Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/X0zgOdGzFbnbluRhuXpZjJlGcaE.roa
File: X0zgOdGzFbnbluRhuXpZjJlGcaE.roa (raw, json)
Hash identifier: OadwEgcvezDEMKG2XzDYD2AjQVOO23z1M1gu9Hpi6DI=
Subject key identifier: 5F:4C:E0:39:D1:B3:15:B9:DB:96:E4:61:B9:7A:59:8C:99:46:71:A1
Certificate issuer: /CN=68a8e93d3f590f4450d1db3c2074598244353e93
Certificate serial: 019513F38AFC08EC6EED3AC3AD78F5723B5C
Authority key identifier: 68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/X0zgOdGzFbnbluRhuXpZjJlGcaE.roa
Signing time: Mon 17 Feb 2025 12:48:02 +0000
ROA not before: Mon 17 Feb 2025 12:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21221
IP address blocks: 2.56.226.0/23 maxlen: 24
46.182.176.0/21 maxlen: 24
178.255.192.0/21 maxlen: 24
185.70.208.0/22 maxlen: 24
185.214.148.0/22 maxlen: 24
217.18.64.0/20 maxlen: 24
2a00:19c0::/32 maxlen: 48
2a04:e1c0::/29 maxlen: 48
2a09:d240::/32 maxlen: 48
2a0b:9cc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.mft
rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 00:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:13:f3:8a:fc:08:ec:6e:ed:3a:c3:ad:78:f5:72:3b:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68a8e93d3f590f4450d1db3c2074598244353e93
Validity
Not Before: Feb 17 12:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f4ce039d1b315b9db96e461b97a598c994671a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:8d:c8:75:63:bc:59:00:9d:3d:f0:ec:a5:17:
18:c6:4c:ef:55:ae:69:8e:a1:00:f3:18:fa:43:d9:
5b:e7:0a:16:13:1a:24:a2:19:a9:1b:56:72:b3:06:
01:cf:b0:7d:f7:3b:fb:52:b9:5f:1b:e6:6a:4b:4e:
74:55:c7:66:0e:14:01:ca:13:d1:85:72:93:5f:49:
dc:ef:72:52:04:14:95:51:ab:32:21:88:c0:87:79:
d5:70:2b:40:92:a9:38:6b:d8:67:a4:13:ac:df:ec:
47:fc:71:2a:01:42:cd:27:fb:78:7a:e1:85:5f:0c:
eb:70:ba:0a:05:c2:ea:8d:f9:9a:ce:39:66:1a:5b:
87:8a:ac:3f:40:c0:a3:79:8d:99:42:61:8d:eb:d6:
15:d5:e4:7f:0b:4f:03:0f:4d:17:ea:a4:36:ad:0f:
44:d3:ff:0e:4f:ae:44:90:14:c6:e3:1b:06:3b:12:
cb:14:ed:e1:bf:68:38:60:ad:5f:49:6a:f5:64:4e:
e6:1a:bb:10:eb:aa:f5:a8:72:e4:8a:cc:39:8d:36:
97:10:af:a0:b5:a9:1a:f7:2c:ba:93:ae:f8:96:c8:
0c:61:11:07:05:0b:2a:f3:14:35:df:1a:66:a0:3a:
75:3c:2b:e9:e9:f5:b8:b2:dc:16:e1:88:45:4f:bb:
b5:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:4C:E0:39:D1:B3:15:B9:DB:96:E4:61:B9:7A:59:8C:99:46:71:A1
X509v3 Authority Key Identifier:
keyid:68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/X0zgOdGzFbnbluRhuXpZjJlGcaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.226.0/23
46.182.176.0/21
178.255.192.0/21
185.70.208.0/22
185.214.148.0/22
217.18.64.0/20
IPv6:
2a00:19c0::/32
2a04:e1c0::/29
2a09:d240::/32
2a0b:9cc0::/29
Signature Algorithm: sha256WithRSAEncryption
00:7a:1c:70:d2:1f:24:79:65:cc:ba:d4:33:ed:74:78:bc:40:
f7:c8:01:4b:88:25:59:d7:76:2a:37:ae:05:45:85:27:68:c2:
57:49:b7:62:64:76:2c:4f:38:62:23:68:fb:2a:c4:8d:89:7f:
fb:05:0b:70:6f:84:2b:88:c4:c2:20:22:ab:ee:36:1e:44:c8:
18:e0:17:4b:f9:48:b5:18:2e:c0:95:93:c6:24:a9:b2:7f:cb:
16:fc:2a:e1:67:a1:2a:dc:9c:75:7c:84:e6:b6:d8:aa:78:56:
20:2e:b5:af:75:6a:b8:80:39:9e:5a:f6:4f:23:98:50:27:da:
f9:4a:30:49:93:ff:80:0b:cc:de:64:88:4b:1f:90:13:cd:cf:
1c:8f:4c:64:fc:a6:71:5b:fe:22:7d:49:ff:d3:db:7c:41:c3:
e6:fc:b8:38:8f:3c:73:4b:7a:a0:53:8f:0f:b9:7b:24:d8:08:
2d:dc:f6:f6:22:8b:37:56:d8:04:d3:ae:5a:be:e3:2b:ed:af:
d9:c3:5b:ba:06:61:9d:cb:f8:40:0f:f5:37:a4:c1:3b:0f:a1:
48:76:b8:48:ca:7f:37:72:31:35:e8:bc:d8:05:66:27:63:b6:
de:1a:6e:a0:97:e8:2b:93:26:a1:cf:0d:de:8a:59:ad:7a:14:
64:d2:90:0c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZUT84r8COxu7TrDrXj1cjtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YThlOTNkM2Y1OTBmNDQ1MGQxZGIzYzIwNzQ1OTgyNDQz
NTNlOTMwHhcNMjUwMjE3MTI0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRjZTAzOWQxYjMxNWI5ZGI5NmU0NjFiOTdhNTk4Yzk5NDY3MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY3IdWO8WQCdPfDspRcYxkzvVa5p
jqEA8xj6Q9lb5woWExokohmpG1ZyswYBz7B99zv7UrlfG+ZqS050VcdmDhQByhPR
hXKTX0nc73JSBBSVUasyIYjAh3nVcCtAkqk4a9hnpBOs3+xH/HEqAULNJ/t4euGF
XwzrcLoKBcLqjfmazjlmGluHiqw/QMCjeY2ZQmGN69YV1eR/C08DD00X6qQ2rQ9E
0/8OT65EkBTG4xsGOxLLFO3hv2g4YK1fSWr1ZE7mGrsQ66r1qHLkisw5jTaXEK+g
taka9yy6k674lsgMYREHBQsq8xQ13xpmoDp1PCvp6fW4stwW4YhFT7u1jQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF9M4DnRsxW525bkYbl6WYyZRnGhMB8GA1UdIwQY
MBaAFGio6T0/WQ9EUNHbPCB0WYJENT6TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMt
MjVkZDRjYmIzNjk4LzEvWDB6Z09kR3pGYm5ibHVSaHVYcFpqSmxHY2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMtMjVkZDRjYmIzNjk4
LzEvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAqBAIAATAkAwQBAjjiAwQD
LrawAwQDsv/AAwQCuUbQAwQCudaUAwQE2RJAMCIEAgACMBwDBQAqABnAAwUDKgTh
wAMFACoJ0kADBQMqC5zAMA0GCSqGSIb3DQEBCwUAA4IBAQAAehxw0h8keWXMutQz
7XR4vED3yAFLiCVZ13YqN64FRYUnaMJXSbdiZHYsTzhiI2j7KsSNiX/7BQtwb4Qr
iMTCICKr7jYeRMgY4BdL+Ui1GC7AlZPGJKmyf8sW/CrhZ6Eq3Jx1fITmttiqeFYg
LrWvdWq4gDmeWvZPI5hQJ9r5SjBJk/+AC8zeZIhLH5ATzc8cj0xk/KZxW/4ifUn/
09t8QcPm/Lg4jzxzS3qgU48PuXsk2Agt3Pb2Ios3VtgE065avuMr7a/Zw1u6BmGd
y/hAD/U3pME7D6FIdrhIyn83cjE16LzYBWYnY7beGm6gl+grkyahzw3eilmtehRk
0pAM
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:01:08 2025 by rpki-client