Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/XH8_n2Xu0Ky0NZ-VpBjvZGYKIak.roa
File: XH8_n2Xu0Ky0NZ-VpBjvZGYKIak.roa (raw, json)
Hash identifier: BEZY3ts6B3Y7WcxEDYL2G9ZE46ppRZ9yzyXyYGEQ0qI=
Subject key identifier: 5C:7F:3F:9F:65:EE:D0:AC:B4:35:9F:95:A4:18:EF:64:66:0A:21:A9
Certificate issuer: /CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Certificate serial: 0196451D9C888E31BF55220092F6A8DB6081
Authority key identifier: 4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/XH8_n2Xu0Ky0NZ-VpBjvZGYKIak.roa
Signing time: Thu 17 Apr 2025 18:58:10 +0000
ROA not before: Thu 17 Apr 2025 18:58:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211680
IP address blocks: 45.156.128.0/24 maxlen: 24
45.156.129.0/24 maxlen: 24
45.156.130.0/24 maxlen: 24
185.180.140.0/24 maxlen: 24
185.180.143.0/24 maxlen: 24
185.226.198.0/24 maxlen: 24
2a10:3c0:1::/48 maxlen: 48
2a10:3c0:2::/48 maxlen: 48
2a10:3c0:100::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 20 Apr 2025 22:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:45:1d:9c:88:8e:31:bf:55:22:00:92:f6:a8:db:60:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Validity
Not Before: Apr 17 18:58:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c7f3f9f65eed0acb4359f95a418ef64660a21a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c0:1e:3f:74:54:85:63:22:70:8f:33:08:fb:
97:17:16:8e:bd:66:b9:74:08:32:bd:8e:f7:1c:18:
75:ab:cb:c8:15:3d:99:f3:30:b6:14:f1:b6:b9:43:
63:63:23:5c:74:ee:20:67:61:81:c0:21:f6:f1:1f:
a8:53:85:ad:e0:94:89:07:7a:75:d0:63:5b:36:1e:
19:45:ea:55:04:d0:b8:be:75:4f:ca:36:8a:0c:66:
d5:69:e1:6e:f5:4b:74:ef:9b:c2:1d:72:6a:f0:fc:
da:08:e1:ea:ed:ea:2f:ee:26:a1:09:ca:4c:a0:38:
ad:d6:35:71:c1:f9:6e:b5:b4:c0:ca:37:90:75:02:
3f:48:25:c7:61:6e:1a:3d:bd:dc:21:b3:19:4f:dc:
94:3d:6f:b2:ce:7f:9a:54:c2:3a:6c:fa:3f:75:ce:
c5:b5:ed:9e:8b:40:86:85:23:98:75:23:2b:8c:92:
7d:00:5c:0d:ad:ad:d9:cc:fc:11:e7:fc:73:89:45:
7b:6e:06:1c:f7:98:60:d5:42:7f:81:a5:b8:0a:e5:
17:5e:77:69:c0:ef:8e:e9:bf:5a:2a:13:89:40:85:
87:51:b0:2f:e5:10:bb:1b:20:b3:8e:89:0c:21:e7:
c6:e3:66:4d:9d:70:ae:d4:60:db:67:ba:a3:b8:2d:
7b:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:7F:3F:9F:65:EE:D0:AC:B4:35:9F:95:A4:18:EF:64:66:0A:21:A9
X509v3 Authority Key Identifier:
keyid:4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/XH8_n2Xu0Ky0NZ-VpBjvZGYKIak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.128.0-45.156.130.255
185.180.140.0/24
185.180.143.0/24
185.226.198.0/24
IPv6:
2a10:3c0:1::-2a10:3c0:2:ffff:ffff:ffff:ffff:ffff
2a10:3c0:100::/44
Signature Algorithm: sha256WithRSAEncryption
91:fe:08:bd:44:34:06:3a:aa:a4:a2:a6:83:a9:98:61:1b:c6:
64:95:3c:54:8b:d5:3b:22:23:7e:2b:10:96:c6:2a:2f:d9:89:
c8:d2:4a:8b:17:e8:38:4d:de:38:d5:7e:cb:40:90:d8:01:6b:
eb:00:91:b7:eb:6a:4e:25:a7:7f:99:2c:10:fa:44:42:63:40:
22:73:8d:73:2d:2d:1c:7c:c5:19:14:67:af:3c:95:e4:9e:19:
a0:a2:fb:ad:42:e6:a5:7e:65:61:47:fb:2d:17:de:37:0c:40:
b1:6e:e0:00:53:69:17:e3:6f:26:29:3f:c0:2b:04:00:46:2d:
ab:2a:39:aa:a8:9c:d8:f2:f5:49:f9:df:1d:48:17:65:93:81:
eb:33:3d:80:b7:e6:6c:a6:83:c7:8e:cf:9f:26:a3:29:26:7a:
9a:54:5e:49:ed:18:05:eb:3b:39:27:c1:30:44:6a:17:ec:3a:
d8:9a:b8:9b:80:0f:b4:be:a8:61:f5:50:19:7f:6f:24:74:22:
57:85:5e:bc:2b:73:11:6d:3a:c4:ea:b3:45:52:50:77:71:bc:
ef:03:4f:b7:7b:b1:69:c0:fb:94:e2:86:75:fc:23:00:ea:c3:
5d:71:44:fc:f6:da:40:96:da:ae:69:33:f1:6c:0f:c2:df:c6:
ca:fa:9c:96
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZZFHZyIjjG/VSIAkvao22CBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2ZhYzg2NDVhM2M2ZjEwMDQyZGM0YTc0ZDcwMGQ5ZDA2
YWYxN2EwHhcNMjUwNDE3MTg1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdmM2Y5ZjY1ZWVkMGFjYjQzNTlmOTVhNDE4ZWY2NDY2MGEyMWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8AeP3RUhWMicI8zCPuXFxaOvWa5
dAgyvY73HBh1q8vIFT2Z8zC2FPG2uUNjYyNcdO4gZ2GBwCH28R+oU4Wt4JSJB3p1
0GNbNh4ZRepVBNC4vnVPyjaKDGbVaeFu9Ut075vCHXJq8PzaCOHq7eov7iahCcpM
oDit1jVxwflutbTAyjeQdQI/SCXHYW4aPb3cIbMZT9yUPW+yzn+aVMI6bPo/dc7F
te2ei0CGhSOYdSMrjJJ9AFwNra3ZzPwR5/xziUV7bgYc95hg1UJ/gaW4CuUXXndp
wO+O6b9aKhOJQIWHUbAv5RC7GyCzjokMIefG42ZNnXCu1GDbZ7qjuC178wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFx/P59l7tCstDWflaQY72RmCiGpMB8GA1UdIwQY
MBaAFErPrIZFo8bxAELcSnTXANnQavF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYt
N2JmODI3N2Q4YTJmLzEvWEg4X24yWHUwS3kwTlotVnBCanZaR1lLSWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYtN2JmODI3N2Q4YTJm
LzEvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAmBAIAATAgMAwDBActnIAD
BAAtnIIDBAC5tIwDBAC5tI8DBAC54sYwIwQCAAIwHTASAwcAKhADwAABAwcAKhAD
wAACAwcEKhADwAEAMA0GCSqGSIb3DQEBCwUAA4IBAQCR/gi9RDQGOqqkoqaDqZhh
G8ZklTxUi9U7IiN+KxCWxiov2YnI0kqLF+g4Td441X7LQJDYAWvrAJG362pOJad/
mSwQ+kRCY0Aic41zLS0cfMUZFGevPJXknhmgovutQualfmVhR/stF943DECxbuAA
U2kX428mKT/AKwQARi2rKjmqqJzY8vVJ+d8dSBdlk4HrMz2At+ZspoPHjs+fJqMp
JnqaVF5J7RgF6zs5J8EwRGoX7DrYmribgA+0vqhh9VAZf28kdCJXhV68K3MRbTrE
6rNFUlB3cbzvA0+3e7FpwPuU4oZ1/CMA6sNdcUT89tpAltquaTPxbA/C38bK+pyW
-----END CERTIFICATE-----
Generated at Sun Apr 20 05:03:11 2025 by rpki-client