Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/sQHnIxiTXdDvzwTuqD8p9cUZpbk.roa
File: sQHnIxiTXdDvzwTuqD8p9cUZpbk.roa (raw, json)
Hash identifier: biOURbaVfbs816gF/jx/GDITj2SuRtw3EAQo7PheBYY=
Subject key identifier: B1:01:E7:23:18:93:5D:D0:EF:CF:04:EE:A8:3F:29:F5:C5:19:A5:B9
Certificate issuer: /CN=5cfe3881f3c44774f51cc75ee7e6f91c5565a606
Certificate serial: 0196C4CE842DF70A753C57B41E1CCC925D04
Authority key identifier: 5C:FE:38:81:F3:C4:47:74:F5:1C:C7:5E:E7:E6:F9:1C:55:65:A6:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/sQHnIxiTXdDvzwTuqD8p9cUZpbk.roa
Signing time: Mon 12 May 2025 14:03:10 +0000
ROA not before: Mon 12 May 2025 14:03:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 185.133.68.0/22 maxlen: 24
185.153.56.0/22 maxlen: 24
193.104.32.0/24 maxlen: 24
2a05:2440::/29 maxlen: 48
2a07:8880::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.mft
rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Jun 2025 14:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c4:ce:84:2d:f7:0a:75:3c:57:b4:1e:1c:cc:92:5d:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5cfe3881f3c44774f51cc75ee7e6f91c5565a606
Validity
Not Before: May 12 14:03:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b101e72318935dd0efcf04eea83f29f5c519a5b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:8b:38:40:af:b9:af:26:ec:61:6a:38:0b:75:
44:c5:4b:1f:02:4c:28:18:2a:d9:85:5c:e2:37:6d:
78:4e:bf:37:03:8d:fd:80:be:e9:c6:1d:5d:a0:d9:
ae:2d:44:be:60:fd:07:3c:65:8f:5a:cd:a9:ec:b6:
5f:28:d5:2a:ee:7e:5c:af:ea:2d:87:f8:87:be:b8:
c3:53:9a:47:6d:63:29:37:e0:eb:bd:72:bf:53:0c:
68:b7:cb:ec:dc:61:41:90:80:fe:87:76:f5:84:4a:
2d:77:1b:a1:e1:77:10:5a:c7:92:b8:97:ef:b9:23:
29:85:5c:f7:00:11:36:b5:fc:1f:6e:e0:bc:19:bc:
33:19:c8:16:9b:a6:12:0d:0c:a0:f0:2c:67:93:24:
f1:e4:fe:9b:f9:03:c8:b1:16:b7:fc:1f:3d:14:47:
20:86:04:53:58:e1:72:ac:5c:d6:f3:9a:01:47:c7:
70:cf:d5:87:8a:60:70:8c:ed:94:2c:af:29:3d:06:
04:bd:ec:a0:7f:eb:91:9e:f1:22:4c:8b:32:fe:09:
b0:06:34:b6:f7:df:09:22:c2:4c:2c:fb:c3:a2:de:
f4:ba:b2:3b:cc:70:f4:28:1e:85:59:52:f1:c3:14:
f1:d3:8c:9e:62:4a:d3:07:75:25:59:fd:3e:6b:d6:
28:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:01:E7:23:18:93:5D:D0:EF:CF:04:EE:A8:3F:29:F5:C5:19:A5:B9
X509v3 Authority Key Identifier:
keyid:5C:FE:38:81:F3:C4:47:74:F5:1C:C7:5E:E7:E6:F9:1C:55:65:A6:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/sQHnIxiTXdDvzwTuqD8p9cUZpbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.133.68.0/22
185.153.56.0/22
193.104.32.0/24
IPv6:
2a05:2440::/29
2a07:8880::/29
Signature Algorithm: sha256WithRSAEncryption
94:a3:72:be:9a:c6:42:30:c1:39:3a:40:46:64:4c:a7:7e:83:
d2:ed:3c:d1:ce:43:5c:6a:b4:fd:47:24:90:2e:78:80:32:31:
07:0a:36:8b:39:27:a1:61:bb:50:f4:d3:59:b8:91:de:96:8c:
26:7e:75:7f:91:b9:66:9b:38:f1:fd:35:9e:e2:20:89:c2:a8:
7c:8a:3b:37:1d:e9:27:f4:f9:36:4f:a5:4d:bc:95:72:55:e3:
d4:dd:62:a3:0a:2a:da:5b:39:4e:e0:29:84:95:ac:8c:87:a0:
f6:9b:26:78:8e:5e:41:b1:d4:48:5c:65:47:e4:75:8a:1d:11:
cc:74:08:4c:0d:36:13:b2:9b:64:3b:89:2c:86:41:00:7c:c3:
ad:89:2b:f2:6f:53:70:34:9b:d1:c1:bf:b2:f3:7b:32:f4:6b:
51:ff:d0:9d:7a:d0:98:f5:e1:f1:e8:ad:45:90:e8:8a:10:40:
28:56:ab:da:96:03:c3:d7:69:ac:fc:4f:f6:55:16:40:11:43:
7d:2a:97:6b:e1:f8:15:0d:dd:5b:fb:6a:74:42:ed:84:c7:a7:
9e:58:89:ca:d2:13:f6:b6:ed:91:23:2e:2c:bc:a4:01:cc:c8:
2f:b3:ba:10:f5:a3:f9:b8:a9:f5:0b:bf:e0:d0:88:8d:02:49:
d6:6b:38:ab
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZbEzoQt9wp1PFe0HhzMkl0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZmUzODgxZjNjNDQ3NzRmNTFjYzc1ZWU3ZTZmOTFjNTU2
NWE2MDYwHhcNMjUwNTEyMTQwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTAxZTcyMzE4OTM1ZGQwZWZjZjA0ZWVhODNmMjlmNWM1MTlhNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIs4QK+5rybsYWo4C3VExUsfAkwo
GCrZhVziN214Tr83A439gL7pxh1doNmuLUS+YP0HPGWPWs2p7LZfKNUq7n5cr+ot
h/iHvrjDU5pHbWMpN+DrvXK/Uwxot8vs3GFBkID+h3b1hEotdxuh4XcQWseSuJfv
uSMphVz3ABE2tfwfbuC8GbwzGcgWm6YSDQyg8CxnkyTx5P6b+QPIsRa3/B89FEcg
hgRTWOFyrFzW85oBR8dwz9WHimBwjO2ULK8pPQYEveygf+uRnvEiTIsy/gmwBjS2
998JIsJMLPvDot70urI7zHD0KB6FWVLxwxTx04yeYkrTB3UlWf0+a9YoAwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFLEB5yMYk13Q788E7qg/KfXFGaW5MB8GA1UdIwQY
MBaAFFz+OIHzxEd09RzHXufm+RxVZaYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFA0NGdmUEVSM1QxSE1kZTUtYjVIRlZscGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81MjYwZDAtMTg1NS00ZjMwLWI4ZWYt
N2M5OTgwNzlhNmE5LzEvc1FIbkl4aVRYZER2endUdXFEOHA5Y1VacGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81MjYwZDAtMTg1NS00ZjMwLWI4ZWYtN2M5OTgwNzlhNmE5
LzEvWFA0NGdmUEVSM1QxSE1kZTUtYjVIRlZscGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCuYVEAwQC
uZk4AwQAwWggMBQEAgACMA4DBQMqBSRAAwUDKgeIgDANBgkqhkiG9w0BAQsFAAOC
AQEAlKNyvprGQjDBOTpARmRMp36D0u080c5DXGq0/UckkC54gDIxBwo2izknoWG7
UPTTWbiR3paMJn51f5G5Zps48f01nuIgicKofIo7Nx3pJ/T5Nk+lTbyVclXj1N1i
owoq2ls5TuAphJWsjIeg9psmeI5eQbHUSFxlR+R1ih0RzHQITA02E7KbZDuJLIZB
AHzDrYkr8m9TcDSb0cG/svN7MvRrUf/QnXrQmPXh8eitRZDoihBAKFar2pYDw9dp
rPxP9lUWQBFDfSqXa+H4FQ3dW/tqdELthMennliJytIT9rbtkSMuLLykAczIL7O6
EPWj+bip9Qu/4NCIjQJJ1ms4qw==
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:48:36 2025 by rpki-client