Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/cotZl6z9OJ-fauLOJe6XV8WAuTo.roa
File: cotZl6z9OJ-fauLOJe6XV8WAuTo.roa (raw, json)
Hash identifier: pFgMJLMj7SXSgI1OYpF9YOIHVLweh2wDrctvJeRJL4M=
Subject key identifier: 72:8B:59:97:AC:FD:38:9F:9F:6A:E2:CE:25:EE:97:57:C5:80:B9:3A
Certificate issuer: /CN=d1f51964ede12b4c03673d23cd44c8375315f45a
Certificate serial: 0194266C43D71272EF2A6ABD128714C03942
Authority key identifier: D1:F5:19:64:ED:E1:2B:4C:03:67:3D:23:CD:44:C8:37:53:15:F4:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/cotZl6z9OJ-fauLOJe6XV8WAuTo.roa
Signing time: Thu 02 Jan 2025 09:50:17 +0000
ROA not before: Thu 02 Jan 2025 09:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39201
IP address blocks: 45.128.69.0/24 maxlen: 24
45.128.70.0/24 maxlen: 24
45.128.71.0/24 maxlen: 24
84.38.244.0/24 maxlen: 24
185.152.180.0/24 maxlen: 24
185.152.181.0/24 maxlen: 24
185.152.182.0/24 maxlen: 24
185.152.183.0/24 maxlen: 24
2a0b:e5c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.mft
rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:43:d7:12:72:ef:2a:6a:bd:12:87:14:c0:39:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1f51964ede12b4c03673d23cd44c8375315f45a
Validity
Not Before: Jan 2 09:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=728b5997acfd389f9f6ae2ce25ee9757c580b93a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:c6:0a:45:98:51:78:42:d5:c3:dc:e0:f8:53:
d5:8d:08:57:3d:2e:d7:f7:8e:bb:71:e6:50:87:0b:
be:e5:1e:a7:35:fa:eb:cb:d2:a0:be:78:72:ba:03:
e0:7a:40:40:fa:e9:54:0a:50:27:7b:28:ca:67:b3:
df:a1:76:c0:06:57:5e:51:6b:ad:05:28:de:dc:bb:
05:47:3c:a8:03:46:95:9a:a9:ca:59:26:45:ed:53:
d1:bb:27:e7:3b:00:9a:fc:32:d9:d3:25:72:09:89:
5c:b8:d6:6c:19:1c:97:32:5e:da:2f:a6:97:16:40:
0b:a9:21:b2:e7:86:71:68:f8:22:52:d8:a1:97:29:
55:de:f8:36:2e:d2:26:23:88:92:c4:27:d6:f3:4d:
41:5d:b5:ff:c3:90:94:05:00:5a:71:25:63:ae:76:
68:0e:0a:b7:dc:2d:05:6e:d8:25:eb:cc:ea:75:d2:
86:9b:ce:c9:14:10:a1:c8:24:e7:9b:1e:4c:85:aa:
6b:50:8b:81:43:65:56:6b:8e:62:04:2c:62:e0:06:
75:78:f1:03:87:de:b9:ff:50:4c:52:44:0d:b1:7e:
65:02:73:d8:34:6e:c7:aa:d8:bc:e9:94:34:d6:41:
0b:59:f6:25:1d:55:25:70:4b:c1:c6:5c:ac:fc:fa:
dd:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:8B:59:97:AC:FD:38:9F:9F:6A:E2:CE:25:EE:97:57:C5:80:B9:3A
X509v3 Authority Key Identifier:
keyid:D1:F5:19:64:ED:E1:2B:4C:03:67:3D:23:CD:44:C8:37:53:15:F4:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/cotZl6z9OJ-fauLOJe6XV8WAuTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.69.0-45.128.71.255
84.38.244.0/24
185.152.180.0/22
IPv6:
2a0b:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
20:62:43:c0:e3:2d:11:00:4b:4a:60:48:37:69:6c:56:8e:7d:
76:8f:8b:47:d5:8d:b7:9f:20:c1:04:39:87:ee:78:ce:c8:d1:
48:9c:50:c6:79:92:f6:42:8b:5f:09:3e:01:3c:94:45:e5:84:
85:d8:fa:bf:ed:33:fc:6b:ab:92:c9:e5:54:f3:70:81:4b:5b:
95:14:07:67:f6:f8:6a:56:be:5e:e1:fd:d8:db:53:93:ff:45:
b0:8f:96:4f:b4:da:31:6b:c0:a8:33:df:f0:e8:04:b0:73:16:
03:b9:09:1f:32:f0:e4:53:56:9f:28:04:c3:b0:ea:5f:c1:0a:
f8:5d:f4:4a:3c:eb:d6:5c:ab:0c:b1:69:28:55:97:6d:75:af:
65:6b:02:22:47:f6:f1:12:ab:35:85:15:c6:ad:7c:df:5d:15:
a3:fe:40:7d:9c:6f:7b:02:0e:44:1c:0d:1b:4a:68:10:f4:94:
e5:b8:0a:7e:09:8d:5d:df:b1:9b:85:52:11:73:3b:65:93:3a:
cf:8f:8c:c9:d4:70:c1:b3:a6:99:90:4f:02:58:51:1a:17:6d:
65:d2:49:15:da:10:87:34:ff:58:4e:94:31:b4:0a:f7:3e:8a:
6f:17:f2:3a:a4:b8:bc:77:f0:e9:18:33:a1:64:f2:3b:1b:a2:
66:72:b4:a6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZQmbEPXEnLvKmq9EocUwDlCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZjUxOTY0ZWRlMTJiNGMwMzY3M2QyM2NkNDRjODM3NTMx
NWY0NWEwHhcNMjUwMTAyMDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjhiNTk5N2FjZmQzODlmOWY2YWUyY2UyNWVlOTc1N2M1ODBiOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsYKRZhReELVw9zg+FPVjQhXPS7X
9467ceZQhwu+5R6nNfrry9KgvnhyugPgekBA+ulUClAneyjKZ7PfoXbABldeUWut
BSje3LsFRzyoA0aVmqnKWSZF7VPRuyfnOwCa/DLZ0yVyCYlcuNZsGRyXMl7aL6aX
FkALqSGy54ZxaPgiUtihlylV3vg2LtImI4iSxCfW801BXbX/w5CUBQBacSVjrnZo
Dgq33C0Fbtgl68zqddKGm87JFBChyCTnmx5MhaprUIuBQ2VWa45iBCxi4AZ1ePED
h965/1BMUkQNsX5lAnPYNG7Hqti86ZQ01kELWfYlHVUlcEvBxlys/PrdaQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFHKLWZes/Tifn2riziXul1fFgLk6MB8GA1UdIwQY
MBaAFNH1GWTt4StMA2c9I81EyDdTFfRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGZVWlpPM2hLMHdEWnowanpVVElOMU1WOUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9lYmJkZGEtOTU3MS00ZmY1LWI1NmUt
NzUyMjBkNTNhNTVjLzEvY290Wmw2ejlPSi1mYXVMT0plNlhWOFdBdVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9lYmJkZGEtOTU3MS00ZmY1LWI1NmUtNzUyMjBkNTNhNTVj
LzEvMGZVWlpPM2hLMHdEWnowanpVVElOMU1WOUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBAAtgEUD
BAMtgEADBABUJvQDBAK5mLQwDQQCAAIwBwMFAyoL5cAwDQYJKoZIhvcNAQELBQAD
ggEBACBiQ8DjLREAS0pgSDdpbFaOfXaPi0fVjbefIMEEOYfueM7I0UicUMZ5kvZC
i18JPgE8lEXlhIXY+r/tM/xrq5LJ5VTzcIFLW5UUB2f2+GpWvl7h/djbU5P/RbCP
lk+02jFrwKgz3/DoBLBzFgO5CR8y8ORTVp8oBMOw6l/BCvhd9Eo869ZcqwyxaShV
l211r2VrAiJH9vESqzWFFcatfN9dFaP+QH2cb3sCDkQcDRtKaBD0lOW4Cn4JjV3f
sZuFUhFzO2WTOs+PjMnUcMGzppmQTwJYURoXbWXSSRXaEIc0/1hOlDG0Cvc+im8X
8jqkuLx38OkYM6Fk8jsbomZytKY=
-----END CERTIFICATE-----
Generated at Thu Apr 17 03:13:57 2025 by rpki-client