Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/13ea1f-0bc1-457c-8ab5-04e812d48e72/1/r-rzdWQIevQsRXpy8ArPMXKhl5I.roa
File: r-rzdWQIevQsRXpy8ArPMXKhl5I.roa (raw, json)
Hash identifier: paqGO5ZL3o7kODmIqJwv4WV1pj5fNgUoAM39DR0ohR0=
Subject key identifier: AF:EA:F3:75:64:08:7A:F4:2C:45:7A:72:F0:0A:CF:31:72:A1:97:92
Certificate issuer: /CN=0fe39b41074c7d6adc8ee274e239f7b8eb3585e9
Certificate serial: 0196332C3E49A954937AAB5DC9D32B8F4A6C
Authority key identifier: 0F:E3:9B:41:07:4C:7D:6A:DC:8E:E2:74:E2:39:F7:B8:EB:35:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D-ObQQdMfWrcjuJ04jn3uOs1hek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/19/13ea1f-0bc1-457c-8ab5-04e812d48e72/1/r-rzdWQIevQsRXpy8ArPMXKhl5I.roa
Signing time: Mon 14 Apr 2025 07:20:59 +0000
ROA not before: Mon 14 Apr 2025 07:20:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12338
IP address blocks: 5.159.128.0/18 maxlen: 23
37.218.0.0/17 maxlen: 17
62.99.0.0/17 maxlen: 17
81.9.128.0/17 maxlen: 24
82.130.128.0/17 maxlen: 24
83.213.0.0/16 maxlen: 22
85.84.0.0/16 maxlen: 22
85.85.0.0/16 maxlen: 22
85.86.0.0/16 maxlen: 16
85.87.0.0/16 maxlen: 24
91.116.0.0/18 maxlen: 24
178.60.64.0/18 maxlen: 24
185.116.180.0/22 maxlen: 22
212.8.64.0/18 maxlen: 18
212.55.0.0/19 maxlen: 19
212.142.128.0/17 maxlen: 17
2a00:7b00::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/19/13ea1f-0bc1-457c-8ab5-04e812d48e72/1/D-ObQQdMfWrcjuJ04jn3uOs1hek.crl
rsync://rpki.ripe.net/repository/DEFAULT/19/13ea1f-0bc1-457c-8ab5-04e812d48e72/1/D-ObQQdMfWrcjuJ04jn3uOs1hek.mft
rsync://rpki.ripe.net/repository/DEFAULT/D-ObQQdMfWrcjuJ04jn3uOs1hek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 20 Apr 2025 13:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:33:2c:3e:49:a9:54:93:7a:ab:5d:c9:d3:2b:8f:4a:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0fe39b41074c7d6adc8ee274e239f7b8eb3585e9
Validity
Not Before: Apr 14 07:20:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afeaf37564087af42c457a72f00acf3172a19792
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:47:21:87:21:64:29:7d:59:e1:dd:a3:e0:74:
ec:d4:ab:14:83:79:57:4b:d8:f3:cf:42:e8:34:98:
9a:3d:98:9e:9f:00:1d:d0:e0:d5:35:dc:e3:36:b9:
a7:b2:59:b4:c7:4c:c6:c7:c6:7d:6d:e2:5d:f7:ba:
30:13:a0:e5:0c:b9:92:9e:82:e9:d1:b0:79:8e:30:
45:49:b4:e4:37:a3:97:44:0c:47:44:c8:d5:c5:08:
5c:23:8d:1a:94:6e:37:c7:0a:64:ae:5d:de:27:8d:
4f:4c:7d:75:01:e4:97:d2:86:59:e5:e9:f2:54:bb:
e3:d9:c3:ef:73:f4:01:82:cc:89:46:ca:2f:1b:36:
f5:6e:07:74:fe:b4:1f:0b:6b:18:e2:fb:c7:e5:eb:
64:00:5f:93:ba:f1:69:67:fa:21:5b:61:19:96:e8:
53:ed:dd:aa:1d:42:d0:b0:60:36:fe:94:99:2d:1e:
9c:3c:24:57:aa:41:f6:34:01:c8:cc:8a:0d:ae:18:
3b:a7:19:8c:0c:95:81:9d:9a:ff:1c:8d:93:39:a6:
71:25:b3:a0:19:fe:55:9d:40:73:45:0d:f7:e2:f4:
f1:33:d1:30:e1:4f:5f:81:86:07:32:e4:02:25:bc:
19:3b:c5:23:c3:cf:71:42:40:fa:81:3c:3c:9c:d9:
2f:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:EA:F3:75:64:08:7A:F4:2C:45:7A:72:F0:0A:CF:31:72:A1:97:92
X509v3 Authority Key Identifier:
keyid:0F:E3:9B:41:07:4C:7D:6A:DC:8E:E2:74:E2:39:F7:B8:EB:35:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-ObQQdMfWrcjuJ04jn3uOs1hek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/13ea1f-0bc1-457c-8ab5-04e812d48e72/1/r-rzdWQIevQsRXpy8ArPMXKhl5I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/19/13ea1f-0bc1-457c-8ab5-04e812d48e72/1/D-ObQQdMfWrcjuJ04jn3uOs1hek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.128.0/18
37.218.0.0/17
62.99.0.0/17
81.9.128.0/17
82.130.128.0/17
83.213.0.0/16
85.84.0.0/14
91.116.0.0/18
178.60.64.0/18
185.116.180.0/22
212.8.64.0/18
212.55.0.0/19
212.142.128.0/17
IPv6:
2a00:7b00::/29
Signature Algorithm: sha256WithRSAEncryption
3f:fe:80:70:4f:97:73:be:4f:6a:56:57:28:a3:97:28:d4:c8:
ab:ea:48:c8:ff:ba:46:03:24:0b:71:95:21:41:3e:2d:2b:6e:
a1:c2:1d:36:aa:98:77:ab:5b:87:6d:be:07:7c:03:a3:f4:b7:
ce:db:ea:f3:87:cf:00:a0:49:de:99:5e:48:ca:c1:80:17:a3:
ed:6e:bf:67:ea:eb:71:f8:2e:70:2c:e0:e9:99:ca:8c:2f:22:
c4:0f:4c:16:d2:20:56:0f:5c:c5:3c:69:9c:0b:c5:a3:e4:dc:
01:c9:61:e8:f3:d2:85:52:52:00:0f:b5:d3:d0:01:fb:a2:57:
ed:17:98:43:84:1e:ad:4b:57:e3:e7:2c:69:67:f1:84:e9:58:
65:65:30:3d:97:da:72:b5:55:a2:43:36:f5:db:28:24:b2:e3:
9e:09:c9:aa:18:65:47:9e:9c:c4:a5:13:76:95:f7:c4:cc:78:
58:fc:65:1a:64:4e:7c:f2:d2:08:5f:f5:19:c1:d5:c3:de:b1:
9b:4d:19:51:fe:c8:e7:e6:68:4e:fe:43:d0:86:89:3d:fc:5b:
4d:bb:95:83:65:61:55:b5:eb:13:e0:4a:6f:fc:09:42:32:ba:
0b:d0:a4:c2:18:41:06:5f:8e:39:0c:2b:4c:1c:a8:ae:9f:17:
5c:fa:23:d1
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZYzLD5JqVSTeqtdydMrj0psMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZTM5YjQxMDc0YzdkNmFkYzhlZTI3NGUyMzlmN2I4ZWIz
NTg1ZTkwHhcNMjUwNDE0MDcyMDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmVhZjM3NTY0MDg3YWY0MmM0NTdhNzJmMDBhY2YzMTcyYTE5NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEchhyFkKX1Z4d2j4HTs1KsUg3lX
S9jzz0LoNJiaPZienwAd0ODVNdzjNrmnslm0x0zGx8Z9beJd97owE6DlDLmSnoLp
0bB5jjBFSbTkN6OXRAxHRMjVxQhcI40alG43xwpkrl3eJ41PTH11AeSX0oZZ5eny
VLvj2cPvc/QBgsyJRsovGzb1bgd0/rQfC2sY4vvH5etkAF+TuvFpZ/ohW2EZluhT
7d2qHULQsGA2/pSZLR6cPCRXqkH2NAHIzIoNrhg7pxmMDJWBnZr/HI2TOaZxJbOg
Gf5VnUBzRQ334vTxM9Ew4U9fgYYHMuQCJbwZO8Ujw89xQkD6gTw8nNkvJQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFK/q83VkCHr0LEV6cvAKzzFyoZeSMB8GA1UdIwQY
MBaAFA/jm0EHTH1q3I7idOI597jrNYXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1PYlFRZE1mV3JjanVKMDRqbjN1T3MxaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8xM2VhMWYtMGJjMS00NTdjLThhYjUt
MDRlODEyZDQ4ZTcyLzEvci1yemRXUUlldlFzUlhweThBclBNWEtobDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8xM2VhMWYtMGJjMS00NTdjLThhYjUtMDRlODEyZDQ4ZTcy
LzEvRC1PYlFRZE1mV3JjanVKMDRqbjN1T3MxaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMAwQGBZ+AAwQH
JdoAAwQHPmMAAwQHUQmAAwQHUoKAAwMAU9UDAwJVVAMEBlt0AAMEBrI8QAMEArl0
tAMEBtQIQAMEBdQ3AAMEB9SOgDANBAIAAjAHAwUDKgB7ADANBgkqhkiG9w0BAQsF
AAOCAQEAP/6AcE+Xc75PalZXKKOXKNTIq+pIyP+6RgMkC3GVIUE+LStuocIdNqqY
d6tbh22+B3wDo/S3ztvq84fPAKBJ3pleSMrBgBej7W6/Z+rrcfgucCzg6ZnKjC8i
xA9MFtIgVg9cxTxpnAvFo+TcAclh6PPShVJSAA+109AB+6JX7ReYQ4QerUtX4+cs
aWfxhOlYZWUwPZfacrVVokM29dsoJLLjngnJqhhlR56cxKUTdpX3xMx4WPxlGmRO
fPLSCF/1GcHVw96xm00ZUf7I5+ZoTv5D0IaJPfxbTbuVg2VhVbXrE+BKb/wJQjK6
C9CkwhhBBl+OOQwrTByorp8XXPoj0Q==
-----END CERTIFICATE-----
Generated at Sun Apr 20 00:13:45 2025 by rpki-client