Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/Y2TFuYLjHOh19Nsn9IXR0BXi0GA.roa
File: Y2TFuYLjHOh19Nsn9IXR0BXi0GA.roa (raw, json)
Hash identifier: EGQLXveu0rNxAJdauUxs2BGnjI8o9tZmq21wSdM7BEk=
Subject key identifier: 63:64:C5:B9:82:E3:1C:E8:75:F4:DB:27:F4:85:D1:D0:15:E2:D0:60
Certificate issuer: /CN=855c5d0fe25935ac91ab5aada6452600e58d25a5
Certificate serial: 01942669E6914627A5CF918342107DADA2A4
Authority key identifier: 85:5C:5D:0F:E2:59:35:AC:91:AB:5A:AD:A6:45:26:00:E5:8D:25:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hVxdD-JZNayRq1qtpkUmAOWNJaU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/Y2TFuYLjHOh19Nsn9IXR0BXi0GA.roa
Signing time: Thu 02 Jan 2025 09:47:41 +0000
ROA not before: Thu 02 Jan 2025 09:47:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208332
IP address blocks: 185.135.240.0/22 maxlen: 22
185.135.240.0/24 maxlen: 24
185.135.241.0/24 maxlen: 24
185.135.242.0/24 maxlen: 24
185.135.243.0/24 maxlen: 24
2a06:f700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/hVxdD-JZNayRq1qtpkUmAOWNJaU.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/hVxdD-JZNayRq1qtpkUmAOWNJaU.mft
rsync://rpki.ripe.net/repository/DEFAULT/hVxdD-JZNayRq1qtpkUmAOWNJaU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 06:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:69:e6:91:46:27:a5:cf:91:83:42:10:7d:ad:a2:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=855c5d0fe25935ac91ab5aada6452600e58d25a5
Validity
Not Before: Jan 2 09:47:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6364c5b982e31ce875f4db27f485d1d015e2d060
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:54:92:1b:9f:bb:cf:1e:a1:3c:9d:c6:b0:f7:
8f:89:dd:6c:bb:43:0c:a8:12:b0:c8:5f:32:31:bc:
e7:6f:57:7c:bf:cf:2d:28:95:fc:09:d1:bc:5b:78:
e4:7c:24:7e:7d:5f:0d:61:ea:53:73:a0:cb:87:4e:
97:df:82:f6:a2:4a:e6:2e:c1:2d:57:13:c2:84:43:
88:fe:fe:df:1f:b6:83:93:dd:7e:05:9b:84:09:fc:
e9:1e:e8:a7:47:0b:d2:36:b8:ea:36:d5:2b:1a:2e:
db:81:2f:63:64:9f:75:76:04:d4:52:a8:49:a7:0b:
4e:22:2e:5e:03:0f:4a:fc:e2:a0:dc:2b:42:c5:06:
35:01:4d:19:74:8c:5b:16:7f:2e:9b:3a:37:43:c5:
bc:ce:d5:bb:9f:16:78:f4:be:8c:39:27:5f:5f:37:
2a:88:c3:59:55:d8:d3:d1:e6:df:bb:ab:a9:50:e1:
5f:c4:2d:e9:30:ae:d4:7f:2c:04:e0:b7:eb:23:de:
43:53:bf:d3:7c:35:8f:49:df:fe:eb:03:b4:c1:a2:
d3:ee:02:ab:d4:f3:a6:d8:2e:47:5b:ad:e7:2c:b7:
e0:c6:44:21:7d:03:7e:93:3d:56:10:a2:8c:b6:fb:
ba:61:ec:5f:cc:a8:32:f5:ea:34:14:8d:ad:70:48:
23:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:64:C5:B9:82:E3:1C:E8:75:F4:DB:27:F4:85:D1:D0:15:E2:D0:60
X509v3 Authority Key Identifier:
keyid:85:5C:5D:0F:E2:59:35:AC:91:AB:5A:AD:A6:45:26:00:E5:8D:25:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVxdD-JZNayRq1qtpkUmAOWNJaU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/Y2TFuYLjHOh19Nsn9IXR0BXi0GA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a2b051-3a23-4835-b30d-2af4791d96eb/1/hVxdD-JZNayRq1qtpkUmAOWNJaU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.240.0/22
IPv6:
2a06:f700::/29
Signature Algorithm: sha256WithRSAEncryption
10:d7:a1:fe:7c:47:da:c0:58:16:17:38:e5:f1:67:19:59:28:
a6:6a:57:5d:60:b0:99:ff:4b:38:7c:ed:31:47:c9:5a:7e:cc:
d7:7b:c7:c0:9f:23:6b:ba:f1:9a:41:0d:ca:d0:23:2d:b7:d2:
f2:2b:6d:54:cb:ac:fc:fd:85:98:11:f1:01:5f:17:3e:e7:f8:
32:6f:ef:ec:c7:f5:f0:d0:d2:8b:94:a9:b8:0b:94:b4:42:10:
42:51:9b:f1:30:1f:d5:63:52:67:38:db:b0:a5:e4:e4:a2:f6:
fa:23:35:f6:c8:3a:c2:75:c6:d4:1c:20:8a:c8:df:95:32:05:
67:f4:8a:1e:c1:dc:cc:d7:0d:bb:85:54:ea:29:49:1b:9c:a1:
ec:d8:06:50:db:5e:56:3d:fa:61:a0:b7:bc:14:c0:77:78:95:
a8:a1:24:f6:4b:3d:35:a0:5b:12:0f:b5:24:ba:aa:11:69:ef:
32:7e:13:36:6b:2c:90:12:1d:d6:26:ee:c3:e1:89:78:68:d7:
fe:a2:1e:05:3a:87:ee:47:8e:3f:f1:c5:e3:96:ba:d5:08:12:
5a:91:c3:96:07:24:fc:5d:e2:fd:e7:ce:07:c5:dd:ff:a1:df:
bf:fd:a2:d6:60:3f:61:b1:f6:c2:a4:cc:5d:fb:36:b8:fd:4e:
18:27:bc:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmaeaRRielz5GDQhB9raKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWM1ZDBmZTI1OTM1YWM5MWFiNWFhZGE2NDUyNjAwZTU4
ZDI1YTUwHhcNMjUwMTAyMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzY0YzViOTgyZTMxY2U4NzVmNGRiMjdmNDg1ZDFkMDE1ZTJkMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklSSG5+7zx6hPJ3GsPePid1su0MM
qBKwyF8yMbznb1d8v88tKJX8CdG8W3jkfCR+fV8NYepTc6DLh06X34L2okrmLsEt
VxPChEOI/v7fH7aDk91+BZuECfzpHuinRwvSNrjqNtUrGi7bgS9jZJ91dgTUUqhJ
pwtOIi5eAw9K/OKg3CtCxQY1AU0ZdIxbFn8umzo3Q8W8ztW7nxZ49L6MOSdfXzcq
iMNZVdjT0ebfu6upUOFfxC3pMK7UfywE4LfrI95DU7/TfDWPSd/+6wO0waLT7gKr
1POm2C5HW63nLLfgxkQhfQN+kz1WEKKMtvu6YexfzKgy9eo0FI2tcEgjSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGNkxbmC4xzodfTbJ/SF0dAV4tBgMB8GA1UdIwQY
MBaAFIVcXQ/iWTWskataraZFJgDljSWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ4ZEQtSlpOYXlScTFxdHBrVW1BT1dOSmFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMmIwNTEtM2EyMy00ODM1LWIzMGQt
MmFmNDc5MWQ5NmViLzEvWTJURnVZTGpIT2gxOU5zbjlJWFIwQlhpMEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMmIwNTEtM2EyMy00ODM1LWIzMGQtMmFmNDc5MWQ5NmVi
LzEvaFZ4ZEQtSlpOYXlScTFxdHBrVW1BT1dOSmFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYfwMA0E
AgACMAcDBQMqBvcAMA0GCSqGSIb3DQEBCwUAA4IBAQAQ16H+fEfawFgWFzjl8WcZ
WSimalddYLCZ/0s4fO0xR8lafszXe8fAnyNruvGaQQ3K0CMtt9LyK21Uy6z8/YWY
EfEBXxc+5/gyb+/sx/Xw0NKLlKm4C5S0QhBCUZvxMB/VY1JnONuwpeTkovb6IzX2
yDrCdcbUHCCKyN+VMgVn9IoewdzM1w27hVTqKUkbnKHs2AZQ215WPfphoLe8FMB3
eJWooST2Sz01oFsSD7UkuqoRae8yfhM2ayyQEh3WJu7D4Yl4aNf+oh4FOofuR44/
8cXjlrrVCBJakcOWByT8XeL9584Hxd3/od+//aLWYD9hsfbCpMxd+za4/U4YJ7wF
-----END CERTIFICATE-----
Generated at Fri Feb 21 13:05:14 2025 by rpki-client