Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/lZ0k4HCeYgJ0Z--pVxoJOUL75A0.roa
File: lZ0k4HCeYgJ0Z--pVxoJOUL75A0.roa (raw, json)
Hash identifier: Eir5xG3bxnWZXnAYjpN3gzblSfPJDFtKlMunMUTHMBs=
Subject key identifier: 95:9D:24:E0:70:9E:62:02:74:67:EF:A9:57:1A:09:39:42:FB:E4:0D
Certificate issuer: /CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Certificate serial: 019483EF51406BCB02E56CD6CF014157FEA4
Authority key identifier: A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/lZ0k4HCeYgJ0Z--pVxoJOUL75A0.roa
Signing time: Mon 20 Jan 2025 13:38:06 +0000
ROA not before: Mon 20 Jan 2025 13:38:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199541
IP address blocks: 147.196.0.0/16 maxlen: 16
153.98.1.0/24 maxlen: 24
153.98.5.0/24 maxlen: 24
153.98.9.0/24 maxlen: 24
153.98.13.0/24 maxlen: 24
153.98.36.0/24 maxlen: 24
153.98.37.0/24 maxlen: 24
153.98.68.0/24 maxlen: 24
153.98.70.0/24 maxlen: 24
153.98.71.0/24 maxlen: 24
153.98.83.0/24 maxlen: 24
153.98.100.0/24 maxlen: 24
153.98.105.0/24 maxlen: 24
153.98.106.0/24 maxlen: 24
153.98.107.0/24 maxlen: 24
153.98.108.0/24 maxlen: 24
153.98.109.0/24 maxlen: 24
153.98.110.0/24 maxlen: 24
153.98.111.0/24 maxlen: 24
153.98.113.0/24 maxlen: 24
192.70.89.0/24 maxlen: 24
192.70.90.0/24 maxlen: 24
192.93.20.0/22 maxlen: 22
193.58.19.0/24 maxlen: 24
193.58.21.0/24 maxlen: 24
193.58.31.0/24 maxlen: 24
193.221.2.0/24 maxlen: 24
193.221.14.0/24 maxlen: 24
193.221.170.0/24 maxlen: 24
193.221.181.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.mft
rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:83:ef:51:40:6b:cb:02:e5:6c:d6:cf:01:41:57:fe:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Validity
Not Before: Jan 20 13:38:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=959d24e0709e62027467efa9571a093942fbe40d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fa:a5:cb:7e:18:a8:b3:88:35:86:6b:c1:9c:
4b:34:fa:d7:92:47:cd:cd:ac:9c:f5:a5:2c:eb:18:
f8:93:29:52:b8:eb:33:36:b6:92:74:c4:1e:08:d8:
98:6f:7b:78:3d:d6:4d:6d:13:1c:03:9f:d6:7b:81:
b3:82:b2:40:f3:80:41:ed:7b:02:ce:7b:e4:d3:aa:
0f:b8:00:9b:5a:cf:21:2d:e4:3b:e3:c0:da:8e:42:
1d:2c:d0:70:9e:b2:b3:57:90:f8:78:47:4c:1e:a9:
3a:cf:6f:b5:c9:b3:3b:33:f6:f3:c0:0e:46:87:0a:
2e:26:ad:d2:5f:84:53:17:a3:25:f3:70:c7:bc:49:
44:50:a9:11:38:3e:be:17:b6:03:43:c4:86:05:3f:
c2:35:c8:cc:50:44:f6:53:b4:ff:99:9e:cc:f8:73:
58:ba:41:f5:ef:15:c1:34:fd:ec:59:1c:11:23:66:
c9:ed:6b:00:56:55:6b:ad:e7:60:f4:95:e7:e3:20:
28:55:37:bb:24:0b:e5:4e:db:44:23:af:cc:c7:78:
49:82:b8:05:85:0f:80:16:c2:63:03:5a:b2:b3:b4:
e1:90:8e:6a:a0:c6:c3:57:d9:bd:50:84:a4:6c:41:
e8:25:aa:4f:ab:70:db:00:13:a0:7b:07:c8:ba:f8:
3c:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:9D:24:E0:70:9E:62:02:74:67:EF:A9:57:1A:09:39:42:FB:E4:0D
X509v3 Authority Key Identifier:
keyid:A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/lZ0k4HCeYgJ0Z--pVxoJOUL75A0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.196.0.0/16
153.98.1.0/24
153.98.5.0/24
153.98.9.0/24
153.98.13.0/24
153.98.36.0/23
153.98.68.0/24
153.98.70.0/23
153.98.83.0/24
153.98.100.0/24
153.98.105.0-153.98.111.255
153.98.113.0/24
192.70.89.0-192.70.90.255
192.93.20.0/22
193.58.19.0/24
193.58.21.0/24
193.58.31.0/24
193.221.2.0/24
193.221.14.0/24
193.221.170.0/24
193.221.181.0/24
Signature Algorithm: sha256WithRSAEncryption
c7:24:ee:9c:06:5c:8e:ed:19:cc:e8:45:ad:1f:d8:24:b9:f4:
83:ac:8f:53:61:d7:80:65:42:0c:b1:0a:2f:77:02:91:21:27:
f2:df:5a:18:16:38:2a:7b:4e:6e:55:44:d8:03:91:ba:7a:5c:
08:a2:f0:89:d0:bf:fd:69:75:36:2a:fd:d2:3e:bb:ca:7f:0c:
e1:05:b1:48:f9:cb:94:68:f7:bd:81:0e:98:5a:20:65:bf:9b:
3f:62:0c:c6:31:52:f3:9d:16:67:57:62:38:16:f1:99:71:8b:
76:a7:54:aa:d7:96:4d:1d:47:2c:15:18:b1:78:01:cf:14:a5:
95:f0:4e:75:5e:9f:ee:2e:4d:19:7f:3c:ac:6b:bf:6c:39:b3:
0a:3c:88:9a:ae:67:25:dd:33:77:ee:8d:e4:fa:fe:1d:62:66:
55:03:b2:78:38:f3:6b:f5:6b:11:7c:ec:cc:e0:31:ec:68:42:
86:bf:50:05:cf:5b:b6:01:22:fe:49:5e:f6:04:5b:a8:4c:46:
93:e0:30:11:c1:8e:87:77:e5:72:5d:ba:cc:35:69:a5:87:5d:
62:4c:b7:96:e4:01:be:09:de:5d:f7:f2:cd:03:ab:49:21:6e:
82:fd:90:db:66:ad:79:26:e6:e7:53:8c:6a:d6:2a:6c:77:d5:
50:01:ad:73
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZSD71FAa8sC5WzWzwFBV/6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmZjZmFkOTY2YWU3ZTgxNzFjZmNlMjZkYjNmNjU3NzZk
MjZmZTgwHhcNMjUwMTIwMTMzODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTlkMjRlMDcwOWU2MjAyNzQ2N2VmYTk1NzFhMDkzOTQyZmJlNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvqly34YqLOINYZrwZxLNPrXkkfN
zayc9aUs6xj4kylSuOszNraSdMQeCNiYb3t4PdZNbRMcA5/We4GzgrJA84BB7XsC
znvk06oPuACbWs8hLeQ748DajkIdLNBwnrKzV5D4eEdMHqk6z2+1ybM7M/bzwA5G
hwouJq3SX4RTF6Ml83DHvElEUKkROD6+F7YDQ8SGBT/CNcjMUET2U7T/mZ7M+HNY
ukH17xXBNP3sWRwRI2bJ7WsAVlVrredg9JXn4yAoVTe7JAvlTttEI6/Mx3hJgrgF
hQ+AFsJjA1qys7ThkI5qoMbDV9m9UISkbEHoJapPq3DbABOgewfIuvg8DQIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFJWdJOBwnmICdGfvqVcaCTlC++QNMB8GA1UdIwQY
MBaAFKdvz62WaufoFxz84m2z9ld20m/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEt
YzU0MDFmNmQ5MWQxLzEvbFowazRIQ2VZZ0owWi0tcFZ4b0pPVUw3NUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEtYzU0MDFmNmQ5MWQx
LzEvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGqBggrBgEFBQcBBwEB/wSBmjCBlzCBlAQCAAEwgY0DAwCT
xAMEAJliAQMEAJliBQMEAJliCQMEAJliDQMEAZliJAMEAJliRAMEAZliRgMEAJli
UwMEAJliZDAMAwQAmWJpAwQEmWJgAwQAmWJxMAwDBADARlkDBADARloDBALAXRQD
BADBOhMDBADBOhUDBADBOh8DBADB3QIDBADB3Q4DBADB3aoDBADB3bUwDQYJKoZI
hvcNAQELBQADggEBAMck7pwGXI7tGczoRa0f2CS59IOsj1Nh14BlQgyxCi93ApEh
J/LfWhgWOCp7Tm5VRNgDkbp6XAii8InQv/1pdTYq/dI+u8p/DOEFsUj5y5Ro972B
DphaIGW/mz9iDMYxUvOdFmdXYjgW8Zlxi3anVKrXlk0dRywVGLF4Ac8UpZXwTnVe
n+4uTRl/PKxrv2w5swo8iJquZyXdM3fujeT6/h1iZlUDsng482v1axF87MzgMexo
Qoa/UAXPW7YBIv5JXvYEW6hMRpPgMBHBjod35XJdusw1aaWHXWJMt5bkAb4J3l33
8s0Dq0khboL9kNtmrXkm5udTjGrWKmx31VABrXM=
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:09:24 2025 by rpki-client