Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e27d9b-cad6-4e1d-9d07-b7a6608a8fbc/1/K21ypNssIjRXFOw0fmL843PpW-s.roa
File: K21ypNssIjRXFOw0fmL843PpW-s.roa (raw, json)
Hash identifier: YKKmVgu8U+pfVl80ZWCnY8eOTJS6TtTJ/J+lDMSN7aE=
Subject key identifier: 2B:6D:72:A4:DB:2C:22:34:57:14:EC:34:7E:62:FC:E3:73:E9:5B:EB
Certificate issuer: /CN=c9265b8ba9e6190f2609787cd9d92efd48efbd9d
Certificate serial: 01941F8C17185389FA3F8013A7D851BAEEC3
Authority key identifier: C9:26:5B:8B:A9:E6:19:0F:26:09:78:7C:D9:D9:2E:FD:48:EF:BD:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ySZbi6nmGQ8mCXh82dku_UjvvZ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e27d9b-cad6-4e1d-9d07-b7a6608a8fbc/1/K21ypNssIjRXFOw0fmL843PpW-s.roa
Signing time: Wed 01 Jan 2025 01:47:42 +0000
ROA not before: Wed 01 Jan 2025 01:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8343
IP address blocks: 37.143.88.0/21 maxlen: 21
37.143.88.0/24 maxlen: 24
37.143.89.0/24 maxlen: 24
37.143.90.0/24 maxlen: 24
37.143.91.0/24 maxlen: 24
37.143.92.0/24 maxlen: 24
37.143.93.0/24 maxlen: 24
37.143.94.0/24 maxlen: 24
37.143.95.0/24 maxlen: 24
178.23.136.0/21 maxlen: 21
178.23.138.0/24 maxlen: 24
178.23.139.0/24 maxlen: 24
178.23.140.0/24 maxlen: 24
178.23.141.0/24 maxlen: 24
178.23.142.0/24 maxlen: 24
178.23.143.0/24 maxlen: 24
185.19.244.0/22 maxlen: 22
195.58.224.0/19 maxlen: 19
195.58.224.0/24 maxlen: 24
195.58.226.0/24 maxlen: 24
195.58.227.0/24 maxlen: 24
195.58.228.0/24 maxlen: 24
195.58.229.0/24 maxlen: 24
195.58.230.0/24 maxlen: 24
195.58.231.0/24 maxlen: 24
195.58.232.0/24 maxlen: 24
195.58.233.0/24 maxlen: 24
195.58.234.0/24 maxlen: 24
195.58.235.0/24 maxlen: 24
195.58.236.0/24 maxlen: 24
195.58.237.0/24 maxlen: 24
195.58.238.0/24 maxlen: 24
195.58.239.0/24 maxlen: 24
195.58.240.0/24 maxlen: 24
195.58.241.0/24 maxlen: 24
195.58.242.0/24 maxlen: 24
195.58.243.0/24 maxlen: 24
195.58.244.0/24 maxlen: 24
195.58.245.0/24 maxlen: 24
195.58.246.0/24 maxlen: 24
195.58.247.0/24 maxlen: 24
195.58.248.0/24 maxlen: 24
195.58.249.0/24 maxlen: 24
195.58.250.0/24 maxlen: 24
195.58.251.0/24 maxlen: 24
195.58.252.0/22 maxlen: 22
195.58.252.0/24 maxlen: 24
195.58.253.0/24 maxlen: 24
195.58.254.0/24 maxlen: 24
195.58.255.0/24 maxlen: 24
2a00:1b50::/32 maxlen: 32
2a00:1b50::/36 maxlen: 36
2a00:1b50:1::/48 maxlen: 48
2a00:1b50:10::/48 maxlen: 48
2a00:1b50:1000::/36 maxlen: 36
2a00:1b50:1000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e27d9b-cad6-4e1d-9d07-b7a6608a8fbc/1/ySZbi6nmGQ8mCXh82dku_UjvvZ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e27d9b-cad6-4e1d-9d07-b7a6608a8fbc/1/ySZbi6nmGQ8mCXh82dku_UjvvZ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/ySZbi6nmGQ8mCXh82dku_UjvvZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 13:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:17:18:53:89:fa:3f:80:13:a7:d8:51:ba:ee:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c9265b8ba9e6190f2609787cd9d92efd48efbd9d
Validity
Not Before: Jan 1 01:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b6d72a4db2c22345714ec347e62fce373e95beb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:b4:63:45:cc:b5:58:7a:eb:c0:ce:46:90:ee:
17:a5:e3:da:a4:cc:f1:43:ef:ed:b7:8f:6c:af:23:
64:05:d1:dd:14:24:c8:e9:54:db:eb:01:d4:85:7d:
fe:99:d2:df:34:c5:4e:aa:54:60:00:b0:07:4a:8a:
d5:46:fd:77:55:c0:d9:19:6f:0a:ea:d8:5d:d8:a7:
58:68:cc:0e:0d:6b:9d:55:6c:d0:a2:47:3a:5a:cf:
8e:93:f6:44:97:1e:4a:5c:e9:bd:b6:fe:c7:e4:f5:
38:ac:47:4e:fd:45:2f:76:98:ae:52:b8:e2:a8:41:
4a:60:1a:04:93:85:ea:f8:81:9a:c6:16:31:e0:d9:
fa:13:49:8c:db:0e:dd:93:f5:cb:00:87:df:fb:1b:
1d:26:eb:30:37:a7:df:ea:ba:5d:01:9f:21:8c:ac:
2e:00:68:02:6c:b2:9a:69:2b:4e:6c:44:8f:7f:7b:
a7:5c:3c:67:16:96:51:d7:27:4e:43:4f:e4:67:ee:
e1:5a:b1:c0:1f:d9:d8:10:1c:53:0c:09:af:34:b6:
f1:bd:9b:b9:5b:37:26:cd:cd:7f:58:0d:44:b2:c0:
0c:49:2c:01:5c:25:27:e3:eb:da:9b:d2:4b:11:4c:
66:bf:93:30:80:da:e1:75:c6:24:81:88:c5:20:36:
dc:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:6D:72:A4:DB:2C:22:34:57:14:EC:34:7E:62:FC:E3:73:E9:5B:EB
X509v3 Authority Key Identifier:
keyid:C9:26:5B:8B:A9:E6:19:0F:26:09:78:7C:D9:D9:2E:FD:48:EF:BD:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ySZbi6nmGQ8mCXh82dku_UjvvZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e27d9b-cad6-4e1d-9d07-b7a6608a8fbc/1/K21ypNssIjRXFOw0fmL843PpW-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e27d9b-cad6-4e1d-9d07-b7a6608a8fbc/1/ySZbi6nmGQ8mCXh82dku_UjvvZ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.88.0/21
178.23.136.0/21
185.19.244.0/22
195.58.224.0/19
IPv6:
2a00:1b50::/32
Signature Algorithm: sha256WithRSAEncryption
47:4e:15:71:82:74:d2:2f:5e:0c:eb:80:15:78:3d:1a:a8:cc:
6e:5f:de:4b:53:d8:cd:c9:3b:4d:ce:7a:96:1e:8e:a3:59:42:
a0:73:4b:43:1a:d9:32:dd:1e:ad:f3:ab:e3:a8:b1:e1:66:8b:
07:88:35:b7:76:44:28:f0:c5:20:16:ae:52:8e:6b:0a:e4:eb:
da:d7:45:1e:e5:0a:2c:bb:2d:ed:18:cf:ff:a6:1c:0c:7f:04:
97:c3:f2:da:43:26:c0:0c:f7:93:dd:a8:bb:c7:0f:b3:8c:ec:
3e:be:71:33:ed:b7:4b:2e:7a:51:f3:e3:3d:ca:af:f3:38:4f:
ad:d7:f5:30:db:25:5e:2d:e7:e1:2f:9b:87:7d:5b:ae:a9:d8:
9c:49:20:4e:2f:0c:b8:1d:ec:b5:21:c9:4c:80:b5:59:07:72:
24:09:98:24:ff:05:ed:5b:30:a7:4d:25:7b:fd:b1:81:62:64:
26:7c:02:2b:a1:13:de:49:23:23:c7:f9:69:b4:4c:4f:f0:c4:
3e:6e:61:5a:2d:bd:4d:27:83:36:9e:32:ff:fb:7b:b5:b7:1a:
ad:b1:8d:8f:20:c5:a7:fc:25:3e:d5:22:ff:d2:e8:81:1a:f6:
47:61:5c:30:21:83:21:aa:40:c7:ab:01:d5:d2:d2:fe:1f:2f:
be:8f:8b:b3
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQfjBcYU4n6P4ATp9hRuu7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MjY1YjhiYTllNjE5MGYyNjA5Nzg3Y2Q5ZDkyZWZkNDhl
ZmJkOWQwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZkNzJhNGRiMmMyMjM0NTcxNGVjMzQ3ZTYyZmNlMzczZTk1YmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rRjRcy1WHrrwM5GkO4XpePapMzx
Q+/tt49sryNkBdHdFCTI6VTb6wHUhX3+mdLfNMVOqlRgALAHSorVRv13VcDZGW8K
6thd2KdYaMwODWudVWzQokc6Ws+Ok/ZElx5KXOm9tv7H5PU4rEdO/UUvdpiuUrji
qEFKYBoEk4Xq+IGaxhYx4Nn6E0mM2w7dk/XLAIff+xsdJuswN6ff6rpdAZ8hjKwu
AGgCbLKaaStObESPf3unXDxnFpZR1ydOQ0/kZ+7hWrHAH9nYEBxTDAmvNLbxvZu5
Wzcmzc1/WA1EssAMSSwBXCUn4+vam9JLEUxmv5MwgNrhdcYkgYjFIDbcWwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFCttcqTbLCI0VxTsNH5i/ONz6VvrMB8GA1UdIwQY
MBaAFMkmW4up5hkPJgl4fNnZLv1I772dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVNaYmk2bm1HUThtQ1hoODJka3VfVWp2dlowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMjdkOWItY2FkNi00ZTFkLTlkMDct
YjdhNjYwOGE4ZmJjLzEvSzIxeXBOc3NJalJYRk93MGZtTDg0M1BwVy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMjdkOWItY2FkNi00ZTFkLTlkMDctYjdhNjYwOGE4ZmJj
LzEveVNaYmk2bm1HUThtQ1hoODJka3VfVWp2dlowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDJY9YAwQD
sheIAwQCuRP0AwQFwzrgMA0EAgACMAcDBQAqABtQMA0GCSqGSIb3DQEBCwUAA4IB
AQBHThVxgnTSL14M64AVeD0aqMxuX95LU9jNyTtNznqWHo6jWUKgc0tDGtky3R6t
86vjqLHhZosHiDW3dkQo8MUgFq5SjmsK5Ova10Ue5Qosuy3tGM//phwMfwSXw/La
QybADPeT3ai7xw+zjOw+vnEz7bdLLnpR8+M9yq/zOE+t1/Uw2yVeLefhL5uHfVuu
qdicSSBOLwy4Hey1IclMgLVZB3IkCZgk/wXtWzCnTSV7/bGBYmQmfAIroRPeSSMj
x/lptExP8MQ+bmFaLb1NJ4M2njL/+3u1txqtsY2PIMWn/CU+1SL/0uiBGvZHYVww
IYMhqkDHqwHV0tL+Hy++j4uz
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:32:46 2025 by rpki-client