Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/Vtfd1hM6TwLVIwuBpWAC2ArBtVs.roa
File: Vtfd1hM6TwLVIwuBpWAC2ArBtVs.roa (raw, json)
Hash identifier: v9qk0RO6muLVg9IyiMy1kdFG1e9XdhyvAHBpmi1n9aE=
Subject key identifier: 56:D7:DD:D6:13:3A:4F:02:D5:23:0B:81:A5:60:02:D8:0A:C1:B5:5B
Certificate issuer: /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial: 019423D70235B324913B2AA2F81B53B32113
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/Vtfd1hM6TwLVIwuBpWAC2ArBtVs.roa
Signing time: Wed 01 Jan 2025 21:48:00 +0000
ROA not before: Wed 01 Jan 2025 21:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9121
IP address blocks: 213.238.160.0/24 maxlen: 24
213.238.161.0/24 maxlen: 24
213.238.162.0/24 maxlen: 24
213.238.163.0/24 maxlen: 24
213.238.164.0/24 maxlen: 24
213.238.165.0/24 maxlen: 24
213.238.168.0/24 maxlen: 24
213.238.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:02:35:b3:24:91:3b:2a:a2:f8:1b:53:b3:21:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Validity
Not Before: Jan 1 21:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=56d7ddd6133a4f02d5230b81a56002d80ac1b55b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:9b:02:2b:80:08:1d:99:ae:d7:f5:22:72:c1:
09:cc:84:d7:3f:99:0c:79:a4:8a:c2:22:e3:42:1c:
f1:c4:ad:a9:ea:a7:e8:98:7d:62:0d:a7:7f:dc:d1:
26:0c:8d:a5:6a:86:81:ce:7e:db:ed:8b:c9:a0:32:
a7:43:ad:f0:bd:d9:1c:1e:6d:4e:fe:99:75:ab:b6:
4d:0a:8e:50:49:6d:5f:fa:da:c5:4f:dd:86:dd:b0:
cd:31:9e:8d:92:81:f7:fc:e6:bd:c0:a7:30:09:44:
ff:ed:19:f3:15:e1:3d:52:57:c7:3d:c7:f9:e4:d8:
6a:5f:e6:1b:c5:93:7e:54:a4:ae:83:ab:37:44:1c:
0d:71:c4:19:75:77:63:34:16:1c:76:39:f5:96:7e:
24:cc:d9:e2:93:45:52:7a:e5:a8:42:d2:86:f0:28:
3e:62:89:f4:47:40:af:35:39:28:e4:52:5d:80:a3:
e9:50:02:6d:ae:e8:bc:13:f2:81:9a:a5:1d:38:58:
db:91:0d:97:fd:85:37:13:b8:b6:2c:53:a0:c9:fb:
30:d8:72:88:dd:a5:58:01:55:28:4f:ac:3e:a2:84:
5f:63:2b:48:82:1c:51:ca:1a:a6:1b:e1:ef:9c:96:
12:2f:22:20:87:50:6d:30:25:8b:6b:75:a1:38:eb:
0e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:D7:DD:D6:13:3A:4F:02:D5:23:0B:81:A5:60:02:D8:0A:C1:B5:5B
X509v3 Authority Key Identifier:
keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/Vtfd1hM6TwLVIwuBpWAC2ArBtVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.238.160.0-213.238.165.255
213.238.168.0/24
213.238.187.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:26:d2:bc:31:df:77:be:4a:7a:b2:4f:69:79:c1:3f:c1:1c:
72:56:f1:42:ab:9b:ce:9c:07:ea:ad:61:5a:5b:46:1d:b2:a2:
c9:59:94:06:97:c5:99:05:31:97:b0:5f:37:48:83:ed:24:fc:
95:29:58:3f:55:6e:81:c2:54:23:15:e4:d0:04:c7:75:0d:d9:
63:9e:9a:94:2b:80:0f:25:92:4f:b6:11:09:d3:96:91:7f:dc:
0c:b9:82:89:de:ba:25:32:6c:7e:df:ea:d7:14:7c:8d:15:0e:
33:53:ca:15:d5:7e:42:fb:b5:0a:72:9a:ef:f4:b5:27:71:83:
54:e8:ec:f8:34:47:59:2c:15:4e:2d:e4:4c:06:2d:b7:41:f7:
76:56:21:a9:47:1b:97:92:dc:ac:67:b2:81:2d:63:69:98:f0:
f8:8d:77:4c:6b:7c:36:95:f0:5d:a5:bf:c7:1f:42:19:f7:7b:
d9:04:b1:04:09:0e:40:db:bb:d5:92:ca:88:ac:cb:29:10:82:
94:a6:20:52:2e:99:a3:4f:93:8d:d9:40:04:ca:a1:2e:c4:3c:
02:fa:4a:a6:7d:39:47:5e:05:8d:55:cf:5c:24:cc:27:2c:d6:
55:df:10:83:9e:6e:fc:5a:38:c7:dc:d4:e6:ce:67:d3:50:3a:
db:c7:e1:e8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQj1wI1sySROyqi+BtTsyETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ3ZGRkNjEzM2E0ZjAyZDUyMzBiODFhNTYwMDJkODBhYzFiNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZsCK4AIHZmu1/UicsEJzITXP5kM
eaSKwiLjQhzxxK2p6qfomH1iDad/3NEmDI2laoaBzn7b7YvJoDKnQ63wvdkcHm1O
/pl1q7ZNCo5QSW1f+trFT92G3bDNMZ6NkoH3/Oa9wKcwCUT/7RnzFeE9UlfHPcf5
5NhqX+YbxZN+VKSug6s3RBwNccQZdXdjNBYcdjn1ln4kzNnik0VSeuWoQtKG8Cg+
Yon0R0CvNTko5FJdgKPpUAJtrui8E/KBmqUdOFjbkQ2X/YU3E7i2LFOgyfsw2HKI
3aVYAVUoT6w+ooRfYytIghxRyhqmG+HvnJYSLyIgh1BtMCWLa3WhOOsOhQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFbX3dYTOk8C1SMLgaVgAtgKwbVbMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvVnRmZDFoTTZUd0xWSXd1QnBXQUMyQXJCdFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAXV7qAD
BAHV7qQDBADV7qgDBADV7rswDQYJKoZIhvcNAQELBQADggEBAH4m0rwx33e+Snqy
T2l5wT/BHHJW8UKrm86cB+qtYVpbRh2yoslZlAaXxZkFMZewXzdIg+0k/JUpWD9V
boHCVCMV5NAEx3UN2WOempQrgA8lkk+2EQnTlpF/3Ay5goneuiUybH7f6tcUfI0V
DjNTyhXVfkL7tQpymu/0tSdxg1To7Pg0R1ksFU4t5EwGLbdB93ZWIalHG5eS3Kxn
soEtY2mY8PiNd0xrfDaV8F2lv8cfQhn3e9kEsQQJDkDbu9WSyoisyykQgpSmIFIu
maNPk43ZQATKoS7EPAL6SqZ9OUdeBY1Vz1wkzCcs1lXfEIOebvxaOMfc1ObOZ9NQ
OtvH4eg=
-----END CERTIFICATE-----
Generated at Mon Apr 7 04:46:18 2025 by rpki-client