Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/2U9OMR0vNGIWLLTXLBnFAJc6zag.roa
File: 2U9OMR0vNGIWLLTXLBnFAJc6zag.roa (raw, json)
Hash identifier: F6oBZloimXQ0suZfVl9SgIpXfkXnctvWcc1snNVrOMI=
Subject key identifier: D9:4F:4E:31:1D:2F:34:62:16:2C:B4:D7:2C:19:C5:00:97:3A:CD:A8
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 019732FD1B2F8C7AFBFAC207CB49288F70D4
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/2U9OMR0vNGIWLLTXLBnFAJc6zag.roa
Signing time: Mon 02 Jun 2025 23:32:17 +0000
ROA not before: Mon 02 Jun 2025 23:32:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202870
IP address blocks: 5.152.128.0/22 maxlen: 24
45.3.56.0/22 maxlen: 24
45.133.154.0/23 maxlen: 24
103.129.61.0/24 maxlen: 24
104.167.28.0/22 maxlen: 24
185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.mft
rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 18:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:32:fd:1b:2f:8c:7a:fb:fa:c2:07:cb:49:28:8f:70:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: Jun 2 23:32:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d94f4e311d2f3462162cb4d72c19c500973acda8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:98:5d:90:78:05:af:e7:d7:8f:ed:eb:2d:40:
e0:1f:40:cc:05:28:0f:eb:15:40:56:22:77:76:e7:
1f:33:b6:22:62:3f:77:20:77:b3:86:e4:42:82:b6:
0e:c0:dd:9d:ae:83:37:ff:c7:90:15:06:c4:0c:e5:
1c:ab:39:d1:ca:b8:35:a8:73:1e:c5:2c:21:6a:49:
c8:e7:64:a6:f4:c0:6f:33:9d:a6:af:bf:ed:37:8f:
31:7b:88:06:14:b9:d4:cd:87:05:22:f2:83:dd:a3:
69:86:35:cb:73:1a:9f:7f:1b:8f:75:63:e9:28:60:
d9:06:c3:fc:10:dd:7f:8a:e2:5e:50:d0:01:80:5d:
0c:e2:b0:73:5c:eb:0b:2e:ac:d2:bf:1d:05:2c:9b:
b7:0d:55:4b:b9:61:13:81:29:f6:be:49:43:68:36:
d3:8a:f6:11:0a:8d:28:bb:e5:ea:19:38:a3:ef:1a:
cc:ea:ae:8d:b0:fd:92:94:e6:5e:f2:c6:46:52:3d:
b6:ab:3e:8d:b7:d6:f8:c2:92:83:bf:c7:8d:39:bf:
52:ec:bf:77:f1:ae:0c:8e:3c:63:da:d7:35:f9:ec:
74:dc:a0:94:48:7d:98:ec:e9:7a:9c:fd:80:df:d0:
39:b5:27:6c:6c:47:ac:80:34:9a:9d:ae:da:50:f7:
60:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:4F:4E:31:1D:2F:34:62:16:2C:B4:D7:2C:19:C5:00:97:3A:CD:A8
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/2U9OMR0vNGIWLLTXLBnFAJc6zag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
45.3.56.0/22
45.133.154.0/23
103.129.61.0/24
104.167.28.0/22
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
25:da:d1:03:13:bb:b1:2f:12:2a:e4:66:12:b3:27:ee:d4:cc:
e2:29:2c:c8:47:f0:06:c6:69:f5:b4:a3:ff:7c:82:f7:96:1a:
f5:03:54:e1:07:50:23:ad:8f:b3:24:05:26:40:a2:5a:8a:59:
8e:25:81:ee:73:f4:ae:5a:78:7b:66:cc:fd:49:9a:72:2e:95:
92:0b:28:5e:7c:bd:c1:7c:6c:d7:d5:67:23:7f:e4:89:54:11:
8a:12:c3:38:c2:39:52:9b:18:3b:c0:ef:93:9f:dc:04:c0:3f:
e2:37:dd:db:6d:77:d2:ea:c3:48:2a:54:1d:dc:bc:e9:6c:08:
00:6c:86:f2:1b:94:af:f9:0e:ee:3a:6c:f4:d3:a5:bd:40:e3:
8f:8e:ec:90:d0:f6:7d:d5:29:3b:c0:3a:61:f3:37:ba:5f:89:
77:4a:36:bc:c7:a7:80:d2:25:a8:ef:a0:2e:c3:49:62:f4:33:
5c:85:fa:f6:d6:91:66:74:e4:fa:2b:87:44:d1:a8:43:14:25:
4a:d6:47:33:6e:ba:05:2e:2e:2a:6c:0c:4a:87:10:96:a6:7f:
f6:4a:b8:df:bb:24:66:c2:0c:fb:1d:40:b7:a4:3a:24:22:04:
aa:15:1e:95:f1:6f:83:ad:46:26:e1:8b:67:b7:d6:54:fb:36:
b4:d8:2f:08
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZcy/RsvjHr7+sIHy0koj3DUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjUwNjAyMjMzMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTRmNGUzMTFkMmYzNDYyMTYyY2I0ZDcyYzE5YzUwMDk3M2FjZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJhdkHgFr+fXj+3rLUDgH0DMBSgP
6xVAViJ3ducfM7YiYj93IHezhuRCgrYOwN2droM3/8eQFQbEDOUcqznRyrg1qHMe
xSwhaknI52Sm9MBvM52mr7/tN48xe4gGFLnUzYcFIvKD3aNphjXLcxqffxuPdWPp
KGDZBsP8EN1/iuJeUNABgF0M4rBzXOsLLqzSvx0FLJu3DVVLuWETgSn2vklDaDbT
ivYRCo0ou+XqGTij7xrM6q6NsP2SlOZe8sZGUj22qz6Nt9b4wpKDv8eNOb9S7L93
8a4Mjjxj2tc1+ex03KCUSH2Y7Ol6nP2A39A5tSdsbEesgDSana7aUPdgDwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNlPTjEdLzRiFiy01ywZxQCXOs2oMB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvMlU5T01SMHZOR0lXTExUWExCbkZBSmM2emFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCBZiAAwQC
LQM4AwQBLYWaAwQAZ4E9AwQCaKccAwQCuZgsMA0EAgACMAcDBQMqB36AMA0GCSqG
SIb3DQEBCwUAA4IBAQAl2tEDE7uxLxIq5GYSsyfu1MziKSzIR/AGxmn1tKP/fIL3
lhr1A1ThB1AjrY+zJAUmQKJailmOJYHuc/SuWnh7Zsz9SZpyLpWSCyhefL3BfGzX
1Wcjf+SJVBGKEsM4wjlSmxg7wO+Tn9wEwD/iN93bbXfS6sNIKlQd3LzpbAgAbIby
G5Sv+Q7uOmz006W9QOOPjuyQ0PZ91Sk7wDph8ze6X4l3Sja8x6eA0iWo76Auw0li
9DNchfr21pFmdOT6K4dE0ahDFCVK1kczbroFLi4qbAxKhxCWpn/2SrjfuyRmwgz7
HUC3pDokIgSqFR6V8W+DrUYm4Ytnt9ZU+za02C8I
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:49:17 2025 by rpki-client