Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/9fce78-4f9d-4847-b759-b451e477b9c2/1/PYLR3kfr_0El_Ga2E9JeZcCyCVc.roa
File: PYLR3kfr_0El_Ga2E9JeZcCyCVc.roa (raw, json)
Hash identifier: A0449RCi6B29H8zKA0rMM/NDvKNi2c+elOaTXG6BpHk=
Subject key identifier: 3D:82:D1:DE:47:EB:FF:41:25:FC:66:B6:13:D2:5E:65:C0:B2:09:57
Certificate issuer: /CN=5094a26aba71007621fd599d537bb7aeaade8b33
Certificate serial: 019420684799F82F84675347047D1D658EB3
Authority key identifier: 50:94:A2:6A:BA:71:00:76:21:FD:59:9D:53:7B:B7:AE:AA:DE:8B:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UJSiarpxAHYh_VmdU3u3rqreizM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/9fce78-4f9d-4847-b759-b451e477b9c2/1/PYLR3kfr_0El_Ga2E9JeZcCyCVc.roa
Signing time: Wed 01 Jan 2025 05:48:12 +0000
ROA not before: Wed 01 Jan 2025 05:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 32590
IP address blocks: 146.66.152.0/23 maxlen: 24
146.66.154.0/24 maxlen: 24
146.66.155.0/24 maxlen: 24
146.66.156.0/23 maxlen: 24
146.66.158.0/23 maxlen: 24
155.133.224.0/23 maxlen: 24
155.133.226.0/24 maxlen: 24
155.133.227.0/24 maxlen: 24
155.133.228.0/23 maxlen: 24
155.133.230.0/23 maxlen: 24
155.133.232.0/24 maxlen: 24
155.133.233.0/24 maxlen: 24
155.133.234.0/24 maxlen: 24
155.133.235.0/24 maxlen: 24
155.133.236.0/23 maxlen: 24
155.133.238.0/24 maxlen: 24
155.133.239.0/24 maxlen: 24
155.133.240.0/23 maxlen: 24
155.133.242.0/23 maxlen: 24
155.133.244.0/24 maxlen: 24
155.133.245.0/24 maxlen: 24
155.133.246.0/23 maxlen: 24
155.133.248.0/24 maxlen: 24
155.133.249.0/24 maxlen: 24
155.133.250.0/24 maxlen: 24
155.133.251.0/24 maxlen: 24
155.133.252.0/24 maxlen: 24
155.133.253.0/24 maxlen: 24
155.133.254.0/24 maxlen: 24
155.133.255.0/24 maxlen: 24
185.25.180.0/23 maxlen: 24
185.25.182.0/24 maxlen: 24
185.25.183.0/24 maxlen: 24
2a01:bc80::/48 maxlen: 48
2a01:bc80:1::/48 maxlen: 48
2a01:bc80:2::/48 maxlen: 48
2a01:bc80:3::/48 maxlen: 48
2a01:bc80:4::/48 maxlen: 48
2a01:bc80:5::/48 maxlen: 48
2a01:bc80:6::/48 maxlen: 48
2a01:bc80:7::/48 maxlen: 48
2a01:bc80:8::/48 maxlen: 48
2a01:bc80:9::/48 maxlen: 48
2a01:bc80:a::/48 maxlen: 48
2a01:bc80:b::/48 maxlen: 48
2a01:bc80:c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/9fce78-4f9d-4847-b759-b451e477b9c2/1/UJSiarpxAHYh_VmdU3u3rqreizM.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/9fce78-4f9d-4847-b759-b451e477b9c2/1/UJSiarpxAHYh_VmdU3u3rqreizM.mft
rsync://rpki.ripe.net/repository/DEFAULT/UJSiarpxAHYh_VmdU3u3rqreizM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:47:99:f8:2f:84:67:53:47:04:7d:1d:65:8e:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5094a26aba71007621fd599d537bb7aeaade8b33
Validity
Not Before: Jan 1 05:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3d82d1de47ebff4125fc66b613d25e65c0b20957
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:89:83:7e:3d:d9:59:e6:b1:08:55:e5:19:7d:
9a:ea:3c:58:ae:0b:bc:a6:b5:9e:b4:7f:29:2c:d1:
e5:48:89:60:4f:1c:6f:23:f1:5d:9d:b9:ac:49:9a:
71:1d:38:04:0e:3a:00:54:0a:81:62:9a:48:52:39:
0a:e7:46:ce:b8:17:77:9a:39:65:40:b2:9a:e5:10:
e9:8c:e6:4b:86:36:73:3d:1f:da:82:10:30:56:74:
a5:20:a8:7f:2b:1b:84:c1:bf:30:4d:7a:c7:13:17:
f1:97:75:bb:fc:20:3d:9c:c3:ab:fc:93:ac:1c:e4:
37:d7:65:d7:7c:a9:db:42:ff:9b:9b:e6:22:5f:4d:
10:ba:eb:e1:4b:55:8e:ff:b8:bf:14:c6:06:ce:b2:
05:d0:1f:f7:1f:ff:02:73:1c:4b:42:bc:6f:8d:8c:
49:3d:4d:58:39:6f:81:a8:ec:0c:19:9b:b4:82:84:
93:27:ea:74:2e:01:a3:0c:73:53:67:ca:9e:06:5f:
14:9d:d9:ee:1c:3c:0e:eb:31:90:27:0b:6b:bf:31:
fd:7f:d4:1d:fe:bc:17:73:86:86:ae:b5:3b:31:56:
e4:23:27:62:4d:4a:a8:be:02:6b:ed:0b:a5:e9:17:
3a:72:4a:0d:4e:53:50:c0:20:2b:a9:12:24:5c:df:
f8:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:82:D1:DE:47:EB:FF:41:25:FC:66:B6:13:D2:5E:65:C0:B2:09:57
X509v3 Authority Key Identifier:
keyid:50:94:A2:6A:BA:71:00:76:21:FD:59:9D:53:7B:B7:AE:AA:DE:8B:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJSiarpxAHYh_VmdU3u3rqreizM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fce78-4f9d-4847-b759-b451e477b9c2/1/PYLR3kfr_0El_Ga2E9JeZcCyCVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fce78-4f9d-4847-b759-b451e477b9c2/1/UJSiarpxAHYh_VmdU3u3rqreizM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.66.152.0/21
155.133.224.0/19
185.25.180.0/22
IPv6:
2a01:bc80::-2a01:bc80:c:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6d:4a:f5:29:a8:bb:1f:ea:0e:40:03:f9:e6:ee:94:5d:16:02:
80:80:87:98:08:f7:18:94:09:ee:0a:3d:32:ce:0c:b1:66:69:
5e:3f:35:d0:75:ba:9e:00:03:0c:16:2e:f0:a6:d6:d0:67:5b:
0d:5f:1d:28:2a:e7:6a:d9:f5:17:36:6c:a2:3a:df:c5:3d:63:
73:06:67:f1:b6:1b:25:b5:d9:8d:97:9d:2e:30:e6:0d:01:60:
1e:86:93:d2:12:c8:82:c7:22:8c:14:4f:8a:e6:e0:c2:fe:b8:
a4:ba:0c:94:77:81:ea:3e:b4:a1:25:7c:12:73:3b:a3:6d:19:
cc:02:f9:f0:e2:c8:1f:64:f6:93:9a:e2:99:54:59:43:3f:e7:
f6:d0:f7:37:1f:d7:d0:c5:2a:1e:fe:0a:bf:57:c6:64:6c:14:
d3:be:98:70:41:a7:8e:fd:47:de:13:77:8f:3c:45:df:47:4c:
f4:47:90:e2:b2:36:98:f3:51:99:f3:47:2e:42:b1:6d:c1:0c:
9a:a4:0d:05:00:33:75:56:32:62:5e:f0:94:54:00:1e:09:9c:
36:df:ef:b7:f3:34:c8:f1:5c:21:d9:30:80:d1:99:f2:1d:0c:
28:c4:32:df:87:32:71:32:bf:77:55:d5:06:5b:2f:78:80:de:
30:19:54:2a
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZQgaEeZ+C+EZ1NHBH0dZY6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTRhMjZhYmE3MTAwNzYyMWZkNTk5ZDUzN2JiN2FlYWFk
ZThiMzMwHhcNMjUwMTAxMDU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDgyZDFkZTQ3ZWJmZjQxMjVmYzY2YjYxM2QyNWU2NWMwYjIwOTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlImDfj3ZWeaxCFXlGX2a6jxYrgu8
prWetH8pLNHlSIlgTxxvI/FdnbmsSZpxHTgEDjoAVAqBYppIUjkK50bOuBd3mjll
QLKa5RDpjOZLhjZzPR/aghAwVnSlIKh/KxuEwb8wTXrHExfxl3W7/CA9nMOr/JOs
HOQ312XXfKnbQv+bm+YiX00QuuvhS1WO/7i/FMYGzrIF0B/3H/8CcxxLQrxvjYxJ
PU1YOW+BqOwMGZu0goSTJ+p0LgGjDHNTZ8qeBl8UndnuHDwO6zGQJwtrvzH9f9Qd
/rwXc4aGrrU7MVbkIydiTUqovgJr7Qul6Rc6ckoNTlNQwCArqRIkXN/4bQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFD2C0d5H6/9BJfxmthPSXmXAsglXMB8GA1UdIwQY
MBaAFFCUomq6cQB2If1ZnVN7t66q3oszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpTaWFycHhBSFloX1ZtZFUzdTNycXJlaXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85ZmNlNzgtNGY5ZC00ODQ3LWI3NTkt
YjQ1MWU0NzdiOWMyLzEvUFlMUjNrZnJfMEVsX0dhMkU5SmVaY0N5Q1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85ZmNlNzgtNGY5ZC00ODQ3LWI3NTktYjQ1MWU0NzdiOWMy
LzEvVUpTaWFycHhBSFloX1ZtZFUzdTNycXJlaXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQDkkKYAwQF
m4XgAwQCuRm0MBgEAgACMBIwEAMFByoBvIADBwAqAbyAAAwwDQYJKoZIhvcNAQEL
BQADggEBAG1K9Smoux/qDkAD+ebulF0WAoCAh5gI9xiUCe4KPTLODLFmaV4/NdB1
up4AAwwWLvCm1tBnWw1fHSgq52rZ9Rc2bKI638U9Y3MGZ/G2GyW12Y2XnS4w5g0B
YB6Gk9ISyILHIowUT4rm4ML+uKS6DJR3geo+tKElfBJzO6NtGcwC+fDiyB9k9pOa
4plUWUM/5/bQ9zcf19DFKh7+Cr9XxmRsFNO+mHBBp479R94Td488Rd9HTPRHkOKy
NpjzUZnzRy5CsW3BDJqkDQUAM3VWMmJe8JRUAB4JnDbf77fzNMjxXCHZMIDRmfId
DCjEMt+HMnEyv3dV1QZbL3iA3jAZVCo=
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:09:47 2025 by rpki-client