Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/2zv-bqUF4ie6dLoJOvbHg-Khzrk.roa
File: 2zv-bqUF4ie6dLoJOvbHg-Khzrk.roa (raw, json)
Hash identifier: SuQwzPeSaf/HqGV5aFne0AqsUIDLEGL4BEqdCUksZzA=
Subject key identifier: DB:3B:FE:6E:A5:05:E2:27:BA:74:BA:09:3A:F6:C7:83:E2:A1:CE:B9
Certificate issuer: /CN=7a350d024af01f8eaf125717caa03aafad184e1d
Certificate serial: 019421B1A2724CB466DEED7ED57525DFA465
Authority key identifier: 7A:35:0D:02:4A:F0:1F:8E:AF:12:57:17:CA:A0:3A:AF:AD:18:4E:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ejUNAkrwH46vElcXyqA6r60YTh0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/2zv-bqUF4ie6dLoJOvbHg-Khzrk.roa
Signing time: Wed 01 Jan 2025 11:47:57 +0000
ROA not before: Wed 01 Jan 2025 11:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49265
IP address blocks: 94.230.76.0/22 maxlen: 22
94.230.76.0/24 maxlen: 24
94.230.77.0/24 maxlen: 24
94.230.78.0/24 maxlen: 24
94.230.79.0/24 maxlen: 24
109.104.240.0/22 maxlen: 22
109.104.240.0/24 maxlen: 24
109.104.241.0/24 maxlen: 24
109.104.242.0/24 maxlen: 24
109.104.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/ejUNAkrwH46vElcXyqA6r60YTh0.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/ejUNAkrwH46vElcXyqA6r60YTh0.mft
rsync://rpki.ripe.net/repository/DEFAULT/ejUNAkrwH46vElcXyqA6r60YTh0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 02:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:a2:72:4c:b4:66:de:ed:7e:d5:75:25:df:a4:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7a350d024af01f8eaf125717caa03aafad184e1d
Validity
Not Before: Jan 1 11:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db3bfe6ea505e227ba74ba093af6c783e2a1ceb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9f:72:20:f3:1b:d1:a4:31:87:67:b1:83:b1:
cc:c0:4f:e7:22:36:6a:71:45:1e:78:13:29:a6:f2:
7c:75:29:2d:77:29:fd:e3:a3:d9:2a:de:25:dc:f1:
91:32:d3:3b:62:2b:c9:89:fe:d8:f0:71:52:d2:39:
c8:d3:37:72:6e:5e:fa:33:b0:6e:57:7c:45:a5:9b:
d3:90:9f:3c:2f:95:10:fa:ac:0c:0d:22:65:2f:94:
54:5c:8c:16:c6:5e:a3:ce:4a:45:b9:2a:7d:40:c0:
09:a8:44:cd:fc:41:d9:72:0f:70:3a:01:16:5b:42:
0e:0e:05:a1:aa:06:54:3c:b9:b6:88:2b:4a:f4:7c:
a0:a9:b8:99:86:6f:1d:eb:08:f1:fa:e6:26:d4:32:
7e:fe:83:a0:2d:37:a8:7d:4a:8c:82:9a:8e:c6:c1:
3b:a9:8b:61:e6:a4:4c:99:95:c2:6f:7b:f3:f6:97:
a7:ec:03:d8:01:ff:38:6c:b2:3f:7e:73:ac:0b:7c:
85:82:14:89:5d:b4:7f:35:46:04:61:22:60:d1:69:
72:7d:f2:c1:aa:f5:b4:1f:1a:df:f0:bc:0e:60:09:
b3:d0:9a:2d:a6:0f:e2:79:6d:c5:4d:65:47:22:4b:
56:d0:b3:27:1f:16:42:75:45:84:be:51:1a:c7:96:
b0:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:3B:FE:6E:A5:05:E2:27:BA:74:BA:09:3A:F6:C7:83:E2:A1:CE:B9
X509v3 Authority Key Identifier:
keyid:7A:35:0D:02:4A:F0:1F:8E:AF:12:57:17:CA:A0:3A:AF:AD:18:4E:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ejUNAkrwH46vElcXyqA6r60YTh0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/2zv-bqUF4ie6dLoJOvbHg-Khzrk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/ejUNAkrwH46vElcXyqA6r60YTh0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.230.76.0/22
109.104.240.0/22
Signature Algorithm: sha256WithRSAEncryption
18:07:fe:8d:9c:a4:78:0e:23:7f:58:d9:31:c9:75:b1:b9:3c:
f0:97:d5:6e:39:12:45:c0:ae:6e:c3:d0:21:ca:6b:75:ad:31:
01:e9:07:4b:75:fc:43:2a:7d:a3:07:9f:1a:0f:7f:69:15:10:
26:b1:82:31:2b:54:6b:59:72:71:dc:78:19:1b:65:c5:3f:bb:
36:6e:97:bc:28:71:fe:90:b9:f9:5c:b0:30:d0:13:62:ca:cf:
65:79:2e:15:ab:6b:1f:90:06:a2:54:78:6a:3c:0d:56:bb:be:
a3:0f:16:a1:9b:4f:44:8f:12:6a:9d:33:96:9c:63:4c:ec:fb:
24:a7:fb:8e:c4:10:82:76:87:f6:aa:be:75:67:d8:17:cf:7e:
57:27:21:ea:30:60:a0:78:86:38:9c:f5:3c:bc:d7:d0:b3:84:
a9:0c:3d:02:2b:51:66:6e:76:5f:ab:d2:64:4f:a5:38:2c:db:
0e:93:16:31:d9:62:5f:d6:3c:d7:76:de:25:df:67:da:60:e3:
5c:50:3e:01:bd:f2:b6:17:90:48:b2:8a:c6:ef:8a:ee:8e:02:
e3:2d:da:72:42:2a:07:2c:1e:f1:9e:12:2f:4d:2f:19:91:22:
ad:66:8f:62:67:54:bf:94:2e:4b:d0:1b:04:86:fe:76:15:21:
3d:12:25:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsaJyTLRm3u1+1XUl36RlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMzUwZDAyNGFmMDFmOGVhZjEyNTcxN2NhYTAzYWFmYWQx
ODRlMWQwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNiZmU2ZWE1MDVlMjI3YmE3NGJhMDkzYWY2Yzc4M2UyYTFjZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx59yIPMb0aQxh2exg7HMwE/nIjZq
cUUeeBMppvJ8dSktdyn946PZKt4l3PGRMtM7YivJif7Y8HFS0jnI0zdybl76M7Bu
V3xFpZvTkJ88L5UQ+qwMDSJlL5RUXIwWxl6jzkpFuSp9QMAJqETN/EHZcg9wOgEW
W0IODgWhqgZUPLm2iCtK9HygqbiZhm8d6wjx+uYm1DJ+/oOgLTeofUqMgpqOxsE7
qYth5qRMmZXCb3vz9pen7APYAf84bLI/fnOsC3yFghSJXbR/NUYEYSJg0WlyffLB
qvW0Hxrf8LwOYAmz0Jotpg/ieW3FTWVHIktW0LMnHxZCdUWEvlEax5awQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNs7/m6lBeInunS6CTr2x4Pioc65MB8GA1UdIwQY
MBaAFHo1DQJK8B+OrxJXF8qgOq+tGE4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWpVTkFrcndINDZ2RWxjWHlxQTZyNjBZVGgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi83OTY2YWUtOWM4OC00M2U5LWI4OTkt
ZDAwM2U1NmZlNzUzLzEvMnp2LWJxVUY0aWU2ZExvSk92YkhnLUtoenJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi83OTY2YWUtOWM4OC00M2U5LWI4OTktZDAwM2U1NmZlNzUz
LzEvZWpVTkFrcndINDZ2RWxjWHlxQTZyNjBZVGgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXuZMAwQC
bWjwMA0GCSqGSIb3DQEBCwUAA4IBAQAYB/6NnKR4DiN/WNkxyXWxuTzwl9VuORJF
wK5uw9Ahymt1rTEB6QdLdfxDKn2jB58aD39pFRAmsYIxK1RrWXJx3HgZG2XFP7s2
bpe8KHH+kLn5XLAw0BNiys9leS4Vq2sfkAaiVHhqPA1Wu76jDxahm09EjxJqnTOW
nGNM7Pskp/uOxBCCdof2qr51Z9gXz35XJyHqMGCgeIY4nPU8vNfQs4SpDD0CK1Fm
bnZfq9JkT6U4LNsOkxYx2WJf1jzXdt4l32faYONcUD4BvfK2F5BIsorG74rujgLj
LdpyQioHLB7xnhIvTS8ZkSKtZo9iZ1S/lC5L0BsEhv52FSE9EiVm
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:12:26 2025 by rpki-client