d0:1b:4a:62:15:5e:29:c2:fb:d6:49:
2e:d8:bb:56:16:d8:f5:f2:f6:fb:d7:d6:95:ba:4d:
07:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:9E:34:B3:31:7F:F3:56:FC:89:9D:F8:DD:0E:9A:56:99:3B:41:97
X509v3 Authority Key Identifier:
keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/sZ40szF_81b8iZ343Q6aVpk7QZc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.248.237.0/24
217.199.219.0/24
IPv6:
2a03:220:f000::/48
Signature Algorithm: sha256WithRSAEncryption
31:0e:9b:3c:a4:ee:50:36:77:55:e9:b7:7d:4c:2b:02:50:08:
c0:72:ea:6a:b7:41:17:53:cf:7f:da:ae:b4:4e:27:fc:75:bd:
5f:0e:50:f0:4b:46:16:2a:05:5d:6b:ff:51:dd:8d:eb:56:6f:
a1:9f:4e:78:46:c8:62:c1:91:aa:4f:bf:4e:ac:a6:ac:96:6f:
25:94:ad:8f:6c:c4:53:89:83:3d:a6:a3:14:4c:45:6d:b4:24:
5b:dd:e6:55:a8:2c:43:71:d5:3e:7b:bd:25:78:db:fb:98:ab:
94:12:33:d4:77:be:34:ce:84:17:c0:c1:1c:2c:1f:77:3f:53:
ec:65:43:b3:e7:90:29:e9:04:94:65:df:56:b6:2f:9f:75:e3:
3e:b6:88:7f:e6:1c:b3:4e:a1:8c:48:45:93:01:76:f9:fb:32:
01:38:8d:68:0e:59:fd:da:16:b0:72:7d:c6:7e:d8:8d:63:9b:
81:7f:e5:45:b2:c5:7d:fe:a4:2c:b1:77:0a:95:e7:04:da:6e:
6d:1c:75:f5:00:7d:b6:db:2c:36:3a:4d:d2:28:fa:5a:11:ac:
4d:58:8c:4b:3e:08:1d:a7:9b:c6:61:63:9a:6e:5b:51:f2:4b:
c4:03:eb:9b:dc:c0:3c:11:fe:5f:79:dc:18:d8:15:8d:bd:ea:
86:85:d9:2a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZXW6VFqqH92JxER+OSscO+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjUwMzI3MDkyMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTllMzRiMzMxN2ZmMzU2ZmM4OTlkZjhkZDBlOWE1Njk5M2I0MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWk2PuDQ1C3p0+aR7MxTe3YVXzKB
c+fmb/PhQRFn9Ie5dPwKymkTwcy50HQ8raDt2kMEvSvw0hEcaRbFBPbXnjug7sUj
jTgyobaZwxrq7lra4nQ8ZK2K+2iFsBossca//+ShqFABRkx2/BXCrnK5tqt5CJJL
K3ILKZYhmq6P6fgCJZmWOlejembkzNKHM9L1HSsfyBqQrl1u6VnQVe8GZK0QIeYR
190rFz8D7Gr+2BdwYf92M8IM0tadDzMUToWDaxy+KjDrbBcZIlDJWXyIffndG/Mt
opykVBVa0H59ZgACmpDf0BtKYhVeKcL71kku2LtWFtj18vb719aVuk0HvQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLGeNLMxf/NW/Imd+N0OmlaZO0GXMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvc1o0MHN6Rl84MWI4aVozNDNRNmFWcGs3UVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAWfjtAwQA
2cfbMA8EAgACMAkDBwAqAwIg8AAwDQYJKoZIhvcNAQELBQADggEBADEOmzyk7lA2
d1Xpt31MKwJQCMBy6mq3QRdTz3/arrROJ/x1vV8OUPBLRhYqBV1r/1HdjetWb6Gf
TnhGyGLBkapPv06spqyWbyWUrY9sxFOJgz2moxRMRW20JFvd5lWoLENx1T57vSV4
2/uYq5QSM9R3vjTOhBfAwRwsH3c/U+xlQ7PnkCnpBJRl31a2L5914z62iH/mHLNO
oYxIRZMBdvn7MgE4jWgOWf3aFrByfcZ+2I1jm4F/5UWyxX3+pCyxdwqV5wTabm0c
dfUAfbbbLDY6TdIo+loRrE1YjEs+CB2nm8ZhY5puW1HyS8QD65vcwDwR/l953BjY
FY296oaF2So=
-----END CERTIFICATE-----
Generated at Mon Apr 21 07:52:32 2025 by rpki-client