Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/28tlQOScTYbuODS8bt-3134oQ2Y.roa
File: 28tlQOScTYbuODS8bt-3134oQ2Y.roa (raw, json)
Hash identifier: ApQAF8/smS+nlVeOZQ4fBnuRp2Hs4aD0ZCJCSWvoUVo=
Subject key identifier: DB:CB:65:40:E4:9C:4D:86:EE:38:34:BC:6E:DF:B7:D7:7E:28:43:66
Certificate issuer: /CN=614b70ff9c22ffe0b77f43f41c08074de6f36e1b
Certificate serial: 019426D989B4E7572947C4D77F4EB6C60C8A
Authority key identifier: 61:4B:70:FF:9C:22:FF:E0:B7:7F:43:F4:1C:08:07:4D:E6:F3:6E:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YUtw_5wi_-C3f0P0HAgHTebzbhs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/28tlQOScTYbuODS8bt-3134oQ2Y.roa
Signing time: Thu 02 Jan 2025 11:49:38 +0000
ROA not before: Thu 02 Jan 2025 11:49:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57280
IP address blocks: 109.163.200.0/21 maxlen: 21
185.60.172.0/22 maxlen: 22
185.60.174.0/24 maxlen: 24
185.60.175.0/24 maxlen: 24
2a03:5580::/30 maxlen: 30
2a03:5584::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/YUtw_5wi_-C3f0P0HAgHTebzbhs.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/YUtw_5wi_-C3f0P0HAgHTebzbhs.mft
rsync://rpki.ripe.net/repository/DEFAULT/YUtw_5wi_-C3f0P0HAgHTebzbhs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:89:b4:e7:57:29:47:c4:d7:7f:4e:b6:c6:0c:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=614b70ff9c22ffe0b77f43f41c08074de6f36e1b
Validity
Not Before: Jan 2 11:49:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dbcb6540e49c4d86ee3834bc6edfb7d77e284366
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:1c:11:de:5f:86:de:2f:a1:af:1e:27:c2:dd:
7b:84:94:a5:a5:28:0b:06:82:c9:17:ed:42:9d:d1:
7a:28:87:ef:ee:7b:48:60:5e:77:10:6e:35:c4:ec:
4c:ec:ed:aa:f3:35:b1:c8:2c:6a:35:b6:22:ca:52:
60:3b:c3:e9:fd:c8:3b:3b:17:04:16:f7:8f:e5:1e:
ab:a4:c6:a2:c9:d7:83:79:af:fa:c1:18:72:d3:da:
4a:ee:77:68:ec:1a:15:d1:59:f3:93:3d:1b:a1:eb:
8e:49:e0:28:b3:54:53:99:c5:76:78:d2:7e:89:3d:
da:c5:a5:a7:d4:e2:8b:96:59:74:49:e9:96:72:7c:
cb:d6:1e:87:9a:86:b7:dd:b4:5d:15:b0:fa:94:7a:
69:fe:cd:0b:18:31:8a:3b:f1:71:33:b9:c8:87:c9:
68:5b:ad:20:6f:7d:b2:de:d0:e3:68:49:fe:47:36:
db:4c:c5:d6:81:1c:c3:f4:e1:2a:18:d0:74:48:91:
6b:dc:b3:fd:66:ae:d7:fa:22:af:ec:7a:7b:f4:68:
d0:a6:30:13:f5:e6:a4:68:69:28:92:0a:2f:22:a8:
54:a4:f7:d1:02:2c:4b:b9:58:50:04:09:37:17:9a:
e7:46:3e:ab:b3:a9:0f:8f:2a:02:11:2f:e9:4d:3c:
d1:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:CB:65:40:E4:9C:4D:86:EE:38:34:BC:6E:DF:B7:D7:7E:28:43:66
X509v3 Authority Key Identifier:
keyid:61:4B:70:FF:9C:22:FF:E0:B7:7F:43:F4:1C:08:07:4D:E6:F3:6E:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUtw_5wi_-C3f0P0HAgHTebzbhs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/28tlQOScTYbuODS8bt-3134oQ2Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/YUtw_5wi_-C3f0P0HAgHTebzbhs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.163.200.0/21
185.60.172.0/22
IPv6:
2a03:5580::/29
Signature Algorithm: sha256WithRSAEncryption
67:ab:7a:06:86:14:7f:a2:96:5d:c8:e9:cf:5f:25:7c:be:d8:
73:82:a7:3e:f3:f3:94:10:71:31:da:8a:c6:7e:d1:ab:0c:87:
d0:1f:5d:93:14:65:ef:75:fc:3b:09:bc:16:a6:14:c6:37:4b:
02:aa:cf:a5:16:a4:7c:16:ec:48:11:b9:55:75:9b:1d:ff:a5:
15:d8:9a:ff:9f:6d:e3:d4:0f:ab:5e:a7:ff:20:ef:d0:f3:73:
d4:8f:36:65:5f:2f:9e:61:b6:27:42:e7:3d:b6:7b:9d:01:14:
56:fc:e4:39:73:39:a3:ae:db:40:5a:1d:35:c3:e1:33:de:43:
f5:9c:05:8c:22:34:a6:e3:4d:c3:b8:e0:d1:b8:f4:86:0f:7b:
e8:bb:f0:c1:b1:34:c3:31:02:70:4a:2f:e0:02:05:fa:e5:13:
ec:0a:d7:31:f5:29:58:9e:a0:d2:17:08:1a:65:82:75:60:e8:
64:85:a7:5c:4f:85:0e:f5:57:4e:f0:8b:07:fe:12:8a:5f:40:
a5:bb:1e:da:8a:51:d7:23:46:09:8f:e4:4f:5e:31:ad:d0:ac:
65:e8:85:b4:39:b8:1d:f9:d8:f9:f7:92:5f:99:ac:17:00:e8:
86:17:8f:9b:ae:c0:43:2b:d0:f8:77:7a:1f:f1:82:60:52:cc:
fc:72:12:cf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQm2Ym051cpR8TXf062xgyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGI3MGZmOWMyMmZmZTBiNzdmNDNmNDFjMDgwNzRkZTZm
MzZlMWIwHhcNMjUwMTAyMTE0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmNiNjU0MGU0OWM0ZDg2ZWUzODM0YmM2ZWRmYjdkNzdlMjg0MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hwR3l+G3i+hrx4nwt17hJSlpSgL
BoLJF+1CndF6KIfv7ntIYF53EG41xOxM7O2q8zWxyCxqNbYiylJgO8Pp/cg7OxcE
FveP5R6rpMaiydeDea/6wRhy09pK7ndo7BoV0Vnzkz0boeuOSeAos1RTmcV2eNJ+
iT3axaWn1OKLlll0SemWcnzL1h6Hmoa33bRdFbD6lHpp/s0LGDGKO/FxM7nIh8lo
W60gb32y3tDjaEn+RzbbTMXWgRzD9OEqGNB0SJFr3LP9Zq7X+iKv7Hp79GjQpjAT
9eakaGkokgovIqhUpPfRAixLuVhQBAk3F5rnRj6rs6kPjyoCES/pTTzRWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNvLZUDknE2G7jg0vG7ft9d+KENmMB8GA1UdIwQY
MBaAFGFLcP+cIv/gt39D9BwIB03m824bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVV0d181d2lfLUMzZjBQMEhBZ0hUZWJ6YmhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NzFmMTctMGJmOC00YmExLWI3Njgt
NTVmZWMxMjUyYWIwLzEvMjh0bFFPU2NUWWJ1T0RTOGJ0LTMxMzRvUTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NzFmMTctMGJmOC00YmExLWI3NjgtNTVmZWMxMjUyYWIw
LzEvWVV0d181d2lfLUMzZjBQMEhBZ0hUZWJ6YmhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbaPIAwQC
uTysMA0EAgACMAcDBQMqA1WAMA0GCSqGSIb3DQEBCwUAA4IBAQBnq3oGhhR/opZd
yOnPXyV8vthzgqc+8/OUEHEx2orGftGrDIfQH12TFGXvdfw7CbwWphTGN0sCqs+l
FqR8FuxIEblVdZsd/6UV2Jr/n23j1A+rXqf/IO/Q83PUjzZlXy+eYbYnQuc9tnud
ARRW/OQ5czmjrttAWh01w+Ez3kP1nAWMIjSm403DuODRuPSGD3vou/DBsTTDMQJw
Si/gAgX65RPsCtcx9SlYnqDSFwgaZYJ1YOhkhadcT4UO9VdO8IsH/hKKX0Clux7a
ilHXI0YJj+RPXjGt0Kxl6IW0Obgd+dj595JfmawXAOiGF4+brsBDK9D4d3of8YJg
Usz8chLP
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:51:22 2025 by rpki-client