Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yVfl8xZkZrbXqkCBPkNE3cxL5xs.roa
File: yVfl8xZkZrbXqkCBPkNE3cxL5xs.roa (raw, json)
Hash identifier: q+F1hx4ktwQKWAMoOv8sW6bBDplkg/RORzDoLUPxUe8=
Subject key identifier: C9:57:E5:F3:16:64:66:B6:D7:AA:40:81:3E:43:44:DD:CC:4B:E7:1B
Certificate issuer: /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial: 0197365435CA7A68250F58CBC99832E1E24A
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yVfl8xZkZrbXqkCBPkNE3cxL5xs.roa
Signing time: Tue 03 Jun 2025 15:06:17 +0000
ROA not before: Tue 03 Jun 2025 15:06:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49304
IP address blocks: 46.3.24.0/21 maxlen: 24
46.3.32.0/20 maxlen: 24
46.3.32.0/21 maxlen: 24
46.3.40.0/21 maxlen: 24
46.3.96.0/20 maxlen: 24
46.3.192.0/22 maxlen: 24
46.3.216.0/21 maxlen: 24
46.232.48.0/21 maxlen: 24
46.232.56.0/21 maxlen: 24
46.232.104.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 03:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:36:54:35:ca:7a:68:25:0f:58:cb:c9:98:32:e1:e2:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
Validity
Not Before: Jun 3 15:06:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c957e5f3166466b6d7aa40813e4344ddcc4be71b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:37:62:73:32:a4:28:4a:f7:fc:a2:f0:b1:81:
62:89:70:5d:a2:04:87:d5:9b:93:bf:36:71:8f:48:
de:59:12:43:53:32:91:ed:e8:42:97:12:6c:d3:88:
95:ae:5d:e8:97:5e:de:b1:fb:20:bb:46:ae:ae:5b:
73:ae:b8:52:41:46:b8:df:b0:fa:89:25:87:1d:cb:
ef:38:39:a1:80:b8:43:2a:86:f1:b4:2e:0b:20:71:
ee:7a:a8:12:dc:ac:3c:84:08:9f:7a:05:94:96:7b:
e4:27:98:52:8a:ee:17:ec:41:d0:96:aa:c3:f1:e3:
94:62:07:ba:52:a9:43:ae:9a:75:7f:30:5a:0c:7e:
2f:b7:e7:b7:50:92:1e:73:ea:76:fc:79:1e:82:77:
29:f4:19:8c:34:d7:df:c9:6d:78:9b:67:63:ac:e6:
e3:92:c2:70:0b:aa:f8:b5:23:62:95:f3:25:52:ad:
92:32:99:ff:50:73:59:2a:6f:4e:4d:18:ed:ba:32:
9e:f2:5f:84:37:c1:1c:38:58:8b:69:ec:db:ea:96:
75:3b:13:e0:b5:85:97:b7:d1:9f:23:01:de:4f:50:
36:cd:73:0e:6b:35:93:92:5a:67:8e:19:bb:fd:0a:
24:b2:04:cb:82:90:4b:7d:58:e8:49:56:5a:ff:7d:
1d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:57:E5:F3:16:64:66:B6:D7:AA:40:81:3E:43:44:DD:CC:4B:E7:1B
X509v3 Authority Key Identifier:
keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yVfl8xZkZrbXqkCBPkNE3cxL5xs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.3.24.0-46.3.47.255
46.3.96.0/20
46.3.192.0/22
46.3.216.0/21
46.232.48.0/20
46.232.104.0/21
Signature Algorithm: sha256WithRSAEncryption
21:fb:fd:54:c5:c0:b5:8a:88:7d:cc:fa:fe:11:3e:08:1d:14:
56:8b:82:7f:d3:f2:15:3e:18:15:5f:22:0c:3c:d7:68:26:94:
0f:22:5f:69:eb:31:4b:70:85:f2:ec:c9:7d:e4:d7:27:3e:c2:
17:00:64:59:56:bd:15:17:10:64:55:2a:27:2f:45:11:43:50:
7a:cf:aa:b4:93:e8:7d:3f:44:7f:b8:5d:da:0c:8d:70:e6:22:
f7:47:3d:46:55:ff:2f:d0:cb:55:9c:87:e4:9b:1a:7b:93:29:
9e:41:a4:14:eb:72:7a:d6:95:4d:b6:d3:a6:33:dc:be:56:0c:
e5:9d:9b:c8:f7:4d:11:33:cb:16:eb:6f:83:81:80:2f:2f:ec:
6d:e7:ae:16:79:55:57:db:a7:e9:fb:32:8d:cc:d6:4b:c5:01:
26:77:6f:9f:47:3f:bb:11:f7:ed:3e:12:be:ab:e3:d3:8b:be:
d2:d3:3e:55:49:9a:88:e9:23:03:0e:2c:38:96:0d:7c:d1:e5:
c2:58:c7:ab:a7:f6:d1:13:60:12:7b:4d:3a:1c:7b:ff:4d:1b:
fb:d9:98:f0:ab:85:fe:87:2a:92:39:d9:e4:3d:44:16:d5:99:
ea:5b:53:81:a4:84:30:ca:e5:bf:da:6f:54:e8:bb:00:63:20:
4b:04:35:c7
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZc2VDXKemglD1jLyZgy4eJKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwNjAzMTUwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTU3ZTVmMzE2NjQ2NmI2ZDdhYTQwODEzZTQzNDRkZGNjNGJlNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTdiczKkKEr3/KLwsYFiiXBdogSH
1ZuTvzZxj0jeWRJDUzKR7ehClxJs04iVrl3ol17esfsgu0aurltzrrhSQUa437D6
iSWHHcvvODmhgLhDKobxtC4LIHHueqgS3Kw8hAifegWUlnvkJ5hSiu4X7EHQlqrD
8eOUYge6UqlDrpp1fzBaDH4vt+e3UJIec+p2/Hkegncp9BmMNNffyW14m2djrObj
ksJwC6r4tSNilfMlUq2SMpn/UHNZKm9OTRjtujKe8l+EN8EcOFiLaezb6pZ1OxPg
tYWXt9GfIwHeT1A2zXMOazWTklpnjhm7/QoksgTLgpBLfVjoSVZa/30dTQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFMlX5fMWZGa216pAgT5DRN3MS+cbMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEveVZmbDh4WmtacmJYcWtDQlBrTkUzY3hMNXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBAMuAxgD
BAQuAyADBAQuA2ADBAIuA8ADBAMuA9gDBAQu6DADBAMu6GgwDQYJKoZIhvcNAQEL
BQADggEBACH7/VTFwLWKiH3M+v4RPggdFFaLgn/T8hU+GBVfIgw812gmlA8iX2nr
MUtwhfLsyX3k1yc+whcAZFlWvRUXEGRVKicvRRFDUHrPqrST6H0/RH+4XdoMjXDm
IvdHPUZV/y/Qy1Wch+SbGnuTKZ5BpBTrcnrWlU2206Yz3L5WDOWdm8j3TREzyxbr
b4OBgC8v7G3nrhZ5VVfbp+n7Mo3M1kvFASZ3b59HP7sR9+0+Er6r49OLvtLTPlVJ
mojpIwMOLDiWDXzR5cJYx6un9tETYBJ7TToce/9NG/vZmPCrhf6HKpI52eQ9RBbV
mepbU4GkhDDK5b/ab1TouwBjIEsENcc=
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:06:27 2025 by rpki-client