Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/YlrLpRr6jHVjZjhSp57OuuJNoDA.roa
File: YlrLpRr6jHVjZjhSp57OuuJNoDA.roa (raw, json)
Hash identifier: 3sLpE4GcZV46VhUEypK4IVzC6Mp0SDmiK7VScSwFOfA=
Subject key identifier: 62:5A:CB:A5:1A:FA:8C:75:63:66:38:52:A7:9E:CE:BA:E2:4D:A0:30
Certificate issuer: /CN=d0d852703295ecf8b97201f916310f88f4c08ab7
Certificate serial: 019421440F0E82AB3E012783452C3A506647
Authority key identifier: D0:D8:52:70:32:95:EC:F8:B9:72:01:F9:16:31:0F:88:F4:C0:8A:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0NhScDKV7Pi5cgH5FjEPiPTAirc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/YlrLpRr6jHVjZjhSp57OuuJNoDA.roa
Signing time: Wed 01 Jan 2025 09:48:15 +0000
ROA not before: Wed 01 Jan 2025 09:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201079
IP address blocks: 185.85.204.0/22 maxlen: 22
185.85.204.0/24 maxlen: 24
185.85.205.0/24 maxlen: 24
185.85.206.0/24 maxlen: 24
185.85.207.0/24 maxlen: 24
185.250.192.0/22 maxlen: 22
185.250.192.0/24 maxlen: 24
185.250.193.0/24 maxlen: 24
185.250.194.0/24 maxlen: 24
185.250.195.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/0NhScDKV7Pi5cgH5FjEPiPTAirc.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/0NhScDKV7Pi5cgH5FjEPiPTAirc.mft
rsync://rpki.ripe.net/repository/DEFAULT/0NhScDKV7Pi5cgH5FjEPiPTAirc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 09:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:0f:0e:82:ab:3e:01:27:83:45:2c:3a:50:66:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0d852703295ecf8b97201f916310f88f4c08ab7
Validity
Not Before: Jan 1 09:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=625acba51afa8c7563663852a79ecebae24da030
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:76:23:31:29:f7:b4:d6:c5:68:e0:21:1a:60:
4a:de:c1:f6:03:14:14:37:16:89:2e:fd:ab:6b:72:
68:20:94:ef:0d:11:a9:2b:9a:f8:96:58:36:84:e2:
f5:74:b3:69:3f:34:31:a9:1c:22:fe:6b:7a:4a:79:
50:6f:4e:2c:ab:cc:5c:a5:b7:8e:72:ef:52:2d:f1:
68:d2:16:e8:ec:82:49:e6:24:31:fe:1f:dc:3d:10:
9f:2b:b1:59:e1:fa:f9:e7:09:29:b9:c9:20:c8:a4:
75:90:5e:b4:29:0c:3b:1a:81:48:d9:8f:49:0a:91:
e2:34:12:ea:ac:b3:87:75:ae:2f:e3:e9:60:41:07:
df:7d:29:e2:11:e7:7f:66:d5:5f:c3:d8:78:43:98:
35:27:96:bb:02:95:57:24:86:9a:bc:6b:c3:24:aa:
33:64:04:9e:4d:43:8a:31:76:17:06:04:74:b1:6e:
2b:ba:5d:1c:2a:2b:11:55:20:0e:d4:ef:aa:35:ce:
67:9d:cd:d9:34:f5:2c:3b:70:a9:e6:aa:72:f2:06:
26:19:0c:e5:f1:68:92:3c:d4:ed:f2:c4:f7:ac:e4:
f9:ab:db:41:59:21:59:ff:04:7f:fc:98:b3:2c:82:
33:25:7e:0e:55:96:1f:03:c7:c5:ce:0d:f2:70:6e:
ac:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:5A:CB:A5:1A:FA:8C:75:63:66:38:52:A7:9E:CE:BA:E2:4D:A0:30
X509v3 Authority Key Identifier:
keyid:D0:D8:52:70:32:95:EC:F8:B9:72:01:F9:16:31:0F:88:F4:C0:8A:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0NhScDKV7Pi5cgH5FjEPiPTAirc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/YlrLpRr6jHVjZjhSp57OuuJNoDA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/0NhScDKV7Pi5cgH5FjEPiPTAirc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.85.204.0/22
185.250.192.0/22
Signature Algorithm: sha256WithRSAEncryption
15:0c:f5:b5:f0:4d:dd:b2:8f:b4:0e:9a:f7:02:cd:49:df:97:
e8:7b:c0:43:05:f8:43:5a:c7:23:93:c5:34:3b:41:f1:b4:b5:
98:a4:26:01:89:fb:de:9e:43:6d:6f:e7:a4:8c:c7:e0:9a:24:
08:79:df:18:c6:80:7a:64:a4:22:ba:8e:bd:67:15:8c:d2:46:
fa:18:00:d9:c1:f1:b8:00:10:2c:15:57:1c:99:54:57:ec:57:
71:08:03:76:cc:bd:d2:d5:1d:c0:18:ec:0a:df:72:ef:0c:fb:
84:e1:27:8b:53:84:f2:ef:78:df:9b:91:f7:57:47:bc:43:75:
ba:16:fe:b6:52:39:4a:64:2e:19:ce:4f:84:4f:9a:89:97:6b:
31:d0:c6:25:67:4a:60:de:06:93:50:fd:06:d7:66:5b:32:4f:
6a:69:4d:8d:be:79:74:f3:3a:ba:58:25:42:99:27:61:2e:85:
3a:ab:ff:a4:4e:df:de:2b:cb:33:c0:55:e9:a4:a3:82:3d:e0:
55:31:d1:b3:77:0b:4b:ff:a5:88:08:66:88:00:4f:b5:64:de:
00:f9:3e:08:69:ee:20:55:4c:43:8c:4a:a4:d7:30:70:e9:bc:
e5:fd:47:72:ee:ac:3f:7c:9a:be:94:30:78:97:c1:49:f2:55:
aa:c9:86:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRA8Ogqs+ASeDRSw6UGZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZDg1MjcwMzI5NWVjZjhiOTcyMDFmOTE2MzEwZjg4ZjRj
MDhhYjcwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVhY2JhNTFhZmE4Yzc1NjM2NjM4NTJhNzllY2ViYWUyNGRhMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHYjMSn3tNbFaOAhGmBK3sH2AxQU
NxaJLv2ra3JoIJTvDRGpK5r4llg2hOL1dLNpPzQxqRwi/mt6SnlQb04sq8xcpbeO
cu9SLfFo0hbo7IJJ5iQx/h/cPRCfK7FZ4fr55wkpuckgyKR1kF60KQw7GoFI2Y9J
CpHiNBLqrLOHda4v4+lgQQfffSniEed/ZtVfw9h4Q5g1J5a7ApVXJIaavGvDJKoz
ZASeTUOKMXYXBgR0sW4rul0cKisRVSAO1O+qNc5nnc3ZNPUsO3Cp5qpy8gYmGQzl
8WiSPNTt8sT3rOT5q9tBWSFZ/wR//JizLIIzJX4OVZYfA8fFzg3ycG6sGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGJay6Ua+ox1Y2Y4UqeezrriTaAwMB8GA1UdIwQY
MBaAFNDYUnAylez4uXIB+RYxD4j0wIq3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME5oU2NES1Y3UGk1Y2dINUZqRVBpUFRBaXJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9lYWY5NzQtNmVmZC00NjMzLWI4NGEt
YThhYWY4ODZjODIwLzEvWWxyTHBScjZqSFZqWmpoU3A1N091dUpOb0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9lYWY5NzQtNmVmZC00NjMzLWI4NGEtYThhYWY4ODZjODIw
LzEvME5oU2NES1Y3UGk1Y2dINUZqRVBpUFRBaXJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuVXMAwQC
ufrAMA0GCSqGSIb3DQEBCwUAA4IBAQAVDPW18E3dso+0Dpr3As1J35foe8BDBfhD
Wscjk8U0O0HxtLWYpCYBifvenkNtb+ekjMfgmiQIed8YxoB6ZKQiuo69ZxWM0kb6
GADZwfG4ABAsFVccmVRX7FdxCAN2zL3S1R3AGOwK33LvDPuE4SeLU4Ty73jfm5H3
V0e8Q3W6Fv62UjlKZC4Zzk+ET5qJl2sx0MYlZ0pg3gaTUP0G12ZbMk9qaU2Nvnl0
8zq6WCVCmSdhLoU6q/+kTt/eK8szwFXppKOCPeBVMdGzdwtL/6WICGaIAE+1ZN4A
+T4Iae4gVUxDjEqk1zBw6bzl/Udy7qw/fJq+lDB4l8FJ8lWqyYbD
-----END CERTIFICATE-----
Generated at Mon Apr 7 17:20:09 2025 by rpki-client