Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/2ykyLUV8HJgn1salik1J3kOQxCQ.roa
File: 2ykyLUV8HJgn1salik1J3kOQxCQ.roa (raw, json)
Hash identifier: nDi3j9QWu/wqTdD6MOvj0Loav1zxTXnuS+2Or/nURsA=
Subject key identifier: DB:29:32:2D:45:7C:1C:98:27:D6:C6:A5:8A:4D:49:DE:43:90:C4:24
Certificate issuer: /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial: 0194266BC16FBD92D85E420B6CAB8247A66E
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/2ykyLUV8HJgn1salik1J3kOQxCQ.roa
Signing time: Thu 02 Jan 2025 09:49:43 +0000
ROA not before: Thu 02 Jan 2025 09:49:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44307
IP address blocks: 45.15.76.0/22 maxlen: 24
45.81.216.0/22 maxlen: 24
45.84.180.0/22 maxlen: 24
45.86.252.0/22 maxlen: 24
45.87.71.0/24 maxlen: 24
45.93.76.0/22 maxlen: 24
45.95.60.0/22 maxlen: 24
45.129.112.0/22 maxlen: 24
45.135.20.0/22 maxlen: 24
45.138.60.0/22 maxlen: 24
45.142.148.0/22 maxlen: 24
45.148.180.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 03:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:c1:6f:bd:92:d8:5e:42:0b:6c:ab:82:47:a6:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Validity
Not Before: Jan 2 09:49:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db29322d457c1c9827d6c6a58a4d49de4390c424
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:c5:75:64:6a:43:1e:f3:5c:66:e0:9b:c3:1a:
aa:ee:06:4b:6c:b2:46:ca:1a:54:81:4e:2f:77:2e:
3a:00:24:f7:3f:f9:99:ad:4d:8b:a0:2c:ed:9a:a2:
4b:8a:c3:5c:5d:97:41:7e:22:9d:ed:ee:a5:0d:85:
c3:e4:d8:ee:49:66:fa:7e:6c:da:2b:19:92:5d:f5:
b4:4f:f1:ec:42:00:7f:c3:6e:a6:e9:35:80:57:91:
45:37:c5:3c:7e:40:b0:66:40:e0:fc:b2:75:e1:f0:
a5:83:8c:ac:0b:3b:fc:b5:d7:b9:bc:b8:00:4c:cc:
fe:1f:a9:d8:66:6f:80:da:e1:06:04:4d:13:98:f6:
32:97:d7:8f:bc:18:bd:1f:3c:17:c4:d3:75:e7:91:
19:fc:ee:6b:3f:4f:9f:c3:61:6d:46:5d:4c:3c:22:
1d:37:37:78:ac:36:65:62:07:15:c9:cc:0a:7e:2c:
37:47:c6:3a:60:58:66:89:45:b3:8f:d0:28:25:c2:
52:70:ab:67:30:ce:f8:81:9b:b8:12:63:08:6a:f1:
ec:8f:30:8b:f0:97:4a:de:05:90:7c:c6:32:17:53:
6c:5e:52:d3:c6:30:b1:12:12:82:8b:27:a6:77:82:
8a:80:87:3c:84:db:10:d2:b6:26:0f:62:87:6f:9c:
67:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:29:32:2D:45:7C:1C:98:27:D6:C6:A5:8A:4D:49:DE:43:90:C4:24
X509v3 Authority Key Identifier:
keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/2ykyLUV8HJgn1salik1J3kOQxCQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.76.0/22
45.81.216.0/22
45.84.180.0/22
45.86.252.0/22
45.87.71.0/24
45.93.76.0/22
45.95.60.0/22
45.129.112.0/22
45.135.20.0/22
45.138.60.0/22
45.142.148.0/22
45.148.180.0/22
Signature Algorithm: sha256WithRSAEncryption
99:e4:c3:c8:e7:4f:f0:87:59:6c:c0:5d:06:71:8d:7c:2c:e3:
81:c5:54:f4:a8:d5:e9:ee:d2:93:c9:7d:5e:86:25:73:d5:f3:
80:ab:52:70:01:b8:80:95:a6:e4:e5:a8:48:35:7c:a0:17:81:
7e:ca:44:15:3d:e8:ff:a4:bb:2d:6c:f1:ff:eb:10:75:60:a6:
7f:5e:52:3d:e4:2b:fc:8a:63:8a:89:10:60:07:09:b6:97:fd:
c5:36:d1:5a:3d:08:9b:4e:11:58:9c:19:9a:1b:a8:d2:52:b8:
35:ad:6f:71:10:ec:41:e8:ef:f0:a1:a7:40:11:ec:61:e1:70:
2f:b0:24:1d:60:36:cd:a1:be:bd:d6:95:96:1c:c4:ab:a3:83:
28:16:cf:70:ab:04:22:02:89:4d:80:5c:dc:95:92:21:51:37:
ea:b6:95:85:bf:42:19:18:41:08:ef:de:dd:18:e4:c2:24:30:
d0:12:d2:82:5a:55:36:72:cb:aa:54:3f:92:e0:6e:90:91:6e:
b8:d7:26:c0:d9:3d:af:16:b3:fc:76:05:bf:37:2b:a1:05:ad:
04:59:83:83:39:36:b9:0d:03:1f:42:da:fe:00:37:a7:69:08:
8b:af:4f:90:a2:ed:3e:c2:16:b3:0a:e0:1c:f9:bd:ea:2d:68:
82:52:2b:1c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQma8FvvZLYXkILbKuCR6ZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjI5MzIyZDQ1N2MxYzk4MjdkNmM2YTU4YTRkNDlkZTQzOTBjNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8V1ZGpDHvNcZuCbwxqq7gZLbLJG
yhpUgU4vdy46ACT3P/mZrU2LoCztmqJLisNcXZdBfiKd7e6lDYXD5NjuSWb6fmza
KxmSXfW0T/HsQgB/w26m6TWAV5FFN8U8fkCwZkDg/LJ14fClg4ysCzv8tde5vLgA
TMz+H6nYZm+A2uEGBE0TmPYyl9ePvBi9HzwXxNN155EZ/O5rP0+fw2FtRl1MPCId
Nzd4rDZlYgcVycwKfiw3R8Y6YFhmiUWzj9AoJcJScKtnMM74gZu4EmMIavHsjzCL
8JdK3gWQfMYyF1NsXlLTxjCxEhKCiyemd4KKgIc8hNsQ0rYmD2KHb5xnGwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNspMi1FfByYJ9bGpYpNSd5DkMQkMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvMnlreUxVVjhISmduMXNhbGlrMUoza09ReENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCLQ9MAwQC
LVHYAwQCLVS0AwQCLVb8AwQALVdHAwQCLV1MAwQCLV88AwQCLYFwAwQCLYcUAwQC
LYo8AwQCLY6UAwQCLZS0MA0GCSqGSIb3DQEBCwUAA4IBAQCZ5MPI50/wh1lswF0G
cY18LOOBxVT0qNXp7tKTyX1ehiVz1fOAq1JwAbiAlabk5ahINXygF4F+ykQVPej/
pLstbPH/6xB1YKZ/XlI95Cv8imOKiRBgBwm2l/3FNtFaPQibThFYnBmaG6jSUrg1
rW9xEOxB6O/woadAEexh4XAvsCQdYDbNob691pWWHMSro4MoFs9wqwQiAolNgFzc
lZIhUTfqtpWFv0IZGEEI797dGOTCJDDQEtKCWlU2csuqVD+S4G6QkW641ybA2T2v
FrP8dgW/NyuhBa0EWYODOTa5DQMfQtr+ADenaQiLr0+Qou0+whazCuAc+b3qLWiC
Uisc
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:15:24 2025 by rpki-client