Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/l2_sIOs4HMyf2OgLQgyJY2hl_f0.roa
File: l2_sIOs4HMyf2OgLQgyJY2hl_f0.roa (raw, json)
Hash identifier: ux1UyG4HPgGv7Al9zX4rAYUS2Y3nKcLtZPuBWZDi2xs=
Subject key identifier: 97:6F:EC:20:EB:38:1C:CC:9F:D8:E8:0B:42:0C:89:63:68:65:FD:FD
Certificate issuer: /CN=c7671270b69cec504606b126c4ca833816af7da4
Certificate serial: 019716E3756841194FA91F3F28F57AF1EDDD
Authority key identifier: C7:67:12:70:B6:9C:EC:50:46:06:B1:26:C4:CA:83:38:16:AF:7D:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x2cScLac7FBGBrEmxMqDOBavfaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/l2_sIOs4HMyf2OgLQgyJY2hl_f0.roa
Signing time: Wed 28 May 2025 12:34:54 +0000
ROA not before: Wed 28 May 2025 12:34:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216323
IP address blocks: 45.11.199.0/24 maxlen: 24
45.131.35.0/24 maxlen: 24
185.190.44.0/24 maxlen: 24
2a12:9e80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/x2cScLac7FBGBrEmxMqDOBavfaQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/x2cScLac7FBGBrEmxMqDOBavfaQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/x2cScLac7FBGBrEmxMqDOBavfaQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 15:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:16:e3:75:68:41:19:4f:a9:1f:3f:28:f5:7a:f1:ed:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7671270b69cec504606b126c4ca833816af7da4
Validity
Not Before: May 28 12:34:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=976fec20eb381ccc9fd8e80b420c89636865fdfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:7d:d9:a4:b4:0e:2f:7a:0e:b0:c3:5e:36:f9:
10:c2:69:01:e6:d3:a1:ef:fd:c8:04:84:30:36:b3:
fc:88:05:8f:38:cf:6f:31:51:3a:c1:b3:e2:33:a1:
27:59:fc:67:5f:8a:4c:83:1e:20:71:09:7f:38:c5:
76:80:22:5b:64:bd:64:f0:8b:6c:0d:b2:a4:0c:21:
d8:32:cc:30:50:79:98:97:20:ed:b7:67:b8:95:c6:
69:fc:f6:c2:3b:69:8d:3c:9b:87:17:48:35:dc:38:
ce:7c:d0:4b:3a:95:f1:5c:fe:fe:77:2c:50:60:73:
ae:02:21:bc:f3:fd:5f:cc:8a:d2:19:28:63:59:11:
ed:4b:17:d4:54:7a:b8:4b:81:65:95:86:3a:07:a2:
43:6f:8c:72:1c:f6:dd:5d:41:89:5d:17:d6:88:e0:
36:10:df:dc:04:78:df:65:19:c8:e3:63:30:81:29:
94:d1:52:77:94:c9:fa:3a:1f:e5:89:b0:85:62:7f:
31:ce:41:b8:c7:6c:8e:f8:a8:7e:5d:98:90:2a:fc:
a0:aa:e2:c5:2a:df:b4:dd:85:b6:1c:f2:66:8f:69:
29:b3:c5:61:69:47:69:e7:a4:4c:61:39:64:05:70:
83:81:06:84:a1:69:dc:65:37:3f:8c:32:14:68:1f:
f8:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:6F:EC:20:EB:38:1C:CC:9F:D8:E8:0B:42:0C:89:63:68:65:FD:FD
X509v3 Authority Key Identifier:
keyid:C7:67:12:70:B6:9C:EC:50:46:06:B1:26:C4:CA:83:38:16:AF:7D:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2cScLac7FBGBrEmxMqDOBavfaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/l2_sIOs4HMyf2OgLQgyJY2hl_f0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/x2cScLac7FBGBrEmxMqDOBavfaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.199.0/24
45.131.35.0/24
185.190.44.0/24
IPv6:
2a12:9e80::/29
Signature Algorithm: sha256WithRSAEncryption
17:b5:b7:2d:af:6b:99:f6:54:c1:f0:0c:c3:6f:36:08:ef:21:
56:c0:5d:3e:b4:90:31:38:08:26:b8:65:ae:60:f9:0a:df:31:
3d:7b:2a:00:ec:17:75:f0:f5:39:0a:9a:86:84:c4:64:6b:51:
0b:3b:36:89:2d:38:cc:56:78:84:ed:12:e5:95:f5:34:15:5e:
72:54:76:36:b7:e3:51:c8:cc:ae:78:31:1a:f0:03:50:4c:59:
25:72:78:13:6a:f8:b8:c1:73:5c:88:1e:1b:2b:b2:35:fd:35:
1e:11:9b:0b:7a:a2:9c:44:f5:17:13:97:c6:cc:92:ac:83:90:
53:40:a0:18:15:96:93:a5:f5:7a:e0:1f:6a:e6:21:74:e3:9c:
54:61:68:30:4a:7d:28:67:99:b2:84:07:a4:93:c3:22:de:a8:
03:8e:51:ea:e7:ae:3d:1c:8b:34:3d:9f:bd:4a:3f:0a:c5:8e:
9d:d0:ad:3c:35:a7:df:15:21:43:5c:28:64:71:6a:9e:22:88:
92:60:98:8e:a7:5e:ce:b4:59:94:46:5e:1c:ff:0e:a8:de:37:
eb:37:f4:50:1e:73:ca:3a:58:e0:08:e0:f6:46:51:8e:ad:14:
37:83:32:04:f4:52:22:d6:21:9c:72:14:ef:2f:44:b1:69:fe:
d9:f5:3d:02
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZcW43VoQRlPqR8/KPV68e3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NjcxMjcwYjY5Y2VjNTA0NjA2YjEyNmM0Y2E4MzM4MTZh
ZjdkYTQwHhcNMjUwNTI4MTIzNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZmZWMyMGViMzgxY2NjOWZkOGU4MGI0MjBjODk2MzY4NjVmZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn3ZpLQOL3oOsMNeNvkQwmkB5tOh
7/3IBIQwNrP8iAWPOM9vMVE6wbPiM6EnWfxnX4pMgx4gcQl/OMV2gCJbZL1k8Its
DbKkDCHYMswwUHmYlyDtt2e4lcZp/PbCO2mNPJuHF0g13DjOfNBLOpXxXP7+dyxQ
YHOuAiG88/1fzIrSGShjWRHtSxfUVHq4S4FllYY6B6JDb4xyHPbdXUGJXRfWiOA2
EN/cBHjfZRnI42MwgSmU0VJ3lMn6Oh/libCFYn8xzkG4x2yO+Kh+XZiQKvygquLF
Kt+03YW2HPJmj2kps8VhaUdp56RMYTlkBXCDgQaEoWncZTc/jDIUaB/4NwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJdv7CDrOBzMn9joC0IMiWNoZf39MB8GA1UdIwQY
MBaAFMdnEnC2nOxQRgaxJsTKgzgWr32kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJjU2NMYWM3RkJHQnJFbXhNcURPQmF2ZmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hZWI3MGEtYTNmYy00NDYzLWE3Y2Qt
OTg2ZWEyMDNmOWVjLzEvbDJfc0lPczRITXlmMk9nTFFneUpZMmhsX2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hZWI3MGEtYTNmYy00NDYzLWE3Y2QtOTg2ZWEyMDNmOWVj
LzEveDJjU2NMYWM3RkJHQnJFbXhNcURPQmF2ZmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQALQvHAwQA
LYMjAwQAub4sMA0EAgACMAcDBQMqEp6AMA0GCSqGSIb3DQEBCwUAA4IBAQAXtbct
r2uZ9lTB8AzDbzYI7yFWwF0+tJAxOAgmuGWuYPkK3zE9eyoA7Bd18PU5CpqGhMRk
a1ELOzaJLTjMVniE7RLllfU0FV5yVHY2t+NRyMyueDEa8ANQTFklcngTavi4wXNc
iB4bK7I1/TUeEZsLeqKcRPUXE5fGzJKsg5BTQKAYFZaTpfV64B9q5iF045xUYWgw
Sn0oZ5myhAekk8Mi3qgDjlHq5649HIs0PZ+9Sj8KxY6d0K08NaffFSFDXChkcWqe
IoiSYJiOp17OtFmURl4c/w6o3jfrN/RQHnPKOljgCOD2RlGOrRQ3gzIE9FIi1iGc
chTvL0Sxaf7Z9T0C
-----END CERTIFICATE-----
Generated at Sun Jun 8 02:00:47 2025 by rpki-client