Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/tC1yV2tBIFtyur1CynjIgKWGcBM.roa
File: tC1yV2tBIFtyur1CynjIgKWGcBM.roa (raw, json)
Hash identifier: 1+DYEAvIp/jbF3nPZX2n/Pi9ZPPyvPQVRKTGpXSrouQ=
Subject key identifier: B4:2D:72:57:6B:41:20:5B:72:BA:BD:42:CA:78:C8:80:A5:86:70:13
Certificate issuer: /CN=dac79d2855b897418208d47ba6e51460015b5d7b
Certificate serial: 0196DEA2748BCF664218CC365732CA79F714
Authority key identifier: DA:C7:9D:28:55:B8:97:41:82:08:D4:7B:A6:E5:14:60:01:5B:5D:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2sedKFW4l0GCCNR7puUUYAFbXXs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/tC1yV2tBIFtyur1CynjIgKWGcBM.roa
Signing time: Sat 17 May 2025 14:25:10 +0000
ROA not before: Sat 17 May 2025 14:25:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 185.154.216.0/22 maxlen: 24
185.154.216.0/24 maxlen: 24
185.154.217.0/24 maxlen: 24
185.154.218.0/24 maxlen: 24
185.154.219.0/24 maxlen: 24
213.184.80.0/22 maxlen: 24
213.184.80.0/24 maxlen: 24
213.184.81.0/24 maxlen: 24
213.184.82.0/24 maxlen: 24
213.184.83.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/2sedKFW4l0GCCNR7puUUYAFbXXs.crl
rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/2sedKFW4l0GCCNR7puUUYAFbXXs.mft
rsync://rpki.ripe.net/repository/DEFAULT/2sedKFW4l0GCCNR7puUUYAFbXXs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 04 Jun 2025 02:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:de:a2:74:8b:cf:66:42:18:cc:36:57:32:ca:79:f7:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dac79d2855b897418208d47ba6e51460015b5d7b
Validity
Not Before: May 17 14:25:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b42d72576b41205b72babd42ca78c880a5867013
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e9:11:eb:27:96:50:2d:36:1d:e4:c5:68:80:
cd:3e:4c:28:7f:a9:d1:9a:15:5f:d4:14:45:39:16:
38:b7:6e:67:eb:9e:ab:17:9f:0c:e3:5d:41:a3:c3:
61:69:94:92:7d:08:8f:61:19:e7:6b:3f:68:c3:1b:
45:5f:bc:1f:b4:f4:56:3d:d9:a0:78:8f:02:0d:7a:
53:ed:db:5d:af:fd:f2:52:94:93:c9:31:1c:0f:ae:
d4:2a:09:70:96:01:da:5e:be:30:cd:70:f8:71:b3:
2b:9d:c2:66:28:18:27:79:59:52:27:db:88:e6:be:
53:32:76:c3:44:fb:67:b7:2c:e4:db:4e:4f:1f:0f:
12:73:f8:4e:95:a9:93:f5:58:63:98:c1:f3:6e:95:
ae:d6:fc:55:72:b0:a1:fa:29:3a:72:a7:9d:73:4b:
0b:4a:e3:f4:59:b2:63:45:1a:41:2e:06:7a:4f:0e:
8a:51:f0:c3:62:c7:3e:89:f7:8e:3b:00:cf:88:a4:
52:ca:5f:fe:a0:ce:fd:db:8d:82:fd:56:0f:e6:3c:
e8:de:70:b9:24:cb:5b:1e:79:a1:47:da:74:68:e8:
05:c3:5d:bc:b4:72:1e:f6:cc:d2:e7:19:b7:c9:74:
7d:f1:c5:03:64:10:80:78:09:20:6a:7d:b5:82:2e:
8c:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:2D:72:57:6B:41:20:5B:72:BA:BD:42:CA:78:C8:80:A5:86:70:13
X509v3 Authority Key Identifier:
keyid:DA:C7:9D:28:55:B8:97:41:82:08:D4:7B:A6:E5:14:60:01:5B:5D:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sedKFW4l0GCCNR7puUUYAFbXXs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/tC1yV2tBIFtyur1CynjIgKWGcBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/5b1149-647d-4067-9807-445d4588c312/1/2sedKFW4l0GCCNR7puUUYAFbXXs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.154.216.0/22
213.184.80.0/22
Signature Algorithm: sha256WithRSAEncryption
48:64:5a:a6:73:f0:8e:79:d2:89:59:9c:43:44:d7:9f:ab:74:
40:8c:7a:d7:42:a6:85:f8:a1:4c:bc:f2:f4:0d:9e:32:7c:f2:
d6:04:55:3f:5b:bb:77:40:6c:d8:9d:01:ec:79:9a:06:bf:bc:
c4:50:a0:23:1f:51:0e:7c:90:1b:c9:98:64:65:43:47:66:05:
52:85:72:65:21:f1:0e:44:c3:43:48:9b:73:23:60:64:cd:a2:
b3:b3:e2:5f:4c:63:8c:99:ef:4a:62:67:f8:e9:0c:ab:0d:f8:
15:c7:1b:65:ae:ac:b1:b0:55:72:07:a6:fd:78:92:3f:11:67:
cb:3f:05:75:99:60:3d:17:72:5a:91:df:c2:99:c5:bc:d4:54:
be:ed:54:4e:1a:ea:8f:85:1c:c2:b6:61:8d:06:a5:1e:e2:c2:
4a:e3:71:17:7c:18:99:ea:7e:b5:76:cb:bb:e0:6c:60:5a:a6:
ac:53:8b:66:15:1e:d8:ac:d1:a4:f7:fe:fa:8f:8b:28:fa:02:
69:54:79:63:30:37:39:09:ab:b1:49:b5:e6:b4:ab:13:7a:ca:
b0:7c:21:5b:0c:18:25:8e:ff:11:d2:c8:46:d3:9a:c1:b3:5d:
ac:4b:aa:57:c4:fa:42:fc:bf:50:c5:ea:67:a7:15:40:33:aa:
8e:32:ec:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbeonSLz2ZCGMw2VzLKefcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzc5ZDI4NTViODk3NDE4MjA4ZDQ3YmE2ZTUxNDYwMDE1
YjVkN2IwHhcNMjUwNTE3MTQyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDJkNzI1NzZiNDEyMDViNzJiYWJkNDJjYTc4Yzg4MGE1ODY3MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvekR6yeWUC02HeTFaIDNPkwof6nR
mhVf1BRFORY4t25n656rF58M411Bo8NhaZSSfQiPYRnnaz9owxtFX7wftPRWPdmg
eI8CDXpT7dtdr/3yUpSTyTEcD67UKglwlgHaXr4wzXD4cbMrncJmKBgneVlSJ9uI
5r5TMnbDRPtntyzk205PHw8Sc/hOlamT9VhjmMHzbpWu1vxVcrCh+ik6cqedc0sL
SuP0WbJjRRpBLgZ6Tw6KUfDDYsc+ifeOOwDPiKRSyl/+oM79242C/VYP5jzo3nC5
JMtbHnmhR9p0aOgFw128tHIe9szS5xm3yXR98cUDZBCAeAkgan21gi6MUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLQtcldrQSBbcrq9Qsp4yIClhnATMB8GA1UdIwQY
MBaAFNrHnShVuJdBggjUe6blFGABW117MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNlZEtGVzRsMEdDQ05SN3B1VVVZQUZiWFhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny81YjExNDktNjQ3ZC00MDY3LTk4MDct
NDQ1ZDQ1ODhjMzEyLzEvdEMxeVYydEJJRnR5dXIxQ3luaklnS1dHY0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny81YjExNDktNjQ3ZC00MDY3LTk4MDctNDQ1ZDQ1ODhjMzEy
LzEvMnNlZEtGVzRsMEdDQ05SN3B1VVVZQUZiWFhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZrYAwQC
1bhQMA0GCSqGSIb3DQEBCwUAA4IBAQBIZFqmc/COedKJWZxDRNefq3RAjHrXQqaF
+KFMvPL0DZ4yfPLWBFU/W7t3QGzYnQHseZoGv7zEUKAjH1EOfJAbyZhkZUNHZgVS
hXJlIfEORMNDSJtzI2BkzaKzs+JfTGOMme9KYmf46QyrDfgVxxtlrqyxsFVyB6b9
eJI/EWfLPwV1mWA9F3Jakd/CmcW81FS+7VROGuqPhRzCtmGNBqUe4sJK43EXfBiZ
6n61dsu74GxgWqasU4tmFR7YrNGk9/76j4so+gJpVHljMDc5CauxSbXmtKsTesqw
fCFbDBgljv8R0shG05rBs12sS6pXxPpC/L9QxepnpxVAM6qOMuy7
-----END CERTIFICATE-----
Generated at Tue Jun 3 11:08:23 2025 by rpki-client