Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WBOYQCAoKRyLsa6JAYAHwgmZIqI.roa
File: WBOYQCAoKRyLsa6JAYAHwgmZIqI.roa (raw, json)
Hash identifier: lyZfLnKwP7kxcM63676+jKHGePevi3n5oMgldGNu5qA=
Subject key identifier: 58:13:98:40:20:28:29:1C:8B:B1:AE:89:01:80:07:C2:09:99:22:A2
Certificate issuer: /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial: 01953CCD9C6F232D8A6F577C49CF3539C96C
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WBOYQCAoKRyLsa6JAYAHwgmZIqI.roa
Signing time: Tue 25 Feb 2025 11:11:02 +0000
ROA not before: Tue 25 Feb 2025 11:11:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209420
IP address blocks: 31.207.68.0/24 maxlen: 24
31.207.69.0/24 maxlen: 24
31.207.72.0/24 maxlen: 24
152.89.133.0/24 maxlen: 24
192.145.16.0/23 maxlen: 23
192.145.16.0/24 maxlen: 24
192.145.17.0/24 maxlen: 24
192.145.18.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 11:01:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:3c:cd:9c:6f:23:2d:8a:6f:57:7c:49:cf:35:39:c9:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Validity
Not Before: Feb 25 11:11:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=581398402028291c8bb1ae89018007c2099922a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:89:b1:ea:29:92:0e:75:63:bf:dd:fb:33:f3:
c7:18:8b:bb:3b:b2:d1:3b:c8:73:8b:76:ec:91:97:
92:c7:5f:5d:e6:09:cc:b6:3c:bc:d6:8e:85:64:77:
80:aa:cb:4d:9c:d3:a3:4d:84:5f:0a:32:f1:43:f2:
5c:32:de:c1:ad:60:5e:0d:86:ed:63:6c:13:c7:40:
51:03:a0:82:fb:d7:a5:af:d2:b7:fb:d9:1a:25:61:
5e:f0:08:83:34:02:16:13:cb:ff:dd:cd:e8:d2:89:
ca:4a:ea:33:13:ab:f0:be:d3:bf:68:6d:32:94:af:
6e:05:58:ce:92:ff:54:4f:ab:ed:4e:88:1a:ef:d1:
6d:57:9f:1c:dc:ad:93:5b:45:f8:dd:0b:73:32:9d:
74:31:cd:19:f3:c0:1f:fa:b8:65:d9:5c:40:30:03:
96:f7:35:86:57:b3:00:5b:ce:8c:5a:d3:14:eb:4e:
5a:6b:53:91:d2:5d:75:44:cf:ca:04:30:81:d3:31:
28:d1:0e:9f:ac:f6:6a:9a:bf:bf:92:8e:4c:1e:5a:
fa:8e:5c:58:51:88:aa:c8:e8:65:ce:ca:93:7d:0e:
7b:16:32:a7:56:92:82:ce:a2:4e:ee:cd:82:d9:c4:
b7:73:3d:e7:c0:d0:5a:c0:fd:b6:ac:cc:ec:5a:6c:
94:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:13:98:40:20:28:29:1C:8B:B1:AE:89:01:80:07:C2:09:99:22:A2
X509v3 Authority Key Identifier:
keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WBOYQCAoKRyLsa6JAYAHwgmZIqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.207.68.0/23
31.207.72.0/24
152.89.133.0/24
192.145.16.0-192.145.18.255
Signature Algorithm: sha256WithRSAEncryption
3e:3b:3f:72:1c:bf:7d:36:3b:79:ad:c0:fe:ba:28:cc:24:16:
d4:b3:92:22:87:6c:6e:2e:99:b5:2a:e8:3b:94:73:79:53:37:
6d:50:b0:71:fd:e5:c4:36:2b:c2:0f:58:45:4e:86:da:73:58:
ad:69:0c:70:d8:cc:09:31:27:6a:2f:91:8c:25:65:f7:c1:23:
cc:c5:84:2c:0e:4c:95:23:25:14:b2:c8:65:b2:72:95:6f:72:
72:b4:b8:86:59:8c:6a:0d:50:95:a7:22:08:62:ed:5c:8c:77:
07:10:3e:f9:d0:21:27:3a:0c:fd:62:17:b9:60:d4:ab:57:4d:
7a:4a:e9:5a:fb:28:60:ec:42:90:25:ba:5e:9c:9b:5e:87:93:
b3:b6:b0:24:eb:11:84:26:07:61:85:0a:68:cf:13:d6:d1:5f:
5e:70:35:ac:7b:91:4e:fc:13:ca:1e:e1:3d:5a:b0:2c:8f:bb:
fb:47:fa:27:ed:0a:96:f7:6d:50:27:19:4a:93:05:9a:a5:cd:
7a:4b:97:9c:9d:b4:85:81:f7:6f:43:70:6d:aa:39:a1:68:a9:
0b:a4:ec:f5:f9:0a:f2:cb:4c:61:39:dc:b2:6d:d3:45:06:3a:
76:bd:33:28:ec:ed:69:be:2f:a5:49:4b:38:60:b8:2d:7f:0e:
4c:23:42:f9
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZU8zZxvIy2Kb1d8Sc81OclsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMjI1MTExMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODEzOTg0MDIwMjgyOTFjOGJiMWFlODkwMTgwMDdjMjA5OTkyMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApomx6imSDnVjv937M/PHGIu7O7LR
O8hzi3bskZeSx19d5gnMtjy81o6FZHeAqstNnNOjTYRfCjLxQ/JcMt7BrWBeDYbt
Y2wTx0BRA6CC+9elr9K3+9kaJWFe8AiDNAIWE8v/3c3o0onKSuozE6vwvtO/aG0y
lK9uBVjOkv9UT6vtToga79FtV58c3K2TW0X43QtzMp10Mc0Z88Af+rhl2VxAMAOW
9zWGV7MAW86MWtMU605aa1OR0l11RM/KBDCB0zEo0Q6frPZqmr+/ko5MHlr6jlxY
UYiqyOhlzsqTfQ57FjKnVpKCzqJO7s2C2cS3cz3nwNBawP22rMzsWmyUgwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFFgTmEAgKCkci7GuiQGAB8IJmSKiMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvV0JPWVFDQW9LUnlMc2E2SkFZQUh3Z21aSXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBH89EAwQA
H89IAwQAmFmFMAwDBATAkRADBADAkRIwDQYJKoZIhvcNAQELBQADggEBAD47P3Ic
v302O3mtwP66KMwkFtSzkiKHbG4umbUq6DuUc3lTN21QsHH95cQ2K8IPWEVOhtpz
WK1pDHDYzAkxJ2ovkYwlZffBI8zFhCwOTJUjJRSyyGWycpVvcnK0uIZZjGoNUJWn
Ighi7VyMdwcQPvnQISc6DP1iF7lg1KtXTXpK6Vr7KGDsQpAlul6cm16Hk7O2sCTr
EYQmB2GFCmjPE9bRX15wNax7kU78E8oe4T1asCyPu/tH+iftCpb3bVAnGUqTBZql
zXpLl5ydtIWB929DcG2qOaFoqQuk7PX5CvLLTGE53LJt00UGOna9Myjs7Wm+L6VJ
SzhguC1/DkwjQvk=
-----END CERTIFICATE-----
Generated at Tue Apr 8 21:19:39 2025 by rpki-client