Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/a970c6-c118-452e-a56f-ec467fa8636e/1/S2CydqVU1Bg8JlGW4qN48rRbYzM.roa
File: S2CydqVU1Bg8JlGW4qN48rRbYzM.roa (raw, json)
Hash identifier: BGDB4Vnl+lNKwWJXdwvf53CCXNQUCVk3dMF/mpOaQyY=
Subject key identifier: 4B:60:B2:76:A5:54:D4:18:3C:26:51:96:E2:A3:78:F2:B4:5B:63:33
Certificate issuer: /CN=a6aa9cade93be6ba7c8abb3238318076317d607d
Certificate serial: 0194F525303B9049CFEC2C5C9BCF398F3493
Authority key identifier: A6:AA:9C:AD:E9:3B:E6:BA:7C:8A:BB:32:38:31:80:76:31:7D:60:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pqqcrek75rp8irsyODGAdjF9YH0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/a970c6-c118-452e-a56f-ec467fa8636e/1/S2CydqVU1Bg8JlGW4qN48rRbYzM.roa
Signing time: Tue 11 Feb 2025 13:14:02 +0000
ROA not before: Tue 11 Feb 2025 13:14:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207668
IP address blocks: 45.66.20.0/23 maxlen: 23
45.66.22.0/23 maxlen: 23
45.144.120.0/22 maxlen: 22
91.211.224.0/22 maxlen: 22
194.53.192.0/24 maxlen: 24
194.53.193.0/24 maxlen: 24
194.53.194.0/23 maxlen: 23
2a09:60c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/a970c6-c118-452e-a56f-ec467fa8636e/1/pqqcrek75rp8irsyODGAdjF9YH0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/a970c6-c118-452e-a56f-ec467fa8636e/1/pqqcrek75rp8irsyODGAdjF9YH0.mft
rsync://rpki.ripe.net/repository/DEFAULT/pqqcrek75rp8irsyODGAdjF9YH0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 13:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:f5:25:30:3b:90:49:cf:ec:2c:5c:9b:cf:39:8f:34:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a6aa9cade93be6ba7c8abb3238318076317d607d
Validity
Not Before: Feb 11 13:14:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b60b276a554d4183c265196e2a378f2b45b6333
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:ea:e7:b2:bf:53:31:2a:85:15:f0:47:f7:65:
64:38:77:a9:8e:2b:3c:e8:f5:46:ca:c1:62:4f:a4:
6e:b8:77:f6:70:d2:9f:0f:04:3d:a2:2f:a4:31:f3:
b8:18:e8:7a:52:9a:83:73:7d:e5:db:65:36:fe:65:
ff:32:dd:bf:aa:5f:0e:0b:dc:fc:f3:d1:45:44:51:
27:54:75:f4:fd:7c:66:aa:c3:fa:83:fd:10:0b:42:
df:af:be:48:d2:06:7d:8e:9c:db:ce:90:af:b0:6b:
f9:55:94:31:38:00:f9:c7:3b:07:8a:df:1c:32:37:
73:26:66:d2:1b:d4:22:51:0a:4a:a6:cf:40:75:de:
6d:35:bc:74:d4:a4:1e:79:6e:83:ac:24:1d:f3:10:
51:d4:d6:16:4b:fb:24:8c:45:6f:20:cd:80:69:04:
8a:2a:ba:e7:9b:c6:95:8f:88:77:ca:de:17:8d:d1:
f2:a0:3d:12:67:04:03:36:7b:18:6d:08:30:21:a8:
44:5f:ee:7f:11:e5:dc:5e:65:a5:a3:73:01:f5:36:
1b:a1:d5:ec:77:60:3d:81:ee:b6:f1:ea:a6:a0:b1:
a3:71:9d:25:f0:da:a4:ba:49:bd:47:02:ee:a1:fb:
b7:a3:70:93:3a:84:85:9c:19:d9:b6:4a:31:d4:2c:
ad:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:60:B2:76:A5:54:D4:18:3C:26:51:96:E2:A3:78:F2:B4:5B:63:33
X509v3 Authority Key Identifier:
keyid:A6:AA:9C:AD:E9:3B:E6:BA:7C:8A:BB:32:38:31:80:76:31:7D:60:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqqcrek75rp8irsyODGAdjF9YH0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/a970c6-c118-452e-a56f-ec467fa8636e/1/S2CydqVU1Bg8JlGW4qN48rRbYzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/a970c6-c118-452e-a56f-ec467fa8636e/1/pqqcrek75rp8irsyODGAdjF9YH0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.20.0/22
45.144.120.0/22
91.211.224.0/22
194.53.192.0/22
IPv6:
2a09:60c0::/29
Signature Algorithm: sha256WithRSAEncryption
c5:ab:7e:a3:69:a7:1e:6a:a6:3e:ba:b1:6f:b8:d5:c8:b9:5f:
2d:03:eb:dd:82:17:8b:37:40:90:03:3f:00:e5:3a:6f:af:56:
c1:94:5f:59:dd:c1:12:95:fb:76:4c:1c:1d:53:48:90:95:46:
75:b2:a2:5d:32:d4:f8:64:b1:97:47:93:59:b0:49:e7:63:f5:
0f:34:2b:62:26:56:48:1a:47:b8:a3:e5:91:03:16:b4:2a:ff:
59:12:81:66:cd:fb:9b:b3:c4:d3:e9:86:d9:02:53:b6:27:4e:
08:bc:0e:fb:c5:41:17:b8:f1:1e:d3:aa:75:fc:66:81:59:dc:
80:84:0a:2d:fb:e2:9e:f6:70:a7:3a:dd:fb:25:3e:06:cd:23:
87:a9:e9:e6:ff:88:df:5b:50:cc:b6:21:17:c5:08:96:cf:b0:
56:04:37:d4:cf:60:e2:2c:41:04:d2:7f:91:86:08:d9:db:28:
1b:87:61:7b:d6:58:15:f0:f2:b9:f0:cf:1a:4f:65:64:ab:dc:
47:19:bf:e3:a5:f4:e0:de:f9:4d:71:96:86:3f:0a:06:7d:ec:
0f:19:3f:f8:29:43:45:4f:31:a3:91:2d:b3:e8:c5:e8:3f:9c:
63:88:28:1b:05:2b:89:37:52:56:da:bc:5e:3d:a1:c8:37:33:
1b:53:c2:4e
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZT1JTA7kEnP7Cxcm885jzSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YWE5Y2FkZTkzYmU2YmE3YzhhYmIzMjM4MzE4MDc2MzE3
ZDYwN2QwHhcNMjUwMjExMTMxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjYwYjI3NmE1NTRkNDE4M2MyNjUxOTZlMmEzNzhmMmI0NWI2MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzernsr9TMSqFFfBH92VkOHepjis8
6PVGysFiT6RuuHf2cNKfDwQ9oi+kMfO4GOh6UpqDc33l22U2/mX/Mt2/ql8OC9z8
89FFRFEnVHX0/XxmqsP6g/0QC0Lfr75I0gZ9jpzbzpCvsGv5VZQxOAD5xzsHit8c
MjdzJmbSG9QiUQpKps9Add5tNbx01KQeeW6DrCQd8xBR1NYWS/skjEVvIM2AaQSK
Krrnm8aVj4h3yt4XjdHyoD0SZwQDNnsYbQgwIahEX+5/EeXcXmWlo3MB9TYbodXs
d2A9ge628eqmoLGjcZ0l8Nqkukm9RwLuofu3o3CTOoSFnBnZtkox1Cyt6wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFEtgsnalVNQYPCZRluKjePK0W2MzMB8GA1UdIwQY
MBaAFKaqnK3pO+a6fIq7MjgxgHYxfWB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFxY3Jlazc1cnA4aXJzeU9ER0FkakY5WUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9hOTcwYzYtYzExOC00NTJlLWE1NmYt
ZWM0NjdmYTg2MzZlLzEvUzJDeWRxVlUxQmc4SmxHVzRxTjQ4clJiWXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9hOTcwYzYtYzExOC00NTJlLWE1NmYtZWM0NjdmYTg2MzZl
LzEvcHFxY3Jlazc1cnA4aXJzeU9ER0FkakY5WUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLUIUAwQC
LZB4AwQCW9PgAwQCwjXAMA0EAgACMAcDBQMqCWDAMA0GCSqGSIb3DQEBCwUAA4IB
AQDFq36jaaceaqY+urFvuNXIuV8tA+vdgheLN0CQAz8A5Tpvr1bBlF9Z3cESlft2
TBwdU0iQlUZ1sqJdMtT4ZLGXR5NZsEnnY/UPNCtiJlZIGke4o+WRAxa0Kv9ZEoFm
zfubs8TT6YbZAlO2J04IvA77xUEXuPEe06p1/GaBWdyAhAot++Ke9nCnOt37JT4G
zSOHqenm/4jfW1DMtiEXxQiWz7BWBDfUz2DiLEEE0n+RhgjZ2ygbh2F71lgV8PK5
8M8aT2Vkq9xHGb/jpfTg3vlNcZaGPwoGfewPGT/4KUNFTzGjkS2z6MXoP5xjiCgb
BSuJN1JW2rxePaHINzMbU8JO
-----END CERTIFICATE-----
Generated at Mon Apr 21 21:09:31 2025 by rpki-client