Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/2fiCKenUyZEGcgyEcbC3Fxz5B0o.roa
File: 2fiCKenUyZEGcgyEcbC3Fxz5B0o.roa (raw, json)
Hash identifier: C3sRzOd2/ABXN5AYlIy2eOFDIIGwTRNmpvXK9lls8wk=
Subject key identifier: D9:F8:82:29:E9:D4:C9:91:06:72:0C:84:71:B0:B7:17:1C:F9:07:4A
Certificate issuer: /CN=a5472b1473bc781b70440315c83d119c8abc86fc
Certificate serial: 019421B1830677EFAE55A96B4898889CF4D8
Authority key identifier: A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/2fiCKenUyZEGcgyEcbC3Fxz5B0o.roa
Signing time: Wed 01 Jan 2025 11:47:48 +0000
ROA not before: Wed 01 Jan 2025 11:47:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15457
IP address blocks: 83.223.160.0/19 maxlen: 19
84.23.192.0/19 maxlen: 19
89.109.64.0/18 maxlen: 18
95.172.160.0/19 maxlen: 19
159.255.48.0/20 maxlen: 20
185.80.76.0/22 maxlen: 22
188.125.192.0/19 maxlen: 19
213.138.224.0/19 maxlen: 19
213.190.192.0/19 maxlen: 19
2a00:d180::/29 maxlen: 29
2a00:d180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.mft
rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:83:06:77:ef:ae:55:a9:6b:48:98:88:9c:f4:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5472b1473bc781b70440315c83d119c8abc86fc
Validity
Not Before: Jan 1 11:47:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9f88229e9d4c99106720c8471b0b7171cf9074a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:9d:73:81:22:d0:17:19:ce:b4:49:5d:b5:3b:
56:4f:8e:0c:fd:32:26:d1:53:84:ad:10:9f:df:fa:
d6:8c:44:5a:ba:82:ee:91:ab:89:f8:77:ca:72:b5:
74:06:6f:d1:2b:ce:e7:4a:c3:9a:c8:e3:2b:58:13:
fc:72:df:6b:89:80:45:dd:47:9a:65:5d:ca:f0:c8:
cc:5c:de:4d:6d:81:54:43:d5:ce:c0:e1:f7:f8:19:
27:04:09:b8:42:c5:3e:ce:20:96:f3:64:e6:0f:ee:
34:65:a8:15:e3:c0:39:2e:93:1b:3a:0a:5a:fe:0b:
a6:52:1c:4f:1c:a6:1c:54:1b:65:9e:bd:e0:a6:62:
c2:81:ec:a9:17:51:42:0d:8e:6f:bd:d3:38:33:7d:
21:e0:c6:2a:37:ce:8e:59:fa:2f:18:e1:e7:f0:3b:
f1:3a:e8:0c:38:84:14:e1:ea:81:9f:41:6c:c1:0f:
13:1e:37:af:74:39:8b:21:56:59:03:6b:6a:79:f4:
32:9a:ad:14:ea:05:d4:6f:96:f9:9e:c4:38:ac:8d:
cf:12:58:7b:a2:38:f3:3c:cf:2c:8b:34:dc:93:72:
db:ad:04:e4:50:ac:c2:0c:e5:44:89:5e:be:12:e8:
84:94:0d:15:a9:d0:a2:2f:dd:b9:d8:03:a9:af:42:
89:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:F8:82:29:E9:D4:C9:91:06:72:0C:84:71:B0:B7:17:1C:F9:07:4A
X509v3 Authority Key Identifier:
keyid:A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/2fiCKenUyZEGcgyEcbC3Fxz5B0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.223.160.0/19
84.23.192.0/19
89.109.64.0/18
95.172.160.0/19
159.255.48.0/20
185.80.76.0/22
188.125.192.0/19
213.138.224.0/19
213.190.192.0/19
IPv6:
2a00:d180::/29
Signature Algorithm: sha256WithRSAEncryption
7a:ad:58:64:40:c5:52:f9:a2:40:8a:10:ec:45:ce:d1:d8:75:
cd:1a:53:42:de:19:79:14:45:60:08:56:78:a5:a4:b0:f1:57:
99:91:8b:55:1c:d4:69:9c:3a:2c:e0:96:13:0c:d8:9f:db:2f:
ee:4c:8e:37:5f:db:d7:f3:d8:51:1a:dc:c1:5c:72:9f:d8:17:
f2:d3:f6:90:2a:28:23:84:f2:55:35:53:52:71:22:b8:c1:43:
69:c1:dc:b6:69:18:3d:fe:0b:4d:de:41:c2:62:2f:8b:60:3f:
e8:2d:c2:87:cf:a2:3e:4a:73:2e:7e:22:ac:e5:b0:f7:ed:9f:
63:58:df:4f:89:06:88:44:6f:3b:4f:89:4d:fb:d9:de:24:8c:
c7:fd:de:0e:1c:50:09:c9:cc:b1:dd:e5:7f:9d:ef:8b:b9:d5:
4c:6a:42:f7:6b:27:48:76:ff:29:42:17:85:52:7f:83:56:2f:
26:b0:a4:43:93:8f:74:62:64:f5:af:00:cc:a5:9a:c1:27:b6:
0e:23:1b:fa:71:58:64:0a:85:e3:98:4b:d2:b0:fe:dd:62:21:
16:ac:86:b6:e1:5c:ed:b2:f6:16:35:a2:5a:c1:bb:da:f2:53:
48:8a:96:82:89:3b:84:1a:00:04:63:d2:70:e4:d5:dd:c8:4d:
07:af:72:d9
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQhsYMGd++uValrSJiInPTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NDcyYjE0NzNiYzc4MWI3MDQ0MDMxNWM4M2QxMTljOGFi
Yzg2ZmMwHhcNMjUwMTAxMTE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY4ODIyOWU5ZDRjOTkxMDY3MjBjODQ3MWIwYjcxNzFjZjkwNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ1zgSLQFxnOtEldtTtWT44M/TIm
0VOErRCf3/rWjERauoLukauJ+HfKcrV0Bm/RK87nSsOayOMrWBP8ct9riYBF3Uea
ZV3K8MjMXN5NbYFUQ9XOwOH3+BknBAm4QsU+ziCW82TmD+40ZagV48A5LpMbOgpa
/gumUhxPHKYcVBtlnr3gpmLCgeypF1FCDY5vvdM4M30h4MYqN86OWfovGOHn8Dvx
OugMOIQU4eqBn0FswQ8THjevdDmLIVZZA2tqefQymq0U6gXUb5b5nsQ4rI3PElh7
ojjzPM8sizTck3LbrQTkUKzCDOVEiV6+EuiElA0VqdCiL9252AOpr0KJgQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNn4ginp1MmRBnIMhHGwtxcc+QdKMB8GA1UdIwQY
MBaAFKVHKxRzvHgbcEQDFcg9EZyKvIb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFVjckZITzhlQnR3UkFNVnlEMFJuSXE4aHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zMDExMmYtMGU5ZC00ZmM4LWI4NTQt
YjE1NjViMjU1ODU0LzEvMmZpQ0tlblV5WkVHY2d5RWNiQzNGeHo1QjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zMDExMmYtMGU5ZC00ZmM4LWI4NTQtYjE1NjViMjU1ODU0
LzEvcFVjckZITzhlQnR3UkFNVnlEMFJuSXE4aHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFU9+gAwQF
VBfAAwQGWW1AAwQFX6ygAwQEn/8wAwQCuVBMAwQFvH3AAwQF1YrgAwQF1b7AMA0E
AgACMAcDBQMqANGAMA0GCSqGSIb3DQEBCwUAA4IBAQB6rVhkQMVS+aJAihDsRc7R
2HXNGlNC3hl5FEVgCFZ4paSw8VeZkYtVHNRpnDos4JYTDNif2y/uTI43X9vX89hR
GtzBXHKf2Bfy0/aQKigjhPJVNVNScSK4wUNpwdy2aRg9/gtN3kHCYi+LYD/oLcKH
z6I+SnMufiKs5bD37Z9jWN9PiQaIRG87T4lN+9neJIzH/d4OHFAJycyx3eV/ne+L
udVMakL3aydIdv8pQheFUn+DVi8msKRDk490YmT1rwDMpZrBJ7YOIxv6cVhkCoXj
mEvSsP7dYiEWrIa24VztsvYWNaJawbva8lNIipaCiTuEGgAEY9Jw5NXdyE0Hr3LZ
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:36:13 2025 by rpki-client