Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/czhipXlSFQv2XtrizeOL4AkYjfQ.roa
File: czhipXlSFQv2XtrizeOL4AkYjfQ.roa (raw, json)
Hash identifier: ktVLYCwHgnxekvZAuH8b1E8sdw3k+FPYtERYCRAoDw8=
Subject key identifier: 73:38:62:A5:79:52:15:0B:F6:5E:DA:E2:CD:E3:8B:E0:09:18:8D:F4
Certificate issuer: /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial: 0194221F9A850606F0A6DC5140603FEA8B7C
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/czhipXlSFQv2XtrizeOL4AkYjfQ.roa
Signing time: Wed 01 Jan 2025 13:48:04 +0000
ROA not before: Wed 01 Jan 2025 13:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29423
IP address blocks: 185.207.229.0/24 maxlen: 24
185.211.60.0/24 maxlen: 24
2a0b:2a40::/32 maxlen: 32
2a0b:6340::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.mft
rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 17:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:9a:85:06:06:f0:a6:dc:51:40:60:3f:ea:8b:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
Validity
Not Before: Jan 1 13:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=733862a57952150bf65edae2cde38be009188df4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:08:aa:ea:bb:a4:96:f7:d1:05:76:76:87:a9:
8a:a1:cb:ba:d9:ee:b3:ce:c9:1d:36:08:b1:b3:70:
a6:f5:52:75:87:e1:7d:ee:4f:78:88:1f:2d:63:c4:
0a:67:29:a9:47:37:56:05:80:71:bd:b2:af:22:a0:
55:5a:92:03:55:80:f4:93:67:47:b1:41:8d:45:0f:
69:3a:c7:13:dc:69:86:29:90:fe:54:de:b9:7d:c1:
c4:2c:fc:1c:af:72:69:26:99:d6:72:3b:87:8d:31:
b3:84:24:d6:0b:16:ff:a0:a8:30:0d:17:6b:77:9e:
99:6b:5e:47:45:ac:00:a9:94:47:ed:0c:37:a5:e1:
1c:d6:20:48:ad:60:2e:5a:6b:11:c0:c1:c0:ac:a9:
04:b2:e4:c4:d4:e1:dc:f1:fc:19:09:b6:f4:1c:e8:
94:c0:b8:ec:e3:3f:1b:ff:ca:64:09:4f:a8:da:c4:
16:59:7a:b1:94:c2:6d:1e:b3:e4:67:af:14:b6:d7:
02:44:cb:58:6e:94:96:3c:be:ee:b6:78:b0:ab:25:
67:38:0d:77:50:82:8e:b6:aa:e9:cb:70:66:f7:d0:
76:86:37:59:fa:6f:31:53:2b:e3:c0:8d:d3:d2:2a:
c0:f0:ff:c9:d3:ac:9c:a3:b5:83:55:65:2e:5f:a9:
db:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:38:62:A5:79:52:15:0B:F6:5E:DA:E2:CD:E3:8B:E0:09:18:8D:F4
X509v3 Authority Key Identifier:
keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/czhipXlSFQv2XtrizeOL4AkYjfQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.207.229.0/24
185.211.60.0/24
IPv6:
2a0b:2a40::/32
2a0b:6340::/32
Signature Algorithm: sha256WithRSAEncryption
35:a3:72:1e:83:cf:c5:ae:2e:c6:20:b9:20:29:98:27:e8:f6:
e8:7d:4c:e8:2d:95:a8:3e:57:32:9c:dd:8f:4a:31:2e:76:ca:
b9:53:f4:2d:4a:f6:e4:45:fe:e0:09:66:fe:d2:b9:cb:a5:13:
88:79:e1:70:fb:a0:73:70:c9:67:97:06:15:e9:5e:59:31:f3:
58:b2:a5:e4:9f:62:45:2c:59:23:25:11:9a:02:8f:f5:23:c9:
41:a6:e8:01:9a:7b:06:60:13:d9:06:bf:2f:d3:d5:2a:f5:c6:
1d:c3:a1:45:14:e8:34:df:c1:91:2b:0a:f2:8f:54:0f:20:8e:
a1:aa:40:d5:c4:f5:17:e6:6d:a9:5e:18:57:68:e9:5a:7f:4e:
f8:b6:ea:d8:f6:d6:cd:7b:c1:7f:b0:f3:98:cd:e8:27:14:07:
11:d7:d6:88:8e:2d:72:95:2b:64:44:ac:c0:a0:be:d9:46:d5:
8e:03:d6:31:a8:a9:ec:ef:f4:1f:48:1e:20:7b:73:d3:2f:4b:
e4:8f:20:9a:4b:d0:ae:f0:e3:80:ff:86:c6:a6:c0:f3:06:31:
92:64:ea:b1:62:b8:f4:d7:8f:ff:92:16:3e:50:f1:5a:96:c8:
82:99:6c:55:20:2c:28:20:37:ed:7f:d4:6d:8f:79:c9:8c:0c:
6e:0d:85:4e
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQiH5qFBgbwptxRQGA/6ot8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM4NjJhNTc5NTIxNTBiZjY1ZWRhZTJjZGUzOGJlMDA5MTg4ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Qiq6ruklvfRBXZ2h6mKocu62e6z
zskdNgixs3Cm9VJ1h+F97k94iB8tY8QKZympRzdWBYBxvbKvIqBVWpIDVYD0k2dH
sUGNRQ9pOscT3GmGKZD+VN65fcHELPwcr3JpJpnWcjuHjTGzhCTWCxb/oKgwDRdr
d56Za15HRawAqZRH7Qw3peEc1iBIrWAuWmsRwMHArKkEsuTE1OHc8fwZCbb0HOiU
wLjs4z8b/8pkCU+o2sQWWXqxlMJtHrPkZ68UttcCRMtYbpSWPL7utniwqyVnOA13
UIKOtqrpy3Bm99B2hjdZ+m8xUyvjwI3T0irA8P/J06yco7WDVWUuX6nblQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHM4YqV5UhUL9l7a4s3ji+AJGI30MB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEvY3poaXBYbFNGUXYyWHRyaXplT0w0QWtZamZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQAuc/lAwQA
udM8MBQEAgACMA4DBQAqCypAAwUAKgtjQDANBgkqhkiG9w0BAQsFAAOCAQEANaNy
HoPPxa4uxiC5ICmYJ+j26H1M6C2VqD5XMpzdj0oxLnbKuVP0LUr25EX+4Alm/tK5
y6UTiHnhcPugc3DJZ5cGFeleWTHzWLKl5J9iRSxZIyURmgKP9SPJQaboAZp7BmAT
2Qa/L9PVKvXGHcOhRRToNN/BkSsK8o9UDyCOoapA1cT1F+ZtqV4YV2jpWn9O+Lbq
2PbWzXvBf7DzmM3oJxQHEdfWiI4tcpUrZESswKC+2UbVjgPWMaip7O/0H0geIHtz
0y9L5I8gmkvQrvDjgP+GxqbA8wYxkmTqsWK49NeP/5IWPlDxWpbIgplsVSAsKCA3
7X/UbY95yYwMbg2FTg==
-----END CERTIFICATE-----
Generated at Fri Apr 11 02:39:33 2025 by rpki-client