Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/lr5jbDjaqu0iW63nm_TgYe8r0I0.roa
File: lr5jbDjaqu0iW63nm_TgYe8r0I0.roa (raw, json)
Hash identifier: T3EVn+q8uKMPho7QfZp0crU+xrdxlEjJ2MkqJEKn8k4=
Subject key identifier: 96:BE:63:6C:38:DA:AA:ED:22:5B:AD:E7:9B:F4:E0:61:EF:2B:D0:8D
Certificate issuer: /CN=da24f35721ca31a83e2f6e937e17408e6e7b2c61
Certificate serial: 0194236A4BC251CBF45B14EF262A65533C3D
Authority key identifier: DA:24:F3:57:21:CA:31:A8:3E:2F:6E:93:7E:17:40:8E:6E:7B:2C:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2iTzVyHKMag-L26TfhdAjm57LGE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/lr5jbDjaqu0iW63nm_TgYe8r0I0.roa
Signing time: Wed 01 Jan 2025 19:49:16 +0000
ROA not before: Wed 01 Jan 2025 19:49:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205892
IP address blocks: 95.129.28.0/22 maxlen: 24
185.190.72.0/22 maxlen: 24
195.158.216.0/22 maxlen: 24
2a0a:540::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/2iTzVyHKMag-L26TfhdAjm57LGE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/2iTzVyHKMag-L26TfhdAjm57LGE.mft
rsync://rpki.ripe.net/repository/DEFAULT/2iTzVyHKMag-L26TfhdAjm57LGE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 16:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:4b:c2:51:cb:f4:5b:14:ef:26:2a:65:53:3c:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da24f35721ca31a83e2f6e937e17408e6e7b2c61
Validity
Not Before: Jan 1 19:49:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=96be636c38daaaed225bade79bf4e061ef2bd08d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ae:52:1b:f7:77:d0:02:5c:18:a5:6a:43:2c:
59:5c:86:04:72:a6:80:98:e2:66:73:b1:b8:29:08:
8b:b2:d9:55:49:cf:18:af:28:b7:18:d3:7d:99:3e:
a9:be:e1:97:7e:8f:6f:bb:21:14:ff:ee:af:a5:64:
e1:80:85:31:0d:74:19:ea:82:fb:57:d1:a9:a1:33:
74:8a:2a:61:0c:56:68:c1:c5:db:64:2d:4e:53:92:
6b:20:a1:49:6f:44:8a:e8:90:1b:94:99:67:b3:0b:
1b:3e:58:a0:50:0e:86:41:e3:95:db:a4:26:07:dc:
70:08:65:a0:95:c0:41:a8:bd:92:21:73:d8:52:b9:
90:8f:49:21:84:15:59:9a:fe:71:92:98:81:2c:70:
fe:b4:22:53:42:30:3b:89:6f:f3:58:4a:c9:07:7a:
ca:7f:e5:14:89:6b:8e:3a:65:89:b5:6d:24:e7:87:
e5:46:22:3c:de:de:13:b6:18:e0:9f:23:84:7a:8d:
6b:94:08:58:9a:21:20:be:03:76:da:bf:8d:32:96:
4b:ad:1c:5c:8b:9a:0c:32:f0:94:ed:42:3c:14:65:
33:80:cc:56:41:c2:2a:4b:ae:fa:72:0a:8c:29:72:
fd:9a:fd:de:07:d4:97:81:cc:63:73:31:da:75:9e:
a0:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:BE:63:6C:38:DA:AA:ED:22:5B:AD:E7:9B:F4:E0:61:EF:2B:D0:8D
X509v3 Authority Key Identifier:
keyid:DA:24:F3:57:21:CA:31:A8:3E:2F:6E:93:7E:17:40:8E:6E:7B:2C:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2iTzVyHKMag-L26TfhdAjm57LGE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/lr5jbDjaqu0iW63nm_TgYe8r0I0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/2iTzVyHKMag-L26TfhdAjm57LGE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.129.28.0/22
185.190.72.0/22
195.158.216.0/22
IPv6:
2a0a:540::/29
Signature Algorithm: sha256WithRSAEncryption
31:38:81:76:fb:8a:d9:a6:82:71:13:59:5c:aa:e5:31:93:a7:
17:76:24:3e:35:34:a8:49:55:d3:15:77:6d:8a:53:66:f7:c7:
37:50:30:2a:ea:af:a1:a1:78:3a:6e:37:a2:94:79:05:a5:5b:
40:d8:fe:8b:66:91:b1:1b:c2:7c:9e:cf:a1:d9:92:e7:ed:ed:
cd:7e:ac:f8:f9:e1:38:31:6b:4d:30:b8:3f:5f:0d:25:84:24:
ce:9b:ab:97:4f:51:79:3a:40:61:eb:91:4a:03:24:bf:f9:0e:
3f:70:1d:a6:32:e3:05:65:da:2a:36:f2:54:52:e8:73:d1:92:
89:2e:91:78:8d:de:00:91:54:2f:52:b3:69:89:01:be:3b:7e:
7a:b7:0d:7e:97:61:ec:ff:24:78:f3:45:0b:31:8e:dc:82:1b:
1e:f8:41:51:57:4b:a8:37:f8:08:a8:1a:a5:ec:eb:a7:ca:2c:
59:8a:8a:d2:fb:94:c0:6d:a3:f8:dd:17:d2:26:a6:4b:f1:96:
59:c2:7b:f2:a2:ab:56:17:1f:bc:6d:e3:c0:d1:bf:2f:08:40:
b6:3c:01:a8:cf:e0:0f:69:e4:89:e5:13:0c:11:bc:28:f7:76:
7d:37:02:5b:2e:62:75:2f:e8:66:91:01:81:23:79:80:2e:b6:
54:51:42:b4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQjakvCUcv0WxTvJiplUzw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjRmMzU3MjFjYTMxYTgzZTJmNmU5MzdlMTc0MDhlNmU3
YjJjNjEwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJlNjM2YzM4ZGFhYWVkMjI1YmFkZTc5YmY0ZTA2MWVmMmJkMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0K5SG/d30AJcGKVqQyxZXIYEcqaA
mOJmc7G4KQiLstlVSc8Yryi3GNN9mT6pvuGXfo9vuyEU/+6vpWThgIUxDXQZ6oL7
V9GpoTN0iiphDFZowcXbZC1OU5JrIKFJb0SK6JAblJlnswsbPligUA6GQeOV26Qm
B9xwCGWglcBBqL2SIXPYUrmQj0khhBVZmv5xkpiBLHD+tCJTQjA7iW/zWErJB3rK
f+UUiWuOOmWJtW0k54flRiI83t4TthjgnyOEeo1rlAhYmiEgvgN22r+NMpZLrRxc
i5oMMvCU7UI8FGUzgMxWQcIqS676cgqMKXL9mv3eB9SXgcxjczHadZ6g/QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJa+Y2w42qrtIlut55v04GHvK9CNMB8GA1UdIwQY
MBaAFNok81chyjGoPi9uk34XQI5ueyxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlUelZ5SEtNYWctTDI2VGZoZEFqbTU3TEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lY2VjZjQtZTkzMC00MTkyLTg0ZGQt
ODBmMzFkM2VhMTUyLzEvbHI1amJEamFxdTBpVzYzbm1fVGdZZThyMEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lY2VjZjQtZTkzMC00MTkyLTg0ZGQtODBmMzFkM2VhMTUy
LzEvMmlUelZ5SEtNYWctTDI2VGZoZEFqbTU3TEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCX4EcAwQC
ub5IAwQCw57YMA0EAgACMAcDBQMqCgVAMA0GCSqGSIb3DQEBCwUAA4IBAQAxOIF2
+4rZpoJxE1lcquUxk6cXdiQ+NTSoSVXTFXdtilNm98c3UDAq6q+hoXg6bjeilHkF
pVtA2P6LZpGxG8J8ns+h2ZLn7e3Nfqz4+eE4MWtNMLg/Xw0lhCTOm6uXT1F5OkBh
65FKAyS/+Q4/cB2mMuMFZdoqNvJUUuhz0ZKJLpF4jd4AkVQvUrNpiQG+O356tw1+
l2Hs/yR480ULMY7cghse+EFRV0uoN/gIqBql7OunyixZiorS+5TAbaP43RfSJqZL
8ZZZwnvyoqtWFx+8bePA0b8vCEC2PAGoz+APaeSJ5RMMEbwo93Z9NwJbLmJ1L+hm
kQGBI3mALrZUUUK0
-----END CERTIFICATE-----
Generated at Sat Apr 19 01:54:22 2025 by rpki-client