Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2fc40a-55e3-4aba-91b5-70b8871b8e20/1/YFIa0scc_xVUT5FKi7LKvASoEWc.roa
File: YFIa0scc_xVUT5FKi7LKvASoEWc.roa (raw, json)
Hash identifier: V1CwEQLm9iXZGzptcaHc4LFmcOryBT2Kfmx1HSv4RTc=
Subject key identifier: 60:52:1A:D2:C7:1C:FF:15:54:4F:91:4A:8B:B2:CA:BC:04:A8:11:67
Certificate issuer: /CN=633b6895fe4993397b66232bb0a2d3e3c625cc1b
Certificate serial: 01942143C96DD06E9E8334F79A9C37476DB0
Authority key identifier: 63:3B:68:95:FE:49:93:39:7B:66:23:2B:B0:A2:D3:E3:C6:25:CC:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yztolf5Jkzl7ZiMrsKLT48YlzBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2fc40a-55e3-4aba-91b5-70b8871b8e20/1/YFIa0scc_xVUT5FKi7LKvASoEWc.roa
Signing time: Wed 01 Jan 2025 09:47:58 +0000
ROA not before: Wed 01 Jan 2025 09:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202208
IP address blocks: 193.111.168.0/24 maxlen: 24
193.111.174.0/24 maxlen: 24
193.111.226.0/24 maxlen: 24
193.111.229.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2fc40a-55e3-4aba-91b5-70b8871b8e20/1/Yztolf5Jkzl7ZiMrsKLT48YlzBs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2fc40a-55e3-4aba-91b5-70b8871b8e20/1/Yztolf5Jkzl7ZiMrsKLT48YlzBs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Yztolf5Jkzl7ZiMrsKLT48YlzBs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 03:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:c9:6d:d0:6e:9e:83:34:f7:9a:9c:37:47:6d:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=633b6895fe4993397b66232bb0a2d3e3c625cc1b
Validity
Not Before: Jan 1 09:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=60521ad2c71cff15544f914a8bb2cabc04a81167
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:84:c3:61:39:4b:84:91:9e:f4:2c:23:45:5c:
6d:53:67:11:5e:67:7a:bc:7b:ee:d5:d6:fe:04:70:
e5:87:10:72:f3:09:ec:31:fb:58:44:ff:e0:f8:4a:
e8:7d:41:e9:26:08:16:bf:be:7a:34:67:c1:9e:69:
3e:8e:1b:0b:5d:0e:f1:9e:68:ea:73:61:cb:10:ff:
87:89:c2:af:7e:17:2e:b7:6b:23:92:33:8d:22:d9:
5b:fa:22:2e:be:4e:9b:f5:22:8e:ca:a8:cb:04:c6:
c8:80:fe:9e:ff:7d:a8:ae:45:6e:14:e5:b2:de:0c:
bc:55:b4:b0:dd:c9:a2:1b:3a:26:fc:e4:2f:2e:2c:
ea:31:8e:c6:fa:2d:ea:44:9b:2c:c5:44:73:50:ef:
42:6c:49:ce:a0:fc:e8:5d:dd:51:bf:32:f0:f5:25:
5c:73:f3:b8:e1:7c:88:e3:48:36:7e:a0:e1:4f:c3:
43:9f:1f:27:fc:a3:0b:c7:1b:76:96:40:7a:1f:07:
d2:54:61:3c:39:bb:11:34:a3:58:38:85:c7:1c:f4:
67:0e:04:84:bc:93:87:6a:b7:d3:96:43:17:ea:16:
90:fd:16:04:1e:76:88:2c:c2:4e:45:9c:84:67:fb:
26:02:f3:14:33:71:18:9a:c5:45:41:dd:f9:3d:de:
f4:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:52:1A:D2:C7:1C:FF:15:54:4F:91:4A:8B:B2:CA:BC:04:A8:11:67
X509v3 Authority Key Identifier:
keyid:63:3B:68:95:FE:49:93:39:7B:66:23:2B:B0:A2:D3:E3:C6:25:CC:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yztolf5Jkzl7ZiMrsKLT48YlzBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2fc40a-55e3-4aba-91b5-70b8871b8e20/1/YFIa0scc_xVUT5FKi7LKvASoEWc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2fc40a-55e3-4aba-91b5-70b8871b8e20/1/Yztolf5Jkzl7ZiMrsKLT48YlzBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.111.168.0/24
193.111.174.0/24
193.111.226.0/24
193.111.229.0/24
Signature Algorithm: sha256WithRSAEncryption
39:00:4a:ae:75:a5:8c:6a:30:5c:cd:d3:f5:43:51:0d:ba:4c:
b3:6b:4a:73:26:46:4b:f2:11:60:26:9e:ad:03:4b:d9:aa:a8:
bb:91:ca:90:c8:3f:98:b0:85:09:a4:1b:e2:a5:5a:12:9f:f0:
44:d3:e6:82:3a:49:ab:5c:f8:05:5b:e7:4d:5d:89:6f:82:e7:
99:cd:1a:14:07:69:25:d8:8d:b5:4f:f8:7e:88:1a:5f:c3:8b:
36:6d:1a:1a:38:0d:13:29:55:17:15:d1:21:d0:fa:d5:41:28:
70:9e:cb:1c:75:0a:dc:ba:76:40:a3:55:f2:46:53:d6:6c:e8:
4f:c7:51:b8:8d:64:c3:c3:36:cb:93:62:78:a6:af:2a:cd:3e:
a5:9f:58:ba:e0:0c:1a:c5:08:39:3f:f9:44:81:54:dd:5c:89:
f5:eb:72:e2:80:ff:e2:c5:2b:d1:9a:7c:52:6a:d8:ee:a7:52:
ba:5a:5b:d6:83:0a:f2:e5:3e:f5:e7:28:3f:6b:17:f6:36:b5:
6b:03:e2:90:d1:07:72:08:32:27:4f:18:e3:56:7c:9f:ba:d5:
ca:c9:2f:d9:44:cd:af:fc:c7:6f:1c:a0:5d:89:9d:f6:b7:51:
1d:70:7f:b6:98:d8:7d:74:6d:ff:ef:f2:a8:38:e3:02:b0:d3:
e7:f8:5d:85
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhQ8lt0G6egzT3mpw3R22wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzM2I2ODk1ZmU0OTkzMzk3YjY2MjMyYmIwYTJkM2UzYzYy
NWNjMWIwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDUyMWFkMmM3MWNmZjE1NTQ0ZjkxNGE4YmIyY2FiYzA0YTgxMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4TDYTlLhJGe9CwjRVxtU2cRXmd6
vHvu1db+BHDlhxBy8wnsMftYRP/g+ErofUHpJggWv756NGfBnmk+jhsLXQ7xnmjq
c2HLEP+HicKvfhcut2sjkjONItlb+iIuvk6b9SKOyqjLBMbIgP6e/32orkVuFOWy
3gy8VbSw3cmiGzom/OQvLizqMY7G+i3qRJssxURzUO9CbEnOoPzoXd1RvzLw9SVc
c/O44XyI40g2fqDhT8NDnx8n/KMLxxt2lkB6HwfSVGE8ObsRNKNYOIXHHPRnDgSE
vJOHarfTlkMX6haQ/RYEHnaILMJORZyEZ/smAvMUM3EYmsVFQd35Pd70NwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGBSGtLHHP8VVE+RSouyyrwEqBFnMB8GA1UdIwQY
MBaAFGM7aJX+SZM5e2YjK7Ci0+PGJcwbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXp0b2xmNUpremw3WmlNcnNLTFQ0OFlsekJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yZmM0MGEtNTVlMy00YWJhLTkxYjUt
NzBiODg3MWI4ZTIwLzEvWUZJYTBzY2NfeFZVVDVGS2k3TEt2QVNvRVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yZmM0MGEtNTVlMy00YWJhLTkxYjUtNzBiODg3MWI4ZTIw
LzEvWXp0b2xmNUpremw3WmlNcnNLTFQ0OFlsekJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwW+oAwQA
wW+uAwQAwW/iAwQAwW/lMA0GCSqGSIb3DQEBCwUAA4IBAQA5AEqudaWMajBczdP1
Q1ENukyza0pzJkZL8hFgJp6tA0vZqqi7kcqQyD+YsIUJpBvipVoSn/BE0+aCOkmr
XPgFW+dNXYlvgueZzRoUB2kl2I21T/h+iBpfw4s2bRoaOA0TKVUXFdEh0PrVQShw
nsscdQrcunZAo1XyRlPWbOhPx1G4jWTDwzbLk2J4pq8qzT6ln1i64AwaxQg5P/lE
gVTdXIn163LigP/ixSvRmnxSatjup1K6WlvWgwry5T715yg/axf2NrVrA+KQ0Qdy
CDInTxjjVnyfutXKyS/ZRM2v/MdvHKBdiZ32t1EdcH+2mNh9dG3/7/KoOOMCsNPn
+F2F
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:28:27 2025 by rpki-client