Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/BFGJmraQBgGavzIeZHO0bfSXFRI.roa
File: BFGJmraQBgGavzIeZHO0bfSXFRI.roa (raw, json)
Hash identifier: e3IZCe3SbuLp2264XxRVhIYJHbqFuU1UA3gCIN6FJhs=
Subject key identifier: 04:51:89:9A:B6:90:06:01:9A:BF:32:1E:64:73:B4:6D:F4:97:15:12
Certificate issuer: /CN=6ab7b9cee004300eafe09bf12fcb6da1dd30a4d7
Certificate serial: 01962C061B409DADE2D8DB8015C92F2820D7
Authority key identifier: 6A:B7:B9:CE:E0:04:30:0E:AF:E0:9B:F1:2F:CB:6D:A1:DD:30:A4:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/are5zuAEMA6v4JvxL8ttod0wpNc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/BFGJmraQBgGavzIeZHO0bfSXFRI.roa
Signing time: Sat 12 Apr 2025 22:01:59 +0000
ROA not before: Sat 12 Apr 2025 22:01:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203489
IP address blocks: 31.24.136.0/21 maxlen: 21
69.172.96.0/20 maxlen: 20
69.172.112.0/20 maxlen: 20
82.145.160.0/19 maxlen: 19
178.20.72.0/21 maxlen: 21
185.3.36.0/22 maxlen: 22
213.137.32.0/19 maxlen: 21
2a00:fa80::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/are5zuAEMA6v4JvxL8ttod0wpNc.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/are5zuAEMA6v4JvxL8ttod0wpNc.mft
rsync://rpki.ripe.net/repository/DEFAULT/are5zuAEMA6v4JvxL8ttod0wpNc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 15 Apr 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:2c:06:1b:40:9d:ad:e2:d8:db:80:15:c9:2f:28:20:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ab7b9cee004300eafe09bf12fcb6da1dd30a4d7
Validity
Not Before: Apr 12 22:01:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0451899ab69006019abf321e6473b46df4971512
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ce:c0:96:fe:0c:b7:8a:45:41:80:3f:80:b7:
70:14:a3:b2:c5:9b:bd:e2:6d:11:fd:9d:9e:93:08:
c5:8a:04:24:98:57:10:ea:f7:af:9a:ee:42:a2:c6:
b8:88:85:58:88:8c:8a:d5:70:50:32:f1:51:d6:e8:
9c:3d:d3:99:ae:ea:18:c5:e9:d0:25:18:a8:de:5f:
26:15:97:37:21:30:2a:fd:c3:59:fe:cd:f0:98:72:
d8:8c:cd:2b:3b:b5:d4:07:a1:3a:fd:39:e6:66:c2:
5b:d5:7f:c3:9c:28:f9:6e:14:f1:60:0d:fa:a6:1c:
f3:73:eb:80:ba:b5:a3:c1:6b:bb:ad:2a:8d:c8:3a:
5c:0a:52:a8:a5:14:10:cf:d1:d2:4b:64:10:8d:9f:
3c:d4:b5:40:0a:f0:88:30:97:f0:59:e8:94:b7:91:
3b:20:78:db:51:24:1a:a1:60:a0:87:83:a9:84:4c:
fa:09:5b:db:b4:44:d5:d0:52:49:41:0a:ec:b2:9e:
4a:b6:44:5b:80:bc:46:e8:2a:91:83:3a:17:70:00:
dc:07:ad:1d:1e:ea:f7:59:c9:75:99:29:9c:0b:0e:
b3:de:09:fd:d0:47:1a:e2:cf:45:8f:f6:05:ce:85:
56:c9:c3:4f:1d:f6:18:c4:fc:28:10:bc:61:c3:dd:
87:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:51:89:9A:B6:90:06:01:9A:BF:32:1E:64:73:B4:6D:F4:97:15:12
X509v3 Authority Key Identifier:
keyid:6A:B7:B9:CE:E0:04:30:0E:AF:E0:9B:F1:2F:CB:6D:A1:DD:30:A4:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/are5zuAEMA6v4JvxL8ttod0wpNc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/BFGJmraQBgGavzIeZHO0bfSXFRI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7d11e2-5274-447e-9fe6-88aa6fd0aa8e/1/are5zuAEMA6v4JvxL8ttod0wpNc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.136.0/21
69.172.96.0/19
82.145.160.0/19
178.20.72.0/21
185.3.36.0/22
213.137.32.0/19
IPv6:
2a00:fa80::/29
Signature Algorithm: sha256WithRSAEncryption
ac:f3:c6:c3:17:cb:b3:1d:37:fe:9d:90:6a:49:1b:ac:44:bc:
8e:38:64:34:6e:16:3c:91:00:81:88:59:7a:50:87:05:60:8d:
26:3d:4e:ff:ec:06:ef:a1:d1:2f:4e:19:72:0a:ba:b9:a8:ac:
ae:49:da:ca:66:1a:ea:81:85:75:98:f8:af:89:55:cc:8f:fa:
c6:29:28:4f:8e:ab:18:3a:b9:71:62:3f:e6:23:ea:5a:5d:e8:
9e:9a:1b:29:2e:ac:4e:0c:48:f2:09:ec:a7:2a:c5:70:de:a2:
80:f2:fd:1b:27:8c:be:b5:25:0d:c7:0c:c8:be:94:3e:b0:9e:
c3:9c:31:5f:ba:16:8b:b3:4f:78:5d:8c:49:66:f9:8d:9e:ef:
f4:b4:e2:9b:48:ef:bf:0d:dd:f4:a8:22:71:a2:d1:65:6a:7d:
3e:30:13:83:54:c2:7c:15:f1:34:8f:1b:bc:46:ee:a4:6f:7a:
35:19:60:5f:0c:99:c4:a3:e5:66:f9:6a:9d:22:27:fd:a4:07:
89:68:11:ec:d5:d9:76:c4:17:6c:ee:1a:0c:e2:65:de:ad:1a:
98:c9:d0:7d:5d:17:e6:ea:b1:10:e2:32:28:63:31:07:70:3f:
0a:ff:f4:97:f7:51:5f:a5:9c:9e:5c:9c:b4:fe:98:be:40:48:
bd:44:24:c4
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZYsBhtAna3i2NuAFckvKCDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYjdiOWNlZTAwNDMwMGVhZmUwOWJmMTJmY2I2ZGExZGQz
MGE0ZDcwHhcNMjUwNDEyMjIwMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDUxODk5YWI2OTAwNjAxOWFiZjMyMWU2NDczYjQ2ZGY0OTcxNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAys7Alv4Mt4pFQYA/gLdwFKOyxZu9
4m0R/Z2ekwjFigQkmFcQ6vevmu5Cosa4iIVYiIyK1XBQMvFR1uicPdOZruoYxenQ
JRio3l8mFZc3ITAq/cNZ/s3wmHLYjM0rO7XUB6E6/TnmZsJb1X/DnCj5bhTxYA36
phzzc+uAurWjwWu7rSqNyDpcClKopRQQz9HSS2QQjZ881LVACvCIMJfwWeiUt5E7
IHjbUSQaoWCgh4OphEz6CVvbtETV0FJJQQrssp5KtkRbgLxG6CqRgzoXcADcB60d
Hur3Wcl1mSmcCw6z3gn90Eca4s9Fj/YFzoVWycNPHfYYxPwoELxhw92HMQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFARRiZq2kAYBmr8yHmRztG30lxUSMB8GA1UdIwQY
MBaAFGq3uc7gBDAOr+Cb8S/LbaHdMKTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXJlNXp1QUVNQTZ2NEp2eEw4dHRvZDB3cE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83ZDExZTItNTI3NC00NDdlLTlmZTYt
ODhhYTZmZDBhYThlLzEvQkZHSm1yYVFCZ0dhdnpJZVpITzBiZlNYRlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83ZDExZTItNTI3NC00NDdlLTlmZTYtODhhYTZmZDBhYThl
LzEvYXJlNXp1QUVNQTZ2NEp2eEw4dHRvZDB3cE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDHxiIAwQF
RaxgAwQFUpGgAwQDshRIAwQCuQMkAwQF1YkgMA0EAgACMAcDBQMqAPqAMA0GCSqG
SIb3DQEBCwUAA4IBAQCs88bDF8uzHTf+nZBqSRusRLyOOGQ0bhY8kQCBiFl6UIcF
YI0mPU7/7AbvodEvThlyCrq5qKyuSdrKZhrqgYV1mPiviVXMj/rGKShPjqsYOrlx
Yj/mI+paXeiemhspLqxODEjyCeynKsVw3qKA8v0bJ4y+tSUNxwzIvpQ+sJ7DnDFf
uhaLs094XYxJZvmNnu/0tOKbSO+/Dd30qCJxotFlan0+MBODVMJ8FfE0jxu8Ru6k
b3o1GWBfDJnEo+Vm+WqdIif9pAeJaBHs1dl2xBds7hoM4mXerRqYydB9XRfm6rEQ
4jIoYzEHcD8K//SX91FfpZyeXJy0/pi+QEi9RCTE
-----END CERTIFICATE-----
Generated at Tue Apr 15 09:50:11 2025 by rpki-client