Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/TUZ6y7pTC-5h8yiVjQcSGGkQXIQ.roa
File: TUZ6y7pTC-5h8yiVjQcSGGkQXIQ.roa (raw, json)
Hash identifier: RP8h/kz7Pd7+pel4dUfykVi8a9ETWLO7hEEL7qoA3AU=
Subject key identifier: 4D:46:7A:CB:BA:53:0B:EE:61:F3:28:95:8D:07:12:18:69:10:5C:84
Certificate issuer: /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial: 0194228DC9E1383D332E0575DFE35E2CAD81
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/TUZ6y7pTC-5h8yiVjQcSGGkQXIQ.roa
Signing time: Wed 01 Jan 2025 15:48:25 +0000
ROA not before: Wed 01 Jan 2025 15:48:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3170
IP address blocks: 83.97.16.0/22 maxlen: 24
91.240.224.0/24 maxlen: 24
185.17.196.0/22 maxlen: 24
185.175.90.0/24 maxlen: 24
188.64.34.0/23 maxlen: 24
188.64.36.0/22 maxlen: 24
193.35.56.0/22 maxlen: 24
193.105.188.0/24 maxlen: 24
194.69.165.0/24 maxlen: 24
195.74.52.0/22 maxlen: 24
195.144.8.0/24 maxlen: 24
195.191.218.0/23 maxlen: 24
2a03:ee40::/32 maxlen: 32
2a07:240::/29 maxlen: 48
2a10:4740::/29 maxlen: 48
2a11:2640::/32 maxlen: 32
2a11:2641::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 01:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:c9:e1:38:3d:33:2e:05:75:df:e3:5e:2c:ad:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
Validity
Not Before: Jan 1 15:48:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4d467acbba530bee61f328958d07121869105c84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:74:f0:96:f3:92:d8:a7:44:69:9e:02:04:5a:
0e:9b:1f:40:ff:47:32:83:38:84:11:93:00:5b:9f:
5d:b9:95:a3:62:7f:9f:54:61:a9:f1:18:c1:17:84:
05:ae:a1:1c:bf:d2:c8:30:7c:d6:77:0d:0a:c1:ea:
69:0b:44:95:d4:79:46:39:f7:42:78:fb:b8:aa:23:
23:fc:2f:57:86:d0:fa:07:d2:11:28:ba:27:ea:b1:
aa:08:7b:e1:d7:e0:73:3d:50:ee:d8:fd:64:71:b7:
ab:ee:54:04:88:7f:70:9d:85:3f:94:e6:37:f3:15:
05:65:56:e0:9f:85:67:0a:13:eb:63:8a:f5:fc:e7:
84:48:78:18:68:a7:bd:c9:1b:a3:94:8b:49:3b:2f:
ca:bb:5b:49:cc:db:ec:c7:c8:11:d4:ed:98:d8:3e:
2c:a5:26:84:62:61:2a:0f:f9:8d:a1:aa:7e:0f:34:
b5:7a:b9:f4:1a:17:e6:1d:f3:14:7d:80:64:2d:6e:
66:db:26:6c:78:18:2b:4a:26:ca:66:7a:57:d7:37:
57:57:3a:a2:f7:54:c5:5e:ea:75:40:6c:45:dd:29:
cb:ca:57:1d:4b:04:a2:3f:08:c5:61:f0:c5:e4:6a:
0f:6f:6f:c6:fc:a2:d1:53:ce:33:fd:de:13:6d:49:
2a:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:46:7A:CB:BA:53:0B:EE:61:F3:28:95:8D:07:12:18:69:10:5C:84
X509v3 Authority Key Identifier:
keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/TUZ6y7pTC-5h8yiVjQcSGGkQXIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.97.16.0/22
91.240.224.0/24
185.17.196.0/22
185.175.90.0/24
188.64.34.0-188.64.39.255
193.35.56.0/22
193.105.188.0/24
194.69.165.0/24
195.74.52.0/22
195.144.8.0/24
195.191.218.0/23
IPv6:
2a03:ee40::/32
2a07:240::/29
2a10:4740::/29
2a11:2640::/31
Signature Algorithm: sha256WithRSAEncryption
08:b7:1c:69:17:c4:5b:ce:c8:66:50:58:85:4d:3f:c0:f3:8a:
8b:3c:f8:a2:d1:18:99:0f:a7:89:b9:74:9c:b1:4c:d5:33:95:
04:26:63:b0:09:51:30:56:d2:fa:1c:c6:4b:f2:3f:9d:b2:69:
b7:2a:16:5b:c8:61:18:94:fb:32:6c:02:a5:66:1f:dc:b0:d6:
1c:8b:1d:f6:5f:66:98:7b:70:12:72:21:a9:20:d3:f5:2b:c2:
63:60:31:91:14:5b:11:d4:f1:9a:8f:41:c1:98:bd:39:1e:61:
e9:cb:9b:ae:82:2e:90:97:b0:99:95:d9:45:a9:51:af:cd:26:
12:67:57:9d:c7:3f:fa:07:c7:82:b5:1b:ec:5a:6e:60:f5:74:
fa:ba:70:cb:0b:17:6b:e7:31:77:75:3d:f8:60:fb:34:98:73:
01:0b:84:bc:cc:1f:09:14:a8:85:c5:ba:87:90:c4:a7:22:e5:
99:24:b0:1f:8d:fb:7b:93:76:fa:90:17:bf:da:63:14:be:2e:
a8:2d:5f:14:16:47:28:6c:39:f8:f5:d4:e5:24:d5:c1:be:58:
16:74:01:2e:94:da:00:88:7c:05:5d:25:f1:79:9a:c6:3d:ae:
32:4a:f1:13:59:f5:23:be:43:fa:dc:92:f4:f1:ec:f3:ee:b3:
34:34:b3:a6
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAZQijcnhOD0zLgV13+NeLK2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwMTAxMTU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ2N2FjYmJhNTMwYmVlNjFmMzI4OTU4ZDA3MTIxODY5MTA1Yzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3TwlvOS2KdEaZ4CBFoOmx9A/0cy
gziEEZMAW59duZWjYn+fVGGp8RjBF4QFrqEcv9LIMHzWdw0KweppC0SV1HlGOfdC
ePu4qiMj/C9XhtD6B9IRKLon6rGqCHvh1+BzPVDu2P1kcber7lQEiH9wnYU/lOY3
8xUFZVbgn4VnChPrY4r1/OeESHgYaKe9yRujlItJOy/Ku1tJzNvsx8gR1O2Y2D4s
pSaEYmEqD/mNoap+DzS1ern0GhfmHfMUfYBkLW5m2yZseBgrSibKZnpX1zdXVzqi
91TFXup1QGxF3SnLylcdSwSiPwjFYfDF5GoPb2/G/KLRU84z/d4TbUkqqwIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFE1Gesu6UwvuYfMolY0HEhhpEFyEMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvVFVaNnk3cFRDLTVoOHlpVmpRY1NHR2tRWElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwUAQCAAEwSgMEAlNhEAME
AFvw4AMEArkRxAMEALmvWjAMAwQBvEAiAwQDvEAgAwQCwSM4AwQAwWm8AwQAwkWl
AwQCw0o0AwQAw5AIAwQBw7/aMCIEAgACMBwDBQAqA+5AAwUDKgcCQAMFAyoQR0AD
BQEqESZAMA0GCSqGSIb3DQEBCwUAA4IBAQAItxxpF8RbzshmUFiFTT/A84qLPPii
0RiZD6eJuXScsUzVM5UEJmOwCVEwVtL6HMZL8j+dsmm3KhZbyGEYlPsybAKlZh/c
sNYcix32X2aYe3ASciGpINP1K8JjYDGRFFsR1PGaj0HBmL05HmHpy5uugi6Ql7CZ
ldlFqVGvzSYSZ1edxz/6B8eCtRvsWm5g9XT6unDLCxdr5zF3dT34YPs0mHMBC4S8
zB8JFKiFxbqHkMSnIuWZJLAfjft7k3b6kBe/2mMUvi6oLV8UFkcobDn49dTlJNXB
vlgWdAEulNoAiHwFXSXxeZrGPa4ySvETWfUjvkP63JL08ezz7rM0NLOm
-----END CERTIFICATE-----
Generated at Thu Apr 10 09:52:42 2025 by rpki-client