Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/u52qW4JyOvyxFH_dm7Mf8f_9xYg.roa
File: u52qW4JyOvyxFH_dm7Mf8f_9xYg.roa (raw, json)
Hash identifier: p5pa88452Qlp5obMC/dsSAsRdIWVZbdy4Bw3DHihOtQ=
Subject key identifier: BB:9D:AA:5B:82:72:3A:FC:B1:14:7F:DD:9B:B3:1F:F1:FF:FD:C5:88
Certificate issuer: /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial: 0195EB5FF73D6D17FE4039CF7E2ECFB59225
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/u52qW4JyOvyxFH_dm7Mf8f_9xYg.roa
Signing time: Mon 31 Mar 2025 08:44:49 +0000
ROA not before: Mon 31 Mar 2025 08:44:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34219
IP address blocks: 93.94.4.0/23 maxlen: 23
159.253.112.0/22 maxlen: 22
159.253.116.0/23 maxlen: 23
159.253.118.0/24 maxlen: 24
159.253.119.0/24 maxlen: 24
178.255.16.0/22 maxlen: 22
178.255.20.0/23 maxlen: 23
178.255.22.0/24 maxlen: 24
185.2.56.0/22 maxlen: 22
2a03:1e00::/32 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 08:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:eb:5f:f7:3d:6d:17:fe:40:39:cf:7e:2e:cf:b5:92:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Validity
Not Before: Mar 31 08:44:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bb9daa5b82723afcb1147fdd9bb31ff1fffdc588
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:90:24:4d:01:a2:43:82:2b:39:92:53:13:5a:
dc:66:ae:40:02:19:39:fb:b5:8a:26:e0:8c:6d:17:
09:f9:a8:93:36:a4:f8:d2:24:cc:80:c9:bb:e2:02:
ec:0e:ce:74:c8:2d:7b:75:4f:8c:90:85:fe:be:37:
45:a9:39:a3:7f:8b:55:65:0c:1d:3c:50:05:65:76:
77:11:ec:ee:88:2d:d2:f3:aa:e4:82:fd:90:b4:33:
91:bb:57:82:94:62:f6:21:a3:6c:ac:dd:7e:93:2c:
bb:4b:8b:e4:d1:33:99:62:6b:82:8b:97:75:90:8c:
60:43:0d:1d:1a:ae:03:da:cc:84:04:17:01:fa:61:
68:3f:4d:49:e3:73:28:3e:61:ea:55:95:c7:4d:d3:
39:22:20:75:54:0a:35:69:00:d2:37:3f:18:2b:68:
ea:8c:5f:15:1b:e2:5f:94:f7:1b:ec:7a:30:36:66:
51:26:33:09:92:1b:bd:7e:27:0c:4f:78:c4:32:fe:
01:30:2e:be:f6:d6:e5:10:8d:39:2e:89:16:ab:88:
f0:69:67:f4:af:c9:cc:3b:3d:a1:24:6a:f2:52:02:
1a:19:33:72:1d:95:52:1d:e4:4e:6b:09:c7:c6:89:
1c:5a:1f:6c:07:78:e8:93:95:0c:af:b5:a2:df:92:
df:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:9D:AA:5B:82:72:3A:FC:B1:14:7F:DD:9B:B3:1F:F1:FF:FD:C5:88
X509v3 Authority Key Identifier:
keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/u52qW4JyOvyxFH_dm7Mf8f_9xYg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.94.4.0/23
159.253.112.0/21
178.255.16.0-178.255.22.255
185.2.56.0/22
IPv6:
2a03:1e00::/32
Signature Algorithm: sha256WithRSAEncryption
a0:e4:07:31:53:4b:c0:8e:1d:85:cc:33:69:68:47:19:4c:7b:
f0:05:90:66:6a:9f:a3:45:3c:46:8b:b0:75:f6:53:c3:66:a6:
2a:22:4d:71:6c:6b:e7:79:cc:1a:a6:71:f1:ca:f6:51:05:d7:
9b:e6:d2:37:dc:0a:6a:92:88:4f:b7:8d:3a:66:41:f0:3b:f8:
a6:b1:6a:c5:55:d0:47:0b:c2:74:6d:40:6e:71:bb:42:8c:ae:
01:be:a0:45:6e:ee:64:c3:68:eb:17:e9:b4:fd:8b:54:49:4e:
7d:3a:34:86:20:90:9d:50:c7:86:6d:1c:27:9c:75:9b:98:50:
08:fe:de:75:c6:7b:c6:58:d2:ad:30:6f:a7:f8:9b:e5:8f:fa:
83:a9:c2:15:82:fd:18:b6:6a:31:0e:23:c9:0d:06:b3:e9:08:
e7:26:fb:c3:93:8b:af:ac:a0:18:c1:8c:73:a8:65:cf:c4:82:
b3:91:95:95:fe:11:b0:bf:0b:ea:a2:54:44:23:04:6d:94:2f:
74:d6:38:3d:60:9c:2b:ed:9a:1f:c5:f8:5b:ff:a4:5f:6d:32:
6a:9e:11:81:e8:80:5c:09:9f:e5:c5:a5:87:cc:c5:ae:0d:9d:
c1:c9:1e:2b:f8:c8:ed:13:60:41:bf:75:8c:8a:95:5c:b1:bb:
3b:dd:d3:e5
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZXrX/c9bRf+QDnPfi7PtZIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjUwMzMxMDg0NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjlkYWE1YjgyNzIzYWZjYjExNDdmZGQ5YmIzMWZmMWZmZmRjNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpAkTQGiQ4IrOZJTE1rcZq5AAhk5
+7WKJuCMbRcJ+aiTNqT40iTMgMm74gLsDs50yC17dU+MkIX+vjdFqTmjf4tVZQwd
PFAFZXZ3EezuiC3S86rkgv2QtDORu1eClGL2IaNsrN1+kyy7S4vk0TOZYmuCi5d1
kIxgQw0dGq4D2syEBBcB+mFoP01J43MoPmHqVZXHTdM5IiB1VAo1aQDSNz8YK2jq
jF8VG+JflPcb7HowNmZRJjMJkhu9ficMT3jEMv4BMC6+9tblEI05LokWq4jwaWf0
r8nMOz2hJGryUgIaGTNyHZVSHeROawnHxokcWh9sB3jok5UMr7Wi35LfiwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFLudqluCcjr8sRR/3ZuzH/H//cWIMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvdTUycVc0SnlPdnl4RkhfZG03TWY4Zl85eFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQBXV4EAwQD
n/1wMAwDBASy/xADBACy/xYDBAK5AjgwDQQCAAIwBwMFACoDHgAwDQYJKoZIhvcN
AQELBQADggEBAKDkBzFTS8COHYXMM2loRxlMe/AFkGZqn6NFPEaLsHX2U8Nmpioi
TXFsa+d5zBqmcfHK9lEF15vm0jfcCmqSiE+3jTpmQfA7+KaxasVV0EcLwnRtQG5x
u0KMrgG+oEVu7mTDaOsX6bT9i1RJTn06NIYgkJ1Qx4ZtHCecdZuYUAj+3nXGe8ZY
0q0wb6f4m+WP+oOpwhWC/Ri2ajEOI8kNBrPpCOcm+8OTi6+soBjBjHOoZc/EgrOR
lZX+EbC/C+qiVEQjBG2UL3TWOD1gnCvtmh/F+Fv/pF9tMmqeEYHogFwJn+XFpYfM
xa4NncHJHiv4yO0TYEG/dYyKlVyxuzvd0+U=
-----END CERTIFICATE-----
Generated at Thu Apr 10 14:34:45 2025 by rpki-client