Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/03316d-04e0-4660-a63e-671839200604/1/YZGMIvadW2xPxhoSXpNJb8SDWu8.roa
File: YZGMIvadW2xPxhoSXpNJb8SDWu8.roa (raw, json)
Hash identifier: jQfGmlQO1sTVXZe+wmgboQPBpNBgVW+6jbuLSLsW9ZU=
Subject key identifier: 61:91:8C:22:F6:9D:5B:6C:4F:C6:1A:12:5E:93:49:6F:C4:83:5A:EF
Certificate issuer: /CN=a0bfd06ce855b62d9b688cd8c535d5f494cd3932
Certificate serial: 019420D5A4CB12652B9F00BB0399890D008C
Authority key identifier: A0:BF:D0:6C:E8:55:B6:2D:9B:68:8C:D8:C5:35:D5:F4:94:CD:39:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oL_QbOhVti2baIzYxTXV9JTNOTI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/03316d-04e0-4660-a63e-671839200604/1/YZGMIvadW2xPxhoSXpNJb8SDWu8.roa
Signing time: Wed 01 Jan 2025 07:47:39 +0000
ROA not before: Wed 01 Jan 2025 07:47:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51265
IP address blocks: 62.240.128.0/19 maxlen: 24
83.216.32.0/19 maxlen: 21
176.126.39.0/24 maxlen: 24
178.157.4.0/22 maxlen: 22
185.44.52.0/22 maxlen: 22
185.69.244.0/22 maxlen: 22
193.9.252.0/23 maxlen: 24
2a04:9540::/29 maxlen: 29
2a07:1740::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/03316d-04e0-4660-a63e-671839200604/1/oL_QbOhVti2baIzYxTXV9JTNOTI.crl
rsync://rpki.ripe.net/repository/DEFAULT/d1/03316d-04e0-4660-a63e-671839200604/1/oL_QbOhVti2baIzYxTXV9JTNOTI.mft
rsync://rpki.ripe.net/repository/DEFAULT/oL_QbOhVti2baIzYxTXV9JTNOTI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 19:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:a4:cb:12:65:2b:9f:00:bb:03:99:89:0d:00:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0bfd06ce855b62d9b688cd8c535d5f494cd3932
Validity
Not Before: Jan 1 07:47:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=61918c22f69d5b6c4fc61a125e93496fc4835aef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:67:30:cc:49:02:59:2f:4a:06:67:29:a5:e0:
af:db:bf:30:3b:9a:80:94:35:74:27:0b:ff:35:2d:
39:9a:ad:7c:16:b8:63:8d:fb:6f:43:f5:88:25:b0:
9e:76:18:5f:2c:ef:9d:b0:4f:08:2a:26:0b:32:be:
c2:8b:8a:2d:79:e3:13:65:5e:f7:3e:77:4b:08:dd:
46:5b:f4:4e:46:f5:56:55:09:bb:75:3d:a1:84:08:
72:d9:9e:96:f9:71:3f:ae:cb:2d:a4:2e:8d:b8:05:
61:76:ee:99:6c:76:9f:a0:3c:ae:a4:4f:91:4e:10:
f3:75:76:a8:46:67:5d:67:42:d4:48:fc:4d:55:7e:
cb:52:f5:f2:02:c9:50:81:90:96:d3:5c:47:f8:79:
3d:16:21:8d:ca:17:39:fb:4b:f6:f9:7c:69:e8:8c:
02:f3:4c:1b:aa:7f:b1:ce:10:27:d0:d4:3d:e0:eb:
71:bb:7e:47:5a:7b:d2:bd:32:bb:d5:29:3d:21:34:
6e:87:0d:26:c6:92:6b:22:49:73:13:70:9f:51:26:
e8:8a:72:3f:a5:e8:8a:49:54:af:73:0a:65:92:90:
9e:61:e4:8e:76:11:ef:51:c4:7f:ab:6b:45:c3:2f:
a8:99:21:53:57:a2:a2:4b:fe:8b:c6:58:36:c1:f8:
f3:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:91:8C:22:F6:9D:5B:6C:4F:C6:1A:12:5E:93:49:6F:C4:83:5A:EF
X509v3 Authority Key Identifier:
keyid:A0:BF:D0:6C:E8:55:B6:2D:9B:68:8C:D8:C5:35:D5:F4:94:CD:39:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oL_QbOhVti2baIzYxTXV9JTNOTI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/03316d-04e0-4660-a63e-671839200604/1/YZGMIvadW2xPxhoSXpNJb8SDWu8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/03316d-04e0-4660-a63e-671839200604/1/oL_QbOhVti2baIzYxTXV9JTNOTI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.240.128.0/19
83.216.32.0/19
176.126.39.0/24
178.157.4.0/22
185.44.52.0/22
185.69.244.0/22
193.9.252.0/23
IPv6:
2a04:9540::/29
2a07:1740::/29
Signature Algorithm: sha256WithRSAEncryption
30:8c:c1:67:8b:6f:4f:41:d0:00:f0:2a:28:4b:41:2d:5a:7b:
a6:dc:e4:4c:cf:62:f3:a6:3f:67:9c:15:b0:f9:99:8f:78:e6:
a1:57:bb:d6:1e:67:5a:6f:8a:89:f9:55:44:72:8b:1a:1d:31:
9d:1f:ff:1f:42:4e:ae:cb:ee:05:a6:aa:81:ca:29:cd:71:21:
7f:ca:1e:ac:ca:3a:b4:41:0d:3c:fb:67:77:39:88:13:c3:2f:
92:d5:8a:14:07:45:52:14:04:98:fd:6e:96:57:99:da:59:64:
5e:5c:2a:2a:ea:b4:02:80:25:d3:04:81:aa:69:b9:10:5c:26:
46:f2:a1:03:a7:62:5a:c9:c5:b4:64:be:f3:f5:66:d2:a9:8c:
fa:82:01:88:72:2d:c4:9c:d7:1b:23:fc:ee:dd:07:db:e2:63:
cc:36:6a:33:42:8a:28:24:30:69:4f:84:91:3d:d6:94:6c:8d:
91:e0:38:3b:22:c4:bc:97:a3:8d:93:3f:35:10:89:e2:f4:b9:
f1:94:26:ac:97:3f:48:81:c7:97:5b:71:be:80:50:10:44:15:
a9:9e:0f:d1:08:28:5b:49:59:e5:55:26:56:82:3e:9b:9b:e1:
94:56:bc:83:3c:77:b4:63:70:99:11:f2:6e:2a:c3:63:b3:e0:
d4:83:f3:2d
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQg1aTLEmUrnwC7A5mJDQCMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYmZkMDZjZTg1NWI2MmQ5YjY4OGNkOGM1MzVkNWY0OTRj
ZDM5MzIwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTkxOGMyMmY2OWQ1YjZjNGZjNjFhMTI1ZTkzNDk2ZmM0ODM1YWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52cwzEkCWS9KBmcppeCv278wO5qA
lDV0Jwv/NS05mq18FrhjjftvQ/WIJbCedhhfLO+dsE8IKiYLMr7Ci4oteeMTZV73
PndLCN1GW/RORvVWVQm7dT2hhAhy2Z6W+XE/rsstpC6NuAVhdu6ZbHafoDyupE+R
ThDzdXaoRmddZ0LUSPxNVX7LUvXyAslQgZCW01xH+Hk9FiGNyhc5+0v2+Xxp6IwC
80wbqn+xzhAn0NQ94Otxu35HWnvSvTK71Sk9ITRuhw0mxpJrIklzE3CfUSboinI/
peiKSVSvcwplkpCeYeSOdhHvUcR/q2tFwy+omSFTV6KiS/6Lxlg2wfjzjwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFGGRjCL2nVtsT8YaEl6TSW/Eg1rvMB8GA1UdIwQY
MBaAFKC/0GzoVbYtm2iM2MU11fSUzTkyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0xfUWJPaFZ0aTJiYUl6WXhUWFY5SlROT1RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wMzMxNmQtMDRlMC00NjYwLWE2M2Ut
NjcxODM5MjAwNjA0LzEvWVpHTUl2YWRXMnhQeGhvU1hwTkpiOFNEV3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wMzMxNmQtMDRlMC00NjYwLWE2M2UtNjcxODM5MjAwNjA0
LzEvb0xfUWJPaFZ0aTJiYUl6WXhUWFY5SlROT1RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQFPvCAAwQF
U9ggAwQAsH4nAwQCsp0EAwQCuSw0AwQCuUX0AwQBwQn8MBQEAgACMA4DBQMqBJVA
AwUDKgcXQDANBgkqhkiG9w0BAQsFAAOCAQEAMIzBZ4tvT0HQAPAqKEtBLVp7ptzk
TM9i86Y/Z5wVsPmZj3jmoVe71h5nWm+KiflVRHKLGh0xnR//H0JOrsvuBaaqgcop
zXEhf8oerMo6tEENPPtndzmIE8MvktWKFAdFUhQEmP1ulleZ2llkXlwqKuq0AoAl
0wSBqmm5EFwmRvKhA6diWsnFtGS+8/Vm0qmM+oIBiHItxJzXGyP87t0H2+JjzDZq
M0KKKCQwaU+EkT3WlGyNkeA4OyLEvJejjZM/NRCJ4vS58ZQmrJc/SIHHl1txvoBQ
EEQVqZ4P0QgoW0lZ5VUmVoI+m5vhlFa8gzx3tGNwmRHybirDY7Pg1IPzLQ==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:52:46 2025 by rpki-client