Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ca0f55-5774-45de-a6c0-782c780e7c1c/1/EbZ-PzExvsrKZ1aOLdbMth19YQY.roa
File: EbZ-PzExvsrKZ1aOLdbMth19YQY.roa (raw, json)
Hash identifier: Y23B6h9Jehv4hPRBbE1Q/MgzAwC8F0dy1/k/s/bejkY=
Subject key identifier: 11:B6:7E:3F:31:31:BE:CA:CA:67:56:8E:2D:D6:CC:B6:1D:7D:61:06
Certificate issuer: /CN=74fb3a6b7fc28e8674e611cb098076f0e4c557c2
Certificate serial: 019422FB63F3434D4319988EC423C9BD7954
Authority key identifier: 74:FB:3A:6B:7F:C2:8E:86:74:E6:11:CB:09:80:76:F0:E4:C5:57:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dPs6a3_CjoZ05hHLCYB28OTFV8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/ca0f55-5774-45de-a6c0-782c780e7c1c/1/EbZ-PzExvsrKZ1aOLdbMth19YQY.roa
Signing time: Wed 01 Jan 2025 17:48:07 +0000
ROA not before: Wed 01 Jan 2025 17:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209004
IP address blocks: 45.11.72.0/22 maxlen: 24
45.11.72.0/23 maxlen: 24
45.11.72.0/24 maxlen: 24
45.11.73.0/24 maxlen: 24
45.11.74.0/23 maxlen: 23
45.11.74.0/24 maxlen: 24
45.11.75.0/24 maxlen: 24
2a0e:6700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/ca0f55-5774-45de-a6c0-782c780e7c1c/1/dPs6a3_CjoZ05hHLCYB28OTFV8I.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/ca0f55-5774-45de-a6c0-782c780e7c1c/1/dPs6a3_CjoZ05hHLCYB28OTFV8I.mft
rsync://rpki.ripe.net/repository/DEFAULT/dPs6a3_CjoZ05hHLCYB28OTFV8I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:63:f3:43:4d:43:19:98:8e:c4:23:c9:bd:79:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74fb3a6b7fc28e8674e611cb098076f0e4c557c2
Validity
Not Before: Jan 1 17:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=11b67e3f3131becaca67568e2dd6ccb61d7d6106
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:8d:9f:94:5e:8e:4e:28:79:f2:3e:3a:c6:50:
f0:b0:4a:c2:3d:0d:0a:cf:7b:9f:52:40:90:18:03:
34:25:a1:d9:03:38:20:c3:ee:fd:c6:0c:9f:c5:59:
7e:e2:a4:3d:c6:67:4b:ea:7c:a9:83:4f:b8:86:79:
e8:ac:55:20:e6:d9:67:6f:37:80:9f:9d:53:34:c3:
53:e3:d8:10:50:66:15:79:02:f0:a7:b1:73:4b:bf:
2a:8f:b1:8f:b0:15:a1:09:1d:2c:49:01:6e:8f:5d:
20:01:39:66:bc:3d:7e:35:43:1d:ea:38:fb:76:69:
42:84:13:aa:15:a4:75:f4:b8:31:55:bd:b2:1b:df:
b8:0e:59:c9:37:51:a0:59:84:be:ff:b2:f1:2d:53:
a2:5c:90:0d:c5:b3:7f:fd:37:42:6c:6a:17:b3:3f:
0a:a1:0c:59:8f:47:1a:8a:e2:88:78:c4:5c:91:27:
0c:2f:f1:71:13:13:09:f5:0d:9f:a8:64:7d:ec:ba:
b7:40:3e:a5:20:de:52:53:04:37:e2:74:ad:60:b6:
f0:af:c6:4e:79:c6:48:b4:a4:0b:af:31:31:d8:40:
32:52:30:ca:f8:aa:ad:ec:59:a5:18:52:d7:57:1b:
f7:fe:9f:c6:70:ed:86:af:d0:b4:26:c6:da:c1:a2:
96:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:B6:7E:3F:31:31:BE:CA:CA:67:56:8E:2D:D6:CC:B6:1D:7D:61:06
X509v3 Authority Key Identifier:
keyid:74:FB:3A:6B:7F:C2:8E:86:74:E6:11:CB:09:80:76:F0:E4:C5:57:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dPs6a3_CjoZ05hHLCYB28OTFV8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ca0f55-5774-45de-a6c0-782c780e7c1c/1/EbZ-PzExvsrKZ1aOLdbMth19YQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ca0f55-5774-45de-a6c0-782c780e7c1c/1/dPs6a3_CjoZ05hHLCYB28OTFV8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.72.0/22
IPv6:
2a0e:6700::/29
Signature Algorithm: sha256WithRSAEncryption
07:15:42:5f:5e:a8:e3:25:22:25:d3:98:e0:d6:bc:9f:90:d6:
0b:0f:5b:60:1e:d9:ff:a5:9d:41:88:0c:43:2a:cb:55:e0:95:
b8:05:0f:e3:fb:c2:14:e8:a5:6e:b6:78:13:64:f9:43:87:c7:
0b:ed:ce:aa:77:9f:98:51:01:9a:da:2b:03:18:d8:2b:23:9d:
66:85:84:f3:1d:29:09:cb:35:4b:d8:2a:f2:87:c1:f2:da:da:
e5:03:08:2f:60:c7:0e:f1:76:25:e8:bf:6e:8e:1a:27:80:8c:
c1:4c:2b:ad:29:29:0f:7b:f3:89:b9:07:05:ba:64:a4:1a:b7:
ad:8c:b1:18:5f:ad:e1:ad:c1:41:39:f0:31:12:a8:35:7b:bd:
14:c2:a8:e8:a3:ed:11:a6:d9:df:4d:1c:83:25:60:03:0f:a6:
2f:50:61:f8:09:8b:15:78:a0:10:71:28:a9:c3:93:df:8c:82:
1a:0d:c6:36:7f:93:3d:91:21:b7:46:7b:53:77:fd:cf:81:af:
d4:a2:a2:be:27:8d:73:b4:38:32:ae:a1:f4:27:bf:34:da:f7:
c0:8b:9b:8c:76:9a:50:11:6b:b4:94:46:f8:77:5c:d1:cf:d8:
6f:c3:c6:57:1a:cb:05:26:8e:15:2f:ed:85:63:d6:ea:8a:7b:
3c:e5:94:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+2PzQ01DGZiOxCPJvXlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZmIzYTZiN2ZjMjhlODY3NGU2MTFjYjA5ODA3NmYwZTRj
NTU3YzIwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI2N2UzZjMxMzFiZWNhY2E2NzU2OGUyZGQ2Y2NiNjFkN2Q2MTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp42flF6OTih58j46xlDwsErCPQ0K
z3ufUkCQGAM0JaHZAzggw+79xgyfxVl+4qQ9xmdL6nypg0+4hnnorFUg5tlnbzeA
n51TNMNT49gQUGYVeQLwp7FzS78qj7GPsBWhCR0sSQFuj10gATlmvD1+NUMd6jj7
dmlChBOqFaR19LgxVb2yG9+4DlnJN1GgWYS+/7LxLVOiXJANxbN//TdCbGoXsz8K
oQxZj0caiuKIeMRckScML/FxExMJ9Q2fqGR97Lq3QD6lIN5SUwQ34nStYLbwr8ZO
ecZItKQLrzEx2EAyUjDK+Kqt7FmlGFLXVxv3/p/GcO2Gr9C0JsbawaKWyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBG2fj8xMb7KymdWji3WzLYdfWEGMB8GA1UdIwQY
MBaAFHT7Omt/wo6GdOYRywmAdvDkxVfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFBzNmEzX0Nqb1owNWhITENZQjI4T1RGVjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jYTBmNTUtNTc3NC00NWRlLWE2YzAt
NzgyYzc4MGU3YzFjLzEvRWJaLVB6RXh2c3JLWjFhT0xkYk10aDE5WVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jYTBmNTUtNTc3NC00NWRlLWE2YzAtNzgyYzc4MGU3YzFj
LzEvZFBzNmEzX0Nqb1owNWhITENZQjI4T1RGVjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQtIMA0E
AgACMAcDBQMqDmcAMA0GCSqGSIb3DQEBCwUAA4IBAQAHFUJfXqjjJSIl05jg1ryf
kNYLD1tgHtn/pZ1BiAxDKstV4JW4BQ/j+8IU6KVutngTZPlDh8cL7c6qd5+YUQGa
2isDGNgrI51mhYTzHSkJyzVL2Cryh8Hy2trlAwgvYMcO8XYl6L9ujhongIzBTCut
KSkPe/OJuQcFumSkGretjLEYX63hrcFBOfAxEqg1e70Uwqjoo+0RptnfTRyDJWAD
D6YvUGH4CYsVeKAQcSipw5PfjIIaDcY2f5M9kSG3RntTd/3Pga/UoqK+J41ztDgy
rqH0J7802vfAi5uMdppQEWu0lEb4d1zRz9hvw8ZXGssFJo4VL+2FY9bqins85ZQC
-----END CERTIFICATE-----
Generated at Sat Apr 19 08:11:46 2025 by rpki-client