Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/YJqBlZ2Fe8Khq-5phtHszQ17dp0.roa
File: YJqBlZ2Fe8Khq-5phtHszQ17dp0.roa (raw, json)
Hash identifier: 5y6pIty0B50Ya59ZjY0WQF6A2tMefyueh/h5IfLk1iU=
Subject key identifier: 60:9A:81:95:9D:85:7B:C2:A1:AB:EE:69:86:D1:EC:CD:0D:7B:76:9D
Certificate issuer: /CN=4d70af1a99886c9101d135f54bd2bdef358b266e
Certificate serial: 0194266BBF48FB69FADFEE827451ABD74C6D
Authority key identifier: 4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/YJqBlZ2Fe8Khq-5phtHszQ17dp0.roa
Signing time: Thu 02 Jan 2025 09:49:42 +0000
ROA not before: Thu 02 Jan 2025 09:49:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39345
IP address blocks: 86.107.246.0/24 maxlen: 32
86.107.247.0/24 maxlen: 32
89.39.12.0/24 maxlen: 32
89.39.13.0/24 maxlen: 32
89.39.14.0/24 maxlen: 32
89.39.15.0/24 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.mft
rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:bf:48:fb:69:fa:df:ee:82:74:51:ab:d7:4c:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d70af1a99886c9101d135f54bd2bdef358b266e
Validity
Not Before: Jan 2 09:49:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=609a81959d857bc2a1abee6986d1eccd0d7b769d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:51:78:fb:6a:86:90:d4:aa:91:54:cc:b6:3e:
16:a7:c1:23:ca:ed:38:8f:08:bd:25:60:79:21:20:
ca:90:26:4e:16:c5:c7:7b:d4:c4:43:78:86:13:fb:
b9:29:c8:07:40:67:cd:66:79:9e:86:91:f9:d5:6f:
a1:89:7a:ec:d2:b4:a4:27:50:04:a1:16:bd:18:e3:
5e:3f:71:86:03:64:7d:47:c1:65:77:02:d9:ec:62:
c7:96:56:e1:59:d6:b4:cd:50:38:d9:bb:0b:af:1e:
00:ff:73:0e:38:ef:cc:f2:58:e1:47:1d:75:87:4c:
7c:5f:55:83:ab:38:7f:82:d1:a2:95:23:e0:08:0b:
8f:24:80:ce:92:50:8a:32:d8:f8:60:2c:cd:b1:f2:
a2:df:a4:81:62:ed:00:b2:8c:95:71:c8:6f:31:3a:
60:ab:2a:aa:32:8c:a8:1c:2d:63:b3:6a:81:c7:ea:
45:a4:13:92:51:6e:41:b3:b0:b1:49:6c:80:12:ac:
1e:13:74:dd:20:d9:57:ee:d0:31:ca:2c:da:33:59:
6f:47:92:51:8e:c3:e7:69:60:37:fb:f0:d1:7a:4e:
d4:84:95:ac:77:16:3c:fe:47:92:1c:d9:7c:ce:2a:
db:d2:db:f4:4c:bd:ef:08:94:f0:51:84:87:97:8b:
75:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:9A:81:95:9D:85:7B:C2:A1:AB:EE:69:86:D1:EC:CD:0D:7B:76:9D
X509v3 Authority Key Identifier:
keyid:4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/YJqBlZ2Fe8Khq-5phtHszQ17dp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.246.0/23
89.39.12.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:44:33:28:53:23:73:5e:46:5f:75:b0:66:cb:e9:1b:9a:0f:
17:d6:bb:54:87:f7:75:fa:2c:b2:70:40:5d:82:1f:01:79:1e:
e1:6c:09:d0:a9:f5:58:c1:45:1b:79:c8:23:7a:44:d5:6b:3c:
fe:18:04:94:db:c3:08:9a:03:3e:06:e7:da:a4:7e:99:a6:a5:
f4:a9:ee:ec:94:b1:23:44:b1:2f:5d:14:22:14:39:49:24:53:
10:ac:d2:4b:3d:4d:6d:69:91:b5:d5:57:b3:ab:ca:4e:44:e0:
56:01:e4:ab:59:4d:7d:15:06:4d:7f:8b:09:79:ca:5f:f7:15:
dc:03:5b:0c:9d:ba:68:7d:78:c5:53:d1:a8:17:4c:38:8e:cf:
77:12:b6:5c:4c:b6:91:1c:9b:87:e1:9a:ea:82:14:44:04:8f:
03:1e:a6:68:5e:99:31:18:65:74:1c:1a:68:4a:66:f8:eb:a4:
37:b4:94:29:f8:53:3c:ac:28:fb:f5:47:30:b3:b1:f0:88:cb:
e8:92:3b:c2:0a:b3:cf:e6:dc:43:d5:a0:c4:0f:a5:f5:6c:19:
2b:b8:56:d4:46:78:28:51:30:38:62:b7:25:66:7e:06:f0:81:
78:bf:26:35:6f:ad:13:dc:0d:71:4d:ad:a3:85:98:80:13:a5:
ef:2b:e5:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma79I+2n63+6CdFGr10xtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNzBhZjFhOTk4ODZjOTEwMWQxMzVmNTRiZDJiZGVmMzU4
YjI2NmUwHhcNMjUwMTAyMDk0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDlhODE5NTlkODU3YmMyYTFhYmVlNjk4NmQxZWNjZDBkN2I3NjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVF4+2qGkNSqkVTMtj4Wp8Ejyu04
jwi9JWB5ISDKkCZOFsXHe9TEQ3iGE/u5KcgHQGfNZnmehpH51W+hiXrs0rSkJ1AE
oRa9GONeP3GGA2R9R8FldwLZ7GLHllbhWda0zVA42bsLrx4A/3MOOO/M8ljhRx11
h0x8X1WDqzh/gtGilSPgCAuPJIDOklCKMtj4YCzNsfKi36SBYu0AsoyVcchvMTpg
qyqqMoyoHC1js2qBx+pFpBOSUW5Bs7CxSWyAEqweE3TdINlX7tAxyizaM1lvR5JR
jsPnaWA3+/DRek7UhJWsdxY8/keSHNl8zirb0tv0TL3vCJTwUYSHl4t1eQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGCagZWdhXvCoavuaYbR7M0Ne3adMB8GA1UdIwQY
MBaAFE1wrxqZiGyRAdE19UvSve81iyZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEt
NDYxYWIwZWNlZTAxLzEvWUpxQmxaMkZlOEtocS01cGh0SHN6UTE3ZHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEtNDYxYWIwZWNlZTAx
LzEvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVmv2AwQC
WScMMA0GCSqGSIb3DQEBCwUAA4IBAQAORDMoUyNzXkZfdbBmy+kbmg8X1rtUh/d1
+iyycEBdgh8BeR7hbAnQqfVYwUUbecgjekTVazz+GASU28MImgM+BufapH6ZpqX0
qe7slLEjRLEvXRQiFDlJJFMQrNJLPU1taZG11Vezq8pOROBWAeSrWU19FQZNf4sJ
ecpf9xXcA1sMnbpofXjFU9GoF0w4js93ErZcTLaRHJuH4ZrqghREBI8DHqZoXpkx
GGV0HBpoSmb466Q3tJQp+FM8rCj79Ucws7HwiMvokjvCCrPP5txD1aDED6X1bBkr
uFbURngoUTA4YrclZn4G8IF4vyY1b60T3A1xTa2jhZiAE6XvK+XG
-----END CERTIFICATE-----
Generated at Thu Apr 17 14:51:41 2025 by rpki-client