Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/XyjfJOj_ao5EyTb3E99N_HnlDMM.roa
File: XyjfJOj_ao5EyTb3E99N_HnlDMM.roa (raw, json)
Hash identifier: KGwUkqH7AqBxcL7k/BCVVIwTlBSdhX8/NAbdbiiMWC4=
Subject key identifier: 5F:28:DF:24:E8:FF:6A:8E:44:C9:36:F7:13:DF:4D:FC:79:E5:0C:C3
Certificate issuer: /CN=33a9c7bdf2b82e343ec42667d6eede4b80610c84
Certificate serial: 0195C978C559CFB57A78BC8F3F6228693BA7
Authority key identifier: 33:A9:C7:BD:F2:B8:2E:34:3E:C4:26:67:D6:EE:DE:4B:80:61:0C:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/XyjfJOj_ao5EyTb3E99N_HnlDMM.roa
Signing time: Mon 24 Mar 2025 18:44:49 +0000
ROA not before: Mon 24 Mar 2025 18:44:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207464
IP address blocks: 62.241.32.0/20 maxlen: 22
85.113.72.0/21 maxlen: 22
109.72.160.0/20 maxlen: 22
147.161.16.0/22 maxlen: 23
185.36.212.0/22 maxlen: 23
185.135.134.0/23 maxlen: 23
185.154.16.0/22 maxlen: 23
2a00:f0a0::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 02:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:c9:78:c5:59:cf:b5:7a:78:bc:8f:3f:62:28:69:3b:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33a9c7bdf2b82e343ec42667d6eede4b80610c84
Validity
Not Before: Mar 24 18:44:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f28df24e8ff6a8e44c936f713df4dfc79e50cc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:96:4c:6c:ea:96:70:0f:99:fd:80:80:ee:6a:
18:18:3e:47:99:e6:0c:cb:ff:16:b9:c1:61:b3:44:
94:5a:3b:15:7b:81:17:a8:f2:6a:a6:b3:de:2c:f1:
51:63:68:a2:be:41:86:ae:1c:77:85:36:46:ff:a1:
e1:06:04:05:81:03:2c:19:14:4f:fc:6d:f1:70:ab:
ff:73:65:b8:6d:ac:18:e3:99:c2:9d:fe:1a:7c:24:
d1:b1:42:1d:e0:d4:07:11:82:64:be:05:ec:9e:5d:
81:54:83:09:9f:ed:7f:28:a7:71:a9:4d:e8:23:93:
d6:e0:ec:ae:08:e0:b0:6f:b4:c5:75:6b:c1:0f:f3:
71:fe:4e:2a:a5:84:01:6e:f0:ad:8e:21:57:4e:89:
1b:18:da:16:3f:58:10:ee:46:2e:91:2d:e1:8f:1d:
21:19:1c:24:a5:44:bb:ba:84:43:f4:3e:23:d3:00:
a2:34:1b:8c:f9:9e:b2:8b:62:31:15:d9:90:d0:07:
3b:b8:01:6a:7b:02:37:97:a6:cd:73:e8:14:11:82:
ae:54:dd:25:23:f7:91:7e:3b:13:17:dd:5d:b7:c5:
73:8a:c6:b5:3f:18:7f:44:6a:4d:18:a9:af:96:db:
a8:77:e6:4a:27:64:7d:f7:ba:8b:d9:f8:40:d0:d5:
c7:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:28:DF:24:E8:FF:6A:8E:44:C9:36:F7:13:DF:4D:FC:79:E5:0C:C3
X509v3 Authority Key Identifier:
keyid:33:A9:C7:BD:F2:B8:2E:34:3E:C4:26:67:D6:EE:DE:4B:80:61:0C:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/XyjfJOj_ao5EyTb3E99N_HnlDMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.241.32.0/20
85.113.72.0/21
109.72.160.0/20
147.161.16.0/22
185.36.212.0/22
185.135.134.0/23
185.154.16.0/22
IPv6:
2a00:f0a0::/29
Signature Algorithm: sha256WithRSAEncryption
70:63:37:c8:6b:f9:05:7d:e1:93:37:b9:3f:16:c4:86:54:2b:
af:ba:1f:90:df:a8:39:d0:ff:e2:9a:06:aa:6d:2c:b9:e9:bc:
8a:03:3c:26:ec:2b:8e:14:d7:19:78:31:8f:32:a1:b0:07:42:
c7:62:11:71:17:a5:4e:a1:1c:65:5c:d7:7e:25:ef:91:84:4e:
b3:5d:cf:ef:22:69:8a:84:67:b3:35:ea:20:90:d8:2e:78:7b:
c9:7f:3c:e5:b7:98:cf:c2:5e:8e:12:21:0e:8e:8b:0f:c4:bf:
08:f4:be:c0:19:59:c5:70:2e:2f:94:9a:4d:f9:3a:79:2a:0b:
99:45:fd:fa:d0:06:fb:bb:69:c1:f8:4f:1c:5f:cd:24:b9:1c:
d6:8e:e9:4b:c2:3e:c4:18:27:b1:18:b0:25:f9:f8:c7:ef:87:
f0:61:67:1b:9d:79:9d:84:b9:fc:05:2d:c8:2f:4a:e9:b6:5c:
06:4b:a9:bf:3c:0f:d6:47:05:2c:d6:96:bd:87:24:e7:25:8c:
29:59:06:ab:fb:2c:33:f4:df:4a:86:42:93:d4:67:0c:03:aa:
a5:40:5e:bf:20:b7:72:8a:ae:13:f0:6b:10:f7:e3:43:f8:1c:
eb:47:df:b4:47:5b:f5:43:2c:b1:cc:f1:2c:d1:5f:1b:0f:c1:
9f:79:3f:6c
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZXJeMVZz7V6eLyPP2IoaTunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYTljN2JkZjJiODJlMzQzZWM0MjY2N2Q2ZWVkZTRiODA2
MTBjODQwHhcNMjUwMzI0MTg0NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjI4ZGYyNGU4ZmY2YThlNDRjOTM2ZjcxM2RmNGRmYzc5ZTUwY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpZMbOqWcA+Z/YCA7moYGD5HmeYM
y/8WucFhs0SUWjsVe4EXqPJqprPeLPFRY2iivkGGrhx3hTZG/6HhBgQFgQMsGRRP
/G3xcKv/c2W4bawY45nCnf4afCTRsUId4NQHEYJkvgXsnl2BVIMJn+1/KKdxqU3o
I5PW4OyuCOCwb7TFdWvBD/Nx/k4qpYQBbvCtjiFXTokbGNoWP1gQ7kYukS3hjx0h
GRwkpUS7uoRD9D4j0wCiNBuM+Z6yi2IxFdmQ0Ac7uAFqewI3l6bNc+gUEYKuVN0l
I/eRfjsTF91dt8Vzisa1Pxh/RGpNGKmvltuod+ZKJ2R997qL2fhA0NXH2wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFF8o3yTo/2qORMk29xPfTfx55QzDMB8GA1UdIwQY
MBaAFDOpx73yuC40PsQmZ9bu3kuAYQyEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTZuSHZmSzRMalEteENabjF1N2VTNEJoRElRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8yZjY1OTUtZDNkMS00M2VhLWE0YTMt
YWIzYjdjM2U4MjE1LzEvWHlqZkpPal9hbzVFeVRiM0U5OU5fSG5sRE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8yZjY1OTUtZDNkMS00M2VhLWE0YTMtYWIzYjdjM2U4MjE1
LzEvTTZuSHZmSzRMalEteENabjF1N2VTNEJoRElRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEPvEgAwQD
VXFIAwQEbUigAwQCk6EQAwQCuSTUAwQBuYeGAwQCuZoQMA0EAgACMAcDBQMqAPCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBwYzfIa/kFfeGTN7k/FsSGVCuvuh+Q36g50P/i
mgaqbSy56byKAzwm7CuOFNcZeDGPMqGwB0LHYhFxF6VOoRxlXNd+Je+RhE6zXc/v
ImmKhGezNeogkNgueHvJfzzlt5jPwl6OEiEOjosPxL8I9L7AGVnFcC4vlJpN+Tp5
KguZRf360Ab7u2nB+E8cX80kuRzWjulLwj7EGCexGLAl+fjH74fwYWcbnXmdhLn8
BS3IL0rptlwGS6m/PA/WRwUs1pa9hyTnJYwpWQar+ywz9N9KhkKT1GcMA6qlQF6/
ILdyiq4T8GsQ9+ND+BzrR9+0R1v1QyyxzPEs0V8bD8GfeT9s
-----END CERTIFICATE-----
Generated at Wed Apr 16 09:17:47 2025 by rpki-client