Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/CZXbb5OSwsScDAOuWl8RO1h3T9M.roa
File: CZXbb5OSwsScDAOuWl8RO1h3T9M.roa (raw, json)
Hash identifier: CxxG+eOFfX7VuO2Wwr1rDvpS8THnAYtNkenelxHcWYU=
Subject key identifier: 09:95:DB:6F:93:92:C2:C4:9C:0C:03:AE:5A:5F:11:3B:58:77:4F:D3
Certificate issuer: /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial: 0196BFE57E4458C51F4644E03B14494F862D
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/CZXbb5OSwsScDAOuWl8RO1h3T9M.roa
Signing time: Sun 11 May 2025 15:10:10 +0000
ROA not before: Sun 11 May 2025 15:10:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43350
IP address blocks: 107.181.137.0/24 maxlen: 24
185.53.128.0/24 maxlen: 24
185.53.129.0/24 maxlen: 24
185.53.130.0/24 maxlen: 24
185.53.131.0/24 maxlen: 24
185.83.216.0/24 maxlen: 24
185.83.217.0/24 maxlen: 24
185.83.218.0/24 maxlen: 24
185.83.219.0/24 maxlen: 24
2a02:2ca0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 05:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:bf:e5:7e:44:58:c5:1f:46:44:e0:3b:14:49:4f:86:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
Validity
Not Before: May 11 15:10:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0995db6f9392c2c49c0c03ae5a5f113b58774fd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:c1:55:97:c2:e3:75:c6:35:97:b4:b0:cf:e4:
ee:ac:c1:bf:9b:a8:68:d5:be:e8:4f:f1:aa:0b:a3:
ad:10:a2:ba:41:31:36:f0:dd:de:84:ed:60:5e:ba:
57:6e:d8:66:50:c4:4a:31:18:91:c0:55:15:cf:ef:
16:a4:2a:bc:71:b1:c3:25:d7:34:2f:6b:d3:bb:12:
c1:53:45:dc:f9:d7:c1:79:bb:ae:e7:3b:14:e9:e7:
18:45:03:78:99:b5:a2:28:12:2c:15:fb:5c:31:d1:
ab:89:7b:12:af:95:77:97:77:dd:68:9d:d6:4f:e5:
9a:f1:c7:02:a9:10:5b:60:46:32:0f:18:6e:43:a9:
4c:9f:a3:d2:1b:bc:03:13:7b:30:9d:b6:a3:9f:30:
96:64:dc:60:89:8c:56:6b:53:d0:a0:80:0b:52:24:
77:60:49:e8:0e:7e:ff:74:16:48:70:34:81:8c:6f:
d6:4a:e1:49:0e:4c:b6:17:33:73:90:91:4e:e2:10:
ee:c5:e5:3d:1d:22:a9:19:f2:3f:c8:6b:9c:31:39:
5d:53:7a:db:6c:0f:ea:4b:8b:88:f8:b8:41:2e:e4:
6a:90:1c:7f:ae:9e:f2:f8:fc:37:8c:aa:e8:9d:21:
9a:a9:25:3c:40:7c:dd:23:64:21:d5:01:f4:b2:c2:
56:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:95:DB:6F:93:92:C2:C4:9C:0C:03:AE:5A:5F:11:3B:58:77:4F:D3
X509v3 Authority Key Identifier:
keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/CZXbb5OSwsScDAOuWl8RO1h3T9M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
107.181.137.0/24
185.53.128.0/22
185.83.216.0/22
IPv6:
2a02:2ca0::/29
Signature Algorithm: sha256WithRSAEncryption
ba:78:ae:79:54:2a:b1:f3:ad:af:e5:80:13:1d:c8:5b:cb:45:
39:18:71:ab:51:52:b3:2a:c7:f8:6b:e4:20:d3:66:fe:42:ad:
3d:9b:13:ab:fc:88:0b:71:53:b5:1a:d7:68:d7:05:65:4d:ee:
4f:18:b2:8b:4c:25:d7:f9:f6:7b:43:5c:50:e9:f5:f0:ef:24:
89:3d:56:2c:1d:97:8d:6e:e6:5d:56:84:2d:2c:2e:a5:77:40:
19:72:da:d0:66:55:9f:2d:99:ad:13:ee:05:07:fe:69:47:d1:
04:79:a8:ef:c8:24:8e:45:ab:ae:0a:57:ee:3f:02:8a:c7:79:
03:49:fd:f6:65:e4:45:e5:3b:fc:a7:6e:2b:7c:74:d2:1d:67:
b8:c9:d0:f0:78:1c:a3:8a:90:cd:63:2b:77:c8:47:29:93:6e:
23:04:35:11:06:b0:98:c9:b2:ec:49:e6:68:ec:07:c0:78:76:
7f:83:83:da:67:58:d7:ed:ae:92:8e:9a:22:10:ba:64:70:61:
1c:da:9e:2b:78:b5:84:00:4e:99:1a:44:1c:07:26:8e:1d:2c:
b8:5a:e8:b4:da:76:d1:a4:b0:60:49:fc:8e:d7:4f:b9:c4:6b:
ff:14:d5:13:47:3a:e4:18:f3:50:d1:bb:88:b3:80:c5:6a:11:
20:a3:c6:ce
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZa/5X5EWMUfRkTgOxRJT4YtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwNTExMTUxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTk1ZGI2ZjkzOTJjMmM0OWMwYzAzYWU1YTVmMTEzYjU4Nzc0ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8FVl8LjdcY1l7Swz+TurMG/m6ho
1b7oT/GqC6OtEKK6QTE28N3ehO1gXrpXbthmUMRKMRiRwFUVz+8WpCq8cbHDJdc0
L2vTuxLBU0Xc+dfBebuu5zsU6ecYRQN4mbWiKBIsFftcMdGriXsSr5V3l3fdaJ3W
T+Wa8ccCqRBbYEYyDxhuQ6lMn6PSG7wDE3swnbajnzCWZNxgiYxWa1PQoIALUiR3
YEnoDn7/dBZIcDSBjG/WSuFJDky2FzNzkJFO4hDuxeU9HSKpGfI/yGucMTldU3rb
bA/qS4uI+LhBLuRqkBx/rp7y+Pw3jKronSGaqSU8QHzdI2Qh1QH0ssJWiQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAmV22+TksLEnAwDrlpfETtYd0/TMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvQ1pYYmI1T1N3c1NjREFPdVdsOFJPMWgzVDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAa7WJAwQC
uTWAAwQCuVPYMA0EAgACMAcDBQMqAiygMA0GCSqGSIb3DQEBCwUAA4IBAQC6eK55
VCqx862v5YATHchby0U5GHGrUVKzKsf4a+Qg02b+Qq09mxOr/IgLcVO1Gtdo1wVl
Te5PGLKLTCXX+fZ7Q1xQ6fXw7ySJPVYsHZeNbuZdVoQtLC6ld0AZctrQZlWfLZmt
E+4FB/5pR9EEeajvyCSORauuClfuPwKKx3kDSf32ZeRF5Tv8p24rfHTSHWe4ydDw
eByjipDNYyt3yEcpk24jBDURBrCYybLsSeZo7AfAeHZ/g4PaZ1jX7a6SjpoiELpk
cGEc2p4reLWEAE6ZGkQcByaOHSy4Wui02nbRpLBgSfyO10+5xGv/FNUTRzrkGPNQ
0buIs4DFahEgo8bO
-----END CERTIFICATE-----
Generated at Fri Jun 6 11:54:02 2025 by rpki-client