Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZCBXS1Akfle4hx3UWFesv-Of-gw.roa
File: ZCBXS1Akfle4hx3UWFesv-Of-gw.roa (raw, json)
Hash identifier: slRBFxBIWAWIAB4iOQYaDni+M9UYpj7rFvfDkpwvKbM=
Subject key identifier: 64:20:57:4B:50:24:7E:57:B8:87:1D:D4:58:57:AC:BF:E3:9F:FA:0C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019734CEB3391E93F06946EC52F28121E627
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZCBXS1Akfle4hx3UWFesv-Of-gw.roa
Signing time: Tue 03 Jun 2025 08:00:50 +0000
ROA not before: Tue 03 Jun 2025 08:00:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 89.213.127.0/24 maxlen: 24
89.213.212.0/24 maxlen: 24
89.213.224.0/24 maxlen: 24
213.218.215.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:34:ce:b3:39:1e:93:f0:69:46:ec:52:f2:81:21:e6:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 3 08:00:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6420574b50247e57b8871dd45857acbfe39ffa0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:dc:70:e4:f5:da:ec:90:2d:eb:60:49:7f:03:
1d:4c:94:8e:5b:d6:f5:6c:c8:0b:27:8d:7a:46:18:
8d:19:08:55:e8:50:b6:91:a8:e2:b2:d7:02:0c:27:
8a:fe:44:6e:cf:d3:38:9a:dd:de:e0:51:85:83:2a:
ad:f9:0e:4e:d5:85:45:a8:78:47:83:c4:75:96:5e:
f6:51:4f:84:aa:ba:ef:5f:d2:65:a0:97:0c:18:91:
31:55:d4:7b:cd:ad:5d:12:27:3e:40:ed:3e:91:6c:
2f:68:a2:52:6b:b6:8f:56:77:44:1e:d6:84:c9:62:
2b:50:4c:59:6c:69:7e:62:b1:c3:31:89:25:b7:24:
71:3c:bc:9a:58:cb:08:8c:13:3b:c5:a9:e4:82:0d:
54:90:17:2d:02:58:64:27:9f:f4:f0:81:35:d2:38:
f2:ad:2e:9f:8c:ea:e3:af:05:45:05:2e:b7:f5:c7:
24:33:df:3a:b1:e9:fe:76:70:9f:f0:7b:2c:e8:59:
dc:a6:98:9d:60:64:1e:7c:5e:ed:9a:85:94:27:73:
8a:05:86:e5:b0:a8:6d:63:46:ea:bf:b2:2c:4b:44:
36:4e:72:10:0f:1b:50:5a:be:27:90:f6:0c:84:57:
5a:34:48:33:2f:58:d4:28:95:c2:59:3b:dd:c8:b5:
69:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:20:57:4B:50:24:7E:57:B8:87:1D:D4:58:57:AC:BF:E3:9F:FA:0C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZCBXS1Akfle4hx3UWFesv-Of-gw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.213.127.0/24
89.213.212.0/24
89.213.224.0/24
213.218.215.0/24
Signature Algorithm: sha256WithRSAEncryption
60:91:72:c9:06:b8:86:10:23:9b:26:4f:e6:4e:32:b3:95:b6:
a1:b7:0e:a8:65:a2:ed:04:14:c9:d3:da:fe:c4:22:28:5c:77:
c9:a9:f4:c6:01:75:94:a9:aa:44:50:f8:00:b5:76:58:cd:a2:
4a:80:a8:a0:af:bf:cb:91:33:f3:5c:37:bd:cf:b4:ab:ee:28:
3b:20:e7:63:e4:2c:df:e6:2e:f2:97:b9:b5:4b:b8:b7:42:43:
be:c6:2e:63:df:37:b4:c1:84:f4:e6:3a:bb:00:df:0d:8c:de:
4b:5e:34:03:9e:db:cf:54:f5:ec:29:fc:05:09:0c:b6:c4:1c:
c3:3d:72:35:a0:a5:6c:10:ab:d1:3e:19:11:8f:86:5f:23:39:
48:15:b9:bc:6b:65:e3:fc:0a:bd:08:3c:76:21:f9:9f:72:1f:
b2:52:e3:4b:92:d7:93:a6:2b:85:b8:e1:1c:5f:41:61:7d:b5:
2e:52:d8:05:92:82:9c:e5:95:f2:26:99:25:52:9f:7a:c1:84:
20:8c:57:8e:b1:94:ca:f4:f5:c5:fc:e7:35:1d:c3:e8:bd:90:
52:8e:40:82:7d:4d:b1:a0:6d:4a:d3:17:64:23:6e:80:d8:47:
3f:4c:92:9b:27:82:35:69:3c:01:66:5d:a1:ee:f6:91:09:9f:
99:6c:d7:a1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZc0zrM5HpPwaUbsUvKBIeYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjAzMDgwMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDIwNTc0YjUwMjQ3ZTU3Yjg4NzFkZDQ1ODU3YWNiZmUzOWZmYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNxw5PXa7JAt62BJfwMdTJSOW9b1
bMgLJ416RhiNGQhV6FC2kajistcCDCeK/kRuz9M4mt3e4FGFgyqt+Q5O1YVFqHhH
g8R1ll72UU+EqrrvX9JloJcMGJExVdR7za1dEic+QO0+kWwvaKJSa7aPVndEHtaE
yWIrUExZbGl+YrHDMYkltyRxPLyaWMsIjBM7xankgg1UkBctAlhkJ5/08IE10jjy
rS6fjOrjrwVFBS639cckM986sen+dnCf8Hss6FncppidYGQefF7tmoWUJ3OKBYbl
sKhtY0bqv7IsS0Q2TnIQDxtQWr4nkPYMhFdaNEgzL1jUKJXCWTvdyLVpCwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGQgV0tQJH5XuIcd1FhXrL/jn/oMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWkNCWFMxQWtmbGU0aHgzVVdGZXN2LU9mLWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWdV/AwQA
WdXUAwQAWdXgAwQA1drXMA0GCSqGSIb3DQEBCwUAA4IBAQBgkXLJBriGECObJk/m
TjKzlbahtw6oZaLtBBTJ09r+xCIoXHfJqfTGAXWUqapEUPgAtXZYzaJKgKigr7/L
kTPzXDe9z7Sr7ig7IOdj5Czf5i7yl7m1S7i3QkO+xi5j3ze0wYT05jq7AN8NjN5L
XjQDntvPVPXsKfwFCQy2xBzDPXI1oKVsEKvRPhkRj4ZfIzlIFbm8a2Xj/Aq9CDx2
Ifmfch+yUuNLkteTpiuFuOEcX0FhfbUuUtgFkoKc5ZXyJpklUp96wYQgjFeOsZTK
9PXF/Oc1HcPovZBSjkCCfU2xoG1K0xdkI26A2Ec/TJKbJ4I1aTwBZl2h7vaRCZ+Z
bNeh
-----END CERTIFICATE-----
Generated at Fri Jun 6 16:52:00 2025 by rpki-client