Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/rbrZHNFZV2PghcbnD58BsiTb4fM.roa
File: rbrZHNFZV2PghcbnD58BsiTb4fM.roa (raw, json)
Hash identifier: lv4ZBJ0n9GgFcUNc8R8aVHx+xVm5fcBSvhJ55Sn9X+Q=
Subject key identifier: AD:BA:D9:1C:D1:59:57:63:E0:85:C6:E7:0F:9F:01:B2:24:DB:E1:F3
Certificate issuer: /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial: 019425FD533B0AB0661F4C9AD039D4D03EDA
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/rbrZHNFZV2PghcbnD58BsiTb4fM.roa
Signing time: Thu 02 Jan 2025 07:49:06 +0000
ROA not before: Thu 02 Jan 2025 07:49:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41740
IP address blocks: 193.232.147.0/24 maxlen: 24
193.232.253.0/24 maxlen: 24
195.208.4.0/24 maxlen: 24
195.208.5.0/24 maxlen: 24
195.208.6.0/24 maxlen: 24
195.208.7.0/24 maxlen: 24
2a0c:a9c7:8::/48 maxlen: 48
2a0c:a9c7:9::/48 maxlen: 48
2a0c:a9c7:a::/48 maxlen: 48
2a0c:a9c7:b::/48 maxlen: 48
2a0c:a9c7:147::/48 maxlen: 48
2a0c:a9c7:253::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 02:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:53:3b:0a:b0:66:1f:4c:9a:d0:39:d4:d0:3e:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
Validity
Not Before: Jan 2 07:49:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=adbad91cd1595763e085c6e70f9f01b224dbe1f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:30:6e:8b:73:da:78:36:77:98:0c:ca:87:29:
e8:bb:39:25:1b:80:67:69:ad:1a:f7:ca:c5:f1:1c:
7a:dc:2f:33:eb:f9:17:1c:a0:0c:80:d9:3e:ae:3d:
ee:9a:ed:7d:76:e6:25:26:f1:13:91:00:24:1b:ce:
de:0e:5b:51:70:a0:c5:af:fe:04:62:84:f0:78:df:
29:5d:7d:9f:d6:71:04:49:85:09:84:26:f3:51:f2:
bd:ed:40:c2:bf:08:89:d0:48:9d:3b:8e:69:83:e6:
8a:48:b3:06:fa:d4:4a:18:f7:cd:d9:38:83:39:03:
31:22:5a:10:64:76:ba:87:d2:ba:70:ba:f9:2f:6b:
06:01:bc:31:77:46:6c:59:d7:18:36:68:d9:8d:e5:
88:da:ad:47:2a:30:1b:b8:08:6e:cc:31:e9:1d:1b:
b3:83:1d:85:bc:d7:0c:93:48:ec:b1:e8:40:50:0d:
8f:e5:55:04:ea:79:c8:b5:52:b6:0e:b4:87:8f:f4:
07:67:7c:93:33:7c:bd:ea:69:46:2f:a5:8a:68:98:
25:e6:f9:d4:fb:3f:2e:ca:34:1b:4a:5a:fc:48:92:
e4:bd:a4:15:9c:8a:18:77:ec:83:08:cb:b9:c1:5b:
0d:61:e4:2e:e2:92:8a:e3:06:99:06:c0:00:63:90:
b9:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:BA:D9:1C:D1:59:57:63:E0:85:C6:E7:0F:9F:01:B2:24:DB:E1:F3
X509v3 Authority Key Identifier:
keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/rbrZHNFZV2PghcbnD58BsiTb4fM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.232.147.0/24
193.232.253.0/24
195.208.4.0/22
IPv6:
2a0c:a9c7:8::/46
2a0c:a9c7:147::/48
2a0c:a9c7:253::/48
Signature Algorithm: sha256WithRSAEncryption
52:b7:d5:7b:cc:c3:36:54:6a:a5:e1:1a:0a:d3:eb:f7:0a:51:
5f:c1:b1:53:9c:f3:36:91:c8:9e:a7:a1:57:c0:85:56:dd:ff:
a8:ab:38:f0:54:da:98:e1:70:6d:c7:2e:b1:fb:95:e7:0f:29:
65:70:fe:db:fa:84:44:ea:30:9c:8d:d8:b1:6a:d2:c6:20:3a:
74:17:dc:30:c5:11:8e:fc:5c:68:88:aa:8d:09:0f:5b:d8:17:
8a:c0:19:f1:63:24:81:06:d2:c6:7b:90:65:b3:09:c9:cc:16:
b8:67:47:14:f7:a7:df:72:75:76:ab:db:d8:0e:24:e8:87:80:
57:a9:b0:3a:36:48:6e:63:59:99:85:97:c0:62:52:85:29:0f:
6a:aa:b0:df:66:05:a1:5f:1f:59:f9:ad:ed:93:3d:b9:89:27:
d7:a4:6a:c8:4c:93:72:01:d7:8d:e7:83:3c:38:51:07:ef:ed:
20:ba:59:ef:b3:65:4c:4e:1c:d9:3c:87:49:75:23:02:b2:7f:
e8:37:58:1a:25:2f:c2:e0:2f:90:67:78:43:7d:2d:3b:14:c0:
e1:7c:dc:76:34:c8:21:b8:68:a5:c8:e3:29:27:44:3b:0a:53:
6d:fb:3b:53:92:71:71:7f:ba:c5:d1:88:c3:8b:9b:9f:24:c4:
a5:77:3a:a8
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZQl/VM7CrBmH0ya0DnU0D7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGJhZDkxY2QxNTk1NzYzZTA4NWM2ZTcwZjlmMDFiMjI0ZGJlMWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzBui3PaeDZ3mAzKhynouzklG4Bn
aa0a98rF8Rx63C8z6/kXHKAMgNk+rj3umu19duYlJvETkQAkG87eDltRcKDFr/4E
YoTweN8pXX2f1nEESYUJhCbzUfK97UDCvwiJ0EidO45pg+aKSLMG+tRKGPfN2TiD
OQMxIloQZHa6h9K6cLr5L2sGAbwxd0ZsWdcYNmjZjeWI2q1HKjAbuAhuzDHpHRuz
gx2FvNcMk0jssehAUA2P5VUE6nnItVK2DrSHj/QHZ3yTM3y96mlGL6WKaJgl5vnU
+z8uyjQbSlr8SJLkvaQVnIoYd+yDCMu5wVsNYeQu4pKK4waZBsAAY5C5FwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFK262RzRWVdj4IXG5w+fAbIk2+HzMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvcmJyWkhORlpWMlBnaGNibkQ1OEJzaVRiNGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAYBAIAATASAwQAweiTAwQA
wej9AwQCw9AEMCEEAgACMBsDBwIqDKnHAAgDBwAqDKnHAUcDBwAqDKnHAlMwDQYJ
KoZIhvcNAQELBQADggEBAFK31XvMwzZUaqXhGgrT6/cKUV/BsVOc8zaRyJ6noVfA
hVbd/6irOPBU2pjhcG3HLrH7lecPKWVw/tv6hETqMJyN2LFq0sYgOnQX3DDFEY78
XGiIqo0JD1vYF4rAGfFjJIEG0sZ7kGWzCcnMFrhnRxT3p99ydXar29gOJOiHgFep
sDo2SG5jWZmFl8BiUoUpD2qqsN9mBaFfH1n5re2TPbmJJ9ekashMk3IB143ngzw4
UQfv7SC6We+zZUxOHNk8h0l1IwKyf+g3WBolL8LgL5BneEN9LTsUwOF83HY0yCG4
aKXI4yknRDsKU237O1OScXF/usXRiMOLm58kxKV3Oqg=
-----END CERTIFICATE-----
Generated at Fri Apr 11 10:54:15 2025 by rpki-client