Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/LxkfTjTXAGdbju5isaPCtnGLLgc.roa
File: LxkfTjTXAGdbju5isaPCtnGLLgc.roa (raw, json)
Hash identifier: SeXkkuvsRzqZLCxI5NVGlHTm+cm8bKudh3134+3EtUs=
Subject key identifier: 2F:19:1F:4E:34:D7:00:67:5B:8E:EE:62:B1:A3:C2:B6:71:8B:2E:07
Certificate issuer: /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial: 0197597AED3B82AFCDD58DAD94B7E2DA8B33
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/LxkfTjTXAGdbju5isaPCtnGLLgc.roa
Signing time: Tue 10 Jun 2025 10:55:17 +0000
ROA not before: Tue 10 Jun 2025 10:55:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204650
IP address blocks: 37.32.42.0/24 maxlen: 24
37.32.44.0/24 maxlen: 24
37.32.45.0/24 maxlen: 24
178.239.156.0/24 maxlen: 24
178.239.159.0/24 maxlen: 24
185.26.34.0/23 maxlen: 24
185.243.49.0/24 maxlen: 24
185.243.50.0/24 maxlen: 24
2a00:7040::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:59:7a:ed:3b:82:af:cd:d5:8d:ad:94:b7:e2:da:8b:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Validity
Not Before: Jun 10 10:55:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f191f4e34d700675b8eee62b1a3c2b6718b2e07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:21:56:84:b3:81:71:74:ec:c9:c4:20:f1:9c:
9b:93:5b:6e:26:48:a2:73:0a:c0:6c:dd:64:1d:71:
1a:7e:63:a0:1f:2a:a7:a8:09:cb:97:d6:82:5e:e3:
5e:5a:65:0d:87:ba:a9:f5:c5:81:3c:ff:b4:9c:60:
dd:94:fc:e6:bf:6a:39:99:64:1c:a9:10:af:31:ae:
b6:85:1e:da:c3:a5:6a:98:9f:27:1f:46:f7:60:3d:
ee:8c:75:7d:ae:9c:1a:53:75:56:70:7f:d6:df:0b:
0f:77:2a:ae:20:ad:a2:de:b7:ce:4c:46:65:85:3d:
51:31:7a:b5:0c:57:53:e2:6a:ab:11:e1:ef:5c:48:
93:fa:f7:34:92:99:62:f8:ef:d5:cb:f0:c4:7b:8a:
9b:48:75:d0:bf:3a:63:1a:77:4b:99:98:ab:1c:02:
00:04:29:dc:b0:ab:95:a9:a8:79:a4:e5:d6:e0:12:
11:0f:68:ed:4d:0a:d6:c6:2b:20:93:de:39:1c:40:
3d:07:b1:40:ad:a5:3b:6e:37:e4:37:4e:76:7c:48:
39:ad:7f:6d:4b:cb:b4:86:80:05:eb:c7:e5:8f:73:
5c:c6:95:85:58:01:77:82:71:62:d8:ca:d5:01:86:
b8:53:49:3b:78:83:f8:74:22:68:a6:55:61:aa:b2:
77:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:19:1F:4E:34:D7:00:67:5B:8E:EE:62:B1:A3:C2:B6:71:8B:2E:07
X509v3 Authority Key Identifier:
keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/LxkfTjTXAGdbju5isaPCtnGLLgc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.32.42.0/24
37.32.44.0/23
178.239.156.0/24
178.239.159.0/24
185.26.34.0/23
185.243.49.0-185.243.50.255
IPv6:
2a00:7040::/32
Signature Algorithm: sha256WithRSAEncryption
cd:0a:63:92:51:dc:45:c2:1c:5a:9f:b6:c8:d3:09:26:a8:ae:
ef:bf:73:2d:c0:ba:cc:a9:06:f7:60:09:63:d0:c6:16:ae:9b:
c7:80:d6:fe:83:05:2f:be:20:c1:3e:b8:0d:2f:b8:e3:14:a4:
8e:99:f1:01:ca:7d:5a:90:04:fd:11:39:60:a9:c2:2a:88:48:
a9:21:9c:05:b0:92:f0:78:23:5c:7f:f5:40:b4:92:39:bd:67:
99:52:0c:aa:ff:04:df:e4:c4:dd:41:1f:bf:61:88:7b:11:6b:
41:9f:e7:88:51:a7:ea:ac:98:77:21:85:8f:88:f1:81:7d:bd:
6c:74:c1:fd:03:6e:38:8a:89:22:30:cb:f2:86:a0:e6:b6:85:
b2:8a:e8:36:93:13:01:90:ba:b9:eb:19:92:e8:ca:97:89:ab:
ee:a5:0f:33:9d:3d:f4:7c:fa:4d:ed:b1:79:6b:b3:1a:13:51:
88:f4:2a:76:45:91:76:66:d3:88:f4:fd:f7:82:e6:be:0a:cb:
f4:c2:4f:d0:d3:b4:51:09:f7:57:e0:10:94:eb:e3:9a:30:18:
34:4f:cb:2e:c8:ec:4b:3f:60:08:f6:b3:37:9d:33:b4:79:7c:
a3:62:13:18:a6:92:58:0b:07:df:22:96:df:a4:e5:fc:99:b6:
4f:80:cb:20
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZdZeu07gq/N1Y2tlLfi2oszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNjEwMTA1NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE5MWY0ZTM0ZDcwMDY3NWI4ZWVlNjJiMWEzYzJiNjcxOGIyZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SFWhLOBcXTsycQg8Zybk1tuJkii
cwrAbN1kHXEafmOgHyqnqAnLl9aCXuNeWmUNh7qp9cWBPP+0nGDdlPzmv2o5mWQc
qRCvMa62hR7aw6VqmJ8nH0b3YD3ujHV9rpwaU3VWcH/W3wsPdyquIK2i3rfOTEZl
hT1RMXq1DFdT4mqrEeHvXEiT+vc0kpli+O/Vy/DEe4qbSHXQvzpjGndLmZirHAIA
BCncsKuVqah5pOXW4BIRD2jtTQrWxisgk945HEA9B7FAraU7bjfkN052fEg5rX9t
S8u0hoAF68flj3NcxpWFWAF3gnFi2MrVAYa4U0k7eIP4dCJoplVhqrJ3lQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFC8ZH0401wBnW47uYrGjwrZxiy4HMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvTHhrZlRqVFhBR2RianU1aXNhUEN0bkdMTGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQAJSAqAwQB
JSAsAwQAsu+cAwQAsu+fAwQBuRoiMAwDBAC58zEDBAC58zIwDQQCAAIwBwMFACoA
cEAwDQYJKoZIhvcNAQELBQADggEBAM0KY5JR3EXCHFqftsjTCSaoru+/cy3Ausyp
BvdgCWPQxhaum8eA1v6DBS++IME+uA0vuOMUpI6Z8QHKfVqQBP0ROWCpwiqISKkh
nAWwkvB4I1x/9UC0kjm9Z5lSDKr/BN/kxN1BH79hiHsRa0Gf54hRp+qsmHchhY+I
8YF9vWx0wf0DbjiKiSIwy/KGoOa2hbKK6DaTEwGQurnrGZLoypeJq+6lDzOdPfR8
+k3tsXlrsxoTUYj0KnZFkXZm04j0/feC5r4Ky/TCT9DTtFEJ91fgEJTr45owGDRP
yy7I7Es/YAj2szedM7R5fKNiEximklgLB98ilt+k5fyZtk+AyyA=
-----END CERTIFICATE-----
Generated at Sat Jun 14 22:09:14 2025 by rpki-client