Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/erY5eOsE13MYDYGdz-7KiRAOTog.roa
File: erY5eOsE13MYDYGdz-7KiRAOTog.roa (raw, json)
Hash identifier: NmXI2cVM6emkr8oTXJbXMbKgJl7gRO9hnwaW3QZ2P/k=
Subject key identifier: 7A:B6:39:78:EB:04:D7:73:18:0D:81:9D:CF:EE:CA:89:10:0E:4E:88
Certificate issuer: /CN=de456cdb4d140345c3dcaebfc7634d4e7cdcb913
Certificate serial: 01956FB2BE3E0648DDB9B14E14B27C452848
Authority key identifier: DE:45:6C:DB:4D:14:03:45:C3:DC:AE:BF:C7:63:4D:4E:7C:DC:B9:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3kVs200UA0XD3K6_x2NNTnzcuRM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/erY5eOsE13MYDYGdz-7KiRAOTog.roa
Signing time: Fri 07 Mar 2025 08:22:19 +0000
ROA not before: Fri 07 Mar 2025 08:22:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6696
IP address blocks: 109.69.218.0/24 maxlen: 24
128.127.180.0/24 maxlen: 24
185.99.48.0/24 maxlen: 24
185.99.49.0/24 maxlen: 24
185.99.50.0/24 maxlen: 24
185.192.44.0/24 maxlen: 24
185.192.45.0/24 maxlen: 24
193.105.133.0/24 maxlen: 24
193.138.101.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/3kVs200UA0XD3K6_x2NNTnzcuRM.crl
rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/3kVs200UA0XD3K6_x2NNTnzcuRM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3kVs200UA0XD3K6_x2NNTnzcuRM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 14:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:6f:b2:be:3e:06:48:dd:b9:b1:4e:14:b2:7c:45:28:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=de456cdb4d140345c3dcaebfc7634d4e7cdcb913
Validity
Not Before: Mar 7 08:22:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7ab63978eb04d773180d819dcfeeca89100e4e88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:d3:e6:fa:53:07:01:70:42:4b:f9:14:c4:ec:
2f:79:45:9e:69:30:46:64:46:db:9a:b5:4e:f8:ed:
94:62:d4:7b:7f:f5:10:0a:e2:e4:91:67:92:eb:aa:
5f:a8:25:27:61:78:3d:76:01:b5:b4:a5:f9:00:7e:
cd:1f:10:e0:46:da:71:c0:96:40:9c:a6:c8:3a:b6:
12:08:55:7b:52:c3:c8:49:cb:a1:2f:c5:04:d6:11:
b6:fe:a0:5f:e3:50:8a:16:5e:02:4b:e4:d8:54:7c:
67:c5:47:53:b5:25:77:2a:8d:f5:e8:ea:8b:e4:69:
40:5d:4d:0c:09:6b:e9:9b:05:6b:da:74:81:ac:c1:
37:88:6c:cd:4f:9a:ac:22:a2:a1:0f:64:dd:24:84:
d8:67:7c:a7:b9:68:dd:24:f9:19:cd:15:22:dc:95:
70:65:b1:20:65:ab:bc:84:9b:bf:71:05:ae:5b:67:
b0:3c:7f:1d:4f:ca:e4:c0:cd:5b:68:bf:db:f3:53:
d3:df:ff:e7:c7:63:b9:f3:b2:4b:06:39:de:3a:96:
b7:8b:d4:b9:05:5e:88:37:ef:31:aa:80:dd:f2:d4:
83:ee:e4:99:4a:d1:32:7f:67:3f:73:59:b1:14:13:
16:1b:3b:4b:31:d6:f2:cc:bf:ee:fe:84:90:97:fc:
c6:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:B6:39:78:EB:04:D7:73:18:0D:81:9D:CF:EE:CA:89:10:0E:4E:88
X509v3 Authority Key Identifier:
keyid:DE:45:6C:DB:4D:14:03:45:C3:DC:AE:BF:C7:63:4D:4E:7C:DC:B9:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3kVs200UA0XD3K6_x2NNTnzcuRM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/erY5eOsE13MYDYGdz-7KiRAOTog.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/20cb33-e2bf-46aa-abfa-928e7bc69570/1/3kVs200UA0XD3K6_x2NNTnzcuRM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.69.218.0/24
128.127.180.0/24
185.99.48.0-185.99.50.255
185.192.44.0/23
193.105.133.0/24
193.138.101.0/24
Signature Algorithm: sha256WithRSAEncryption
77:8b:96:eb:0e:93:25:13:dd:38:19:bc:6a:23:4a:09:88:37:
50:6a:f7:89:fa:0b:a4:66:47:73:6a:cb:ad:d7:6c:00:05:5a:
8c:5b:64:37:53:83:89:2c:8d:c1:5a:d1:a9:d7:83:c9:a3:da:
67:5c:a5:1b:71:47:2d:27:9c:4e:70:f9:ff:f3:01:84:12:e8:
c9:90:41:a6:5e:9a:67:89:1d:e2:31:5e:18:90:45:0b:4b:ce:
8f:c7:d3:36:12:9a:b8:89:ab:a8:fe:3a:d9:3c:f0:2d:ec:c0:
a1:90:b3:03:c4:82:63:1d:86:67:7d:69:f5:63:8b:f7:51:d3:
49:82:8e:64:cd:85:53:08:a3:9a:ac:b9:1a:d4:28:a8:c7:17:
f6:24:e8:31:fa:4f:6b:49:82:a0:4b:f5:67:75:ca:ce:da:60:
ce:02:75:d4:64:65:31:d0:ca:bd:9d:50:e8:8f:b8:b7:7b:b3:
2a:79:79:06:ff:dd:dd:24:e8:90:16:a9:c9:a3:40:51:40:4e:
64:d2:d3:d6:9c:79:1d:ae:e5:08:1b:72:7d:fd:c3:84:0e:6f:
a4:09:71:69:62:8d:15:ef:66:15:61:98:b0:39:fc:a4:df:be:
11:b0:af:0e:33:df:dd:70:7f:94:0a:fc:59:79:f3:d5:08:4a:
07:d8:7e:ba
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZVvsr4+BkjdubFOFLJ8RShIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNDU2Y2RiNGQxNDAzNDVjM2RjYWViZmM3NjM0ZDRlN2Nk
Y2I5MTMwHhcNMjUwMzA3MDgyMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI2Mzk3OGViMDRkNzczMTgwZDgxOWRjZmVlY2E4OTEwMGU0ZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NPm+lMHAXBCS/kUxOwveUWeaTBG
ZEbbmrVO+O2UYtR7f/UQCuLkkWeS66pfqCUnYXg9dgG1tKX5AH7NHxDgRtpxwJZA
nKbIOrYSCFV7UsPIScuhL8UE1hG2/qBf41CKFl4CS+TYVHxnxUdTtSV3Ko316OqL
5GlAXU0MCWvpmwVr2nSBrME3iGzNT5qsIqKhD2TdJITYZ3ynuWjdJPkZzRUi3JVw
ZbEgZau8hJu/cQWuW2ewPH8dT8rkwM1baL/b81PT3//nx2O587JLBjneOpa3i9S5
BV6IN+8xqoDd8tSD7uSZStEyf2c/c1mxFBMWGztLMdbyzL/u/oSQl/zGewIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFHq2OXjrBNdzGA2Bnc/uyokQDk6IMB8GA1UdIwQY
MBaAFN5FbNtNFANFw9yuv8djTU583LkTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2tWczIwMFVBMFhEM0s2X3gyTk5UbnpjdVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMGNiMzMtZTJiZi00NmFhLWFiZmEt
OTI4ZTdiYzY5NTcwLzEvZXJZNWVPc0UxM01ZRFlHZHotN0tpUkFPVG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMGNiMzMtZTJiZi00NmFhLWFiZmEtOTI4ZTdiYzY5NTcw
LzEvM2tWczIwMFVBMFhEM0s2X3gyTk5UbnpjdVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAbUXaAwQA
gH+0MAwDBAS5YzADBAC5YzIDBAG5wCwDBADBaYUDBADBimUwDQYJKoZIhvcNAQEL
BQADggEBAHeLlusOkyUT3TgZvGojSgmIN1Bq94n6C6RmR3Nqy63XbAAFWoxbZDdT
g4ksjcFa0anXg8mj2mdcpRtxRy0nnE5w+f/zAYQS6MmQQaZemmeJHeIxXhiQRQtL
zo/H0zYSmriJq6j+Otk88C3swKGQswPEgmMdhmd9afVji/dR00mCjmTNhVMIo5qs
uRrUKKjHF/Yk6DH6T2tJgqBL9Wd1ys7aYM4CddRkZTHQyr2dUOiPuLd7syp5eQb/
3d0k6JAWqcmjQFFATmTS09aceR2u5Qgbcn39w4QOb6QJcWlijRXvZhVhmLA5/KTf
vhGwrw4z391wf5QK/Fl589UISgfYfro=
-----END CERTIFICATE-----
Generated at Sat Apr 12 19:05:00 2025 by rpki-client