Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/CruS4RCbJ49Pu5Wwb_1XqSerrYI.roa
File: CruS4RCbJ49Pu5Wwb_1XqSerrYI.roa (raw, json)
Hash identifier: Ko0xCKKscwZ3FBqqxABrJh1g8/pe6GJlkpoJ1sO6fuc=
Subject key identifier: 0A:BB:92:E1:10:9B:27:8F:4F:BB:95:B0:6F:FD:57:A9:27:AB:AD:82
Certificate issuer: /CN=cb5799d8d05f4a020011dca8031762bea012255d
Certificate serial: 01970B88A9C50B88360800CE9954461AB61D
Authority key identifier: CB:57:99:D8:D0:5F:4A:02:00:11:DC:A8:03:17:62:BE:A0:12:25:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y1eZ2NBfSgIAEdyoAxdivqASJV0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/CruS4RCbJ49Pu5Wwb_1XqSerrYI.roa
Signing time: Mon 26 May 2025 07:39:55 +0000
ROA not before: Mon 26 May 2025 07:39:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39700
IP address blocks: 31.210.19.0/24 maxlen: 24
45.86.176.0/22 maxlen: 24
86.58.208.0/21 maxlen: 24
93.90.64.0/22 maxlen: 24
157.97.112.0/21 maxlen: 24
185.54.180.0/22 maxlen: 24
193.148.20.0/22 maxlen: 24
2a02:4660::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/y1eZ2NBfSgIAEdyoAxdivqASJV0.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/y1eZ2NBfSgIAEdyoAxdivqASJV0.mft
rsync://rpki.ripe.net/repository/DEFAULT/y1eZ2NBfSgIAEdyoAxdivqASJV0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 02:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:0b:88:a9:c5:0b:88:36:08:00:ce:99:54:46:1a:b6:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb5799d8d05f4a020011dca8031762bea012255d
Validity
Not Before: May 26 07:39:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0abb92e1109b278f4fbb95b06ffd57a927abad82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:b5:5e:37:21:57:b8:a6:8b:17:89:c8:fd:44:
1d:b0:0e:51:79:6c:0e:18:eb:e8:3b:d2:a9:e5:05:
58:96:a3:2a:a5:e5:16:40:9a:63:3f:7f:bf:46:42:
89:23:6f:a8:c8:b9:2a:66:41:59:8e:d2:cc:68:15:
91:7a:1f:f2:c2:8d:b0:d0:65:11:97:21:a6:8b:e7:
af:89:f2:88:fe:ca:e1:b3:45:30:6b:76:fe:4d:b9:
21:39:db:ca:8c:6e:32:be:64:cd:a0:95:db:6e:12:
b1:6b:ef:96:7e:8e:59:11:16:1c:55:e5:95:65:4a:
ae:31:b6:69:91:d7:31:bd:fd:9e:4c:65:cc:63:12:
32:b2:82:b2:d4:d8:d0:1b:05:59:59:1f:32:30:5a:
f9:6e:8c:9e:fd:e2:c8:0d:18:48:07:8a:63:53:04:
de:93:2e:ad:4d:be:a4:1f:e5:5c:a5:b4:37:da:43:
7f:8b:48:ff:23:ed:8e:be:81:18:4e:9e:ce:96:0b:
59:08:1d:06:4a:99:7a:02:22:31:69:54:a1:35:44:
90:67:69:45:13:fe:13:6a:ed:15:5f:69:af:96:61:
b2:45:87:3b:b3:70:62:c3:81:7a:52:9a:3c:e6:aa:
44:b8:0b:bc:39:bd:7f:68:02:cd:46:55:e8:fa:00:
6e:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:BB:92:E1:10:9B:27:8F:4F:BB:95:B0:6F:FD:57:A9:27:AB:AD:82
X509v3 Authority Key Identifier:
keyid:CB:57:99:D8:D0:5F:4A:02:00:11:DC:A8:03:17:62:BE:A0:12:25:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y1eZ2NBfSgIAEdyoAxdivqASJV0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/CruS4RCbJ49Pu5Wwb_1XqSerrYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/y1eZ2NBfSgIAEdyoAxdivqASJV0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.210.19.0/24
45.86.176.0/22
86.58.208.0/21
93.90.64.0/22
157.97.112.0/21
185.54.180.0/22
193.148.20.0/22
IPv6:
2a02:4660::/32
Signature Algorithm: sha256WithRSAEncryption
08:ea:87:d7:2d:f0:20:d2:05:54:1d:5b:f9:e5:b0:e9:1c:21:
a4:d1:8a:b8:54:fe:c7:ca:42:94:fc:eb:82:37:87:45:d7:7f:
ed:cb:e5:b6:5c:c4:8c:3d:73:0f:3e:1c:75:b2:a1:de:2a:97:
d9:0c:53:5d:a8:d9:cb:ba:ea:8a:03:29:35:6c:80:7a:5d:d0:
99:a4:23:63:2a:31:f0:9b:04:7c:a4:b6:09:f4:2d:8b:19:09:
7b:8f:73:eb:d2:c3:e2:64:6e:0b:c9:4e:ea:5e:b4:2b:66:18:
2f:58:0c:65:6d:01:ce:c6:dd:61:d5:95:0a:de:40:54:a0:b2:
0c:45:2c:ce:e8:fc:50:fb:e3:80:ab:12:99:3d:38:ac:b6:e0:
d0:68:70:36:a3:01:12:7a:74:fb:77:bc:db:91:a7:f4:d6:d8:
f3:5e:b9:1a:5c:d5:a9:fa:0d:30:70:9c:08:3f:31:b9:47:89:
fb:5f:fb:5c:f1:12:36:1b:d3:55:80:47:a2:0e:53:fb:57:5a:
87:e1:14:79:c3:ae:83:2e:5f:17:df:fc:4e:f7:e9:57:92:ac:
0b:16:2f:f5:4b:ab:7e:63:a3:6b:a3:2d:3c:08:98:74:08:5e:
c0:7e:da:4b:cd:82:3a:37:ed:95:91:10:2f:8a:6a:01:4a:f1:
11:f8:ff:ed
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZcLiKnFC4g2CADOmVRGGrYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNTc5OWQ4ZDA1ZjRhMDIwMDExZGNhODAzMTc2MmJlYTAx
MjI1NWQwHhcNMjUwNTI2MDczOTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJiOTJlMTEwOWIyNzhmNGZiYjk1YjA2ZmZkNTdhOTI3YWJhZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrVeNyFXuKaLF4nI/UQdsA5ReWwO
GOvoO9Kp5QVYlqMqpeUWQJpjP3+/RkKJI2+oyLkqZkFZjtLMaBWReh/ywo2w0GUR
lyGmi+evifKI/srhs0Uwa3b+TbkhOdvKjG4yvmTNoJXbbhKxa++Wfo5ZERYcVeWV
ZUquMbZpkdcxvf2eTGXMYxIysoKy1NjQGwVZWR8yMFr5boye/eLIDRhIB4pjUwTe
ky6tTb6kH+VcpbQ32kN/i0j/I+2OvoEYTp7OlgtZCB0GSpl6AiIxaVShNUSQZ2lF
E/4Tau0VX2mvlmGyRYc7s3Biw4F6Upo85qpEuAu8Ob1/aALNRlXo+gBuQwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAq7kuEQmyePT7uVsG/9V6knq62CMB8GA1UdIwQY
MBaAFMtXmdjQX0oCABHcqAMXYr6gEiVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTFlWjJOQmZTZ0lBRWR5b0F4ZGl2cUFTSlYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9jNzgwMjAtZmEzMi00OTg4LTllMTQt
NWM2MDJmZGU5NjNiLzEvQ3J1UzRSQ2JKNDlQdTVXd2JfMVhxU2VycllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9jNzgwMjAtZmEzMi00OTg4LTllMTQtNWM2MDJmZGU5NjNi
LzEveTFlWjJOQmZTZ0lBRWR5b0F4ZGl2cUFTSlYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAH9ITAwQC
LVawAwQDVjrQAwQCXVpAAwQDnWFwAwQCuTa0AwQCwZQUMA0EAgACMAcDBQAqAkZg
MA0GCSqGSIb3DQEBCwUAA4IBAQAI6ofXLfAg0gVUHVv55bDpHCGk0Yq4VP7HykKU
/OuCN4dF13/ty+W2XMSMPXMPPhx1sqHeKpfZDFNdqNnLuuqKAyk1bIB6XdCZpCNj
KjHwmwR8pLYJ9C2LGQl7j3Pr0sPiZG4LyU7qXrQrZhgvWAxlbQHOxt1h1ZUK3kBU
oLIMRSzO6PxQ++OAqxKZPTistuDQaHA2owESenT7d7zbkaf01tjzXrkaXNWp+g0w
cJwIPzG5R4n7X/tc8RI2G9NVgEeiDlP7V1qH4RR5w66DLl8X3/xO9+lXkqwLFi/1
S6t+Y6Nroy08CJh0CF7AftpLzYI6N+2VkRAvimoBSvER+P/t
-----END CERTIFICATE-----
Generated at Mon Jun 9 11:46:13 2025 by rpki-client