Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tLvM5eevvrR9iU8H6ablxUwSOUY.roa
File: tLvM5eevvrR9iU8H6ablxUwSOUY.roa (raw, json)
Hash identifier: oDTca/C38CLFsMpoDFGnsoqqhci9t9TURnBExU+Mrpk=
Subject key identifier: B4:BB:CC:E5:E7:AF:BE:B4:7D:89:4F:07:E9:A6:E5:C5:4C:12:39:46
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 01959007921369074D26814D007B5BA7A6B8
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tLvM5eevvrR9iU8H6ablxUwSOUY.roa
Signing time: Thu 13 Mar 2025 15:02:49 +0000
ROA not before: Thu 13 Mar 2025 15:02:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199902
IP address blocks: 192.36.83.0/24 maxlen: 24
192.36.97.0/24 maxlen: 24
192.71.188.0/24 maxlen: 24
192.71.190.0/24 maxlen: 24
192.71.191.0/24 maxlen: 24
192.121.3.0/24 maxlen: 24
192.121.120.0/24 maxlen: 24
2a01:280:300::/48 maxlen: 48
2a01:280:301::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 08:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:90:07:92:13:69:07:4d:26:81:4d:00:7b:5b:a7:a6:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Mar 13 15:02:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b4bbcce5e7afbeb47d894f07e9a6e5c54c123946
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:a0:81:23:d5:07:ee:53:8a:43:b9:29:19:39:
5f:83:c1:6c:d4:51:38:b3:39:87:2b:a6:7e:b5:ab:
e1:3a:58:82:4d:36:28:d5:f1:02:8d:b6:08:7a:b3:
04:cc:3a:88:26:49:dd:ce:7d:0e:34:ea:a4:5a:a5:
e5:13:af:97:55:0e:0b:e1:5c:ac:94:e8:73:e4:e3:
f5:21:fd:cf:55:1a:89:ce:93:27:79:0d:fa:7d:e1:
0d:53:f4:c3:9e:69:af:0d:a8:f2:7a:ed:1e:4f:af:
9c:04:a3:27:4f:71:32:93:db:77:2e:08:10:9a:19:
c3:5f:41:76:bd:f3:e1:0b:12:88:8f:56:b0:e7:e7:
29:1e:9a:cb:6d:94:ee:33:8f:96:79:be:83:91:e3:
15:b3:0b:6c:02:37:00:91:a9:11:18:f2:19:8c:d0:
15:57:d7:1e:36:2c:0c:55:46:72:61:44:0e:0a:85:
eb:eb:18:19:0d:69:19:d7:4a:52:a5:b8:7d:96:76:
2f:2d:e9:5f:45:de:97:38:12:4f:2d:e6:dc:df:33:
d9:71:25:ed:a6:3b:56:7d:c4:ec:7c:63:4d:6b:cd:
04:d9:5d:93:0b:7f:0e:6c:29:77:ab:1c:1e:8f:ce:
a9:9f:85:83:de:a8:a3:c4:55:f9:e7:4b:02:fb:fa:
c1:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:BB:CC:E5:E7:AF:BE:B4:7D:89:4F:07:E9:A6:E5:C5:4C:12:39:46
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tLvM5eevvrR9iU8H6ablxUwSOUY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.83.0/24
192.36.97.0/24
192.71.188.0/24
192.71.190.0/23
192.121.3.0/24
192.121.120.0/24
IPv6:
2a01:280:300::/47
Signature Algorithm: sha256WithRSAEncryption
8e:33:4d:2e:28:3e:38:09:59:18:c0:38:26:66:ce:d7:20:71:
c7:74:42:b6:66:8a:e4:e4:cd:73:18:8e:51:6e:b3:88:c3:a9:
97:a2:91:c8:78:c1:0f:ad:0b:5b:d0:ca:e5:36:ee:cf:6b:0e:
d8:88:8c:70:4b:ed:45:d0:7f:7e:59:d4:ed:8c:c1:2a:3d:f3:
d3:6a:93:c4:fe:e1:22:ce:be:c0:fc:ae:25:06:e9:72:d8:7d:
b2:a2:27:f9:ff:63:11:07:f4:b4:1b:70:cc:40:be:99:f3:0d:
1e:14:5d:a0:47:a7:35:b2:ef:5f:4f:49:02:96:fe:35:7b:f5:
5a:2d:a7:f6:2d:bd:87:79:96:0d:c4:b8:1a:4f:78:79:96:8a:
27:e4:23:c0:17:6e:e4:ad:9a:57:88:a2:3d:3d:ba:c9:3e:46:
a6:53:d5:07:2e:33:ef:4c:e0:c0:84:51:ca:c1:84:86:e4:7f:
2a:22:db:ea:29:64:8e:e7:5c:92:84:48:89:cc:20:54:93:0c:
7b:d0:38:04:ce:23:9e:8f:78:48:e3:f6:d4:83:34:98:58:e7:
bc:ab:4d:74:e9:8c:02:e2:14:cd:f6:35:b6:69:96:60:92:d0:
2a:39:62:63:82:5c:63:07:ad:d7:d7:12:5e:cb:69:f4:03:2b:
a9:97:1e:44
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZWQB5ITaQdNJoFNAHtbp6a4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMzEzMTUwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJiY2NlNWU3YWZiZWI0N2Q4OTRmMDdlOWE2ZTVjNTRjMTIzOTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qCBI9UH7lOKQ7kpGTlfg8Fs1FE4
szmHK6Z+tavhOliCTTYo1fECjbYIerMEzDqIJkndzn0ONOqkWqXlE6+XVQ4L4Vys
lOhz5OP1If3PVRqJzpMneQ36feENU/TDnmmvDajyeu0eT6+cBKMnT3Eyk9t3LggQ
mhnDX0F2vfPhCxKIj1aw5+cpHprLbZTuM4+Web6DkeMVswtsAjcAkakRGPIZjNAV
V9ceNiwMVUZyYUQOCoXr6xgZDWkZ10pSpbh9lnYvLelfRd6XOBJPLebc3zPZcSXt
pjtWfcTsfGNNa80E2V2TC38ObCl3qxwej86pn4WD3qijxFX550sC+/rBmQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFLS7zOXnr760fYlPB+mm5cVMEjlGMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvdEx2TTVlZXZ2clI5aVU4SDZhYmx4VXdTT1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQAwCRTAwQA
wCRhAwQAwEe8AwQBwEe+AwQAwHkDAwQAwHl4MA8EAgACMAkDBwEqAQKAAwAwDQYJ
KoZIhvcNAQELBQADggEBAI4zTS4oPjgJWRjAOCZmztcgccd0QrZmiuTkzXMYjlFu
s4jDqZeikch4wQ+tC1vQyuU27s9rDtiIjHBL7UXQf35Z1O2MwSo989Nqk8T+4SLO
vsD8riUG6XLYfbKiJ/n/YxEH9LQbcMxAvpnzDR4UXaBHpzWy719PSQKW/jV79Vot
p/YtvYd5lg3EuBpPeHmWiifkI8AXbuStmleIoj09usk+RqZT1QcuM+9M4MCEUcrB
hIbkfyoi2+opZI7nXJKESInMIFSTDHvQOATOI56PeEjj9tSDNJhY57yrTXTpjALi
FM32NbZplmCS0Co5YmOCXGMHrdfXEl7LafQDK6mXHkQ=
-----END CERTIFICATE-----
Generated at Thu Apr 10 14:49:52 2025 by rpki-client