Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/oHES2kIQSwcnceUnSAnzOBK0UoA.roa
File: oHES2kIQSwcnceUnSAnzOBK0UoA.roa (raw, json)
Hash identifier: R0HeMmAONLyIzPgR+arZikegwIRj9xGz1jODUH2wdeA=
Subject key identifier: A0:71:12:DA:42:10:4B:07:27:71:E5:27:48:09:F3:38:12:B4:52:80
Certificate issuer: /CN=3921b7f1eee90d99e294218a938753c1ea2dc267
Certificate serial: 0196CE2A720DAAAA6C3209CA9C12C1398278
Authority key identifier: 39:21:B7:F1:EE:E9:0D:99:E2:94:21:8A:93:87:53:C1:EA:2D:C2:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OSG38e7pDZnilCGKk4dTweotwmc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/oHES2kIQSwcnceUnSAnzOBK0UoA.roa
Signing time: Wed 14 May 2025 09:40:10 +0000
ROA not before: Wed 14 May 2025 09:40:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201675
IP address blocks: 45.151.220.0/22 maxlen: 22
89.21.80.0/22 maxlen: 22
149.232.242.0/24 maxlen: 24
185.67.144.0/22 maxlen: 22
2a05:1000::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/OSG38e7pDZnilCGKk4dTweotwmc.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/OSG38e7pDZnilCGKk4dTweotwmc.mft
rsync://rpki.ripe.net/repository/DEFAULT/OSG38e7pDZnilCGKk4dTweotwmc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 09:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ce:2a:72:0d:aa:aa:6c:32:09:ca:9c:12:c1:39:82:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3921b7f1eee90d99e294218a938753c1ea2dc267
Validity
Not Before: May 14 09:40:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a07112da42104b072771e5274809f33812b45280
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:03:a7:47:e3:ad:69:83:c9:e3:ac:83:f6:98:
22:62:65:7e:7f:a0:fc:7d:7f:63:6d:51:cc:5a:0a:
1d:be:b7:13:f8:1c:cf:16:81:cf:6c:ed:19:cd:a2:
18:39:ef:3b:33:74:86:17:fc:0c:7b:b7:f0:5f:8f:
69:56:cf:7d:2e:e9:6c:d1:5d:1b:66:62:72:96:6e:
05:88:20:db:fc:7c:d8:15:6b:94:3b:13:64:15:7a:
a4:a7:4b:9b:de:86:fa:f9:c7:d9:1c:e9:2f:3d:b7:
4c:46:1a:2a:ba:00:9a:b0:63:f0:86:b0:0e:14:18:
64:a1:74:71:67:1b:8c:d8:a4:d8:80:93:86:4d:01:
dd:bd:fc:a3:d9:68:4b:7a:30:bd:be:65:47:53:56:
bf:7f:99:a5:dc:ae:85:2a:3e:e5:5e:ce:8a:6b:d3:
34:7d:9b:e2:7f:cf:79:78:95:f0:f0:87:47:c1:c9:
69:f3:c8:0c:ec:4b:e5:fe:9f:89:57:86:e6:82:de:
75:ad:f3:d8:66:1d:0a:ba:1f:ce:72:30:14:f8:30:
6a:1d:e7:b4:17:cc:5b:f4:54:34:db:f9:e9:41:98:
b3:99:86:2b:0b:17:fc:4f:4c:71:a4:b0:9c:61:3a:
19:39:6d:78:25:c3:25:13:62:80:d2:86:d4:be:11:
08:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:71:12:DA:42:10:4B:07:27:71:E5:27:48:09:F3:38:12:B4:52:80
X509v3 Authority Key Identifier:
keyid:39:21:B7:F1:EE:E9:0D:99:E2:94:21:8A:93:87:53:C1:EA:2D:C2:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSG38e7pDZnilCGKk4dTweotwmc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/oHES2kIQSwcnceUnSAnzOBK0UoA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/be1db1-4dc4-463c-baf8-2441e10f6f8f/1/OSG38e7pDZnilCGKk4dTweotwmc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.220.0/22
89.21.80.0/22
149.232.242.0/24
185.67.144.0/22
IPv6:
2a05:1000::/29
Signature Algorithm: sha256WithRSAEncryption
7f:0a:9b:f3:b8:94:a6:20:f5:ff:55:ba:bb:68:b4:2e:69:f5:
3e:c1:1c:be:60:cf:c7:9f:ea:5f:da:95:b5:30:aa:35:b1:35:
fe:0d:06:85:b0:ad:d5:08:2c:fe:49:1e:d1:82:71:3f:cc:5b:
04:f0:00:ac:e9:a5:f4:f4:35:28:54:25:7f:cd:ff:01:b5:9f:
4e:ee:03:5f:7b:fc:86:a7:a1:69:d5:ce:ee:95:46:7a:e8:81:
56:72:d6:05:17:64:d0:d7:9f:57:30:d6:01:13:d1:35:08:cc:
bc:ed:5c:be:13:29:ef:45:8e:b9:03:18:fc:c8:ae:02:ad:ee:
fd:f9:db:49:ad:4e:c6:38:d4:60:5f:9e:5d:3c:b9:ab:2a:45:
06:93:93:e9:f8:1c:05:bd:11:96:0d:b7:1d:48:3b:ae:99:cb:
12:d9:aa:d2:7d:35:50:81:47:80:3f:b2:ec:9f:5f:9b:83:70:
ca:68:82:0e:35:8d:43:66:63:3b:1e:a7:18:4d:dd:c3:36:d9:
01:02:e6:47:6d:e5:73:72:fc:66:33:2f:20:86:58:d4:c7:f2:
58:60:de:91:13:5d:08:a4:b8:8a:b0:a7:a9:9a:f8:fb:49:a0:
e5:5d:44:84:ca:20:c3:17:db:6e:aa:59:02:f9:3d:e1:63:19:
9c:6f:cb:bd
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZbOKnINqqpsMgnKnBLBOYJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjFiN2YxZWVlOTBkOTllMjk0MjE4YTkzODc1M2MxZWEy
ZGMyNjcwHhcNMjUwNTE0MDk0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDcxMTJkYTQyMTA0YjA3Mjc3MWU1Mjc0ODA5ZjMzODEyYjQ1MjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAOnR+OtaYPJ46yD9pgiYmV+f6D8
fX9jbVHMWgodvrcT+BzPFoHPbO0ZzaIYOe87M3SGF/wMe7fwX49pVs99Luls0V0b
ZmJylm4FiCDb/HzYFWuUOxNkFXqkp0ub3ob6+cfZHOkvPbdMRhoqugCasGPwhrAO
FBhkoXRxZxuM2KTYgJOGTQHdvfyj2WhLejC9vmVHU1a/f5ml3K6FKj7lXs6Ka9M0
fZvif895eJXw8IdHwclp88gM7Evl/p+JV4bmgt51rfPYZh0Kuh/OcjAU+DBqHee0
F8xb9FQ02/npQZizmYYrCxf8T0xxpLCcYToZOW14JcMlE2KA0obUvhEIsQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKBxEtpCEEsHJ3HlJ0gJ8zgStFKAMB8GA1UdIwQY
MBaAFDkht/Hu6Q2Z4pQhipOHU8HqLcJnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NHMzhlN3BEWm5pbENHS2s0ZFR3ZW90d21jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9iZTFkYjEtNGRjNC00NjNjLWJhZjgt
MjQ0MWUxMGY2ZjhmLzEvb0hFUzJrSVFTd2NuY2VVblNBbnpPQkswVW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9iZTFkYjEtNGRjNC00NjNjLWJhZjgtMjQ0MWUxMGY2Zjhm
LzEvT1NHMzhlN3BEWm5pbENHS2s0ZFR3ZW90d21jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLZfcAwQC
WRVQAwQAlejyAwQCuUOQMA0EAgACMAcDBQMqBRAAMA0GCSqGSIb3DQEBCwUAA4IB
AQB/CpvzuJSmIPX/Vbq7aLQuafU+wRy+YM/Hn+pf2pW1MKo1sTX+DQaFsK3VCCz+
SR7RgnE/zFsE8ACs6aX09DUoVCV/zf8BtZ9O7gNfe/yGp6Fp1c7ulUZ66IFWctYF
F2TQ159XMNYBE9E1CMy87Vy+EynvRY65Axj8yK4Cre79+dtJrU7GONRgX55dPLmr
KkUGk5Pp+BwFvRGWDbcdSDuumcsS2arSfTVQgUeAP7Lsn1+bg3DKaIIONY1DZmM7
HqcYTd3DNtkBAuZHbeVzcvxmMy8ghljUx/JYYN6RE10IpLiKsKepmvj7SaDlXUSE
yiDDF9tuqlkC+T3hYxmcb8u9
-----END CERTIFICATE-----
Generated at Sat Jun 7 18:43:19 2025 by rpki-client