Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/2doyv893qLqpydv5qHFlRCB_g-Q.roa
File: 2doyv893qLqpydv5qHFlRCB_g-Q.roa (raw, json)
Hash identifier: kktAELQ0ENAf23BgcauSsLAOuVx+m9eQ/dGq67Ovl60=
Subject key identifier: D9:DA:32:BF:CF:77:A8:BA:A9:C9:DB:F9:A8:71:65:44:20:7F:83:E4
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019425FD315D93C6D66325D90DFBDF40AA35
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/2doyv893qLqpydv5qHFlRCB_g-Q.roa
Signing time: Thu 02 Jan 2025 07:48:57 +0000
ROA not before: Thu 02 Jan 2025 07:48:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396356
IP address blocks: 64.137.36.0/24 maxlen: 24
64.137.37.0/24 maxlen: 24
64.137.121.0/24 maxlen: 24
104.238.7.0/24 maxlen: 24
104.239.28.0/24 maxlen: 24
104.239.44.0/24 maxlen: 24
104.239.73.0/24 maxlen: 24
104.239.88.0/24 maxlen: 24
216.173.104.0/24 maxlen: 24
216.173.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 17:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:31:5d:93:c6:d6:63:25:d9:0d:fb:df:40:aa:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jan 2 07:48:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9da32bfcf77a8baa9c9dbf9a8716544207f83e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:c2:2d:da:7c:07:3b:c6:24:6f:e3:68:c1:cf:
6a:25:ce:7b:2a:2a:8d:84:ef:db:c0:67:18:fa:38:
48:da:17:11:d0:d8:46:93:86:40:6a:0e:85:b8:9a:
cb:a0:ff:0f:13:fa:1a:7b:0e:5d:11:49:d6:dc:84:
e1:d4:82:64:d2:85:d8:2a:c6:67:ba:0a:d1:52:5b:
ab:04:a9:ab:c0:cf:30:ce:a8:36:16:02:a4:cf:8d:
15:ba:74:dd:68:77:7d:56:bb:ea:79:c7:4a:ae:d6:
ac:27:31:71:32:f9:70:ab:68:60:98:f2:fc:5a:60:
22:4e:39:ae:ec:b4:42:e1:a6:da:df:4a:f5:f5:f4:
36:07:2a:38:4a:36:a0:5d:d7:78:21:49:74:d2:15:
b6:79:a3:e5:5d:84:c5:e4:80:4c:eb:3d:c4:59:fd:
c7:80:1b:e7:05:05:b5:aa:b6:64:00:63:c3:06:d8:
5b:14:a8:f4:f6:15:33:be:c5:f3:17:92:bd:b9:f6:
9f:0b:cd:8f:53:0a:f8:56:f3:2b:57:62:4d:8b:96:
a0:18:aa:48:ed:f7:22:d5:06:19:4b:9f:40:29:c6:
90:8c:b9:a4:83:26:b6:60:76:34:01:78:99:d9:94:
ae:7a:3c:86:ff:74:3d:62:75:67:9d:13:36:54:70:
57:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:DA:32:BF:CF:77:A8:BA:A9:C9:DB:F9:A8:71:65:44:20:7F:83:E4
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/2doyv893qLqpydv5qHFlRCB_g-Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.36.0/23
64.137.121.0/24
104.238.7.0/24
104.239.28.0/24
104.239.44.0/24
104.239.73.0/24
104.239.88.0/24
216.173.104.0/23
Signature Algorithm: sha256WithRSAEncryption
33:60:7f:bf:0c:b8:91:0b:47:be:60:2b:72:2f:28:47:16:95:
4f:31:72:39:8a:5f:e1:69:8a:e1:b5:f9:76:d7:34:ca:94:a3:
dc:ba:7f:a1:c3:32:f0:90:8c:e3:9f:e2:96:19:8e:8b:ab:60:
4a:25:cc:cf:e4:8c:55:8d:97:60:90:20:87:fb:4c:ba:da:30:
d1:ca:d7:7b:46:9b:58:ff:94:49:87:f1:22:08:4c:92:ed:62:
14:c0:9b:44:2a:8b:42:a0:78:68:15:6b:03:5f:2c:b6:61:1b:
21:d4:43:84:cc:5a:87:14:ab:68:88:81:86:aa:8d:80:bd:27:
71:e5:cf:2c:a5:44:5b:30:3c:c6:46:7b:8d:df:33:54:fe:06:
cf:15:40:2b:22:4e:5c:98:d9:40:7f:22:cc:7d:67:1b:65:e6:
11:67:de:9c:9e:c8:01:b8:4f:8b:5e:56:84:83:ba:48:7a:dc:
ea:fe:d2:ad:0e:f4:13:30:61:ed:1e:74:94:12:36:a7:4a:01:
0a:d4:c3:cc:2d:f0:9c:40:3f:59:f7:44:0c:61:2b:4a:c5:c5:
b1:56:44:18:ba:af:e0:52:bf:6c:b6:45:f2:cb:86:da:fd:08:
d1:19:da:72:f9:29:a4:ce:c3:73:f2:54:73:42:a9:43:11:fd:
f0:47:4f:a5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQl/TFdk8bWYyXZDfvfQKo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWRhMzJiZmNmNzdhOGJhYTljOWRiZjlhODcxNjU0NDIwN2Y4M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8It2nwHO8Ykb+Nowc9qJc57KiqN
hO/bwGcY+jhI2hcR0NhGk4ZAag6FuJrLoP8PE/oaew5dEUnW3ITh1IJk0oXYKsZn
ugrRUlurBKmrwM8wzqg2FgKkz40VunTdaHd9VrvqecdKrtasJzFxMvlwq2hgmPL8
WmAiTjmu7LRC4aba30r19fQ2Byo4SjagXdd4IUl00hW2eaPlXYTF5IBM6z3EWf3H
gBvnBQW1qrZkAGPDBthbFKj09hUzvsXzF5K9ufafC82PUwr4VvMrV2JNi5agGKpI
7fci1QYZS59AKcaQjLmkgya2YHY0AXiZ2ZSuejyG/3Q9YnVnnRM2VHBX4QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNnaMr/Pd6i6qcnb+ahxZUQgf4PkMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvMmRveXY4OTNxTHFweWR2NXFIRmxSQ0JfZy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBQIkkAwQA
QIl5AwQAaO4HAwQAaO8cAwQAaO8sAwQAaO9JAwQAaO9YAwQB2K1oMA0GCSqGSIb3
DQEBCwUAA4IBAQAzYH+/DLiRC0e+YCtyLyhHFpVPMXI5il/haYrhtfl21zTKlKPc
un+hwzLwkIzjn+KWGY6Lq2BKJczP5IxVjZdgkCCH+0y62jDRytd7RptY/5RJh/Ei
CEyS7WIUwJtEKotCoHhoFWsDXyy2YRsh1EOEzFqHFKtoiIGGqo2AvSdx5c8spURb
MDzGRnuN3zNU/gbPFUArIk5cmNlAfyLMfWcbZeYRZ96cnsgBuE+LXlaEg7pIetzq
/tKtDvQTMGHtHnSUEjanSgEK1MPMLfCcQD9Z90QMYStKxcWxVkQYuq/gUr9stkXy
y4ba/QjRGdpy+SmkzsNz8lRzQqlDEf3wR0+l
-----END CERTIFICATE-----
Generated at Tue Apr 8 23:48:43 2025 by rpki-client