Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/5srUWfK2Cdi4wHjqlySTWyZ4Low.roa
File: 5srUWfK2Cdi4wHjqlySTWyZ4Low.roa (raw, json)
Hash identifier: LNg07RRevBAHX1c+iNg80ZacJiC/7ZrA4U+xATH+Y0g=
Subject key identifier: E6:CA:D4:59:F2:B6:09:D8:B8:C0:78:EA:97:24:93:5B:26:78:2E:8C
Certificate issuer: /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial: 01942823D501009331B1EDAE8C95E44E0E71
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/5srUWfK2Cdi4wHjqlySTWyZ4Low.roa
Signing time: Thu 02 Jan 2025 17:50:24 +0000
ROA not before: Thu 02 Jan 2025 17:50:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49902
IP address blocks: 77.137.224.0/19 maxlen: 20
77.143.0.0/16 maxlen: 18
77.143.17.0/24 maxlen: 24
195.115.116.0/22 maxlen: 22
213.222.64.0/18 maxlen: 19
213.222.96.0/19 maxlen: 19
213.223.45.0/24 maxlen: 24
213.223.46.0/23 maxlen: 24
213.223.138.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:23:d5:01:00:93:31:b1:ed:ae:8c:95:e4:4e:0e:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Validity
Not Before: Jan 2 17:50:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e6cad459f2b609d8b8c078ea9724935b26782e8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:fe:81:60:af:25:5e:51:07:87:00:b9:b6:71:
93:c7:07:ef:de:21:94:c5:1e:f2:6a:eb:54:2b:20:
89:23:46:db:05:4e:96:01:87:80:92:93:bd:3f:a5:
97:6f:1f:31:46:d9:3e:25:d2:87:57:53:9c:f6:1a:
d2:20:df:fa:8b:13:3f:32:75:f3:c9:db:89:e6:fc:
c5:74:ab:03:cb:42:38:dc:1d:9e:a9:be:73:7d:2c:
77:3e:40:15:bf:ec:8f:96:28:87:1b:9f:9e:fc:56:
5a:35:7b:4a:82:f5:85:ce:6c:da:6a:92:ca:62:4b:
a4:85:9d:06:3b:33:04:c4:16:a6:92:db:ba:f3:ef:
87:9c:67:d2:4f:66:2d:46:16:5e:14:c6:8f:18:73:
1d:2f:db:22:93:e3:08:d4:a4:67:19:4a:6b:3c:4d:
b9:e6:5e:6d:b9:23:cb:81:02:7b:7d:1c:cc:d8:14:
4a:f7:6e:ed:c3:59:d0:c7:ed:b1:dd:09:70:01:28:
bd:a6:aa:7f:71:be:b6:d4:54:f0:0a:d9:6b:e5:24:
b9:0a:3f:7e:43:a8:46:9b:5b:b1:30:5a:e2:4b:cc:
21:9b:e6:83:77:b6:29:4d:2b:ba:d8:46:8f:e8:01:
32:f2:e1:b1:95:ce:49:6b:d7:7a:2f:86:95:a0:94:
a2:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:CA:D4:59:F2:B6:09:D8:B8:C0:78:EA:97:24:93:5B:26:78:2E:8C
X509v3 Authority Key Identifier:
keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/5srUWfK2Cdi4wHjqlySTWyZ4Low.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.137.224.0/19
77.143.0.0/16
195.115.116.0/22
213.222.64.0/18
213.223.45.0-213.223.47.255
213.223.138.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:37:86:cc:8d:ca:eb:8d:b1:44:77:e8:0d:9c:08:1d:a3:e2:
5a:13:52:a3:c1:45:30:5c:b4:7f:ec:87:63:79:e3:cc:1a:83:
a4:cb:ff:44:6c:80:16:75:98:5a:d6:ec:28:81:84:2c:c2:9c:
21:f0:39:9f:ba:33:64:a0:e0:e1:42:a6:be:ae:38:a5:f1:23:
c7:4b:70:b6:7e:22:34:49:19:c6:d2:5d:f9:db:71:f2:65:3a:
99:5f:20:de:f6:38:15:97:6f:d4:60:4a:53:42:9e:5e:6e:45:
a4:03:52:ce:65:33:a7:e9:23:9a:49:9d:f7:d5:79:a8:19:5f:
70:90:7a:32:0d:b1:a9:49:5b:20:a1:94:a7:e9:0d:a0:2f:92:
94:1c:13:f8:84:53:71:a4:9e:5b:27:d5:97:59:a6:b8:2f:4a:
87:88:67:c4:48:24:9d:ed:06:4b:2a:40:b5:da:53:53:fb:56:
4e:2f:89:72:b6:2f:bf:8a:ba:d9:7b:a8:02:b1:d0:6f:4a:4c:
9b:c9:c6:df:8c:cf:b1:93:f0:e8:9c:44:e5:63:38:56:a3:4b:
94:1c:8e:a3:7a:58:2b:de:ef:11:f7:46:1d:79:5c:1a:f5:75:
08:88:c6:9b:44:d8:cf:d3:65:25:3d:a6:16:6b:a9:9a:7a:c2:
25:d2:75:bc
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZQoI9UBAJMxse2ujJXkTg5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwMTAyMTc1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNhZDQ1OWYyYjYwOWQ4YjhjMDc4ZWE5NzI0OTM1YjI2NzgyZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf6BYK8lXlEHhwC5tnGTxwfv3iGU
xR7yautUKyCJI0bbBU6WAYeAkpO9P6WXbx8xRtk+JdKHV1Oc9hrSIN/6ixM/MnXz
yduJ5vzFdKsDy0I43B2eqb5zfSx3PkAVv+yPliiHG5+e/FZaNXtKgvWFzmzaapLK
YkukhZ0GOzMExBamktu68++HnGfST2YtRhZeFMaPGHMdL9sik+MI1KRnGUprPE25
5l5tuSPLgQJ7fRzM2BRK927tw1nQx+2x3QlwASi9pqp/cb621FTwCtlr5SS5Cj9+
Q6hGm1uxMFriS8whm+aDd7YpTSu62EaP6AEy8uGxlc5Ja9d6L4aVoJSiKwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFObK1FnytgnYuMB46pckk1smeC6MMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvNXNyVVdmSzJDZGk0d0hqcWx5U1RXeVo0TG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAATArAwQFTYngAwMA
TY8DBALDc3QDBAbV3kAwDAMEANXfLQMEBNXfIAMEANXfijANBgkqhkiG9w0BAQsF
AAOCAQEAizeGzI3K642xRHfoDZwIHaPiWhNSo8FFMFy0f+yHY3njzBqDpMv/RGyA
FnWYWtbsKIGELMKcIfA5n7ozZKDg4UKmvq44pfEjx0twtn4iNEkZxtJd+dtx8mU6
mV8g3vY4FZdv1GBKU0KeXm5FpANSzmUzp+kjmkmd99V5qBlfcJB6Mg2xqUlbIKGU
p+kNoC+SlBwT+IRTcaSeWyfVl1mmuC9Kh4hnxEgkne0GSypAtdpTU/tWTi+JcrYv
v4q62XuoArHQb0pMm8nG34zPsZPw6JxE5WM4VqNLlByOo3pYK97vEfdGHXlcGvV1
CIjGm0TYz9NlJT2mFmupmnrCJdJ1vA==
-----END CERTIFICATE-----
Generated at Sat Apr 5 13:20:21 2025 by rpki-client