Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/zzDFF83rooq9bozHtYL_dATXTDM.roa
File: zzDFF83rooq9bozHtYL_dATXTDM.roa (raw, json)
Hash identifier: MyfSjNe+EtbThUkyyT8a+4fAUtZTRsF/D/cpjHn7JnY=
Subject key identifier: CF:30:C5:17:CD:EB:A2:8A:BD:6E:8C:C7:B5:82:FF:74:04:D7:4C:33
Certificate issuer: /CN=f25fd47d836fca6f741caa3823937f4bb1f1b294
Certificate serial: 0194B09DE9B36612E358E13561FE6AB51F23
Authority key identifier: F2:5F:D4:7D:83:6F:CA:6F:74:1C:AA:38:23:93:7F:4B:B1:F1:B2:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8l_UfYNvym90HKo4I5N_S7HxspQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/zzDFF83rooq9bozHtYL_dATXTDM.roa
Signing time: Wed 29 Jan 2025 05:52:06 +0000
ROA not before: Wed 29 Jan 2025 05:52:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31027
IP address blocks: 37.25.64.0/21 maxlen: 21
37.25.64.0/23 maxlen: 23
37.25.66.0/23 maxlen: 23
37.25.68.0/22 maxlen: 22
185.29.168.0/22 maxlen: 22
2a04:4580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/8l_UfYNvym90HKo4I5N_S7HxspQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/8l_UfYNvym90HKo4I5N_S7HxspQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/8l_UfYNvym90HKo4I5N_S7HxspQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 13:43:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b0:9d:e9:b3:66:12:e3:58:e1:35:61:fe:6a:b5:1f:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f25fd47d836fca6f741caa3823937f4bb1f1b294
Validity
Not Before: Jan 29 05:52:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cf30c517cdeba28abd6e8cc7b582ff7404d74c33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:fd:5d:2c:bf:ec:14:83:63:fd:46:b0:53:4c:
ef:f9:04:4a:19:ec:d6:be:93:c4:a1:61:4e:a5:ed:
72:d4:c7:8d:00:7c:0d:42:6e:11:ce:df:ef:46:9d:
73:64:52:98:ce:02:56:5e:54:a6:ad:4a:94:43:ec:
af:c3:fc:d9:d4:03:08:2f:ca:6b:a6:84:35:4b:f1:
4e:fe:cf:87:86:5d:53:83:17:c2:03:22:9a:ba:2b:
26:a7:b2:eb:cb:19:fc:30:93:6d:5f:fb:97:89:5b:
70:34:ee:d4:89:ae:60:0d:e8:28:68:8d:a8:7d:01:
c0:8e:c2:e3:16:81:20:4c:75:a7:30:b8:44:0b:37:
0e:a4:7d:d9:bc:e0:60:a7:24:8a:56:97:67:da:29:
20:cd:c1:c4:4f:2b:a1:74:23:be:36:a3:d7:da:88:
c9:54:66:0d:a8:c8:b3:99:66:a6:ad:ca:2d:d7:61:
c0:8b:43:e2:49:86:93:c5:4d:da:1e:3a:77:b1:0d:
e0:cc:a4:02:c3:18:c9:f3:36:f9:49:34:fb:c0:8e:
1f:d1:88:8a:91:00:e8:bc:b1:48:b9:16:3a:65:dd:
c3:ef:4e:7b:9a:50:14:e5:3d:4d:e0:2e:a2:bf:2d:
40:4a:4e:38:d6:6f:c1:85:b8:cb:c5:43:54:29:fa:
b2:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:30:C5:17:CD:EB:A2:8A:BD:6E:8C:C7:B5:82:FF:74:04:D7:4C:33
X509v3 Authority Key Identifier:
keyid:F2:5F:D4:7D:83:6F:CA:6F:74:1C:AA:38:23:93:7F:4B:B1:F1:B2:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8l_UfYNvym90HKo4I5N_S7HxspQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/zzDFF83rooq9bozHtYL_dATXTDM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/8l_UfYNvym90HKo4I5N_S7HxspQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.25.64.0/21
185.29.168.0/22
IPv6:
2a04:4580::/29
Signature Algorithm: sha256WithRSAEncryption
45:b1:1e:08:11:c2:17:d4:7b:86:c4:45:7d:fd:34:d2:d6:f0:
9d:57:ed:85:89:5c:b2:22:2d:b8:0a:a2:ca:02:22:65:f6:cf:
d2:26:4a:9f:33:3d:3d:0e:b9:b2:f4:56:23:94:c8:dd:51:b7:
9c:ee:c5:32:23:5c:62:6b:17:78:c5:a5:bb:bb:07:01:fd:ea:
07:24:92:f9:8b:24:f3:31:2d:bf:58:74:b5:0b:7e:10:07:2a:
32:f7:9e:c5:39:a6:ef:07:fd:bf:61:cc:e8:59:f8:b2:ea:a3:
e7:87:ef:bc:3b:ac:25:26:6b:17:36:ca:8c:50:07:3f:0b:90:
13:0d:0b:69:ff:8a:2a:53:67:bd:d2:a8:36:38:b1:6e:47:0b:
44:89:9b:5e:9d:fd:ba:30:81:42:4a:61:3d:81:0c:1b:72:5e:
2e:84:c9:1f:db:f4:26:91:42:c3:b3:5c:b9:90:1e:04:34:9d:
e1:cf:d9:65:ad:23:57:f0:33:02:f4:94:24:29:a9:4a:f8:6b:
8c:f8:d5:b1:9f:1a:4f:2b:b1:d4:94:91:f3:98:1d:36:04:81:
3d:7c:f6:3d:52:29:a2:c5:39:b8:8c:c7:d9:41:de:05:75:50:
99:0e:a6:04:1b:10:98:56:ba:11:ed:77:7c:b2:d8:58:2f:47:
06:5e:91:ea
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZSwnemzZhLjWOE1Yf5qtR8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNWZkNDdkODM2ZmNhNmY3NDFjYWEzODIzOTM3ZjRiYjFm
MWIyOTQwHhcNMjUwMTI5MDU1MjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjMwYzUxN2NkZWJhMjhhYmQ2ZThjYzdiNTgyZmY3NDA0ZDc0YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf1dLL/sFINj/UawU0zv+QRKGezW
vpPEoWFOpe1y1MeNAHwNQm4Rzt/vRp1zZFKYzgJWXlSmrUqUQ+yvw/zZ1AMIL8pr
poQ1S/FO/s+Hhl1TgxfCAyKauismp7Lryxn8MJNtX/uXiVtwNO7Uia5gDegoaI2o
fQHAjsLjFoEgTHWnMLhECzcOpH3ZvOBgpySKVpdn2ikgzcHETyuhdCO+NqPX2ojJ
VGYNqMizmWamrcot12HAi0PiSYaTxU3aHjp3sQ3gzKQCwxjJ8zb5STT7wI4f0YiK
kQDovLFIuRY6Zd3D7057mlAU5T1N4C6ivy1ASk441m/BhbjLxUNUKfqyqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM8wxRfN66KKvW6Mx7WC/3QE10wzMB8GA1UdIwQY
MBaAFPJf1H2Db8pvdByqOCOTf0ux8bKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGxfVWZZTnZ5bTkwSEtvNEk1Tl9TN0h4c3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8yOTZlZWMtNGYwNC00YTI1LWE4NDMt
YmI3YTQzZTU3ZjM4LzEvenpERkY4M3Jvb3E5Ym96SHRZTF9kQVRYVERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8yOTZlZWMtNGYwNC00YTI1LWE4NDMtYmI3YTQzZTU3ZjM4
LzEvOGxfVWZZTnZ5bTkwSEtvNEk1Tl9TN0h4c3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJRlAAwQC
uR2oMA0EAgACMAcDBQMqBEWAMA0GCSqGSIb3DQEBCwUAA4IBAQBFsR4IEcIX1HuG
xEV9/TTS1vCdV+2FiVyyIi24CqLKAiJl9s/SJkqfMz09Drmy9FYjlMjdUbec7sUy
I1xiaxd4xaW7uwcB/eoHJJL5iyTzMS2/WHS1C34QByoy957FOabvB/2/YczoWfiy
6qPnh++8O6wlJmsXNsqMUAc/C5ATDQtp/4oqU2e90qg2OLFuRwtEiZtenf26MIFC
SmE9gQwbcl4uhMkf2/QmkULDs1y5kB4ENJ3hz9llrSNX8DMC9JQkKalK+GuM+NWx
nxpPK7HUlJHzmB02BIE9fPY9UimixTm4jMfZQd4FdVCZDqYEGxCYVroR7Xd8sthY
L0cGXpHq
-----END CERTIFICATE-----
Generated at Tue Apr 8 21:08:43 2025 by rpki-client