Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/y2LXjfv6XAO363F71AjmXKGlqgQ.roa
File: y2LXjfv6XAO363F71AjmXKGlqgQ.roa (raw, json)
Hash identifier: 4mLPhNeJT0HKJvx3+B0TdXW/+X53H3DeeKwHTkudT30=
Subject key identifier: CB:62:D7:8D:FB:FA:5C:03:B7:EB:71:7B:D4:08:E6:5C:A1:A5:AA:04
Certificate issuer: /CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
Certificate serial: 01952255CB12E20BDC8E53A26DABBAE54B24
Authority key identifier: 29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/y2LXjfv6XAO363F71AjmXKGlqgQ.roa
Signing time: Thu 20 Feb 2025 07:50:02 +0000
ROA not before: Thu 20 Feb 2025 07:50:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209114
IP address blocks: 193.33.120.0/24 maxlen: 24
194.31.130.0/24 maxlen: 24
212.56.59.0/24 maxlen: 24
2a12:6e40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.mft
rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 07:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:22:55:cb:12:e2:0b:dc:8e:53:a2:6d:ab:ba:e5:4b:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
Validity
Not Before: Feb 20 07:50:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb62d78dfbfa5c03b7eb717bd408e65ca1a5aa04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:94:70:dd:06:f1:16:42:1b:67:9a:d2:2e:3c:
dc:3f:a1:76:0b:8d:31:dc:3f:6a:a4:8e:b8:e9:b5:
72:6b:bb:af:22:ea:b0:a8:ce:1c:db:8d:58:73:8f:
35:aa:33:95:0a:a5:cf:82:87:38:e8:d5:15:c0:36:
73:fd:8a:4d:8f:1f:a9:f0:22:2d:d3:95:f0:89:f5:
c4:e9:38:74:56:8c:f7:ea:7a:a9:48:24:04:55:69:
d1:e1:97:1c:72:70:81:6f:ed:b8:5d:43:a4:b5:ab:
30:89:fa:7e:fe:c6:cb:ff:8f:07:67:7b:a8:ba:f4:
cc:d1:d6:c2:26:d3:63:6d:84:e8:dc:f6:d5:2d:9a:
dc:82:d0:65:67:14:3b:8b:cc:f0:c8:cb:6e:14:98:
3b:52:f9:3c:f1:25:26:89:7b:49:72:eb:e8:49:17:
b2:42:65:88:83:6c:59:4f:e6:bc:e3:28:b5:59:ce:
7e:76:41:1a:90:30:be:88:17:d2:9d:86:8d:a1:79:
f0:31:15:49:25:32:f4:19:5c:a7:85:1b:92:53:6f:
13:de:85:13:3f:d3:2d:cc:5f:5d:f1:79:50:20:44:
74:dd:05:de:03:e2:28:27:be:0f:6f:a6:b6:52:6a:
0a:00:ac:3b:03:34:59:63:cf:e9:16:77:16:76:f2:
6d:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:62:D7:8D:FB:FA:5C:03:B7:EB:71:7B:D4:08:E6:5C:A1:A5:AA:04
X509v3 Authority Key Identifier:
keyid:29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/y2LXjfv6XAO363F71AjmXKGlqgQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.33.120.0/24
194.31.130.0/24
212.56.59.0/24
IPv6:
2a12:6e40::/29
Signature Algorithm: sha256WithRSAEncryption
02:c8:4c:5d:73:6a:26:1f:06:34:5d:98:75:0a:48:33:77:e6:
fe:8d:69:8a:24:f3:a2:dd:59:50:d4:40:d9:bb:1f:da:1d:34:
df:6f:5c:3f:ae:09:1b:30:70:a7:9a:7e:11:d6:6b:d4:e3:40:
08:83:e5:9b:bb:82:a5:96:98:1f:97:2a:f8:c6:32:5c:f3:72:
84:3f:36:72:84:31:9d:a8:83:bf:6c:af:b5:22:aa:5d:f6:8b:
c5:c7:48:13:ab:cf:b3:7f:77:06:ef:6e:cb:27:6a:6e:54:5a:
b2:30:5e:2a:6c:39:af:67:56:75:bb:3a:37:4e:1f:6a:52:87:
d6:52:42:f3:ec:34:fd:b9:22:d9:f3:6e:16:35:67:a0:84:d1:
d5:8c:13:8d:69:da:41:5b:c2:ed:ec:24:62:68:70:a8:31:41:
bf:5a:ab:7e:a4:04:c2:a1:dc:b4:00:6c:09:5f:9d:67:c4:1e:
7a:4f:ba:a7:37:dd:b4:fc:7e:9d:8e:59:11:42:5d:c4:0b:76:
c5:a3:ce:01:ac:af:60:65:8c:3a:6e:ab:85:2d:e3:d8:dc:5b:
68:0e:02:21:50:42:48:d3:36:11:d2:d5:58:8f:33:a7:ff:30:
90:bc:87:53:5c:47:9d:2b:4e:48:fa:75:f6:97:9c:9f:b6:87:
70:ea:56:6d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZUiVcsS4gvcjlOibau65UskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Zjk2NzBlZTJhMzBlYWM4YzBhMzlkYzQ3ZmY3YThjZDI0
NzNiMDAwHhcNMjUwMjIwMDc1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjYyZDc4ZGZiZmE1YzAzYjdlYjcxN2JkNDA4ZTY1Y2ExYTVhYTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJRw3QbxFkIbZ5rSLjzcP6F2C40x
3D9qpI646bVya7uvIuqwqM4c241Yc481qjOVCqXPgoc46NUVwDZz/YpNjx+p8CIt
05XwifXE6Th0Voz36nqpSCQEVWnR4ZcccnCBb+24XUOktaswifp+/sbL/48HZ3uo
uvTM0dbCJtNjbYTo3PbVLZrcgtBlZxQ7i8zwyMtuFJg7Uvk88SUmiXtJcuvoSRey
QmWIg2xZT+a84yi1Wc5+dkEakDC+iBfSnYaNoXnwMRVJJTL0GVynhRuSU28T3oUT
P9MtzF9d8XlQIER03QXeA+IoJ74Pb6a2UmoKAKw7AzRZY8/pFncWdvJtNQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMti1437+lwDt+txe9QI5lyhpaoEMB8GA1UdIwQY
MBaAFCn5Zw7iow6sjAo53Ef/eozSRzsAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZsbkR1S2pEcXlNQ2puY1JfOTZqTkpIT3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yZmY3NmQtZjExNi00NDMwLTg0MDct
NmUyOWVmZGZkNGUzLzEveTJMWGpmdjZYQU8zNjNGNzFBam1YS0dscWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yZmY3NmQtZjExNi00NDMwLTg0MDctNmUyOWVmZGZkNGUz
LzEvS2ZsbkR1S2pEcXlNQ2puY1JfOTZqTkpIT3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAwSF4AwQA
wh+CAwQA1Dg7MA0EAgACMAcDBQMqEm5AMA0GCSqGSIb3DQEBCwUAA4IBAQACyExd
c2omHwY0XZh1Ckgzd+b+jWmKJPOi3VlQ1EDZux/aHTTfb1w/rgkbMHCnmn4R1mvU
40AIg+Wbu4Kllpgflyr4xjJc83KEPzZyhDGdqIO/bK+1Iqpd9ovFx0gTq8+zf3cG
727LJ2puVFqyMF4qbDmvZ1Z1uzo3Th9qUofWUkLz7DT9uSLZ824WNWeghNHVjBON
adpBW8Lt7CRiaHCoMUG/Wqt+pATCody0AGwJX51nxB56T7qnN920/H6djlkRQl3E
C3bFo84BrK9gZYw6bquFLePY3FtoDgIhUEJI0zYR0tVYjzOn/zCQvIdTXEedK05I
+nX2l5yftodw6lZt
-----END CERTIFICATE-----
Generated at Wed Apr 9 17:42:14 2025 by rpki-client