Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6645d5-d193-4a63-85e6-2ca0e5c104fd/1/K7bdbq2NQi5Og3pBR0VNiKqzF3o.roa
File: K7bdbq2NQi5Og3pBR0VNiKqzF3o.roa (raw, json)
Hash identifier: Y5TCg/QVPxm4ctwH0Vu0TBEdMj0uZUrfAJN0ICvLjOc=
Subject key identifier: 2B:B6:DD:6E:AD:8D:42:2E:4E:83:7A:41:47:45:4D:88:AA:B3:17:7A
Certificate issuer: /CN=be18e2d9f509c9d3b455112aa288d336185801a0
Certificate serial: 019424459A772FEB1C0B78D62B5984D9BDBF
Authority key identifier: BE:18:E2:D9:F5:09:C9:D3:B4:55:11:2A:A2:88:D3:36:18:58:01:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vhji2fUJydO0VREqoojTNhhYAaA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/6645d5-d193-4a63-85e6-2ca0e5c104fd/1/K7bdbq2NQi5Og3pBR0VNiKqzF3o.roa
Signing time: Wed 01 Jan 2025 23:48:48 +0000
ROA not before: Wed 01 Jan 2025 23:48:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211425
IP address blocks: 91.151.85.0/24 maxlen: 24
91.151.92.0/24 maxlen: 24
193.56.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/6645d5-d193-4a63-85e6-2ca0e5c104fd/1/vhji2fUJydO0VREqoojTNhhYAaA.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/6645d5-d193-4a63-85e6-2ca0e5c104fd/1/vhji2fUJydO0VREqoojTNhhYAaA.mft
rsync://rpki.ripe.net/repository/DEFAULT/vhji2fUJydO0VREqoojTNhhYAaA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:9a:77:2f:eb:1c:0b:78:d6:2b:59:84:d9:bd:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be18e2d9f509c9d3b455112aa288d336185801a0
Validity
Not Before: Jan 1 23:48:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2bb6dd6ead8d422e4e837a4147454d88aab3177a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:19:e3:7e:c3:ad:ea:14:c4:b9:5b:6d:db:ce:
d2:3c:dc:c8:b9:74:ca:d0:1d:b5:15:4b:41:16:16:
34:da:36:a2:c6:f0:03:28:d0:a8:4e:4c:df:bd:b3:
c2:b8:03:d8:80:17:ba:d3:38:00:19:16:4d:a2:76:
8e:b3:44:c6:44:b1:f5:17:31:c3:e4:97:3f:7d:fa:
51:73:b6:12:3c:a3:eb:70:f1:42:bd:61:fb:e6:59:
44:2d:2c:20:d2:b0:37:99:58:be:0c:43:c8:f8:dc:
57:70:34:62:d9:58:68:6c:ce:a2:7d:5b:60:68:21:
81:be:ad:14:37:11:9a:ba:55:5b:e0:21:0d:43:35:
8b:b2:da:d3:03:a6:53:4a:17:ce:bc:b4:70:74:57:
52:c6:97:bd:e8:88:9d:56:d0:f7:5a:0e:89:35:f5:
be:22:d9:95:f8:ed:dc:f4:7e:b1:18:fa:3c:ce:0c:
c2:4a:07:9f:1d:3a:46:a9:48:f3:dd:18:06:29:60:
f7:62:bd:00:85:96:f7:a9:ce:8c:e7:c4:8e:b8:56:
c7:6e:3f:9e:f0:82:88:c7:00:ac:30:24:5a:03:46:
b2:6d:72:63:21:4d:6f:77:3c:7d:15:37:40:18:15:
89:44:a6:dc:98:5f:fe:f6:fc:2f:ab:19:98:2a:91:
3a:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:B6:DD:6E:AD:8D:42:2E:4E:83:7A:41:47:45:4D:88:AA:B3:17:7A
X509v3 Authority Key Identifier:
keyid:BE:18:E2:D9:F5:09:C9:D3:B4:55:11:2A:A2:88:D3:36:18:58:01:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vhji2fUJydO0VREqoojTNhhYAaA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6645d5-d193-4a63-85e6-2ca0e5c104fd/1/K7bdbq2NQi5Og3pBR0VNiKqzF3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6645d5-d193-4a63-85e6-2ca0e5c104fd/1/vhji2fUJydO0VREqoojTNhhYAaA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.85.0/24
91.151.92.0/24
193.56.0.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:4a:2e:66:93:00:b2:a0:7b:05:89:d6:21:8c:29:36:d5:8e:
3e:53:94:61:7b:83:57:80:f8:97:cb:b2:13:92:7d:ba:74:22:
ce:bc:f0:d6:58:9f:e4:a5:db:5c:08:2d:73:40:4d:86:0f:3d:
27:b7:a3:67:6f:05:f5:be:5c:f3:6c:11:21:f3:8d:26:25:ea:
a1:f8:77:99:b2:78:7c:0d:89:b0:02:4b:7c:f4:13:89:1a:9b:
2c:24:ff:cc:cb:72:17:f0:1e:20:b5:5f:10:fe:7d:22:df:e0:
ae:c6:9b:41:9d:5d:b6:81:31:4b:d1:74:50:21:c6:43:01:3b:
f5:94:51:14:bc:b5:e0:bd:c8:99:f2:2b:dc:c6:2b:14:db:7a:
82:69:03:42:5d:98:d8:cd:27:af:fc:bb:dc:d8:bd:99:75:7c:
14:82:e0:62:f0:39:50:cc:21:3a:05:11:a9:e5:64:0a:f4:cf:
52:65:de:d4:0f:9c:2b:80:82:1b:9b:0c:b9:f3:31:33:a4:4b:
c8:3a:e5:6d:57:c1:67:d7:68:b1:b8:69:82:4c:bc:00:00:3e:
dd:8b:ad:d9:f7:e1:ad:5c:ea:83:db:35:1f:a7:cb:d7:58:b1:
d5:46:1c:90:1b:53:93:71:da:9a:b7:5c:ea:35:58:58:56:38:
1d:f4:59:bd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQkRZp3L+scC3jWK1mE2b2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMThlMmQ5ZjUwOWM5ZDNiNDU1MTEyYWEyODhkMzM2MTg1
ODAxYTAwHhcNMjUwMTAxMjM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI2ZGQ2ZWFkOGQ0MjJlNGU4MzdhNDE0NzQ1NGQ4OGFhYjMxNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBnjfsOt6hTEuVtt287SPNzIuXTK
0B21FUtBFhY02jaixvADKNCoTkzfvbPCuAPYgBe60zgAGRZNonaOs0TGRLH1FzHD
5Jc/ffpRc7YSPKPrcPFCvWH75llELSwg0rA3mVi+DEPI+NxXcDRi2VhobM6ifVtg
aCGBvq0UNxGaulVb4CENQzWLstrTA6ZTShfOvLRwdFdSxpe96IidVtD3Wg6JNfW+
ItmV+O3c9H6xGPo8zgzCSgefHTpGqUjz3RgGKWD3Yr0AhZb3qc6M58SOuFbHbj+e
8IKIxwCsMCRaA0aybXJjIU1vdzx9FTdAGBWJRKbcmF/+9vwvqxmYKpE6PQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCu23W6tjUIuToN6QUdFTYiqsxd6MB8GA1UdIwQY
MBaAFL4Y4tn1CcnTtFURKqKI0zYYWAGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmhqaTJmVUp5ZE8wVlJFcW9valROaGhZQWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82NjQ1ZDUtZDE5My00YTYzLTg1ZTYt
MmNhMGU1YzEwNGZkLzEvSzdiZGJxMk5RaTVPZzNwQlIwVk5pS3F6RjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82NjQ1ZDUtZDE5My00YTYzLTg1ZTYtMmNhMGU1YzEwNGZk
LzEvdmhqaTJmVUp5ZE8wVlJFcW9valROaGhZQWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW5dVAwQA
W5dcAwQAwTgAMA0GCSqGSIb3DQEBCwUAA4IBAQArSi5mkwCyoHsFidYhjCk21Y4+
U5Rhe4NXgPiXy7ITkn26dCLOvPDWWJ/kpdtcCC1zQE2GDz0nt6NnbwX1vlzzbBEh
840mJeqh+HeZsnh8DYmwAkt89BOJGpssJP/My3IX8B4gtV8Q/n0i3+CuxptBnV22
gTFL0XRQIcZDATv1lFEUvLXgvciZ8ivcxisU23qCaQNCXZjYzSev/Lvc2L2ZdXwU
guBi8DlQzCE6BRGp5WQK9M9SZd7UD5wrgIIbmwy58zEzpEvIOuVtV8Fn12ixuGmC
TLwAAD7di63Z9+GtXOqD2zUfp8vXWLHVRhyQG1OTcdqat1zqNVhYVjgd9Fm9
-----END CERTIFICATE-----
Generated at Wed Apr 23 00:53:56 2025 by rpki-client