Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/CbWOEpiwCrppRA8DVC4XzZMGIMo.roa
File: CbWOEpiwCrppRA8DVC4XzZMGIMo.roa (raw, json)
Hash identifier: PCw7t89Xuux83a7nB0OMpGHDzsoTVJA+nWtRPUVTD0g=
Subject key identifier: 09:B5:8E:12:98:B0:0A:BA:69:44:0F:03:54:2E:17:CD:93:06:20:CA
Certificate issuer: /CN=1534838bb317b8186699f0a4485db6d9da1908d2
Certificate serial: 0195CD9A33858CB708C96383AA88776470C8
Authority key identifier: 15:34:83:8B:B3:17:B8:18:66:99:F0:A4:48:5D:B6:D9:DA:19:08:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/CbWOEpiwCrppRA8DVC4XzZMGIMo.roa
Signing time: Tue 25 Mar 2025 13:59:49 +0000
ROA not before: Tue 25 Mar 2025 13:59:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2602
IP address blocks: 158.64.0.0/16 maxlen: 24
185.149.136.0/22 maxlen: 22
193.168.64.0/18 maxlen: 24
193.168.80.0/24 maxlen: 24
2001:a18::/29 maxlen: 48
2001:a18:ff00::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.crl
rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.mft
rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 22:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:cd:9a:33:85:8c:b7:08:c9:63:83:aa:88:77:64:70:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1534838bb317b8186699f0a4485db6d9da1908d2
Validity
Not Before: Mar 25 13:59:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09b58e1298b00aba69440f03542e17cd930620ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:82:b0:6e:97:da:73:fe:2d:fe:ed:74:e1:8b:
27:d8:1b:28:5c:3f:9d:61:96:78:84:ac:6f:90:fd:
8f:94:35:b3:2d:48:c6:07:b7:13:86:af:26:3e:f2:
f3:03:c7:0f:41:9d:69:62:c7:09:d7:c6:92:3e:8a:
7a:31:cd:a7:de:ee:ca:be:e5:87:54:ad:35:96:43:
57:b7:61:29:24:4e:e5:df:6e:4f:ab:2b:f3:67:ec:
6c:a0:9e:03:67:83:a9:35:2a:54:51:53:70:ee:10:
db:eb:36:0f:4a:59:57:f7:94:e5:4d:d5:b9:d2:c5:
4a:6a:fd:5f:00:58:d3:a4:12:11:ad:64:10:c2:55:
04:67:8a:55:4c:aa:e6:79:ec:e7:33:07:a7:10:d9:
b9:75:3b:b2:96:fc:ae:70:07:6c:77:89:f2:9e:36:
ba:83:2d:71:cd:2b:64:b3:5c:dd:66:64:8f:0d:01:
1d:b7:93:62:79:a0:2c:4a:6b:89:d3:61:f1:e3:98:
c7:08:06:2e:cf:99:54:03:b3:40:7e:75:95:7c:c0:
47:c8:71:34:21:71:4a:22:f6:8d:58:af:a4:69:89:
dd:39:2f:d4:64:45:05:8b:19:f4:d2:41:1d:46:4c:
46:5d:65:0e:04:52:fc:8b:86:ff:bc:ac:64:3e:c1:
07:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:B5:8E:12:98:B0:0A:BA:69:44:0F:03:54:2E:17:CD:93:06:20:CA
X509v3 Authority Key Identifier:
keyid:15:34:83:8B:B3:17:B8:18:66:99:F0:A4:48:5D:B6:D9:DA:19:08:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FTSDi7MXuBhmmfCkSF222doZCNI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/CbWOEpiwCrppRA8DVC4XzZMGIMo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/14c1ca-1874-47ac-a18e-3a144c70e0b0/1/FTSDi7MXuBhmmfCkSF222doZCNI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.64.0.0/16
185.149.136.0/22
193.168.64.0/18
IPv6:
2001:a18::/29
Signature Algorithm: sha256WithRSAEncryption
31:95:9a:3a:83:17:d0:17:54:c5:00:53:1a:89:50:3b:5b:17:
c2:73:9f:28:d3:4e:f7:d8:71:87:30:32:28:b9:37:38:c5:cd:
ad:58:88:50:6f:34:c3:ac:cc:13:ea:9c:57:63:ec:30:e3:49:
fd:66:fb:be:55:1b:e5:74:78:a3:4a:bb:14:88:2a:33:bd:97:
4a:d7:6d:de:57:c3:3d:9e:4a:c6:8a:8f:25:85:45:a5:21:09:
e0:f9:e2:fe:36:67:f1:0d:25:93:5e:f1:3e:22:56:b0:af:65:
29:23:f2:e7:d4:28:f6:a0:ec:13:0c:8a:56:9e:5b:aa:67:f6:
27:32:d1:df:b4:ff:f7:8d:72:ee:ba:4e:a1:03:46:56:38:a8:
74:26:ad:7f:74:9d:73:e6:b7:ae:d6:ac:cc:e2:e5:e6:55:fb:
b2:8f:32:6e:99:21:a1:63:dc:21:61:6c:4e:4b:1c:5f:0b:6c:
62:ee:39:6e:85:4a:9d:91:95:00:61:ab:36:f7:7c:a0:f3:ce:
3d:67:b0:9e:cd:5f:37:4c:80:59:db:a2:a4:5a:b3:e8:70:b4:
29:04:76:02:f6:f4:ae:0d:a5:16:fb:cc:a1:f5:f2:0b:60:5f:
73:a6:96:92:88:32:fd:fb:83:f0:08:6a:c8:88:d4:8a:f8:4b:
e8:62:29:ea
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZXNmjOFjLcIyWODqoh3ZHDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MzQ4MzhiYjMxN2I4MTg2Njk5ZjBhNDQ4NWRiNmQ5ZGEx
OTA4ZDIwHhcNMjUwMzI1MTM1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWI1OGUxMjk4YjAwYWJhNjk0NDBmMDM1NDJlMTdjZDkzMDYyMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYKwbpfac/4t/u104Ysn2BsoXD+d
YZZ4hKxvkP2PlDWzLUjGB7cThq8mPvLzA8cPQZ1pYscJ18aSPop6Mc2n3u7KvuWH
VK01lkNXt2EpJE7l325PqyvzZ+xsoJ4DZ4OpNSpUUVNw7hDb6zYPSllX95TlTdW5
0sVKav1fAFjTpBIRrWQQwlUEZ4pVTKrmeeznMwenENm5dTuylvyucAdsd4nynja6
gy1xzStks1zdZmSPDQEdt5NieaAsSmuJ02Hx45jHCAYuz5lUA7NAfnWVfMBHyHE0
IXFKIvaNWK+kaYndOS/UZEUFixn00kEdRkxGXWUOBFL8i4b/vKxkPsEHzwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAm1jhKYsAq6aUQPA1QuF82TBiDKMB8GA1UdIwQY
MBaAFBU0g4uzF7gYZpnwpEhdttnaGQjSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlRTRGk3TVh1QmhtbWZDa1NGMjIyZG9aQ05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xNGMxY2EtMTg3NC00N2FjLWExOGUt
M2ExNDRjNzBlMGIwLzEvQ2JXT0VwaXdDcnBwUkE4RFZDNFh6Wk1HSU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xNGMxY2EtMTg3NC00N2FjLWExOGUtM2ExNDRjNzBlMGIw
LzEvRlRTRGk3TVh1QmhtbWZDa1NGMjIyZG9aQ05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwMAnkADBAK5
lYgDBAbBqEAwDQQCAAIwBwMFAyABChgwDQYJKoZIhvcNAQELBQADggEBADGVmjqD
F9AXVMUAUxqJUDtbF8JznyjTTvfYcYcwMii5NzjFza1YiFBvNMOszBPqnFdj7DDj
Sf1m+75VG+V0eKNKuxSIKjO9l0rXbd5Xwz2eSsaKjyWFRaUhCeD54v42Z/ENJZNe
8T4iVrCvZSkj8ufUKPag7BMMilaeW6pn9icy0d+0//eNcu66TqEDRlY4qHQmrX90
nXPmt67WrMzi5eZV+7KPMm6ZIaFj3CFhbE5LHF8LbGLuOW6FSp2RlQBhqzb3fKDz
zj1nsJ7NXzdMgFnboqRas+hwtCkEdgL29K4NpRb7zKH18gtgX3OmlpKIMv37g/AI
asiI1Ir4S+hiKeo=
-----END CERTIFICATE-----
Generated at Mon Apr 7 09:23:03 2025 by rpki-client