Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/Ykp7B25gotnyLx9mDtSzNq96W6k.roa
File: Ykp7B25gotnyLx9mDtSzNq96W6k.roa (raw, json)
Hash identifier: NIlK9x59nPV4O79DLDS8wTUzWHzJ4y+mS34Pzan31ak=
Subject key identifier: 62:4A:7B:07:6E:60:A2:D9:F2:2F:1F:66:0E:D4:B3:36:AF:7A:5B:A9
Certificate issuer: /CN=20b830833878b6c861269a0e2a45837aa9485be1
Certificate serial: 019428237A0D3E6F163101BC45571C1C57DC
Authority key identifier: 20:B8:30:83:38:78:B6:C8:61:26:9A:0E:2A:45:83:7A:A9:48:5B:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ILgwgzh4tshhJpoOKkWDeqlIW-E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/Ykp7B25gotnyLx9mDtSzNq96W6k.roa
Signing time: Thu 02 Jan 2025 17:50:01 +0000
ROA not before: Thu 02 Jan 2025 17:50:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60987
IP address blocks: 185.198.184.0/22 maxlen: 22
185.198.184.0/24 maxlen: 24
185.198.185.0/24 maxlen: 24
185.198.186.0/24 maxlen: 24
185.198.187.0/24 maxlen: 24
193.238.175.0/24 maxlen: 24
2a0a:8d40::/29 maxlen: 29
2a11:880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/ILgwgzh4tshhJpoOKkWDeqlIW-E.crl
rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/ILgwgzh4tshhJpoOKkWDeqlIW-E.mft
rsync://rpki.ripe.net/repository/DEFAULT/ILgwgzh4tshhJpoOKkWDeqlIW-E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:23:7a:0d:3e:6f:16:31:01:bc:45:57:1c:1c:57:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20b830833878b6c861269a0e2a45837aa9485be1
Validity
Not Before: Jan 2 17:50:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=624a7b076e60a2d9f22f1f660ed4b336af7a5ba9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:4b:b6:2d:a2:9b:95:07:8f:0e:5c:8c:77:0b:
02:92:12:ce:19:50:1d:ad:b1:b6:e0:2a:96:0b:87:
53:81:64:6b:26:f8:41:94:d5:ea:d4:94:91:85:bf:
34:b5:26:9e:cb:2d:31:53:8d:9d:c5:4f:0c:0f:d2:
46:28:09:68:06:7d:49:c8:34:ac:88:21:ac:84:de:
91:96:b7:ee:a3:a0:58:61:1f:bc:8c:11:08:70:ed:
87:0a:89:37:0a:b2:83:5b:87:d8:0c:8f:4e:6c:e1:
27:99:d4:b4:2c:2a:f3:98:75:a4:60:78:2c:38:88:
93:d2:0a:eb:03:ad:c9:84:41:45:94:a8:14:27:18:
e3:ff:20:80:87:6f:27:4b:11:cb:53:2b:68:9e:a7:
c4:5d:46:1f:9c:10:6f:06:d7:ca:d0:e2:1a:05:bd:
a9:ac:89:27:33:ea:4e:32:8c:fa:cf:1a:f7:a1:24:
3f:ea:3c:58:35:43:ee:3d:6c:e6:9e:f2:29:a9:5c:
fe:4a:83:49:ca:04:0e:0b:51:7f:9c:52:48:56:49:
9a:5f:f1:2e:c0:41:5a:e8:95:99:a5:48:68:b1:62:
57:3c:db:58:89:38:54:01:7a:09:23:75:62:93:06:
40:f0:42:e6:dd:48:11:a4:ed:4f:f3:d4:00:37:56:
f1:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:4A:7B:07:6E:60:A2:D9:F2:2F:1F:66:0E:D4:B3:36:AF:7A:5B:A9
X509v3 Authority Key Identifier:
keyid:20:B8:30:83:38:78:B6:C8:61:26:9A:0E:2A:45:83:7A:A9:48:5B:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILgwgzh4tshhJpoOKkWDeqlIW-E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/Ykp7B25gotnyLx9mDtSzNq96W6k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/ILgwgzh4tshhJpoOKkWDeqlIW-E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.198.184.0/22
193.238.175.0/24
IPv6:
2a0a:8d40::/29
2a11:880::/29
Signature Algorithm: sha256WithRSAEncryption
3f:48:d9:4e:75:5e:52:37:ba:96:09:5e:80:3f:0f:85:04:07:
a1:98:9e:75:02:9e:04:dc:15:c0:51:ee:59:4f:2f:81:a9:bc:
c1:55:6a:7b:27:36:a2:26:27:92:47:d9:02:dd:b1:32:e6:ba:
57:fc:fb:be:f8:19:6e:10:c0:d8:60:9b:55:9a:a9:37:78:f5:
61:0a:25:2d:6a:86:fe:2d:04:fc:b8:63:a7:bc:6b:40:54:d4:
7e:13:7d:35:5f:e0:5e:8f:08:c0:ba:3b:38:4f:21:29:29:66:
81:36:01:6f:d2:81:3f:74:43:d1:35:5f:a5:a2:b8:c6:d3:80:
a9:66:21:d4:3a:02:40:dd:b6:93:93:c3:a9:db:eb:59:cb:41:
96:85:bd:bc:b2:db:09:73:b1:9b:90:09:23:36:99:ec:62:26:
5a:84:a0:df:7f:ab:dc:c3:50:91:b0:3a:c8:48:0f:3b:b4:5c:
65:fd:3b:08:c4:51:4a:81:bc:48:d7:37:eb:f3:2b:a7:e4:63:
60:53:b8:24:0f:f6:32:56:cb:e7:13:de:65:d2:8f:22:2f:d9:
2a:8c:76:f6:35:0c:7a:cf:f1:5c:36:bb:bf:05:fd:95:9f:62:
33:12:44:4d:48:e3:3f:4c:3e:7d:08:1e:85:b7:73:b2:80:7a:
86:7a:af:7a
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQoI3oNPm8WMQG8RVccHFfcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjgzMDgzMzg3OGI2Yzg2MTI2OWEwZTJhNDU4MzdhYTk0
ODViZTEwHhcNMjUwMTAyMTc1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRhN2IwNzZlNjBhMmQ5ZjIyZjFmNjYwZWQ0YjMzNmFmN2E1YmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEu2LaKblQePDlyMdwsCkhLOGVAd
rbG24CqWC4dTgWRrJvhBlNXq1JSRhb80tSaeyy0xU42dxU8MD9JGKAloBn1JyDSs
iCGshN6Rlrfuo6BYYR+8jBEIcO2HCok3CrKDW4fYDI9ObOEnmdS0LCrzmHWkYHgs
OIiT0grrA63JhEFFlKgUJxjj/yCAh28nSxHLUytonqfEXUYfnBBvBtfK0OIaBb2p
rIknM+pOMoz6zxr3oSQ/6jxYNUPuPWzmnvIpqVz+SoNJygQOC1F/nFJIVkmaX/Eu
wEFa6JWZpUhosWJXPNtYiThUAXoJI3VikwZA8ELm3UgRpO1P89QAN1bxwQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGJKewduYKLZ8i8fZg7UszavelupMB8GA1UdIwQY
MBaAFCC4MIM4eLbIYSaaDipFg3qpSFvhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxnd2d6aDR0c2hoSnBvT0trV0RlcWxJVy1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82NGZmMGYtZTM1Ni00OGIzLTgzMGYt
MTU2NDk3YmZlOTNmLzEvWWtwN0IyNWdvdG55THg5bUR0U3pOcTk2VzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82NGZmMGYtZTM1Ni00OGIzLTgzMGYtMTU2NDk3YmZlOTNm
LzEvSUxnd2d6aDR0c2hoSnBvT0trV0RlcWxJVy1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuca4AwQA
we6vMBQEAgACMA4DBQMqCo1AAwUDKhEIgDANBgkqhkiG9w0BAQsFAAOCAQEAP0jZ
TnVeUje6lglegD8PhQQHoZiedQKeBNwVwFHuWU8vgam8wVVqeyc2oiYnkkfZAt2x
Mua6V/z7vvgZbhDA2GCbVZqpN3j1YQolLWqG/i0E/Lhjp7xrQFTUfhN9NV/gXo8I
wLo7OE8hKSlmgTYBb9KBP3RD0TVfpaK4xtOAqWYh1DoCQN22k5PDqdvrWctBloW9
vLLbCXOxm5AJIzaZ7GImWoSg33+r3MNQkbA6yEgPO7RcZf07CMRRSoG8SNc36/Mr
p+RjYFO4JA/2MlbL5xPeZdKPIi/ZKox29jUMes/xXDa7vwX9lZ9iMxJETUjjP0w+
fQgehbdzsoB6hnqveg==
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:34:18 2025 by rpki-client