Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/XZBUdypJdRsW9C7-bbCqwM2XeyY.roa
File: XZBUdypJdRsW9C7-bbCqwM2XeyY.roa (raw, json)
Hash identifier: Sw9HTQQH5rOvV845qg6T2/HMx+a+lVBlr9o8rtw6bfM=
Subject key identifier: 5D:90:54:77:2A:49:75:1B:16:F4:2E:FE:6D:B0:AA:C0:CD:97:7B:26
Certificate issuer: /CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Certificate serial: 0194274758F50275B006B7033779AB62AF75
Authority key identifier: 53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/XZBUdypJdRsW9C7-bbCqwM2XeyY.roa
Signing time: Thu 02 Jan 2025 13:49:34 +0000
ROA not before: Thu 02 Jan 2025 13:49:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205842
IP address blocks: 185.202.72.0/23 maxlen: 23
185.202.74.0/23 maxlen: 23
185.239.188.0/23 maxlen: 23
2a0a:d2c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 23:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:58:f5:02:75:b0:06:b7:03:37:79:ab:62:af:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Validity
Not Before: Jan 2 13:49:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d9054772a49751b16f42efe6db0aac0cd977b26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bd:a2:24:7d:02:00:1b:58:92:f6:cd:83:bf:
4a:47:b3:b4:7e:f9:95:20:59:36:28:3d:74:cf:c2:
1a:6a:31:a5:87:05:d7:a7:71:62:56:22:84:db:55:
8a:42:8d:8b:84:a5:bb:a1:38:79:44:4e:7f:49:cd:
5b:45:1b:47:06:4b:42:11:0c:27:4a:db:64:a3:7c:
95:98:8b:b9:c2:6f:9e:b2:3d:24:b9:60:5d:59:bf:
a0:8e:06:d4:c5:1d:ee:6f:3f:ad:18:7d:d3:73:49:
a5:b3:73:1e:5a:c6:a8:68:f1:e2:45:40:23:48:8a:
b9:18:ac:30:02:19:a4:df:81:34:ea:94:a8:35:5f:
c9:0c:a2:e5:2b:d1:e1:a8:b7:04:8d:e0:41:ac:7b:
c0:80:f9:57:2c:ef:26:96:33:ab:24:0a:66:19:cf:
f9:5b:ab:16:81:17:4c:54:9a:0c:ed:d5:37:c0:66:
06:8a:85:28:b9:18:86:c3:d1:1d:0d:41:01:b9:1c:
84:82:e7:65:a1:22:ce:08:1e:6b:d3:0e:0e:f8:f0:
4b:b8:39:b5:cb:12:63:e6:1c:6b:ed:c9:e5:53:be:
57:95:89:67:ae:9f:8e:c8:80:a3:cd:1c:3d:5c:ef:
db:38:d4:16:2d:b0:4a:78:d6:09:3e:3d:f6:32:7d:
a6:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:90:54:77:2A:49:75:1B:16:F4:2E:FE:6D:B0:AA:C0:CD:97:7B:26
X509v3 Authority Key Identifier:
keyid:53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/XZBUdypJdRsW9C7-bbCqwM2XeyY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.202.72.0/22
185.239.188.0/23
IPv6:
2a0a:d2c0::/29
Signature Algorithm: sha256WithRSAEncryption
35:70:fe:b6:5f:fe:45:bf:5a:d5:d6:8c:1b:c2:97:27:11:fe:
41:54:e2:a1:a0:6d:84:84:10:2e:73:a1:e9:86:94:15:91:e9:
79:4f:d2:36:d5:18:86:d4:9c:76:38:8e:2e:b5:df:5e:ac:a0:
ae:1e:0c:32:70:5e:04:38:93:85:43:38:37:46:c8:be:38:a7:
49:a7:f0:92:6e:8a:08:e0:d0:3a:e2:85:b3:02:3b:1b:32:87:
3d:b0:d1:0d:0d:7d:27:4d:f3:19:05:1c:59:1b:72:9d:a5:cb:
d8:62:1e:fd:d0:33:61:56:00:1c:88:5b:b5:ea:34:6f:5f:38:
25:17:d9:80:95:a6:10:c9:70:43:09:9c:1b:9a:da:0b:3b:30:
d4:74:cf:28:04:33:9a:8a:87:7d:9e:fc:73:63:d0:0c:39:7e:
61:c3:e8:a4:69:0e:38:1f:ec:9b:ac:3a:a9:b0:a6:07:3f:b2:
55:21:4b:75:0e:6a:76:c2:a2:91:f8:6c:22:29:1d:1f:c6:67:
65:8a:44:35:63:01:62:9c:58:d4:9a:35:51:fc:e1:6b:40:a8:
ea:bd:bf:96:16:a2:cc:3f:d8:e7:bd:e2:ee:30:b8:de:f8:e2:
60:f1:2f:96:a1:ae:70:88:88:0b:70:32:a7:38:da:89:45:df:
69:11:12:43
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnR1j1AnWwBrcDN3mrYq91MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDAzNTlmOWY4YjIwODE1Y2U0ZDk4OGUxMDliZjgyMzA2
ZTRjNzQwHhcNMjUwMTAyMTM0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDkwNTQ3NzJhNDk3NTFiMTZmNDJlZmU2ZGIwYWFjMGNkOTc3YjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur2iJH0CABtYkvbNg79KR7O0fvmV
IFk2KD10z8IaajGlhwXXp3FiViKE21WKQo2LhKW7oTh5RE5/Sc1bRRtHBktCEQwn
Sttko3yVmIu5wm+esj0kuWBdWb+gjgbUxR3ubz+tGH3Tc0mls3MeWsaoaPHiRUAj
SIq5GKwwAhmk34E06pSoNV/JDKLlK9HhqLcEjeBBrHvAgPlXLO8mljOrJApmGc/5
W6sWgRdMVJoM7dU3wGYGioUouRiGw9EdDUEBuRyEgudloSLOCB5r0w4O+PBLuDm1
yxJj5hxr7cnlU75XlYlnrp+OyICjzRw9XO/bONQWLbBKeNYJPj32Mn2mmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF2QVHcqSXUbFvQu/m2wqsDNl3smMB8GA1UdIwQY
MBaAFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTkt
YTZjNDljZTkwNzU2LzEvWFpCVWR5cEpkUnNXOUM3LWJiQ3F3TTJYZXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTktYTZjNDljZTkwNzU2
LzEvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCucpIAwQB
ue+8MA0EAgACMAcDBQMqCtLAMA0GCSqGSIb3DQEBCwUAA4IBAQA1cP62X/5Fv1rV
1owbwpcnEf5BVOKhoG2EhBAuc6HphpQVkel5T9I21RiG1Jx2OI4utd9erKCuHgwy
cF4EOJOFQzg3Rsi+OKdJp/CSbooI4NA64oWzAjsbMoc9sNENDX0nTfMZBRxZG3Kd
pcvYYh790DNhVgAciFu16jRvXzglF9mAlaYQyXBDCZwbmtoLOzDUdM8oBDOaiod9
nvxzY9AMOX5hw+ikaQ44H+ybrDqpsKYHP7JVIUt1Dmp2wqKR+GwiKR0fxmdlikQ1
YwFinFjUmjVR/OFrQKjqvb+WFqLMP9jnveLuMLje+OJg8S+Woa5wiIgLcDKnONqJ
Rd9pERJD
-----END CERTIFICATE-----
Generated at Thu Apr 10 05:07:16 2025 by rpki-client