Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/8uAFQVQJdEN51kNW54N9PzpoyUw.roa
File: 8uAFQVQJdEN51kNW54N9PzpoyUw.roa (raw, json)
Hash identifier: u9aKY6l7dMJT7Cr/J2HE5kyJ2+NCL9R+nGuisjTHF7c=
Subject key identifier: F2:E0:05:41:54:09:74:43:79:D6:43:56:E7:83:7D:3F:3A:68:C9:4C
Certificate issuer: /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial: 0195B2FA19A24D431CDF517A8BB32D418973
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/8uAFQVQJdEN51kNW54N9PzpoyUw.roa
Signing time: Thu 20 Mar 2025 09:54:49 +0000
ROA not before: Thu 20 Mar 2025 09:54:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47626
IP address blocks: 5.180.240.0/22 maxlen: 24
78.24.100.0/22 maxlen: 22
91.208.35.0/24 maxlen: 24
91.222.120.0/22 maxlen: 24
128.0.92.0/24 maxlen: 24
128.0.94.0/24 maxlen: 24
176.96.189.0/24 maxlen: 24
188.93.64.0/22 maxlen: 22
193.7.216.0/22 maxlen: 24
213.241.199.0/24 maxlen: 24
2a05:9c00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 21:57:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b2:fa:19:a2:4d:43:1c:df:51:7a:8b:b3:2d:41:89:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
Validity
Not Before: Mar 20 09:54:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f2e005415409744379d64356e7837d3f3a68c94c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:0b:80:f0:e7:eb:ac:f6:8d:c1:29:86:c5:d4:
e2:0e:9f:ad:98:4d:0d:0d:6d:82:99:25:c2:7c:b0:
f6:36:da:66:c0:98:e0:69:89:e1:4b:ed:80:11:c5:
fc:f3:8b:7c:82:ec:01:b9:04:a8:18:b5:08:35:e4:
3b:f6:69:9b:33:30:5c:4b:02:f1:be:1f:7c:54:9b:
9b:30:f2:16:f3:da:66:2b:1e:95:06:37:bd:43:e0:
70:ad:8a:59:0f:83:54:61:66:11:82:ce:5f:bd:ce:
a7:c0:f3:66:06:3e:dd:70:01:b8:23:83:2a:eb:98:
5e:1e:67:13:44:f5:05:e2:fe:fa:0f:67:8c:e7:1a:
44:06:3b:1e:d7:05:01:0f:56:f3:0f:a5:78:bf:6a:
59:06:78:fb:7a:f8:d1:d5:ca:c8:61:60:d0:54:d7:
c9:64:09:4d:a5:ad:21:d0:34:37:e9:e4:53:95:42:
09:18:09:27:0c:90:72:b0:fb:6b:ab:c2:fc:1f:e4:
bb:cf:be:d9:e0:d2:17:1e:c9:fa:9f:fc:bb:a5:e0:
d5:7c:3d:b5:eb:44:91:37:6d:65:5b:e2:49:da:67:
36:7c:5c:8f:37:dd:42:20:dc:8f:c4:87:de:c1:3f:
c8:88:af:7c:fd:f3:1a:1c:2c:cd:f7:09:10:c9:0b:
a3:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:E0:05:41:54:09:74:43:79:D6:43:56:E7:83:7D:3F:3A:68:C9:4C
X509v3 Authority Key Identifier:
keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/8uAFQVQJdEN51kNW54N9PzpoyUw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.240.0/22
78.24.100.0/22
91.208.35.0/24
91.222.120.0/22
128.0.92.0/24
128.0.94.0/24
176.96.189.0/24
188.93.64.0/22
193.7.216.0/22
213.241.199.0/24
IPv6:
2a05:9c00::/29
Signature Algorithm: sha256WithRSAEncryption
6c:80:45:59:68:22:7d:39:99:81:bd:4c:6c:fc:fc:a2:b2:ea:
38:81:46:4c:b8:27:61:f2:8d:4a:36:96:47:e9:f2:c3:c5:74:
56:7a:a8:2f:72:c9:cd:e8:e7:d1:df:0f:75:56:7b:c9:cc:70:
97:ce:f4:78:e4:20:55:c1:b0:8e:ed:c7:48:10:cd:c7:3e:27:
d1:ff:6f:4a:a8:52:1c:fc:fc:7e:42:3a:9d:94:df:5d:5c:6e:
f3:f9:ab:0a:20:08:45:df:82:ca:14:1b:a2:50:9a:62:26:fd:
76:97:2c:0d:e3:09:c2:02:94:d8:d8:14:f4:05:e1:c2:42:76:
86:5e:99:a9:8a:ea:6e:4b:39:72:aa:15:69:87:f2:d7:9a:f7:
d1:37:6b:92:17:0c:03:8f:0f:cf:30:17:3a:65:88:57:ea:e7:
37:54:28:b6:91:c6:6c:18:4e:ca:7f:b9:73:cf:4c:76:01:c4:
1c:95:62:40:4f:33:ae:f3:73:ec:c5:91:72:37:98:33:9d:ab:
b4:d0:7a:0c:2e:ae:2a:3b:88:94:e3:f7:ba:a5:d3:3a:35:c8:
95:64:74:81:b1:d5:72:a8:b8:7a:89:ed:83:85:2c:11:85:38:
68:44:ab:01:71:e2:80:3e:a2:bc:f6:c1:89:c8:04:c2:18:84:
f3:cc:e0:ff
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZWy+hmiTUMc31F6i7MtQYlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjUwMzIwMDk1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmUwMDU0MTU0MDk3NDQzNzlkNjQzNTZlNzgzN2QzZjNhNjhjOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwuA8OfrrPaNwSmGxdTiDp+tmE0N
DW2CmSXCfLD2NtpmwJjgaYnhS+2AEcX884t8guwBuQSoGLUINeQ79mmbMzBcSwLx
vh98VJubMPIW89pmKx6VBje9Q+BwrYpZD4NUYWYRgs5fvc6nwPNmBj7dcAG4I4Mq
65heHmcTRPUF4v76D2eM5xpEBjse1wUBD1bzD6V4v2pZBnj7evjR1crIYWDQVNfJ
ZAlNpa0h0DQ36eRTlUIJGAknDJBysPtrq8L8H+S7z77Z4NIXHsn6n/y7peDVfD21
60SRN21lW+JJ2mc2fFyPN91CINyPxIfewT/IiK98/fMaHCzN9wkQyQujyQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFPLgBUFUCXRDedZDVueDfT86aMlMMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvOHVBRlFWUUpkRU41MWtOVzU0TjlQenBveVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCBbTwAwQC
ThhkAwQAW9AjAwQCW954AwQAgABcAwQAgABeAwQAsGC9AwQCvF1AAwQCwQfYAwQA
1fHHMA0EAgACMAcDBQMqBZwAMA0GCSqGSIb3DQEBCwUAA4IBAQBsgEVZaCJ9OZmB
vUxs/Pyisuo4gUZMuCdh8o1KNpZH6fLDxXRWeqgvcsnN6OfR3w91VnvJzHCXzvR4
5CBVwbCO7cdIEM3HPifR/29KqFIc/Px+QjqdlN9dXG7z+asKIAhF34LKFBuiUJpi
Jv12lywN4wnCApTY2BT0BeHCQnaGXpmpiupuSzlyqhVph/LXmvfRN2uSFwwDjw/P
MBc6ZYhX6uc3VCi2kcZsGE7Kf7lzz0x2AcQclWJATzOu83PsxZFyN5gznau00HoM
Lq4qO4iU4/e6pdM6NciVZHSBsdVyqLh6ie2DhSwRhThoRKsBceKAPqK89sGJyATC
GITzzOD/
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:45:43 2025 by rpki-client