Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dea978-5dae-4c8d-9b2c-d8eff5d6a63b/1/cznyJUVo486opCfwPRwYW5a-bCI.roa
File: cznyJUVo486opCfwPRwYW5a-bCI.roa (raw, json)
Hash identifier: yeo9giLM4O/29X7azlP3H7yqqKlzXfDMEa/1/AZBMhk=
Subject key identifier: 73:39:F2:25:45:68:E3:CE:A8:A4:27:F0:3D:1C:18:5B:96:BE:6C:22
Certificate issuer: /CN=20b0da202d2c34a473a6d76af093e8de0311b95b
Certificate serial: 01941FFA54798EA5A1A1EE505D3B252B2FAF
Authority key identifier: 20:B0:DA:20:2D:2C:34:A4:73:A6:D7:6A:F0:93:E8:DE:03:11:B9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ILDaIC0sNKRzptdq8JPo3gMRuVs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/dea978-5dae-4c8d-9b2c-d8eff5d6a63b/1/cznyJUVo486opCfwPRwYW5a-bCI.roa
Signing time: Wed 01 Jan 2025 03:48:06 +0000
ROA not before: Wed 01 Jan 2025 03:48:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14717
IP address blocks: 5.133.72.0/22 maxlen: 24
91.199.136.0/24 maxlen: 24
94.125.192.0/21 maxlen: 24
2a02:2ba8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6f/dea978-5dae-4c8d-9b2c-d8eff5d6a63b/1/ILDaIC0sNKRzptdq8JPo3gMRuVs.crl
rsync://rpki.ripe.net/repository/DEFAULT/6f/dea978-5dae-4c8d-9b2c-d8eff5d6a63b/1/ILDaIC0sNKRzptdq8JPo3gMRuVs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ILDaIC0sNKRzptdq8JPo3gMRuVs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 06:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:54:79:8e:a5:a1:a1:ee:50:5d:3b:25:2b:2f:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20b0da202d2c34a473a6d76af093e8de0311b95b
Validity
Not Before: Jan 1 03:48:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7339f2254568e3cea8a427f03d1c185b96be6c22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:e4:1e:5e:5c:e7:66:5f:54:13:2f:8e:7a:39:
60:03:2d:1e:5c:a3:95:04:55:f3:81:d1:43:f1:72:
16:18:07:6f:a6:ad:5a:ce:c0:2f:c3:35:c1:5a:b9:
5e:36:c3:74:d2:c8:a1:1d:02:c0:f8:1e:73:e6:12:
c4:de:0f:29:52:33:a9:a8:b8:d8:0f:d4:4b:a1:ee:
45:70:f1:15:12:9c:34:1c:92:f6:4d:53:c2:15:b1:
98:1d:b4:e8:ce:f4:e3:c3:59:31:2f:dd:0f:5b:cd:
24:fb:07:f1:2b:b6:f1:99:0f:47:a7:0d:eb:63:32:
3f:90:86:8c:ad:a5:f2:4c:1a:33:c6:fb:04:b8:a0:
db:12:64:14:b0:89:4b:0e:0c:e0:dd:fe:d8:a6:3f:
04:9a:45:5c:0b:28:95:f0:e1:5a:2f:18:b3:11:4b:
12:83:00:54:8e:ab:cb:8b:97:63:91:a6:3e:7c:e9:
64:9c:c1:9e:34:46:61:c5:1d:d9:b2:e8:16:6b:5f:
b1:28:ac:61:33:3d:d0:91:8a:cd:1d:88:92:97:f1:
a3:71:c7:94:60:14:8b:23:79:02:01:b8:61:61:32:
3f:c9:04:e9:9a:6d:f9:4e:3a:f1:a6:c1:11:e9:64:
bf:9a:3b:e4:d2:71:0e:5a:44:bf:f7:16:42:d0:32:
80:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:39:F2:25:45:68:E3:CE:A8:A4:27:F0:3D:1C:18:5B:96:BE:6C:22
X509v3 Authority Key Identifier:
keyid:20:B0:DA:20:2D:2C:34:A4:73:A6:D7:6A:F0:93:E8:DE:03:11:B9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILDaIC0sNKRzptdq8JPo3gMRuVs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dea978-5dae-4c8d-9b2c-d8eff5d6a63b/1/cznyJUVo486opCfwPRwYW5a-bCI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dea978-5dae-4c8d-9b2c-d8eff5d6a63b/1/ILDaIC0sNKRzptdq8JPo3gMRuVs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.72.0/22
91.199.136.0/24
94.125.192.0/21
IPv6:
2a02:2ba8::/32
Signature Algorithm: sha256WithRSAEncryption
41:2a:0c:4d:01:a3:8a:8b:f7:a0:0e:33:e2:bd:64:62:e2:81:
eb:43:8d:35:87:53:a7:72:39:cd:2e:2b:a2:e5:75:db:08:60:
8a:96:f9:ba:4a:0a:e3:0f:f0:6e:d2:c0:ef:66:fe:74:b7:98:
60:2f:b6:51:f3:ed:1f:f5:c4:e8:82:9d:9b:29:19:fe:ec:c4:
ac:cd:e8:62:6c:8d:63:55:43:9c:54:28:49:a2:f6:74:52:0b:
a9:05:04:93:ad:66:be:3c:66:da:5e:2a:bd:79:8c:aa:e2:76:
4e:b8:68:d7:3f:78:db:11:b2:1f:a1:a6:58:47:1b:a4:46:e7:
67:13:24:9f:c3:87:24:bc:d6:a5:40:47:49:a1:12:8a:bd:76:
12:d8:e5:76:e6:42:e1:6f:dc:bc:9e:42:fd:6f:31:a5:d2:96:
b5:56:da:47:44:b2:41:e7:0f:64:34:f9:28:6d:ab:43:36:d6:
50:25:1d:e4:f6:37:a5:7a:68:d2:e1:fa:ff:f8:24:5f:8f:ff:
d8:dc:ec:03:0c:fa:78:13:51:19:f9:3c:82:7d:91:59:15:01:
be:fd:3c:4b:c0:e4:3b:fc:4e:67:cf:ef:d9:4e:99:3b:20:54:
23:3c:a3:12:fb:a0:68:90:de:d8:c5:5b:d5:04:4f:d8:e3:b2:
8c:d0:8e:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQf+lR5jqWhoe5QXTslKy+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjBkYTIwMmQyYzM0YTQ3M2E2ZDc2YWYwOTNlOGRlMDMx
MWI5NWIwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM5ZjIyNTQ1NjhlM2NlYThhNDI3ZjAzZDFjMTg1Yjk2YmU2YzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+QeXlznZl9UEy+OejlgAy0eXKOV
BFXzgdFD8XIWGAdvpq1azsAvwzXBWrleNsN00sihHQLA+B5z5hLE3g8pUjOpqLjY
D9RLoe5FcPEVEpw0HJL2TVPCFbGYHbTozvTjw1kxL90PW80k+wfxK7bxmQ9Hpw3r
YzI/kIaMraXyTBozxvsEuKDbEmQUsIlLDgzg3f7Ypj8EmkVcCyiV8OFaLxizEUsS
gwBUjqvLi5djkaY+fOlknMGeNEZhxR3ZsugWa1+xKKxhMz3QkYrNHYiSl/GjcceU
YBSLI3kCAbhhYTI/yQTpmm35TjrxpsER6WS/mjvk0nEOWkS/9xZC0DKAMwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHM58iVFaOPOqKQn8D0cGFuWvmwiMB8GA1UdIwQY
MBaAFCCw2iAtLDSkc6bXavCT6N4DEblbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxEYUlDMHNOS1J6cHRkcThKUG8zZ01SdVZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZWE5NzgtNWRhZS00YzhkLTliMmMt
ZDhlZmY1ZDZhNjNiLzEvY3pueUpVVm80ODZvcENmd1BSd1lXNWEtYkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZWE5NzgtNWRhZS00YzhkLTliMmMtZDhlZmY1ZDZhNjNi
LzEvSUxEYUlDMHNOS1J6cHRkcThKUG8zZ01SdVZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCBYVIAwQA
W8eIAwQDXn3AMA0EAgACMAcDBQAqAiuoMA0GCSqGSIb3DQEBCwUAA4IBAQBBKgxN
AaOKi/egDjPivWRi4oHrQ401h1OncjnNLiui5XXbCGCKlvm6SgrjD/Bu0sDvZv50
t5hgL7ZR8+0f9cTogp2bKRn+7MSszehibI1jVUOcVChJovZ0UgupBQSTrWa+PGba
Xiq9eYyq4nZOuGjXP3jbEbIfoaZYRxukRudnEySfw4ckvNalQEdJoRKKvXYS2OV2
5kLhb9y8nkL9bzGl0pa1VtpHRLJB5w9kNPkobatDNtZQJR3k9jelemjS4fr/+CRf
j//Y3OwDDPp4E1EZ+TyCfZFZFQG+/TxLwOQ7/E5nz+/ZTpk7IFQjPKMS+6BokN7Y
xVvVBE/Y47KM0I7+
-----END CERTIFICATE-----
Generated at Thu Apr 17 15:18:58 2025 by rpki-client