Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/d9f9a8-da01-4d35-8284-b64eb8d83658/1/5hvMdLYnfsXTSuV237JH9FWLZN0.roa
File: 5hvMdLYnfsXTSuV237JH9FWLZN0.roa (raw, json)
Hash identifier: +NNavIzbs+bo3gjOvC6npGrxT+kBJ6ESc9cDAGFiB9M=
Subject key identifier: E6:1B:CC:74:B6:27:7E:C5:D3:4A:E5:76:DF:B2:47:F4:55:8B:64:DD
Certificate issuer: /CN=d5354321c1254360145eaf25f69938b8df347b31
Certificate serial: 019427478178964BB15953139D7E77073F1F
Authority key identifier: D5:35:43:21:C1:25:43:60:14:5E:AF:25:F6:99:38:B8:DF:34:7B:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1TVDIcElQ2AUXq8l9pk4uN80ezE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/d9f9a8-da01-4d35-8284-b64eb8d83658/1/5hvMdLYnfsXTSuV237JH9FWLZN0.roa
Signing time: Thu 02 Jan 2025 13:49:45 +0000
ROA not before: Thu 02 Jan 2025 13:49:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48732
IP address blocks: 195.200.235.0/24 maxlen: 24
195.200.235.0/25 maxlen: 25
195.200.235.128/25 maxlen: 25
195.200.235.128/26 maxlen: 26
195.200.235.192/26 maxlen: 26
2a11:600:150::/48 maxlen: 48
2a11:600:151::/48 maxlen: 48
2a11:601:d000::/36 maxlen: 36
2a11:601:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/d9f9a8-da01-4d35-8284-b64eb8d83658/1/1TVDIcElQ2AUXq8l9pk4uN80ezE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/d9f9a8-da01-4d35-8284-b64eb8d83658/1/1TVDIcElQ2AUXq8l9pk4uN80ezE.mft
rsync://rpki.ripe.net/repository/DEFAULT/1TVDIcElQ2AUXq8l9pk4uN80ezE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 22:01:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:81:78:96:4b:b1:59:53:13:9d:7e:77:07:3f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5354321c1254360145eaf25f69938b8df347b31
Validity
Not Before: Jan 2 13:49:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e61bcc74b6277ec5d34ae576dfb247f4558b64dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:fa:b9:bd:df:ef:c1:4a:ba:cf:cb:a5:8c:42:
fc:ce:6e:41:f3:24:1f:f2:5e:be:a0:92:1d:cf:66:
42:fb:8f:99:46:65:9c:22:40:06:d3:bf:02:b7:b9:
cc:55:6b:bf:04:e6:ee:7a:02:82:2c:cc:d1:c2:29:
1c:66:ae:10:f9:ae:56:22:9e:71:04:e6:48:86:65:
d3:2c:66:f9:6c:77:c1:0f:69:d8:cb:15:39:29:bd:
2d:a4:9e:cb:1b:22:0b:06:64:fd:ef:c5:80:3a:44:
27:34:7d:94:05:44:c2:38:b0:25:5d:a8:7d:5e:3d:
e6:4f:0c:aa:5e:2a:80:39:fe:52:d5:ad:40:c8:ae:
31:fa:3a:96:83:ff:53:c5:c3:c1:b5:06:5f:41:06:
da:3e:2a:98:02:65:9c:52:5d:05:76:3a:42:74:c5:
b2:13:7b:2a:3b:01:49:20:fa:88:5b:9c:60:e2:c8:
8a:67:28:43:48:bc:91:c2:0c:98:8f:fe:71:ba:3a:
51:58:c5:79:11:2d:bd:37:45:02:a6:ea:8d:2f:7a:
8a:74:eb:1d:d6:c0:45:fa:ac:6a:5b:3d:0a:d0:0d:
37:32:bf:34:83:6e:e4:2a:db:38:99:d1:ab:de:ce:
70:86:4e:b8:05:c0:f9:93:f6:63:17:b0:71:42:77:
a9:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:1B:CC:74:B6:27:7E:C5:D3:4A:E5:76:DF:B2:47:F4:55:8B:64:DD
X509v3 Authority Key Identifier:
keyid:D5:35:43:21:C1:25:43:60:14:5E:AF:25:F6:99:38:B8:DF:34:7B:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TVDIcElQ2AUXq8l9pk4uN80ezE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d9f9a8-da01-4d35-8284-b64eb8d83658/1/5hvMdLYnfsXTSuV237JH9FWLZN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d9f9a8-da01-4d35-8284-b64eb8d83658/1/1TVDIcElQ2AUXq8l9pk4uN80ezE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.200.235.0/24
IPv6:
2a11:600:150::/47
2a11:601:d000::/36
2a11:601:f000::/36
Signature Algorithm: sha256WithRSAEncryption
0d:d4:1c:7c:7b:51:80:0c:71:42:b2:b5:8e:9b:c9:8d:a0:30:
14:9a:ac:ab:ca:4d:ec:80:32:45:b9:5f:3c:6f:43:9c:08:de:
f9:9e:ff:e9:81:bb:46:39:e7:a6:a1:7f:27:27:8c:6b:be:02:
61:bb:94:9b:0d:f0:9d:6d:c8:d3:e7:31:be:0b:e6:af:96:85:
a1:cd:6c:cd:90:4f:8f:80:c6:5d:0e:50:76:f6:b2:27:9c:17:
27:15:1d:da:59:c4:df:50:08:d9:d9:cf:fc:ae:4c:91:a5:64:
64:7b:8f:c1:5a:e2:ad:6b:b0:69:53:03:b8:87:54:12:13:11:
b0:90:f5:02:4f:f1:58:ac:39:85:7e:84:d2:77:60:80:0a:82:
64:1b:97:fb:e0:01:dd:d2:2f:0f:e6:f1:2b:b9:77:d5:f7:8c:
40:24:b3:cf:35:7e:b3:48:c7:0d:a0:af:53:e3:ea:20:48:55:
ef:86:dc:00:ac:35:4e:49:c7:5f:0f:72:73:72:50:4a:8f:f0:
34:82:1b:94:89:ab:e4:58:26:6d:b0:39:78:e3:53:57:5c:aa:
15:46:9c:0a:f0:ed:bd:d9:90:31:5f:1f:4b:cf:c7:8f:69:ec:
ff:7f:54:75:0a:65:6e:18:3c:3c:95:28:7b:45:ef:e8:db:88:
00:7f:b4:9d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQnR4F4lkuxWVMTnX53Bz8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzU0MzIxYzEyNTQzNjAxNDVlYWYyNWY2OTkzOGI4ZGYz
NDdiMzEwHhcNMjUwMTAyMTM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFiY2M3NGI2Mjc3ZWM1ZDM0YWU1NzZkZmIyNDdmNDU1OGI2NGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfq5vd/vwUq6z8uljEL8zm5B8yQf
8l6+oJIdz2ZC+4+ZRmWcIkAG078Ct7nMVWu/BObuegKCLMzRwikcZq4Q+a5WIp5x
BOZIhmXTLGb5bHfBD2nYyxU5Kb0tpJ7LGyILBmT978WAOkQnNH2UBUTCOLAlXah9
Xj3mTwyqXiqAOf5S1a1AyK4x+jqWg/9TxcPBtQZfQQbaPiqYAmWcUl0FdjpCdMWy
E3sqOwFJIPqIW5xg4siKZyhDSLyRwgyYj/5xujpRWMV5ES29N0UCpuqNL3qKdOsd
1sBF+qxqWz0K0A03Mr80g27kKts4mdGr3s5whk64BcD5k/ZjF7BxQnephwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFOYbzHS2J37F00rldt+yR/RVi2TdMB8GA1UdIwQY
MBaAFNU1QyHBJUNgFF6vJfaZOLjfNHsxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRWREljRWxRMkFVWHE4bDlwazR1TjgwZXpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9kOWY5YTgtZGEwMS00ZDM1LTgyODQt
YjY0ZWI4ZDgzNjU4LzEvNWh2TWRMWW5mc1hUU3VWMjM3Skg5RldMWk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9kOWY5YTgtZGEwMS00ZDM1LTgyODQtYjY0ZWI4ZDgzNjU4
LzEvMVRWREljRWxRMkFVWHE4bDlwazR1TjgwZXpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAMBAIAATAGAwQAw8jrMB8E
AgACMBkDBwEqEQYAAVADBgQqEQYB0AMGBCoRBgHwMA0GCSqGSIb3DQEBCwUAA4IB
AQAN1Bx8e1GADHFCsrWOm8mNoDAUmqyryk3sgDJFuV88b0OcCN75nv/pgbtGOeem
oX8nJ4xrvgJhu5SbDfCdbcjT5zG+C+avloWhzWzNkE+PgMZdDlB29rInnBcnFR3a
WcTfUAjZ2c/8rkyRpWRke4/BWuKta7BpUwO4h1QSExGwkPUCT/FYrDmFfoTSd2CA
CoJkG5f74AHd0i8P5vEruXfV94xAJLPPNX6zSMcNoK9T4+ogSFXvhtwArDVOScdf
D3JzclBKj/A0ghuUiavkWCZtsDl441NXXKoVRpwK8O292ZAxXx9Lz8ePaez/f1R1
CmVuGDw8lSh7Re/o24gAf7Sd
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:50:01 2025 by rpki-client