Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/sG_rr6I8pDA92eA5vBpgqLHPlcc.roa
File: sG_rr6I8pDA92eA5vBpgqLHPlcc.roa (raw, json)
Hash identifier: VBbgkzxs+YQuemItqSI61ff6E1GX47Q0q9j9ZQDjYJM=
Subject key identifier: B0:6F:EB:AF:A2:3C:A4:30:3D:D9:E0:39:BC:1A:60:A8:B1:CF:95:C7
Certificate issuer: /CN=43fad79548afc5c83e59bbfe388c64492cb55013
Certificate serial: 01942444D585922A75E1FA2D518AB52AB863
Authority key identifier: 43:FA:D7:95:48:AF:C5:C8:3E:59:BB:FE:38:8C:64:49:2C:B5:50:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/sG_rr6I8pDA92eA5vBpgqLHPlcc.roa
Signing time: Wed 01 Jan 2025 23:47:58 +0000
ROA not before: Wed 01 Jan 2025 23:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49594
IP address blocks: 95.174.72.0/21 maxlen: 21
185.29.32.0/22 maxlen: 22
188.73.0.0/18 maxlen: 18
213.151.160.0/22 maxlen: 22
213.151.164.0/23 maxlen: 23
213.151.167.0/24 maxlen: 24
2a02:468::/29 maxlen: 29
2a03:800::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:d5:85:92:2a:75:e1:fa:2d:51:8a:b5:2a:b8:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43fad79548afc5c83e59bbfe388c64492cb55013
Validity
Not Before: Jan 1 23:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b06febafa23ca4303dd9e039bc1a60a8b1cf95c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f6:db:21:62:f1:5e:9d:c8:18:ed:3e:53:15:
32:f4:91:65:6e:3c:6f:12:4a:90:9b:29:99:ed:8d:
22:68:83:76:23:24:07:0d:19:ec:e5:34:64:1d:dc:
0d:d7:24:0b:b3:1d:c1:e8:75:1f:7a:06:3f:a1:b1:
5b:06:61:bd:52:97:cf:db:4c:b5:a0:4c:dd:6e:72:
41:d7:53:b8:3f:02:c5:63:d3:97:a2:69:51:ec:ad:
a4:1b:d9:9d:d3:07:c9:e9:97:a6:cd:47:73:e8:48:
b4:c6:23:80:a6:34:15:32:7d:fe:fe:d9:b2:ad:45:
9c:2e:10:4b:2c:39:ef:37:03:97:c7:03:29:2d:f1:
f7:51:8a:79:14:da:3d:8c:bd:81:47:ab:d3:e6:9d:
c3:6d:6c:f7:7e:5d:77:67:91:b0:9e:d8:0d:7d:48:
13:10:4b:9f:24:a5:68:d0:0d:41:ae:71:5f:7b:4a:
64:a9:9a:9e:4e:92:36:b6:92:cc:e3:30:5d:f9:52:
20:2d:53:ef:33:f1:e4:23:cb:5d:cd:fe:58:5e:91:
7e:c6:4b:19:14:ca:08:7d:44:f7:a5:e0:d3:07:10:
10:ca:0d:60:ea:8c:a8:e1:67:d2:24:2d:c9:24:42:
2d:14:67:6e:67:25:f8:d6:63:20:5f:e1:cf:ef:6d:
57:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:6F:EB:AF:A2:3C:A4:30:3D:D9:E0:39:BC:1A:60:A8:B1:CF:95:C7
X509v3 Authority Key Identifier:
keyid:43:FA:D7:95:48:AF:C5:C8:3E:59:BB:FE:38:8C:64:49:2C:B5:50:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/sG_rr6I8pDA92eA5vBpgqLHPlcc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cf2c1-1962-4b70-9e5b-fe855dabb75e/1/Q_rXlUivxcg-Wbv-OIxkSSy1UBM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.174.72.0/21
185.29.32.0/22
188.73.0.0/18
213.151.160.0-213.151.165.255
213.151.167.0/24
IPv6:
2a02:468::/29
2a03:800::/32
Signature Algorithm: sha256WithRSAEncryption
1e:e4:2b:82:41:12:64:00:35:fd:25:d0:38:42:02:73:9c:91:
7a:96:68:51:f4:ac:2a:98:53:b2:7b:06:d8:56:08:f0:21:14:
f2:f6:1d:e2:0f:0f:8c:a0:31:b1:a9:df:fb:f1:40:62:82:a7:
cc:b3:89:99:81:21:01:08:bc:4b:2f:8b:9f:c9:40:0e:15:65:
11:ef:13:95:7f:59:20:65:44:fe:e5:31:76:bb:d1:3d:98:3c:
73:bd:eb:27:b6:0e:74:63:3b:20:62:7f:d5:4f:b4:f4:63:4c:
d8:b8:52:03:d0:ec:c6:0b:b8:87:2f:fe:5e:ed:81:75:ca:ab:
5b:06:84:77:30:76:1e:cb:9f:17:c1:97:32:de:ee:53:07:f8:
fc:6a:6a:0f:a5:2c:f2:cd:f3:e4:1a:97:b6:c2:63:34:7c:7f:
80:e5:6b:cf:bb:10:9c:44:44:c9:31:6d:17:66:65:41:e3:bb:
ca:7c:90:3b:18:0d:31:98:62:56:5d:95:c1:9f:b4:8c:64:f8:
c4:1b:b3:6f:b2:cc:92:c2:8b:3c:ae:13:93:3c:d0:e2:f5:02:
41:86:b4:7b:eb:77:45:62:16:b9:08:35:2c:4a:50:8c:21:00:
13:f2:4e:eb:01:51:98:d8:9c:61:01:a3:6b:09:0c:48:24:0f:
c5:af:3e:0e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQkRNWFkip14fotUYq1KrhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZmFkNzk1NDhhZmM1YzgzZTU5YmJmZTM4OGM2NDQ5MmNi
NTUwMTMwHhcNMjUwMTAxMjM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDZmZWJhZmEyM2NhNDMwM2RkOWUwMzliYzFhNjBhOGIxY2Y5NWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/bbIWLxXp3IGO0+UxUy9JFlbjxv
EkqQmymZ7Y0iaIN2IyQHDRns5TRkHdwN1yQLsx3B6HUfegY/obFbBmG9UpfP20y1
oEzdbnJB11O4PwLFY9OXomlR7K2kG9md0wfJ6ZemzUdz6Ei0xiOApjQVMn3+/tmy
rUWcLhBLLDnvNwOXxwMpLfH3UYp5FNo9jL2BR6vT5p3DbWz3fl13Z5GwntgNfUgT
EEufJKVo0A1BrnFfe0pkqZqeTpI2tpLM4zBd+VIgLVPvM/HkI8tdzf5YXpF+xksZ
FMoIfUT3peDTBxAQyg1g6oyo4WfSJC3JJEItFGduZyX41mMgX+HP721X8QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLBv66+iPKQwPdngObwaYKixz5XHMB8GA1UdIwQY
MBaAFEP615VIr8XIPlm7/jiMZEkstVATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV9yWGxVaXZ4Y2ctV2J2LU9JeGtTU3kxVUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yY2YyYzEtMTk2Mi00YjcwLTllNWIt
ZmU4NTVkYWJiNzVlLzEvc0dfcnI2SThwREE5MmVBNXZCcGdxTEhQbGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yY2YyYzEtMTk2Mi00YjcwLTllNWItZmU4NTVkYWJiNzVl
LzEvUV9yWGxVaXZ4Y2ctV2J2LU9JeGtTU3kxVUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAsBAIAATAmAwQDX65IAwQC
uR0gAwQGvEkAMAwDBAXVl6ADBAHVl6QDBADVl6cwFAQCAAIwDgMFAyoCBGgDBQAq
AwgAMA0GCSqGSIb3DQEBCwUAA4IBAQAe5CuCQRJkADX9JdA4QgJznJF6lmhR9Kwq
mFOyewbYVgjwIRTy9h3iDw+MoDGxqd/78UBigqfMs4mZgSEBCLxLL4ufyUAOFWUR
7xOVf1kgZUT+5TF2u9E9mDxzvesntg50YzsgYn/VT7T0Y0zYuFID0OzGC7iHL/5e
7YF1yqtbBoR3MHYey58XwZcy3u5TB/j8amoPpSzyzfPkGpe2wmM0fH+A5WvPuxCc
RETJMW0XZmVB47vKfJA7GA0xmGJWXZXBn7SMZPjEG7NvssySwos8rhOTPNDi9QJB
hrR763dFYha5CDUsSlCMIQAT8k7rAVGY2JxhAaNrCQxIJA/Frz4O
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:14:34 2025 by rpki-client