Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/748120-b4f5-44b0-ac9e-6060c48da837/1/bZS4GQEsIdGvUWQSX9_jSboYCqI.roa
File: bZS4GQEsIdGvUWQSX9_jSboYCqI.roa (raw, json)
Hash identifier: BRbDs0+QJ+0EPq8EFb6UZkNMpqutF1fRVS1+a5Uut1U=
Subject key identifier: 6D:94:B8:19:01:2C:21:D1:AF:51:64:12:5F:DF:E3:49:BA:18:0A:A2
Certificate issuer: /CN=bb19a33981e34b2ae50586e3048c663a2c6b8586
Certificate serial: 01942368F3ABD5228A6A52ECE715621517DE
Authority key identifier: BB:19:A3:39:81:E3:4B:2A:E5:05:86:E3:04:8C:66:3A:2C:6B:85:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uxmjOYHjSyrlBYbjBIxmOixrhYY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/748120-b4f5-44b0-ac9e-6060c48da837/1/bZS4GQEsIdGvUWQSX9_jSboYCqI.roa
Signing time: Wed 01 Jan 2025 19:47:48 +0000
ROA not before: Wed 01 Jan 2025 19:47:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201847
IP address blocks: 45.157.228.0/22 maxlen: 24
185.62.48.0/22 maxlen: 24
2a04:efc0::/29 maxlen: 32
2a0f:4d80::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/748120-b4f5-44b0-ac9e-6060c48da837/1/uxmjOYHjSyrlBYbjBIxmOixrhYY.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/748120-b4f5-44b0-ac9e-6060c48da837/1/uxmjOYHjSyrlBYbjBIxmOixrhYY.mft
rsync://rpki.ripe.net/repository/DEFAULT/uxmjOYHjSyrlBYbjBIxmOixrhYY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:68:f3:ab:d5:22:8a:6a:52:ec:e7:15:62:15:17:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bb19a33981e34b2ae50586e3048c663a2c6b8586
Validity
Not Before: Jan 1 19:47:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d94b819012c21d1af5164125fdfe349ba180aa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:be:c9:57:92:6e:1e:b3:65:0f:18:83:58:3b:
49:7f:eb:bc:67:8e:44:67:74:ba:df:ec:40:2c:10:
b0:6b:a9:9f:c4:d7:0e:47:a9:74:4d:42:3c:4a:b6:
e4:4b:9a:b6:57:3b:e5:e8:a0:2b:1d:7b:17:c5:48:
ab:4d:f8:c3:85:1f:14:d9:b9:5e:03:bb:c5:05:3b:
6a:4d:c8:8c:0e:1e:f9:ca:40:dc:02:eb:bb:73:d9:
cf:ab:4d:bb:f0:0b:46:ac:0e:db:69:23:f8:ff:77:
4f:f4:23:b2:e3:95:4f:d0:df:9a:dc:f3:25:e6:f8:
2a:d1:55:34:4b:91:6f:9a:bd:7f:0f:a2:ac:a5:71:
c7:ad:93:c6:f9:f8:a6:b7:22:8a:85:95:1d:01:84:
6a:d5:19:64:2f:37:c0:80:7a:c8:c3:c2:4f:55:f5:
d8:1c:62:44:ce:a3:8a:13:82:03:e2:c0:47:06:43:
b3:7e:2d:78:9c:eb:3e:60:06:2d:77:20:9d:b1:3c:
dd:78:ae:7f:7f:72:2e:a2:ac:b6:d4:29:47:07:2b:
49:67:fd:b9:cb:d8:12:a9:9e:04:f8:0c:ce:73:2a:
1c:4b:71:47:5c:3f:98:c6:01:1b:5f:b2:c6:f3:d4:
b9:75:de:de:7b:e1:ae:8a:3e:16:5a:1e:e9:4a:15:
fe:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:94:B8:19:01:2C:21:D1:AF:51:64:12:5F:DF:E3:49:BA:18:0A:A2
X509v3 Authority Key Identifier:
keyid:BB:19:A3:39:81:E3:4B:2A:E5:05:86:E3:04:8C:66:3A:2C:6B:85:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uxmjOYHjSyrlBYbjBIxmOixrhYY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/748120-b4f5-44b0-ac9e-6060c48da837/1/bZS4GQEsIdGvUWQSX9_jSboYCqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/748120-b4f5-44b0-ac9e-6060c48da837/1/uxmjOYHjSyrlBYbjBIxmOixrhYY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.228.0/22
185.62.48.0/22
IPv6:
2a04:efc0::/29
2a0f:4d80::/29
Signature Algorithm: sha256WithRSAEncryption
79:bd:5e:0c:c0:7c:cc:40:21:da:09:cf:4c:35:f8:3a:93:9a:
b2:b8:cc:eb:aa:af:65:46:b9:b9:a8:fd:67:50:bf:89:0d:dd:
36:34:fb:ec:ee:5d:cf:37:05:6a:cf:26:87:f9:fc:d1:06:9d:
fc:81:28:dd:87:aa:e4:78:e5:9e:97:ae:67:a9:60:68:cd:86:
b9:3b:cf:9a:2a:13:ad:36:1a:02:9e:15:54:82:41:56:d1:bd:
f8:8b:54:62:12:d8:c1:96:d6:39:7a:1f:d6:ec:0b:9e:8c:a1:
15:ec:ea:77:7a:98:52:1d:bd:88:46:fc:42:a2:9f:b1:25:81:
a4:ae:cc:67:6c:17:5b:1a:d6:2e:d7:02:27:d9:8f:e9:38:e5:
e1:92:e2:70:9e:87:08:5b:63:11:8b:be:5c:17:08:fd:02:41:
13:65:3f:b7:bb:f4:94:bf:3b:ce:28:0c:a9:00:be:cc:aa:7f:
5a:8a:34:2e:f5:93:5d:2c:db:96:82:0d:f9:e7:ee:02:0c:02:
52:a8:82:c8:99:c1:01:66:92:db:55:6e:1a:52:4a:a4:b8:67:
c6:ad:9b:03:49:8c:a6:75:bb:7c:e9:94:1f:fe:f5:8d:29:40:
81:74:b7:27:87:f2:75:dc:2e:46:14:a5:f9:13:4d:52:60:4c:
93:b9:c8:cc
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQjaPOr1SKKalLs5xViFRfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMTlhMzM5ODFlMzRiMmFlNTA1ODZlMzA0OGM2NjNhMmM2
Yjg1ODYwHhcNMjUwMTAxMTk0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk0YjgxOTAxMmMyMWQxYWY1MTY0MTI1ZmRmZTM0OWJhMTgwYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApb7JV5JuHrNlDxiDWDtJf+u8Z45E
Z3S63+xALBCwa6mfxNcOR6l0TUI8SrbkS5q2Vzvl6KArHXsXxUirTfjDhR8U2ble
A7vFBTtqTciMDh75ykDcAuu7c9nPq0278AtGrA7baSP4/3dP9COy45VP0N+a3PMl
5vgq0VU0S5Fvmr1/D6KspXHHrZPG+fimtyKKhZUdAYRq1RlkLzfAgHrIw8JPVfXY
HGJEzqOKE4ID4sBHBkOzfi14nOs+YAYtdyCdsTzdeK5/f3Iuoqy21ClHBytJZ/25
y9gSqZ4E+AzOcyocS3FHXD+YxgEbX7LG89S5dd7ee+Guij4WWh7pShX+3QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFG2UuBkBLCHRr1FkEl/f40m6GAqiMB8GA1UdIwQY
MBaAFLsZozmB40sq5QWG4wSMZjosa4WGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXhtak9ZSGpTeXJsQlliakJJeG1PaXhyaFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS83NDgxMjAtYjRmNS00NGIwLWFjOWUt
NjA2MGM0OGRhODM3LzEvYlpTNEdRRXNJZEd2VVdRU1g5X2pTYm9ZQ3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS83NDgxMjAtYjRmNS00NGIwLWFjOWUtNjA2MGM0OGRhODM3
LzEvdXhtak9ZSGpTeXJsQlliakJJeG1PaXhyaFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCLZ3kAwQC
uT4wMBQEAgACMA4DBQMqBO/AAwUDKg9NgDANBgkqhkiG9w0BAQsFAAOCAQEAeb1e
DMB8zEAh2gnPTDX4OpOasrjM66qvZUa5uaj9Z1C/iQ3dNjT77O5dzzcFas8mh/n8
0Qad/IEo3Yeq5HjlnpeuZ6lgaM2GuTvPmioTrTYaAp4VVIJBVtG9+ItUYhLYwZbW
OXof1uwLnoyhFezqd3qYUh29iEb8QqKfsSWBpK7MZ2wXWxrWLtcCJ9mP6Tjl4ZLi
cJ6HCFtjEYu+XBcI/QJBE2U/t7v0lL87zigMqQC+zKp/Woo0LvWTXSzbloIN+efu
AgwCUqiCyJnBAWaS21VuGlJKpLhnxq2bA0mMpnW7fOmUH/71jSlAgXS3J4fyddwu
RhSl+RNNUmBMk7nIzA==
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:50:58 2025 by rpki-client