Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/zXwR7UWSd9roLHYGKclcBHiwufI.roa
File: zXwR7UWSd9roLHYGKclcBHiwufI.roa (raw, json)
Hash identifier: Kz9ORJp/Ytwv8gDFDA4tJUWa8yx7Jk6IhvjzpVXXkEs=
Subject key identifier: CD:7C:11:ED:45:92:77:DA:E8:2C:76:06:29:C9:5C:04:78:B0:B9:F2
Certificate issuer: /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial: 0196FA20C9E51501515DA5F95A87F9B92D7C
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/zXwR7UWSd9roLHYGKclcBHiwufI.roa
Signing time: Thu 22 May 2025 22:32:54 +0000
ROA not before: Thu 22 May 2025 22:32:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57152
IP address blocks: 104.247.170.0/24 maxlen: 24
104.247.171.0/24 maxlen: 24
104.247.172.0/24 maxlen: 24
104.247.174.0/24 maxlen: 24
104.247.175.0/24 maxlen: 24
104.247.176.0/24 maxlen: 24
104.247.177.0/24 maxlen: 24
104.247.178.0/24 maxlen: 24
104.247.179.0/24 maxlen: 24
104.247.180.0/24 maxlen: 24
104.247.181.0/24 maxlen: 24
104.247.182.0/24 maxlen: 24
104.247.184.0/24 maxlen: 24
104.247.185.0/24 maxlen: 24
104.247.186.0/24 maxlen: 24
104.247.187.0/24 maxlen: 24
104.247.190.0/24 maxlen: 24
185.73.128.0/22 maxlen: 24
185.137.215.0/24 maxlen: 24
2a03:a5a0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 07:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:fa:20:c9:e5:15:01:51:5d:a5:f9:5a:87:f9:b9:2d:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Validity
Not Before: May 22 22:32:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cd7c11ed459277dae82c760629c95c0478b0b9f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:6d:9e:50:bd:6c:f7:f0:71:73:3e:37:f0:5e:
d4:46:6f:e3:69:cd:84:c7:32:3e:d5:2c:4e:4f:51:
13:ff:10:10:27:5c:32:89:b8:5b:5f:d9:51:a1:f1:
b3:25:53:47:d5:da:c6:c4:ba:4f:60:72:71:10:cb:
ab:38:d7:b5:40:4f:8a:71:3b:f1:ee:fa:72:21:c3:
b9:9e:8d:ad:85:05:34:b3:5e:af:94:c7:7a:4a:ea:
47:d0:bc:f9:14:b7:65:88:8b:9e:17:ad:c4:0c:2e:
f5:b1:6e:61:c9:b3:10:c7:d2:c2:03:12:8c:8f:41:
3f:90:08:6a:37:0b:ca:c7:bd:5f:3b:11:bd:c1:2f:
af:1a:36:03:b0:07:fc:91:ab:41:8f:ed:ea:6d:14:
26:4c:f4:86:b8:4a:46:b4:43:bd:de:32:95:00:8e:
2e:2d:d0:f4:31:a9:31:b7:36:4b:6f:55:7d:03:af:
03:dd:01:20:d4:f8:ab:be:fd:91:4c:ca:26:29:79:
b3:93:87:20:49:95:19:2f:a4:77:01:2b:ce:81:7c:
2a:53:10:82:e3:82:86:e9:cb:84:0d:19:db:c0:07:
43:75:0b:56:e5:4d:6d:0a:92:50:0d:5d:00:22:55:
c4:d0:c3:00:28:01:45:74:67:9c:8e:6f:81:03:dc:
4c:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:7C:11:ED:45:92:77:DA:E8:2C:76:06:29:C9:5C:04:78:B0:B9:F2
X509v3 Authority Key Identifier:
keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/zXwR7UWSd9roLHYGKclcBHiwufI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.247.170.0-104.247.172.255
104.247.174.0-104.247.182.255
104.247.184.0/22
104.247.190.0/24
185.73.128.0/22
185.137.215.0/24
IPv6:
2a03:a5a0::/32
Signature Algorithm: sha256WithRSAEncryption
60:28:d6:fd:d2:6a:2a:d3:7f:c1:fa:40:6c:47:f9:81:fa:a2:
a8:bf:4f:89:3e:ae:a0:eb:fa:99:dd:7d:a1:62:2a:d7:41:bb:
73:96:64:7d:26:d4:ba:62:5f:a6:8a:5d:a9:f2:52:05:a8:2a:
de:6e:63:79:b0:0a:41:09:f1:9b:c0:44:16:c0:64:7c:46:ce:
20:77:43:b3:7d:a3:91:7d:6d:06:43:ec:38:a4:49:9d:03:8b:
fb:86:43:cf:fb:dd:9f:93:12:06:e6:e0:07:00:55:a4:78:c3:
8b:15:4f:35:7f:df:b4:c6:bb:7c:8d:a7:10:4c:e0:a8:80:aa:
39:5b:25:21:cf:9c:cf:ce:0b:a6:03:05:2d:3a:ec:9e:3d:04:
e0:a7:5f:9c:e4:a5:51:8e:c7:fb:2a:08:a0:96:fd:f9:b5:db:
4e:2b:3f:3b:ac:33:69:59:bb:ab:c7:3a:03:ca:c5:14:7e:53:
8a:a6:07:64:9d:b6:8f:d1:0c:05:1a:db:fa:dd:15:c5:49:72:
88:77:6c:80:18:68:1a:10:a8:fb:15:24:4f:5c:1c:ed:dd:bd:
cc:3f:02:b2:27:6c:1d:32:24:a5:63:95:d7:9b:8d:7b:7a:28:
eb:af:05:69:93:e0:0f:26:2d:3f:a4:bb:4e:e0:72:a9:0a:7f:
35:3b:a4:ae
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZb6IMnlFQFRXaX5Wof5uS18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjUwNTIyMjIzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDdjMTFlZDQ1OTI3N2RhZTgyYzc2MDYyOWM5NWMwNDc4YjBiOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW2eUL1s9/Bxcz438F7URm/jac2E
xzI+1SxOT1ET/xAQJ1wyibhbX9lRofGzJVNH1drGxLpPYHJxEMurONe1QE+KcTvx
7vpyIcO5no2thQU0s16vlMd6SupH0Lz5FLdliIueF63EDC71sW5hybMQx9LCAxKM
j0E/kAhqNwvKx71fOxG9wS+vGjYDsAf8katBj+3qbRQmTPSGuEpGtEO93jKVAI4u
LdD0MakxtzZLb1V9A68D3QEg1Pirvv2RTMomKXmzk4cgSZUZL6R3ASvOgXwqUxCC
44KG6cuEDRnbwAdDdQtW5U1tCpJQDV0AIlXE0MMAKAFFdGecjm+BA9xMqQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFM18Ee1Fknfa6Cx2BinJXAR4sLnyMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvelh3UjdVV1NkOXJvTEhZR0tjbGNCSGl3dWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0MAwDBAFo96oD
BABo96wwDAMEAWj3rgMEAGj3tgMEAmj3uAMEAGj3vgMEArlJgAMEALmJ1zANBAIA
AjAHAwUAKgOloDANBgkqhkiG9w0BAQsFAAOCAQEAYCjW/dJqKtN/wfpAbEf5gfqi
qL9PiT6uoOv6md19oWIq10G7c5ZkfSbUumJfpopdqfJSBagq3m5jebAKQQnxm8BE
FsBkfEbOIHdDs32jkX1tBkPsOKRJnQOL+4ZDz/vdn5MSBubgBwBVpHjDixVPNX/f
tMa7fI2nEEzgqICqOVslIc+cz84LpgMFLTrsnj0E4KdfnOSlUY7H+yoIoJb9+bXb
Tis/O6wzaVm7q8c6A8rFFH5TiqYHZJ22j9EMBRrb+t0VxUlyiHdsgBhoGhCo+xUk
T1wc7d29zD8CsidsHTIkpWOV15uNe3oo668FaZPgDyYtP6S7TuByqQp/NTukrg==
-----END CERTIFICATE-----
Generated at Sat Jun 7 14:04:13 2025 by rpki-client