Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/lq6yBpxyj8mQu1pcN8Yet01eUsA.roa
File: lq6yBpxyj8mQu1pcN8Yet01eUsA.roa (raw, json)
Hash identifier: jOVFBLabQ2MHZZoWNADP7Z+CInLcq/pubwpgW9d7+lE=
Subject key identifier: 96:AE:B2:06:9C:72:8F:C9:90:BB:5A:5C:37:C6:1E:B7:4D:5E:52:C0
Certificate issuer: /CN=33954330349f57502a76ae6e99987efc3e3b8109
Certificate serial: 01942067D2FB7FBA886FE3483038B2B718ED
Authority key identifier: 33:95:43:30:34:9F:57:50:2A:76:AE:6E:99:98:7E:FC:3E:3B:81:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/lq6yBpxyj8mQu1pcN8Yet01eUsA.roa
Signing time: Wed 01 Jan 2025 05:47:42 +0000
ROA not before: Wed 01 Jan 2025 05:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198330
IP address blocks: 45.10.180.0/22 maxlen: 24
45.12.224.0/22 maxlen: 24
134.90.136.0/21 maxlen: 24
185.55.96.0/22 maxlen: 24
185.104.172.0/22 maxlen: 24
185.128.64.0/22 maxlen: 24
185.243.1.0/24 maxlen: 24
2a03:c280::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.crl
rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.mft
rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:d2:fb:7f:ba:88:6f:e3:48:30:38:b2:b7:18:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33954330349f57502a76ae6e99987efc3e3b8109
Validity
Not Before: Jan 1 05:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=96aeb2069c728fc990bb5a5c37c61eb74d5e52c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:f0:3f:ab:29:be:3b:82:cc:15:11:77:10:ff:
48:40:c9:d3:56:f9:b3:ce:b1:a6:28:85:60:3d:5a:
24:d1:be:74:3d:23:13:12:69:d4:cd:50:68:19:d9:
2d:a4:75:43:b7:fb:ef:80:74:b4:4e:8b:15:c0:b2:
b3:aa:16:75:31:20:03:5d:90:27:95:f7:f7:02:ba:
fb:00:57:75:6f:db:e5:b4:d8:7c:e1:45:2f:9a:79:
ee:a5:fc:35:21:7e:d9:38:cd:df:46:0e:98:67:58:
72:1d:e5:72:32:6a:d4:ad:87:67:ad:76:ef:af:f8:
64:33:47:e4:07:3a:cc:5b:c1:22:b5:30:13:4a:54:
aa:4b:57:3f:1f:47:a7:71:50:5c:6e:62:c3:f7:7a:
5c:83:18:a1:65:43:f4:dd:63:33:ba:70:59:ed:2a:
fd:e9:48:c3:fa:6f:59:03:cb:b1:b0:63:c7:c1:7e:
12:9d:fa:20:5c:fa:d1:6a:51:80:98:89:5d:5c:32:
78:25:52:2e:f1:06:de:2a:83:ee:02:3a:63:36:7d:
77:ba:20:b3:05:b3:ac:c2:43:3d:ba:20:9a:f8:8f:
0d:7b:0e:d0:2c:0c:d0:c3:86:5d:47:c0:8d:44:8a:
e3:bd:f1:1a:4d:18:ee:51:c9:1f:91:58:83:ff:b3:
b6:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:AE:B2:06:9C:72:8F:C9:90:BB:5A:5C:37:C6:1E:B7:4D:5E:52:C0
X509v3 Authority Key Identifier:
keyid:33:95:43:30:34:9F:57:50:2A:76:AE:6E:99:98:7E:FC:3E:3B:81:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/lq6yBpxyj8mQu1pcN8Yet01eUsA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.180.0/22
45.12.224.0/22
134.90.136.0/21
185.55.96.0/22
185.104.172.0/22
185.128.64.0/22
185.243.1.0/24
IPv6:
2a03:c280::/32
Signature Algorithm: sha256WithRSAEncryption
83:a4:07:ea:38:a3:2a:58:8e:69:1d:3e:5b:cc:ee:78:bb:4a:
07:2c:67:60:0f:6c:22:59:66:a3:ed:1d:e2:67:47:f9:0a:ac:
ad:8b:c5:08:93:14:ed:ac:5b:a1:74:4c:f6:f7:a0:05:98:75:
35:f1:8b:8f:b2:7f:9f:b8:86:e2:56:ff:bc:fd:2c:90:21:e1:
c6:a8:2b:55:20:6d:e1:0c:6c:8e:50:0d:cd:6a:d4:ff:86:b1:
9e:40:06:9c:8b:0c:7d:16:9f:ea:bd:50:6e:e7:e9:70:63:b7:
85:69:cb:00:a1:b6:4c:5b:ee:66:17:6f:c9:58:67:54:b0:df:
07:77:ad:49:ea:7b:f7:1d:3d:a2:a9:f4:9f:d4:2f:cc:51:20:
e8:4a:88:f6:de:99:12:01:4a:5d:e4:3d:9e:6b:b6:bd:b9:17:
9c:c3:3a:25:ec:79:ae:94:b3:98:58:af:02:ae:b4:4e:3a:e4:
dc:55:b1:5f:70:71:a4:d3:46:7e:2c:8b:b6:0a:0c:b9:80:75:
8a:e8:b5:92:c9:49:c8:71:22:bb:d6:2b:5b:9d:27:6e:39:40:
5b:e9:79:28:5e:dc:4a:91:2b:60:af:1f:55:c3:a6:c5:c5:ad:
99:82:19:c8:f9:1c:17:44:a8:47:71:0e:41:1c:29:7e:92:ea:
8c:81:db:70
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQgZ9L7f7qIb+NIMDiytxjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOTU0MzMwMzQ5ZjU3NTAyYTc2YWU2ZTk5OTg3ZWZjM2Uz
YjgxMDkwHhcNMjUwMTAxMDU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmFlYjIwNjljNzI4ZmM5OTBiYjVhNWMzN2M2MWViNzRkNWU1MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufA/qym+O4LMFRF3EP9IQMnTVvmz
zrGmKIVgPVok0b50PSMTEmnUzVBoGdktpHVDt/vvgHS0TosVwLKzqhZ1MSADXZAn
lff3Arr7AFd1b9vltNh84UUvmnnupfw1IX7ZOM3fRg6YZ1hyHeVyMmrUrYdnrXbv
r/hkM0fkBzrMW8EitTATSlSqS1c/H0encVBcbmLD93pcgxihZUP03WMzunBZ7Sr9
6UjD+m9ZA8uxsGPHwX4SnfogXPrRalGAmIldXDJ4JVIu8QbeKoPuAjpjNn13uiCz
BbOswkM9uiCa+I8New7QLAzQw4ZdR8CNRIrjvfEaTRjuUckfkViD/7O2BwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJausgacco/JkLtaXDfGHrdNXlLAMB8GA1UdIwQY
MBaAFDOVQzA0n1dQKnaubpmYfvw+O4EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTVWRE1EU2ZWMUFxZHE1dW1aaC1fRDQ3Z1FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8wZjE5ZTktMWIyYi00ODEyLWFiNWEt
ZmRmODRmODNhMjc0LzEvbHE2eUJweHlqOG1RdTFwY044WWV0MDFlVXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8wZjE5ZTktMWIyYi00ODEyLWFiNWEtZmRmODRmODNhMjc0
LzEvTTVWRE1EU2ZWMUFxZHE1dW1aaC1fRDQ3Z1FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLQq0AwQC
LQzgAwQDhlqIAwQCuTdgAwQCuWisAwQCuYBAAwQAufMBMA0EAgACMAcDBQAqA8KA
MA0GCSqGSIb3DQEBCwUAA4IBAQCDpAfqOKMqWI5pHT5bzO54u0oHLGdgD2wiWWaj
7R3iZ0f5Cqyti8UIkxTtrFuhdEz296AFmHU18YuPsn+fuIbiVv+8/SyQIeHGqCtV
IG3hDGyOUA3NatT/hrGeQAaciwx9Fp/qvVBu5+lwY7eFacsAobZMW+5mF2/JWGdU
sN8Hd61J6nv3HT2iqfSf1C/MUSDoSoj23pkSAUpd5D2ea7a9uRecwzol7HmulLOY
WK8CrrROOuTcVbFfcHGk00Z+LIu2Cgy5gHWK6LWSyUnIcSK71itbnSduOUBb6Xko
XtxKkStgrx9Vw6bFxa2ZghnI+RwXRKhHcQ5BHCl+kuqMgdtw
-----END CERTIFICATE-----
Generated at Tue Apr 22 01:06:48 2025 by rpki-client