Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/BaoLehfzYM1vkBF2LqjuxCVGppw.roa
File: BaoLehfzYM1vkBF2LqjuxCVGppw.roa (raw, json)
Hash identifier: wk0ycjZln2vcCwTCcN83YoDpaabATIZRlFvsl/RZ67U=
Subject key identifier: 05:AA:0B:7A:17:F3:60:CD:6F:90:11:76:2E:A8:EE:C4:25:46:A6:9C
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019735787C1413027FAFBE7F9799C465B91D
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/BaoLehfzYM1vkBF2LqjuxCVGppw.roa
Signing time: Tue 03 Jun 2025 11:06:17 +0000
ROA not before: Tue 03 Jun 2025 11:06:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209341
IP address blocks: 65.181.113.0/24 maxlen: 24
192.250.229.0/24 maxlen: 24
192.250.230.0/24 maxlen: 24
194.147.95.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 15:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:35:78:7c:14:13:02:7f:af:be:7f:97:99:c4:65:b9:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Jun 3 11:06:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=05aa0b7a17f360cd6f9011762ea8eec42546a69c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:f5:fa:83:66:6a:4d:20:e5:63:fe:aa:3a:ff:
6f:df:4a:81:85:63:21:f9:d5:1b:66:83:e6:70:0a:
5b:45:c7:38:99:23:f4:8f:b8:e7:e7:a6:1e:41:a7:
ed:2d:8a:59:10:5f:e4:a2:11:02:f5:dd:b9:b2:21:
8e:47:d9:fb:de:31:30:cb:5a:2b:56:ec:ec:33:a4:
86:cc:9f:45:3b:a4:00:ba:32:35:9b:31:14:b1:f8:
a3:85:91:0d:b8:8f:0f:16:73:8d:44:c0:62:95:d0:
cb:8a:d2:83:8c:0a:81:dd:2d:2a:5f:2a:a8:18:89:
3c:79:6f:a7:15:74:fe:d2:78:a7:88:6b:e8:53:29:
74:47:73:85:bb:40:d7:c1:3e:cf:52:01:5c:82:44:
0c:bb:fb:93:d5:7d:64:51:ae:d3:13:89:23:c5:99:
4c:67:bb:01:f3:e9:9e:98:45:3a:17:53:6c:d9:aa:
fb:a0:ff:bc:54:f3:c5:1d:2b:c5:84:a4:69:d5:b7:
00:f9:b9:15:af:5c:ee:06:32:d3:51:8f:2a:d0:a9:
2e:3e:53:01:46:73:b5:07:97:c0:d2:a3:24:ef:24:
04:2f:6e:52:7b:9b:db:9f:42:4a:22:34:dc:ed:c7:
d6:71:18:13:c9:f7:f1:43:b5:6b:54:7c:f6:b3:41:
09:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:AA:0B:7A:17:F3:60:CD:6F:90:11:76:2E:A8:EE:C4:25:46:A6:9C
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/BaoLehfzYM1vkBF2LqjuxCVGppw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.181.113.0/24
192.250.229.0-192.250.230.255
194.147.95.0/24
Signature Algorithm: sha256WithRSAEncryption
02:02:f7:f1:54:bc:2d:6f:d4:da:7b:df:bf:1e:16:52:34:47:
e1:13:2a:e8:a5:a0:72:66:c5:16:93:6d:5c:fc:87:31:a3:31:
1a:21:63:5f:38:fa:1d:cf:3a:f4:63:96:5f:a2:1d:a5:d6:16:
46:ba:fc:6e:c5:50:32:a1:9f:5f:1e:40:8a:16:8a:c1:33:ae:
23:d1:cb:50:bd:ab:bd:0a:73:96:c7:b0:08:13:07:1f:d5:79:
7e:7b:de:33:72:35:57:f1:fb:67:e3:cd:75:df:28:eb:a0:a5:
3b:fa:2b:03:99:d3:6f:4e:fd:04:6d:19:38:ef:37:87:4d:32:
8c:d0:e0:5f:36:ec:3e:a0:8f:50:41:4b:9a:e3:f5:09:67:a2:
c2:a7:a8:fd:a6:1c:dd:de:d6:82:11:a9:f4:af:02:5d:92:94:
60:9d:c5:d2:32:cd:bf:18:b7:bc:fd:d8:65:e3:33:8d:0f:8a:
82:1f:37:bb:11:96:ad:c1:9f:7e:4a:6b:9f:d0:56:bc:3e:15:
50:3f:71:d9:70:4f:b5:fe:4d:83:10:70:5f:ec:e1:0e:a3:66:
5b:b4:c2:72:e3:c0:19:89:04:4a:69:58:e1:ba:52:f9:a9:53:
3f:90:6a:33:8a:91:4e:07:b8:38:66:af:79:66:ec:02:7c:81:
8d:21:9d:f8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZc1eHwUEwJ/r75/l5nEZbkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwNjAzMTEwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWFhMGI3YTE3ZjM2MGNkNmY5MDExNzYyZWE4ZWVjNDI1NDZhNjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/X6g2ZqTSDlY/6qOv9v30qBhWMh
+dUbZoPmcApbRcc4mSP0j7jn56YeQaftLYpZEF/kohEC9d25siGOR9n73jEwy1or
VuzsM6SGzJ9FO6QAujI1mzEUsfijhZENuI8PFnONRMBildDLitKDjAqB3S0qXyqo
GIk8eW+nFXT+0niniGvoUyl0R3OFu0DXwT7PUgFcgkQMu/uT1X1kUa7TE4kjxZlM
Z7sB8+memEU6F1Ns2ar7oP+8VPPFHSvFhKRp1bcA+bkVr1zuBjLTUY8q0KkuPlMB
RnO1B5fA0qMk7yQEL25Se5vbn0JKIjTc7cfWcRgTyffxQ7VrVHz2s0EJEQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAWqC3oX82DNb5ARdi6o7sQlRqacMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvQmFvTGVoZnpZTTF2a0JGMkxxanV4Q1ZHcHB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAQbVxMAwD
BADA+uUDBADA+uYDBADCk18wDQYJKoZIhvcNAQELBQADggEBAAIC9/FUvC1v1Np7
378eFlI0R+ETKuiloHJmxRaTbVz8hzGjMRohY184+h3POvRjll+iHaXWFka6/G7F
UDKhn18eQIoWisEzriPRy1C9q70Kc5bHsAgTBx/VeX573jNyNVfx+2fjzXXfKOug
pTv6KwOZ029O/QRtGTjvN4dNMozQ4F827D6gj1BBS5rj9QlnosKnqP2mHN3e1oIR
qfSvAl2SlGCdxdIyzb8Yt7z92GXjM40PioIfN7sRlq3Bn35Ka5/QVrw+FVA/cdlw
T7X+TYMQcF/s4Q6jZlu0wnLjwBmJBEppWOG6UvmpUz+QajOKkU4HuDhmr3lm7AJ8
gY0hnfg=
-----END CERTIFICATE-----
Generated at Mon Jun 9 21:55:46 2025 by rpki-client