Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/eZ1oRKw2ZmvD0_NWa-kdmh2g-eo.roa
File: eZ1oRKw2ZmvD0_NWa-kdmh2g-eo.roa (raw, json)
Hash identifier: 2jAE9EFeYAI0mBmHLdLHHE90HLI9cIG+7iKSbXwklN4=
Subject key identifier: 79:9D:68:44:AC:36:66:6B:C3:D3:F3:56:6B:E9:1D:9A:1D:A0:F9:EA
Certificate issuer: /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial: 01942143B041BCFA3A5FF3521F3DCE024828
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/eZ1oRKw2ZmvD0_NWa-kdmh2g-eo.roa
Signing time: Wed 01 Jan 2025 09:47:51 +0000
ROA not before: Wed 01 Jan 2025 09:47:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207709
IP address blocks: 2.56.152.0/24 maxlen: 24
2.56.153.0/24 maxlen: 24
2.56.154.0/24 maxlen: 24
2.56.155.0/24 maxlen: 24
185.242.160.0/24 maxlen: 24
185.242.161.0/24 maxlen: 24
185.242.162.0/24 maxlen: 24
185.242.163.0/24 maxlen: 24
195.85.216.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 21:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:b0:41:bc:fa:3a:5f:f3:52:1f:3d:ce:02:48:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Validity
Not Before: Jan 1 09:47:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=799d6844ac36666bc3d3f3566be91d9a1da0f9ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:76:c7:5e:4f:99:15:6d:ed:a1:84:a9:00:73:
30:20:25:0d:44:03:c0:aa:a1:de:6c:bc:de:91:5c:
70:d6:53:9d:a5:1b:f2:a3:fa:76:89:6f:fe:09:97:
50:07:05:89:b7:2f:ae:0f:c7:c1:35:5c:0e:a4:d5:
9d:1c:0d:ba:c1:2a:16:57:00:f7:6e:90:e4:f1:6a:
da:ec:fa:6d:c2:42:40:4f:cd:93:7b:4a:5f:0c:57:
6a:a2:0c:59:97:bb:61:13:fd:b1:42:ca:f4:ac:8f:
1e:bd:e4:fe:d8:44:7b:09:79:82:51:2f:ff:89:7d:
9c:de:0d:e4:8d:e3:7c:b4:49:f4:7c:c5:b1:10:c2:
5b:6d:2a:25:17:b2:21:08:b8:41:f0:e3:af:f7:53:
e2:69:e1:c2:6d:da:4c:3d:02:b3:bc:66:4f:a4:16:
98:57:b4:80:b4:2b:c0:7d:69:bb:95:36:95:02:47:
ec:b2:4c:c9:49:43:ab:ca:cc:8e:53:b7:44:8c:1c:
23:40:92:e1:b0:a5:ca:87:94:c6:a3:41:57:1a:b5:
e1:39:20:44:b5:f6:24:30:10:00:05:9f:8e:e4:70:
f2:70:7b:48:b4:10:9d:d1:62:fc:95:f4:46:51:b3:
f6:5f:07:c2:b1:80:c1:54:85:02:1c:74:53:c7:ed:
90:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:9D:68:44:AC:36:66:6B:C3:D3:F3:56:6B:E9:1D:9A:1D:A0:F9:EA
X509v3 Authority Key Identifier:
keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/eZ1oRKw2ZmvD0_NWa-kdmh2g-eo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.152.0/22
185.242.160.0/22
195.85.216.0/24
Signature Algorithm: sha256WithRSAEncryption
21:3e:e8:cb:c1:b8:23:2e:4b:bb:58:6e:1d:b7:33:04:73:4c:
19:f8:9a:e4:20:47:8a:5d:f1:a3:a6:62:10:de:4b:c6:81:46:
8c:57:88:64:54:70:6a:c0:bc:41:c8:31:99:3a:00:02:3d:6c:
83:b2:e1:ff:56:98:b8:72:67:7f:ee:fc:82:62:32:4a:92:f8:
66:78:52:fa:13:b9:ad:da:a7:48:80:cf:b5:08:38:cf:11:ca:
83:8d:6b:66:c1:f6:6e:28:2f:5d:ca:e4:cc:2d:ba:53:2d:e8:
c9:82:c9:40:64:13:03:83:25:6c:26:c3:80:47:4a:71:b1:69:
c5:b7:7c:76:97:dc:35:7d:80:92:dc:76:1b:06:cf:cc:15:70:
e7:be:f9:10:44:05:58:9a:28:13:ad:c8:8e:23:b5:c1:d6:2c:
f4:4b:d2:f9:9b:ac:1e:3e:a7:7c:3b:4a:75:ff:40:b1:94:a3:
7c:8a:f2:a2:83:ce:4c:14:63:d9:35:84:29:e2:67:47:f9:46:
fe:d1:11:d2:f6:4a:d6:19:d9:e7:f8:f0:9c:b9:4f:a2:47:c6:
b7:da:f0:42:a6:ee:59:b6:f6:f7:f9:6a:e4:b3:77:7f:eb:ea:
81:ac:d1:5d:d2:a6:8d:af:69:ea:1e:9b:51:7a:46:01:62:59:
09:a0:62:ef
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhQ7BBvPo6X/NSHz3OAkgoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUwMTAxMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTlkNjg0NGFjMzY2NjZiYzNkM2YzNTY2YmU5MWQ5YTFkYTBmOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HbHXk+ZFW3toYSpAHMwICUNRAPA
qqHebLzekVxw1lOdpRvyo/p2iW/+CZdQBwWJty+uD8fBNVwOpNWdHA26wSoWVwD3
bpDk8Wra7PptwkJAT82Te0pfDFdqogxZl7thE/2xQsr0rI8eveT+2ER7CXmCUS//
iX2c3g3kjeN8tEn0fMWxEMJbbSolF7IhCLhB8OOv91PiaeHCbdpMPQKzvGZPpBaY
V7SAtCvAfWm7lTaVAkfsskzJSUOrysyOU7dEjBwjQJLhsKXKh5TGo0FXGrXhOSBE
tfYkMBAABZ+O5HDycHtItBCd0WL8lfRGUbP2XwfCsYDBVIUCHHRTx+2QxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHmdaESsNmZrw9PzVmvpHZodoPnqMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvZVoxb1JLdzJabXZEMF9OV2Eta2RtaDJnLWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjiYAwQC
ufKgAwQAw1XYMA0GCSqGSIb3DQEBCwUAA4IBAQAhPujLwbgjLku7WG4dtzMEc0wZ
+JrkIEeKXfGjpmIQ3kvGgUaMV4hkVHBqwLxByDGZOgACPWyDsuH/Vpi4cmd/7vyC
YjJKkvhmeFL6E7mt2qdIgM+1CDjPEcqDjWtmwfZuKC9dyuTMLbpTLejJgslAZBMD
gyVsJsOAR0pxsWnFt3x2l9w1fYCS3HYbBs/MFXDnvvkQRAVYmigTrciOI7XB1iz0
S9L5m6wePqd8O0p1/0CxlKN8ivKig85MFGPZNYQp4mdH+Ub+0RHS9krWGdnn+PCc
uU+iR8a32vBCpu5Ztvb3+Wrks3d/6+qBrNFd0qaNr2nqHptRekYBYlkJoGLv
-----END CERTIFICATE-----
Generated at Sun Apr 6 03:41:47 2025 by rpki-client