Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/bbee5e-ddbd-4b85-b4ca-2ae440a5ccb0/1/2GTFPZ68uVkX8Ryfbx92fDQ9upI.roa
File: 2GTFPZ68uVkX8Ryfbx92fDQ9upI.roa (raw, json)
Hash identifier: lvp+RlxYyEIMygF5MN9RWgH0GLslbYAMM+G4pVyVmkU=
Subject key identifier: D8:64:C5:3D:9E:BC:B9:59:17:F1:1C:9F:6F:1F:76:7C:34:3D:BA:92
Certificate issuer: /CN=87da9657ad1fdf98de738bb19a73efd0db0b3a2a
Certificate serial: 01971823E4AF83BF85128750C8996CBADDFD
Authority key identifier: 87:DA:96:57:AD:1F:DF:98:DE:73:8B:B1:9A:73:EF:D0:DB:0B:3A:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h9qWV60f35jec4uxmnPv0NsLOio.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/bbee5e-ddbd-4b85-b4ca-2ae440a5ccb0/1/2GTFPZ68uVkX8Ryfbx92fDQ9upI.roa
Signing time: Wed 28 May 2025 18:24:54 +0000
ROA not before: Wed 28 May 2025 18:24:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16044
IP address blocks: 91.226.252.0/22 maxlen: 22
91.226.252.0/24 maxlen: 24
91.226.253.0/24 maxlen: 24
91.226.254.0/24 maxlen: 24
91.226.255.0/24 maxlen: 24
193.34.60.0/22 maxlen: 22
193.34.60.0/24 maxlen: 24
193.34.61.0/24 maxlen: 24
193.34.62.0/24 maxlen: 24
193.34.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/bbee5e-ddbd-4b85-b4ca-2ae440a5ccb0/1/h9qWV60f35jec4uxmnPv0NsLOio.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/bbee5e-ddbd-4b85-b4ca-2ae440a5ccb0/1/h9qWV60f35jec4uxmnPv0NsLOio.mft
rsync://rpki.ripe.net/repository/DEFAULT/h9qWV60f35jec4uxmnPv0NsLOio.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 11:24:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:18:23:e4:af:83:bf:85:12:87:50:c8:99:6c:ba:dd:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=87da9657ad1fdf98de738bb19a73efd0db0b3a2a
Validity
Not Before: May 28 18:24:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d864c53d9ebcb95917f11c9f6f1f767c343dba92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:89:08:34:04:ab:c5:e2:d0:a0:07:53:29:0f:
81:13:8b:33:54:a0:6e:a9:6d:86:88:4c:5b:f5:b4:
bf:91:2d:11:bf:ce:05:92:1f:f4:4f:bc:89:66:81:
f5:89:8c:11:8e:2b:c3:73:7f:c0:0d:73:7b:59:ec:
e8:11:8d:be:43:03:64:06:e4:fe:4d:f3:96:bb:9f:
d2:dc:a9:37:c4:44:7d:1a:b9:00:b9:e6:91:9f:e7:
d8:68:7a:29:e3:86:9a:90:78:b0:4c:ba:47:70:cc:
ed:8c:cc:35:6c:f5:e8:ab:26:3d:c5:d6:73:ff:1e:
55:68:d3:dd:53:82:45:2e:ee:6a:b1:a0:64:3a:8e:
7b:93:fe:1f:d7:50:77:32:c8:40:dc:ea:27:43:1e:
a1:d2:06:6b:68:df:88:37:10:89:14:65:ee:09:ec:
f5:c1:e9:a8:7a:52:ca:d1:83:44:42:a1:7d:26:42:
c1:e6:09:4a:8c:c1:52:5a:99:ff:f4:92:17:1c:7d:
c9:e1:05:82:70:e5:bc:6c:83:4f:c3:3c:3c:ae:d0:
83:a2:09:c9:ea:3c:aa:9a:f3:32:31:11:0a:e0:e4:
c7:a7:01:bb:4c:22:93:37:3b:40:44:d2:fa:3c:64:
25:49:b5:38:36:b9:12:e0:d4:d2:65:a3:61:22:51:
aa:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:64:C5:3D:9E:BC:B9:59:17:F1:1C:9F:6F:1F:76:7C:34:3D:BA:92
X509v3 Authority Key Identifier:
keyid:87:DA:96:57:AD:1F:DF:98:DE:73:8B:B1:9A:73:EF:D0:DB:0B:3A:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9qWV60f35jec4uxmnPv0NsLOio.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/bbee5e-ddbd-4b85-b4ca-2ae440a5ccb0/1/2GTFPZ68uVkX8Ryfbx92fDQ9upI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/bbee5e-ddbd-4b85-b4ca-2ae440a5ccb0/1/h9qWV60f35jec4uxmnPv0NsLOio.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.226.252.0/22
193.34.60.0/22
Signature Algorithm: sha256WithRSAEncryption
66:ff:4c:8b:5f:dd:85:a2:dd:8e:a8:e4:b4:59:9d:45:61:5f:
0b:ba:07:49:c9:79:1f:2c:44:5b:eb:52:df:10:a9:5e:97:8b:
2c:d6:c4:71:9f:5e:5a:6e:2e:f0:34:63:2d:4d:41:cf:65:16:
b3:c4:62:9b:14:1c:88:89:90:5e:4e:76:08:70:2c:ca:55:c0:
d8:fb:ab:61:2a:32:b2:fd:db:bd:b2:67:00:e2:3e:3e:e2:5c:
f8:c4:89:4d:e4:38:52:39:37:62:d7:14:15:09:e8:8c:c4:a4:
35:bb:0e:ab:03:c7:b3:bf:2f:3d:6c:d2:4e:0d:e8:24:1d:a3:
36:9b:41:04:8c:6c:7a:c4:c1:7d:a9:1c:66:88:fd:eb:da:74:
86:55:b7:5b:e2:dc:5c:33:c4:6f:4c:fa:8b:5d:49:c2:be:dd:
9e:b7:cd:19:ec:54:66:62:a6:92:cd:f2:2c:07:71:5b:ff:9f:
7e:e2:d5:f0:c6:62:f6:7c:8d:06:94:c7:21:a0:b4:06:7a:61:
7f:c3:33:2a:f4:1c:37:43:5a:e2:c6:8d:f4:f3:f5:4b:89:6c:
0a:a6:21:0a:22:18:c2:17:54:bc:88:28:68:bc:9c:42:e3:89:
8c:04:98:ad:52:08:05:c1:8d:b7:85:7a:3e:6e:e9:2b:fe:1c:
35:3f:c7:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcYI+Svg7+FEodQyJlsut39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZGE5NjU3YWQxZmRmOThkZTczOGJiMTlhNzNlZmQwZGIw
YjNhMmEwHhcNMjUwNTI4MTgyNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY0YzUzZDllYmNiOTU5MTdmMTFjOWY2ZjFmNzY3YzM0M2RiYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyokINASrxeLQoAdTKQ+BE4szVKBu
qW2GiExb9bS/kS0Rv84Fkh/0T7yJZoH1iYwRjivDc3/ADXN7WezoEY2+QwNkBuT+
TfOWu5/S3Kk3xER9GrkAueaRn+fYaHop44aakHiwTLpHcMztjMw1bPXoqyY9xdZz
/x5VaNPdU4JFLu5qsaBkOo57k/4f11B3MshA3OonQx6h0gZraN+INxCJFGXuCez1
wemoelLK0YNEQqF9JkLB5glKjMFSWpn/9JIXHH3J4QWCcOW8bINPwzw8rtCDognJ
6jyqmvMyMREK4OTHpwG7TCKTNztARNL6PGQlSbU4NrkS4NTSZaNhIlGqxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNhkxT2evLlZF/Ecn28fdnw0PbqSMB8GA1UdIwQY
MBaAFIfalletH9+Y3nOLsZpz79DbCzoqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDlxV1Y2MGYzNWplYzR1eG1uUHYwTnNMT2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9iYmVlNWUtZGRiZC00Yjg1LWI0Y2Et
MmFlNDQwYTVjY2IwLzEvMkdURlBaNjh1VmtYOFJ5ZmJ4OTJmRFE5dXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9iYmVlNWUtZGRiZC00Yjg1LWI0Y2EtMmFlNDQwYTVjY2Iw
LzEvaDlxV1Y2MGYzNWplYzR1eG1uUHYwTnNMT2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+L8AwQC
wSI8MA0GCSqGSIb3DQEBCwUAA4IBAQBm/0yLX92Fot2OqOS0WZ1FYV8LugdJyXkf
LERb61LfEKlel4ss1sRxn15abi7wNGMtTUHPZRazxGKbFByIiZBeTnYIcCzKVcDY
+6thKjKy/du9smcA4j4+4lz4xIlN5DhSOTdi1xQVCeiMxKQ1uw6rA8ezvy89bNJO
DegkHaM2m0EEjGx6xMF9qRxmiP3r2nSGVbdb4txcM8RvTPqLXUnCvt2et80Z7FRm
YqaSzfIsB3Fb/59+4tXwxmL2fI0GlMchoLQGemF/wzMq9Bw3Q1rixo308/VLiWwK
piEKIhjCF1S8iChovJxC44mMBJitUggFwY23hXo+bukr/hw1P8fF
-----END CERTIFICATE-----
Generated at Sat Jun 7 21:07:20 2025 by rpki-client