Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/HSPZejR5lJB8cqlG1i1XbvBd4AY.roa
File: HSPZejR5lJB8cqlG1i1XbvBd4AY.roa (raw, json)
Hash identifier: LYg4VkRRLjikz7I2hzCQk0ST28urIdVmK83g08e6nBA=
Subject key identifier: 1D:23:D9:7A:34:79:94:90:7C:72:A9:46:D6:2D:57:6E:F0:5D:E0:06
Certificate issuer: /CN=572b4ed92682d718a8fc4488140027406960795f
Certificate serial: 0196FC5C13D9B5CBB74A3F1FB72B06328A80
Authority key identifier: 57:2B:4E:D9:26:82:D7:18:A8:FC:44:88:14:00:27:40:69:60:79:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VytO2SaC1xio_ESIFAAnQGlgeV8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/HSPZejR5lJB8cqlG1i1XbvBd4AY.roa
Signing time: Fri 23 May 2025 08:56:54 +0000
ROA not before: Fri 23 May 2025 08:56:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205624
IP address blocks: 37.156.188.0/22 maxlen: 24
94.176.176.0/22 maxlen: 24
152.89.32.0/23 maxlen: 24
185.44.16.0/22 maxlen: 24
185.154.204.0/22 maxlen: 24
185.156.100.0/22 maxlen: 24
185.196.64.0/22 maxlen: 24
185.211.68.0/22 maxlen: 24
185.252.224.0/22 maxlen: 24
193.46.192.0/22 maxlen: 24
2a0d:8800::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/VytO2SaC1xio_ESIFAAnQGlgeV8.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/VytO2SaC1xio_ESIFAAnQGlgeV8.mft
rsync://rpki.ripe.net/repository/DEFAULT/VytO2SaC1xio_ESIFAAnQGlgeV8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 17:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:fc:5c:13:d9:b5:cb:b7:4a:3f:1f:b7:2b:06:32:8a:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=572b4ed92682d718a8fc4488140027406960795f
Validity
Not Before: May 23 08:56:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1d23d97a347994907c72a946d62d576ef05de006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:38:a4:1f:9e:b5:23:30:bc:db:3c:ae:da:0f:
71:e8:83:1a:8c:f0:6d:0e:7f:f3:28:f3:ec:f2:dc:
49:44:8b:e2:cf:df:80:34:b3:c9:80:28:ae:fa:65:
47:42:08:25:a2:fe:a8:4e:c8:24:2c:36:e7:a5:12:
09:60:76:5c:73:69:3a:dd:8d:67:8c:aa:d6:d6:65:
05:f1:3f:3a:70:1f:f8:f0:4f:8c:8f:3a:d3:cc:d4:
f2:4f:a9:eb:e8:8f:1f:56:5e:39:2f:70:7b:16:6b:
6b:96:bd:f2:8a:c1:c4:53:5d:ec:8e:a6:83:3a:23:
dc:5e:ef:93:ba:5b:88:ee:73:ac:e1:8f:50:a3:b7:
74:e8:6d:06:43:ac:25:bb:96:95:ce:99:4f:d7:cf:
0d:d9:74:6e:cb:27:b9:04:a4:f4:ee:8e:45:ed:c0:
6d:86:e5:f4:7e:07:5b:56:2f:fb:d0:79:f5:5d:0e:
24:1d:bf:78:06:29:28:1e:e2:8a:de:40:ea:82:aa:
92:ed:8c:24:c8:7d:32:54:f6:40:8d:99:7f:6b:79:
a0:75:d2:b1:fb:29:0a:7e:60:ec:18:30:59:32:6d:
bd:bd:b5:6e:ae:44:88:5b:0a:de:77:56:1d:23:0d:
21:cc:36:80:dc:22:94:b2:46:11:a6:34:9b:2c:94:
88:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:23:D9:7A:34:79:94:90:7C:72:A9:46:D6:2D:57:6E:F0:5D:E0:06
X509v3 Authority Key Identifier:
keyid:57:2B:4E:D9:26:82:D7:18:A8:FC:44:88:14:00:27:40:69:60:79:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VytO2SaC1xio_ESIFAAnQGlgeV8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/HSPZejR5lJB8cqlG1i1XbvBd4AY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/VytO2SaC1xio_ESIFAAnQGlgeV8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.188.0/22
94.176.176.0/22
152.89.32.0/23
185.44.16.0/22
185.154.204.0/22
185.156.100.0/22
185.196.64.0/22
185.211.68.0/22
185.252.224.0/22
193.46.192.0/22
IPv6:
2a0d:8800::/29
Signature Algorithm: sha256WithRSAEncryption
b0:dc:e2:fd:60:f6:d0:57:45:f7:06:ab:b8:e4:91:06:25:cf:
c6:29:58:f8:21:67:4d:77:42:28:11:48:7f:0c:82:bf:d3:fc:
76:2c:1b:a6:b3:e1:ed:24:aa:c4:f9:3e:f7:c1:0f:28:c2:7e:
83:a2:a0:c8:20:21:64:9d:cf:8b:26:95:13:45:a1:a0:59:7f:
67:fb:6d:7a:7e:c9:d8:e9:9c:d4:be:84:5c:9e:b2:92:81:3f:
d2:70:32:e3:3f:3a:d1:31:d3:f0:17:74:84:b8:31:33:67:89:
5f:1c:00:73:e2:9d:3b:e2:35:7b:e3:ca:73:85:22:d0:f7:e3:
0a:8e:67:ef:7e:0a:50:c7:a4:e7:64:c2:12:a5:2d:3a:30:ed:
00:27:56:ae:38:ef:ee:f6:66:de:e5:f0:bc:62:a3:28:c6:3e:
f5:b4:5b:d5:4d:73:cd:ca:cc:58:91:7b:fe:c1:ff:bc:41:a9:
94:82:fd:2b:e3:e9:f6:b3:b4:05:0c:98:16:a2:fd:81:a7:d3:
14:72:35:8a:47:35:59:05:41:c6:04:11:e0:66:6f:6d:0e:5f:
53:1a:6f:97:dc:23:74:2f:de:c3:e7:8c:9b:a8:4b:44:cd:fc:
88:56:65:28:94:d8:15:fb:ba:16:88:33:2a:4a:2e:f2:06:56:
31:5d:3a:06
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZb8XBPZtcu3Sj8ftysGMoqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MmI0ZWQ5MjY4MmQ3MThhOGZjNDQ4ODE0MDAyNzQwNjk2
MDc5NWYwHhcNMjUwNTIzMDg1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDIzZDk3YTM0Nzk5NDkwN2M3MmE5NDZkNjJkNTc2ZWYwNWRlMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTikH561IzC82zyu2g9x6IMajPBt
Dn/zKPPs8txJRIviz9+ANLPJgCiu+mVHQgglov6oTsgkLDbnpRIJYHZcc2k63Y1n
jKrW1mUF8T86cB/48E+MjzrTzNTyT6nr6I8fVl45L3B7Fmtrlr3yisHEU13sjqaD
OiPcXu+TuluI7nOs4Y9Qo7d06G0GQ6wlu5aVzplP188N2XRuyye5BKT07o5F7cBt
huX0fgdbVi/70Hn1XQ4kHb94BikoHuKK3kDqgqqS7YwkyH0yVPZAjZl/a3mgddKx
+ykKfmDsGDBZMm29vbVurkSIWwred1YdIw0hzDaA3CKUskYRpjSbLJSI0wIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFB0j2Xo0eZSQfHKpRtYtV27wXeAGMB8GA1UdIwQY
MBaAFFcrTtkmgtcYqPxEiBQAJ0BpYHlfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnl0TzJTYUMxeGlvX0VTSUZBQW5RR2xnZVY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84ODRjMzEtZTUwOS00MjJiLWIwYTEt
YWY5ZmMwMTJiZDU0LzEvSFNQWmVqUjVsSkI4Y3FsRzFpMVhidkJkNEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84ODRjMzEtZTUwOS00MjJiLWIwYTEtYWY5ZmMwMTJiZDU0
LzEvVnl0TzJTYUMxeGlvX0VTSUZBQW5RR2xnZVY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCJZy8AwQC
XrCwAwQBmFkgAwQCuSwQAwQCuZrMAwQCuZxkAwQCucRAAwQCudNEAwQCufzgAwQC
wS7AMA0EAgACMAcDBQMqDYgAMA0GCSqGSIb3DQEBCwUAA4IBAQCw3OL9YPbQV0X3
Bqu45JEGJc/GKVj4IWdNd0IoEUh/DIK/0/x2LBums+HtJKrE+T73wQ8own6DoqDI
ICFknc+LJpUTRaGgWX9n+216fsnY6ZzUvoRcnrKSgT/ScDLjPzrRMdPwF3SEuDEz
Z4lfHABz4p074jV748pzhSLQ9+MKjmfvfgpQx6TnZMISpS06MO0AJ1auOO/u9mbe
5fC8YqMoxj71tFvVTXPNysxYkXv+wf+8QamUgv0r4+n2s7QFDJgWov2Bp9MUcjWK
RzVZBUHGBBHgZm9tDl9TGm+X3CN0L97D54ybqEtEzfyIVmUolNgV+7oWiDMqSi7y
BlYxXToG
-----END CERTIFICATE-----
Generated at Sun Jun 8 00:47:41 2025 by rpki-client