Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/e03b3c-6026-41e7-a553-ab14822f85b5/1/cSU3uumNlLN8Of6e212G9P0zAJw.roa
File: cSU3uumNlLN8Of6e212G9P0zAJw.roa (raw, json)
Hash identifier: kzDk6Ttjden5ir/EuoOlXFG1vxnRI9Xpd+xXHRFPFcI=
Subject key identifier: 71:25:37:BA:E9:8D:94:B3:7C:39:FE:9E:DB:5D:86:F4:FD:33:00:9C
Certificate issuer: /CN=f80aef4640437f2307f79871bfb632bb8bddad21
Certificate serial: 01967D1A300CF2F0B1C105A9624AC9A94FFC
Authority key identifier: F8:0A:EF:46:40:43:7F:23:07:F7:98:71:BF:B6:32:BB:8B:DD:AD:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-ArvRkBDfyMH95hxv7Yyu4vdrSE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/e03b3c-6026-41e7-a553-ab14822f85b5/1/cSU3uumNlLN8Of6e212G9P0zAJw.roa
Signing time: Mon 28 Apr 2025 15:53:10 +0000
ROA not before: Mon 28 Apr 2025 15:53:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44671
IP address blocks: 91.202.136.0/22 maxlen: 22
178.21.232.0/21 maxlen: 21
185.41.188.0/22 maxlen: 22
2a00:7d20::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/e03b3c-6026-41e7-a553-ab14822f85b5/1/1-ArvRkBDfyMH95hxv7Yyu4vdrSE.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/e03b3c-6026-41e7-a553-ab14822f85b5/1/1-ArvRkBDfyMH95hxv7Yyu4vdrSE.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-ArvRkBDfyMH95hxv7Yyu4vdrSE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 18:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7d:1a:30:0c:f2:f0:b1:c1:05:a9:62:4a:c9:a9:4f:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f80aef4640437f2307f79871bfb632bb8bddad21
Validity
Not Before: Apr 28 15:53:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=712537bae98d94b37c39fe9edb5d86f4fd33009c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:01:38:b7:f5:c7:94:92:2e:e4:c3:fd:b3:60:
80:81:b8:c1:c1:77:26:fe:ce:bc:ba:20:04:ff:21:
32:16:81:fe:0a:5b:db:b1:61:5c:43:9e:03:b3:aa:
0d:c4:d6:f1:af:20:fb:d1:21:9a:8a:c2:2b:25:7b:
90:20:14:76:6a:b5:c8:40:fd:c3:75:42:ce:17:87:
bb:ae:60:30:53:43:61:77:3a:b7:65:96:61:98:3f:
c0:b5:ad:cd:6f:5d:51:6e:6c:9e:45:2b:ca:ba:d6:
81:0f:98:51:ee:a3:90:8a:17:c1:b9:26:d7:e2:f1:
f3:89:78:6e:4e:c6:4e:7e:85:c7:ca:5b:fb:74:52:
86:cb:eb:3e:a9:06:1e:a0:14:0b:09:02:44:27:9e:
24:cf:fd:e4:24:b8:04:e6:d5:28:69:d8:eb:4a:59:
fc:b6:2c:e1:8a:d2:0d:87:70:81:78:ff:81:28:38:
3c:25:d1:0c:88:59:b0:86:9a:06:4f:f1:b8:fd:e0:
2b:46:0b:5b:05:a2:b8:d8:2e:74:bc:fa:88:92:62:
a1:23:12:df:ec:d5:8c:0b:13:46:e3:81:28:de:a6:
c9:4f:f8:f5:7e:e2:11:15:f3:2b:65:f8:ed:1e:22:
3a:98:1a:23:06:f1:38:3a:2f:dc:aa:97:8f:ba:88:
fa:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:25:37:BA:E9:8D:94:B3:7C:39:FE:9E:DB:5D:86:F4:FD:33:00:9C
X509v3 Authority Key Identifier:
keyid:F8:0A:EF:46:40:43:7F:23:07:F7:98:71:BF:B6:32:BB:8B:DD:AD:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ArvRkBDfyMH95hxv7Yyu4vdrSE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/e03b3c-6026-41e7-a553-ab14822f85b5/1/cSU3uumNlLN8Of6e212G9P0zAJw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/e03b3c-6026-41e7-a553-ab14822f85b5/1/1-ArvRkBDfyMH95hxv7Yyu4vdrSE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.202.136.0/22
178.21.232.0/21
185.41.188.0/22
IPv6:
2a00:7d20::/32
Signature Algorithm: sha256WithRSAEncryption
77:92:ea:e4:32:bd:f5:ab:2b:ec:82:18:c4:64:42:ee:21:cc:
fb:9d:91:4b:91:5f:be:d0:2a:85:0d:29:11:8d:79:2c:6f:28:
28:ca:6c:19:0c:a9:d6:9a:86:3e:1a:09:56:fa:06:84:b0:c7:
5d:2b:64:5a:b0:68:e5:7b:ab:79:e0:b9:59:75:50:53:7d:70:
fb:1d:39:9d:c0:67:bd:f8:91:d5:97:81:8f:a9:1f:6f:cc:ac:
13:f9:48:e4:3c:5e:1f:6a:19:ae:90:59:07:ed:da:a5:30:47:
af:0c:73:ef:6c:4b:e0:cc:76:35:0a:8e:61:62:87:04:ba:11:
b6:30:0e:2b:c9:44:17:6d:25:d5:cd:de:dc:bb:2d:49:e8:a8:
c9:19:f3:ee:ad:79:21:82:3b:73:74:48:60:5d:43:ca:7b:31:
a7:d6:58:5d:a7:0c:df:c1:33:34:17:48:d2:e5:4d:9f:6b:7a:
ee:a4:90:ff:33:01:c2:80:c9:d8:4e:9a:21:d3:33:43:46:62:
38:61:e2:c1:6e:b1:a9:97:78:de:b7:ef:4a:ef:0f:a4:08:5b:
86:36:e9:f4:dd:2a:68:0b:c1:74:7a:52:45:5a:73:c4:a9:6c:
1a:9e:78:32:a4:33:56:23:e9:69:f5:73:0d:38:ae:de:55:f0:
13:32:1a:5f
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZZ9GjAM8vCxwQWpYkrJqU/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MGFlZjQ2NDA0MzdmMjMwN2Y3OTg3MWJmYjYzMmJiOGJk
ZGFkMjEwHhcNMjUwNDI4MTU1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI1MzdiYWU5OGQ5NGIzN2MzOWZlOWVkYjVkODZmNGZkMzMwMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAE4t/XHlJIu5MP9s2CAgbjBwXcm
/s68uiAE/yEyFoH+ClvbsWFcQ54Ds6oNxNbxryD70SGaisIrJXuQIBR2arXIQP3D
dULOF4e7rmAwU0Nhdzq3ZZZhmD/Ata3Nb11RbmyeRSvKutaBD5hR7qOQihfBuSbX
4vHziXhuTsZOfoXHylv7dFKGy+s+qQYeoBQLCQJEJ54kz/3kJLgE5tUoadjrSln8
tizhitINh3CBeP+BKDg8JdEMiFmwhpoGT/G4/eArRgtbBaK42C50vPqIkmKhIxLf
7NWMCxNG44Eo3qbJT/j1fuIRFfMrZfjtHiI6mBojBvE4Oi/cqpePuoj6HwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFHElN7rpjZSzfDn+nttdhvT9MwCcMB8GA1UdIwQY
MBaAFPgK70ZAQ38jB/eYcb+2MruL3a0hMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1BcnZSa0JEZnlNSDk1aHh2N1l5dTR2ZHJTRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMvZTAzYjNjLTYwMjYtNDFlNy1hNTUz
LWFiMTQ4MjJmODViNS8xL2NTVTN1dW1ObExOOE9mNmUyMTJHOVAwekFKdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzMvZTAzYjNjLTYwMjYtNDFlNy1hNTUzLWFiMTQ4MjJmODVi
NS8xLzEtQXJ2UmtCRGZ5TUg5NWh4djdZeXU0dmRyU0UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOgYIKwYBBQUHAQcBAf8EKzApMBgEAgABMBIDBAJbyogD
BAOyFegDBAK5KbwwDQQCAAIwBwMFACoAfSAwDQYJKoZIhvcNAQELBQADggEBAHeS
6uQyvfWrK+yCGMRkQu4hzPudkUuRX77QKoUNKRGNeSxvKCjKbBkMqdaahj4aCVb6
BoSwx10rZFqwaOV7q3nguVl1UFN9cPsdOZ3AZ734kdWXgY+pH2/MrBP5SOQ8Xh9q
Ga6QWQft2qUwR68Mc+9sS+DMdjUKjmFihwS6EbYwDivJRBdtJdXN3ty7LUnoqMkZ
8+6teSGCO3N0SGBdQ8p7MafWWF2nDN/BMzQXSNLlTZ9reu6kkP8zAcKAydhOmiHT
M0NGYjhh4sFusamXeN6370rvD6QIW4Y26fTdKmgLwXR6UkVac8SpbBqeeDKkM1Yj
6Wn1cw04rt5V8BMyGl8=
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:05:25 2025 by rpki-client