Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/YIWnRcAakVGioTGRMmr97QBMxt8.roa
File: YIWnRcAakVGioTGRMmr97QBMxt8.roa (raw, json)
Hash identifier: 0pAd524EgOV9gt8eDHTEF8KH00KSBimBO4oKROwsaA0=
Subject key identifier: 60:85:A7:45:C0:1A:91:51:A2:A1:31:91:32:6A:FD:ED:00:4C:C6:DF
Certificate issuer: /CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Certificate serial: 01954E5FDC09767591F79F2A5943418E0087
Authority key identifier: 44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/YIWnRcAakVGioTGRMmr97QBMxt8.roa
Signing time: Fri 28 Feb 2025 21:04:19 +0000
ROA not before: Fri 28 Feb 2025 21:04:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50012
IP address blocks: 31.129.232.0/24 maxlen: 24
31.129.233.0/24 maxlen: 24
31.129.234.0/24 maxlen: 24
31.129.235.0/24 maxlen: 24
31.129.251.0/24 maxlen: 24
213.5.192.0/24 maxlen: 24
213.5.193.0/24 maxlen: 24
213.5.194.0/24 maxlen: 24
213.5.195.0/24 maxlen: 24
213.5.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.mft
rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 21:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:4e:5f:dc:09:76:75:91:f7:9f:2a:59:43:41:8e:00:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Validity
Not Before: Feb 28 21:04:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6085a745c01a9151a2a13191326afded004cc6df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:36:e7:2f:ee:e8:50:67:3f:93:d6:50:77:08:
2a:09:36:1b:e9:b1:db:02:90:08:71:96:da:ea:e0:
f1:38:ca:62:1a:8e:71:a5:12:97:72:e6:08:b1:df:
cb:59:e8:0d:fa:46:9f:61:6a:1f:be:4b:3c:38:4b:
bf:0b:b5:0c:2e:0f:bc:1a:19:3e:8e:78:5c:92:85:
25:e8:29:0e:da:26:8c:ea:1b:b2:66:95:a8:68:85:
1b:ec:bf:c0:4c:1d:bd:16:d9:ac:10:22:13:7e:93:
41:a7:39:f6:b6:d4:8a:0d:35:11:e4:6b:9d:78:62:
2f:d4:c2:a5:d6:de:99:97:09:12:07:b6:5b:52:69:
39:d2:aa:34:c1:db:27:c5:4c:37:8f:3e:00:b3:ad:
ad:7f:a4:f8:96:74:36:b1:95:55:f3:f1:75:66:0f:
b0:e5:7c:21:b2:a3:48:a0:41:f2:6d:de:a6:36:5c:
58:02:cb:e5:81:14:2f:14:c8:9f:a4:7f:47:a4:01:
55:cd:fb:c3:ef:d0:87:a6:40:9e:85:24:1a:f3:35:
cf:58:3f:8d:58:71:7c:0e:64:b9:22:17:1c:a8:8f:
63:5c:a7:89:ef:fb:fc:73:c3:4f:b2:87:38:3c:8b:
77:8e:d9:e2:f3:b5:ed:16:17:db:54:85:c2:5c:e3:
32:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:85:A7:45:C0:1A:91:51:A2:A1:31:91:32:6A:FD:ED:00:4C:C6:DF
X509v3 Authority Key Identifier:
keyid:44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/YIWnRcAakVGioTGRMmr97QBMxt8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.232.0/22
31.129.251.0/24
213.5.192.0-213.5.196.255
Signature Algorithm: sha256WithRSAEncryption
01:35:3a:e8:dd:a7:8c:7b:a8:74:62:be:94:86:1e:0f:b9:c8:
46:7e:c9:c5:5e:02:30:1d:25:d4:00:00:7b:45:08:ea:a0:ca:
a2:f4:27:76:eb:38:86:43:44:58:e7:30:c0:27:f3:1d:97:c7:
36:92:d6:39:54:f8:61:13:53:b3:be:7c:d2:ca:ef:c4:52:9f:
6c:78:72:8d:1f:88:36:87:3b:d5:35:9f:c7:f7:da:cc:ea:ed:
f9:28:2d:9a:49:37:20:ee:90:e0:52:ca:a4:04:2f:fd:11:c2:
a5:c5:49:14:9b:c0:9b:f9:ca:05:1d:85:a6:11:a1:01:36:2c:
72:1f:7f:33:04:fb:e2:6c:eb:79:dd:26:23:10:93:51:71:b2:
8d:d0:30:80:1c:0e:4f:2d:90:93:68:16:d4:aa:a4:a6:d0:b8:
fa:87:bf:42:ce:81:1b:56:47:27:99:38:b5:07:c0:f6:74:15:
dc:ff:7b:28:ce:f0:3e:74:d4:69:d2:b5:da:f0:96:59:60:e7:
c0:06:48:ae:c8:c3:f6:d0:79:a8:c5:2a:94:45:cd:c6:5b:d8:
c0:4f:6e:c2:67:e4:61:6a:6b:09:83:ea:e3:0a:a7:a3:48:7e:
b4:ff:9a:6e:bf:81:19:d2:24:09:81:db:76:56:34:f2:b6:1b:
29:c5:4c:87
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZVOX9wJdnWR958qWUNBjgCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NDRjN2MzYWQzNGI2OTc3ZmExOGEyMjM3Y2EzMDZiOWJl
ZTA4ZTAwHhcNMjUwMjI4MjEwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDg1YTc0NWMwMWE5MTUxYTJhMTMxOTEzMjZhZmRlZDAwNGNjNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTbnL+7oUGc/k9ZQdwgqCTYb6bHb
ApAIcZba6uDxOMpiGo5xpRKXcuYIsd/LWegN+kafYWofvks8OEu/C7UMLg+8Ghk+
jnhckoUl6CkO2iaM6huyZpWoaIUb7L/ATB29FtmsECITfpNBpzn2ttSKDTUR5Gud
eGIv1MKl1t6ZlwkSB7ZbUmk50qo0wdsnxUw3jz4As62tf6T4lnQ2sZVV8/F1Zg+w
5XwhsqNIoEHybd6mNlxYAsvlgRQvFMifpH9HpAFVzfvD79CHpkCehSQa8zXPWD+N
WHF8DmS5IhccqI9jXKeJ7/v8c8NPsoc4PIt3jtni87XtFhfbVIXCXOMyxwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGCFp0XAGpFRoqExkTJq/e0ATMbfMB8GA1UdIwQY
MBaAFEREx8OtNLaXf6GKIjfKMGub7gjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEt
ODYzYzliM2QzMmIwLzEvWUlXblJjQWFrVkdpb1RHUk1tcjk3UUJNeHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEtODYzYzliM2QzMmIw
LzEvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCH4HoAwQA
H4H7MAwDBAbVBcADBADVBcQwDQYJKoZIhvcNAQELBQADggEBAAE1Oujdp4x7qHRi
vpSGHg+5yEZ+ycVeAjAdJdQAAHtFCOqgyqL0J3brOIZDRFjnMMAn8x2XxzaS1jlU
+GETU7O+fNLK78RSn2x4co0fiDaHO9U1n8f32szq7fkoLZpJNyDukOBSyqQEL/0R
wqXFSRSbwJv5ygUdhaYRoQE2LHIffzME++Js63ndJiMQk1Fxso3QMIAcDk8tkJNo
FtSqpKbQuPqHv0LOgRtWRyeZOLUHwPZ0Fdz/eyjO8D501GnStdrwlllg58AGSK7I
w/bQeajFKpRFzcZb2MBPbsJn5GFqawmD6uMKp6NIfrT/mm6/gRnSJAmB23ZWNPK2
GynFTIc=
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:23:04 2025 by rpki-client