Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/pbctY64a9gnXSvxUzSA-3U1AkIs.roa
File: pbctY64a9gnXSvxUzSA-3U1AkIs.roa (raw, json)
Hash identifier: WGFe5sR9orerXEZx51HMbLLWYLrkuEnn5GlCxO/9rWo=
Subject key identifier: A5:B7:2D:63:AE:1A:F6:09:D7:4A:FC:54:CD:20:3E:DD:4D:40:90:8B
Certificate issuer: /CN=123c3de61011de07101e14dc0727395171cb03ab
Certificate serial: 0196E2C20E2244D936C6487216BDFBA56AE0
Authority key identifier: 12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/pbctY64a9gnXSvxUzSA-3U1AkIs.roa
Signing time: Sun 18 May 2025 09:38:10 +0000
ROA not before: Sun 18 May 2025 09:38:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211235
IP address blocks: 185.122.252.0/24 maxlen: 24
185.122.253.0/24 maxlen: 24
185.122.254.0/24 maxlen: 24
185.122.255.0/24 maxlen: 24
185.133.224.0/24 maxlen: 24
185.133.225.0/24 maxlen: 24
185.133.226.0/24 maxlen: 24
185.133.227.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 17:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:e2:c2:0e:22:44:d9:36:c6:48:72:16:bd:fb:a5:6a:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=123c3de61011de07101e14dc0727395171cb03ab
Validity
Not Before: May 18 09:38:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5b72d63ae1af609d74afc54cd203edd4d40908b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:8e:46:9f:52:64:ca:b5:74:13:9a:67:4b:88:
72:73:09:c6:61:e7:50:c9:d0:e0:52:7f:e8:0b:76:
a9:02:dd:df:fd:91:3d:3c:59:17:b9:a3:e5:7d:7d:
82:43:f3:4d:52:1e:8c:80:58:45:f9:9d:4a:8a:7f:
bb:59:0a:ed:f5:2b:75:db:53:c2:b9:1b:33:17:fe:
c5:64:8e:7a:ed:79:d7:50:13:b1:cf:3c:5c:fe:34:
ba:a2:db:72:a8:17:33:33:6a:c9:76:53:e0:9b:7c:
89:f1:4c:13:d3:97:0a:73:c4:d1:4d:d2:0e:ad:3c:
0e:69:34:35:46:89:b8:3f:b3:3d:4f:46:d4:31:42:
ff:ee:72:aa:59:8f:05:ba:27:25:22:01:cd:14:b2:
c8:bb:7e:f1:49:fd:d8:84:49:2d:f8:64:de:06:03:
42:77:fb:e8:09:37:2c:8d:2e:49:e9:71:05:e6:2a:
e2:a5:bd:1a:51:27:8b:d5:7c:29:85:ac:f4:42:f6:
2e:c1:8d:f5:da:75:c1:41:2c:d8:1e:ca:ae:28:5c:
28:6d:af:65:05:38:38:58:80:4a:a5:7a:08:3c:75:
7c:57:31:89:6c:3b:8b:2a:76:91:76:08:ef:ab:f7:
22:a1:66:b6:3a:3e:10:57:61:b3:b8:1f:70:ad:6c:
5e:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:B7:2D:63:AE:1A:F6:09:D7:4A:FC:54:CD:20:3E:DD:4D:40:90:8B
X509v3 Authority Key Identifier:
keyid:12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/pbctY64a9gnXSvxUzSA-3U1AkIs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.122.252.0/22
185.133.224.0/22
Signature Algorithm: sha256WithRSAEncryption
b6:72:d7:29:89:b5:e8:6d:2f:3f:62:f9:d7:de:df:6a:04:0d:
51:9c:29:dd:f7:14:8e:89:8e:2a:cc:ab:d2:b3:3c:9d:c3:02:
cd:49:77:be:a3:aa:68:90:98:d1:7e:cb:f1:f5:7d:7d:0b:c4:
11:3a:62:c8:42:a2:a4:e6:07:61:44:b1:b2:27:7b:03:02:f7:
19:25:e0:3b:e0:72:c8:e8:56:8e:5d:92:4a:41:67:87:86:73:
7d:28:93:c6:ff:4f:5e:60:8b:ca:b1:9f:0f:5f:8c:e2:a4:bc:
08:28:e6:9c:28:ce:d4:e4:7a:5a:02:66:d9:44:78:d9:fa:ca:
72:e2:ad:6a:78:63:3e:16:48:8a:32:d0:bb:60:57:ac:b1:75:
e0:72:cb:29:ed:5d:2c:5a:f6:44:3e:57:59:86:42:10:86:de:
58:33:1e:9d:e5:a1:f3:51:ae:30:8f:27:07:22:da:55:52:2f:
75:e0:1e:18:5f:dd:17:99:87:7d:57:d4:23:20:b0:1f:91:1a:
a3:47:98:84:59:de:6e:69:54:cf:d5:71:6a:dc:3d:1d:73:c8:
a8:52:3a:9d:7c:d2:79:30:09:51:c8:4b:c9:78:2d:a6:c6:02:
80:a6:13:28:87:e8:08:d9:41:96:3c:42:58:b7:4b:ff:d0:94:
84:34:da:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbiwg4iRNk2xkhyFr37pWrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2MzZGU2MTAxMWRlMDcxMDFlMTRkYzA3MjczOTUxNzFj
YjAzYWIwHhcNMjUwNTE4MDkzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI3MmQ2M2FlMWFmNjA5ZDc0YWZjNTRjZDIwM2VkZDRkNDA5MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo5Gn1JkyrV0E5pnS4hycwnGYedQ
ydDgUn/oC3apAt3f/ZE9PFkXuaPlfX2CQ/NNUh6MgFhF+Z1Kin+7WQrt9St121PC
uRszF/7FZI567XnXUBOxzzxc/jS6ottyqBczM2rJdlPgm3yJ8UwT05cKc8TRTdIO
rTwOaTQ1Rom4P7M9T0bUMUL/7nKqWY8FuiclIgHNFLLIu37xSf3YhEkt+GTeBgNC
d/voCTcsjS5J6XEF5iripb0aUSeL1Xwphaz0QvYuwY312nXBQSzYHsquKFwoba9l
BTg4WIBKpXoIPHV8VzGJbDuLKnaRdgjvq/cioWa2Oj4QV2GzuB9wrWxe8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKW3LWOuGvYJ10r8VM0gPt1NQJCLMB8GA1UdIwQY
MBaAFBI8PeYQEd4HEB4U3AcnOVFxywOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUt
YjUwNGM5YWU5YmJjLzEvcGJjdFk2NGE5Z25YU3Z4VXpTQS0zVTFBa0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUtYjUwNGM5YWU5YmJj
LzEvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXr8AwQC
uYXgMA0GCSqGSIb3DQEBCwUAA4IBAQC2ctcpibXobS8/YvnX3t9qBA1RnCnd9xSO
iY4qzKvSszydwwLNSXe+o6pokJjRfsvx9X19C8QROmLIQqKk5gdhRLGyJ3sDAvcZ
JeA74HLI6FaOXZJKQWeHhnN9KJPG/09eYIvKsZ8PX4zipLwIKOacKM7U5HpaAmbZ
RHjZ+spy4q1qeGM+FkiKMtC7YFessXXgcssp7V0sWvZEPldZhkIQht5YMx6d5aHz
Ua4wjycHItpVUi914B4YX90XmYd9V9QjILAfkRqjR5iEWd5uaVTP1XFq3D0dc8io
UjqdfNJ5MAlRyEvJeC2mxgKAphMoh+gI2UGWPEJYt0v/0JSENNpT
-----END CERTIFICATE-----
Generated at Sat Jun 7 23:14:24 2025 by rpki-client