Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/b-1rdmKo86yUONL7Dfq2xDDM_2s.roa
File: b-1rdmKo86yUONL7Dfq2xDDM_2s.roa (raw, json)
Hash identifier: w/c18hk0EwYDA8e5KKNs4s/8e74mjbPB/j6X78kDFl0=
Subject key identifier: 6F:ED:6B:76:62:A8:F3:AC:94:38:D2:FB:0D:FA:B6:C4:30:CC:FF:6B
Certificate issuer: /CN=ae72e47d56692499a726bf800ea8380362deb6be
Certificate serial: 0194221F786970145F228564593B61752E49
Authority key identifier: AE:72:E4:7D:56:69:24:99:A7:26:BF:80:0E:A8:38:03:62:DE:B6:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rnLkfVZpJJmnJr-ADqg4A2Letr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/b-1rdmKo86yUONL7Dfq2xDDM_2s.roa
Signing time: Wed 01 Jan 2025 13:47:55 +0000
ROA not before: Wed 01 Jan 2025 13:47:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21309
IP address blocks: 5.63.136.0/21 maxlen: 21
77.89.0.0/18 maxlen: 18
77.89.0.0/19 maxlen: 19
77.89.0.0/20 maxlen: 20
77.89.16.0/20 maxlen: 20
77.89.32.0/19 maxlen: 19
77.89.32.0/20 maxlen: 20
77.89.48.0/20 maxlen: 20
83.216.160.0/19 maxlen: 19
83.216.160.0/20 maxlen: 20
83.216.160.0/21 maxlen: 21
83.216.168.0/21 maxlen: 21
83.216.176.0/20 maxlen: 20
83.216.176.0/21 maxlen: 21
83.216.184.0/21 maxlen: 21
86.110.128.0/19 maxlen: 19
86.110.128.0/20 maxlen: 20
86.110.128.0/21 maxlen: 21
86.110.136.0/21 maxlen: 21
86.110.144.0/20 maxlen: 20
86.110.144.0/21 maxlen: 21
86.110.152.0/21 maxlen: 21
185.123.8.0/22 maxlen: 22
185.123.8.0/24 maxlen: 24
185.123.9.0/24 maxlen: 24
213.174.160.0/19 maxlen: 19
213.174.160.0/20 maxlen: 20
213.174.160.0/21 maxlen: 21
213.174.168.0/21 maxlen: 21
213.174.176.0/20 maxlen: 20
213.174.176.0/21 maxlen: 21
213.174.184.0/21 maxlen: 21
213.209.192.0/18 maxlen: 18
213.209.192.0/19 maxlen: 19
213.209.192.0/20 maxlen: 20
213.209.208.0/20 maxlen: 20
213.209.224.0/19 maxlen: 19
213.209.224.0/20 maxlen: 20
213.209.240.0/20 maxlen: 20
2a03:c380::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/rnLkfVZpJJmnJr-ADqg4A2Letr4.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/rnLkfVZpJJmnJr-ADqg4A2Letr4.mft
rsync://rpki.ripe.net/repository/DEFAULT/rnLkfVZpJJmnJr-ADqg4A2Letr4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:78:69:70:14:5f:22:85:64:59:3b:61:75:2e:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae72e47d56692499a726bf800ea8380362deb6be
Validity
Not Before: Jan 1 13:47:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6fed6b7662a8f3ac9438d2fb0dfab6c430ccff6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:83:90:64:8f:51:72:05:93:20:d1:62:02:ed:
06:bd:75:34:1f:87:a0:59:77:2c:30:95:48:65:44:
ed:0d:a6:f2:54:ac:f0:23:3d:6b:86:85:08:66:43:
53:32:f8:0b:13:18:d0:05:4d:26:dc:88:f4:ca:33:
2f:b1:e1:5b:d3:dc:19:48:9d:d9:0c:9f:9b:a5:d3:
e0:8a:d9:cb:a9:a5:3a:0c:2a:a4:70:82:ed:6a:0b:
39:20:11:e7:84:9f:16:a5:57:69:31:40:c3:57:b3:
1e:97:74:2b:72:52:04:ad:31:c7:a4:41:f3:02:c9:
11:85:ea:ac:f6:d0:36:12:f0:0a:11:b3:1d:0a:97:
17:fd:a3:f8:7b:5f:f8:7c:24:71:33:8f:b2:ea:7f:
48:6a:ea:7f:92:be:55:58:91:07:6d:5a:a5:84:ee:
83:49:44:32:4c:49:a0:8f:70:bc:94:0c:84:70:4a:
f4:d1:1f:63:77:c3:45:be:9b:9f:a7:85:3a:47:1e:
54:52:92:58:ac:2b:9c:8a:13:df:65:7d:d3:14:83:
a2:89:b9:d9:ee:0c:2e:4c:80:89:c0:98:93:ec:fc:
b4:33:39:f8:4d:42:08:35:2c:ff:32:69:ba:42:03:
d7:f6:4e:a7:25:1f:de:ac:17:87:c6:77:19:48:d5:
70:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:ED:6B:76:62:A8:F3:AC:94:38:D2:FB:0D:FA:B6:C4:30:CC:FF:6B
X509v3 Authority Key Identifier:
keyid:AE:72:E4:7D:56:69:24:99:A7:26:BF:80:0E:A8:38:03:62:DE:B6:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnLkfVZpJJmnJr-ADqg4A2Letr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/b-1rdmKo86yUONL7Dfq2xDDM_2s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/rnLkfVZpJJmnJr-ADqg4A2Letr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.136.0/21
77.89.0.0/18
83.216.160.0/19
86.110.128.0/19
185.123.8.0/22
213.174.160.0/19
213.209.192.0/18
IPv6:
2a03:c380::/32
Signature Algorithm: sha256WithRSAEncryption
ce:d3:dd:71:34:67:7b:79:5c:59:73:2d:6c:5c:99:bf:38:f1:
d9:a2:90:08:72:c3:f1:af:47:ba:dc:8f:a5:7a:5b:d4:75:71:
c0:a5:eb:90:1d:cf:56:d7:d3:79:02:34:1c:f3:1f:8f:6c:ca:
71:9a:5a:59:e0:fd:68:bc:f7:c5:94:cc:65:e5:58:36:ee:9c:
18:67:8f:17:04:b5:11:4a:f8:f4:7d:56:2d:f6:d1:15:63:21:
b4:35:1c:81:04:03:e7:95:70:c3:16:c8:fc:19:63:ab:6b:82:
b7:3e:ef:48:54:03:fd:a3:49:f6:28:7b:4c:a0:e1:6b:de:25:
ef:13:63:99:c8:38:87:14:96:cf:09:ee:5c:be:27:0b:64:a3:
09:e9:7f:2f:87:2d:23:31:c5:cc:72:f7:1a:79:d1:b0:79:31:
dc:a2:7b:c9:a2:28:b4:d4:a9:c8:95:87:77:f1:71:15:fa:b7:
26:ab:c0:e8:01:fe:5c:a4:64:46:44:93:88:af:64:01:b4:a3:
72:ae:13:da:bc:9e:64:5c:97:1b:a9:15:f7:4e:b6:f7:01:54:
e7:3c:ca:dd:2a:2d:43:9e:09:68:1f:23:6a:30:d9:b7:a8:fe:
0c:90:33:0b:b7:3f:30:5c:32:a3:ab:c2:a3:26:1c:61:25:d3:
fb:b8:ae:08
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQiH3hpcBRfIoVkWTthdS5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNzJlNDdkNTY2OTI0OTlhNzI2YmY4MDBlYTgzODAzNjJk
ZWI2YmUwHhcNMjUwMTAxMTM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmVkNmI3NjYyYThmM2FjOTQzOGQyZmIwZGZhYjZjNDMwY2NmZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4OQZI9RcgWTINFiAu0GvXU0H4eg
WXcsMJVIZUTtDabyVKzwIz1rhoUIZkNTMvgLExjQBU0m3Ij0yjMvseFb09wZSJ3Z
DJ+bpdPgitnLqaU6DCqkcILtags5IBHnhJ8WpVdpMUDDV7Mel3QrclIErTHHpEHz
AskRheqs9tA2EvAKEbMdCpcX/aP4e1/4fCRxM4+y6n9Iaup/kr5VWJEHbVqlhO6D
SUQyTEmgj3C8lAyEcEr00R9jd8NFvpufp4U6Rx5UUpJYrCucihPfZX3TFIOiibnZ
7gwuTICJwJiT7Py0Mzn4TUIINSz/Mmm6QgPX9k6nJR/erBeHxncZSNVwhwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFG/ta3ZiqPOslDjS+w36tsQwzP9rMB8GA1UdIwQY
MBaAFK5y5H1WaSSZpya/gA6oOANi3ra+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5Ma2ZWWnBKSm1uSnItQURxZzRBMkxldHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS82YmI0NzEtNGEzZS00ODhkLWI4OGMt
ZmUxMmM3NWJmNGFiLzEvYi0xcmRtS284NnlVT05MN0RmcTJ4RERNXzJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS82YmI0NzEtNGEzZS00ODhkLWI4OGMtZmUxMmM3NWJmNGFi
LzEvcm5Ma2ZWWnBKSm1uSnItQURxZzRBMkxldHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBT+IAwQG
TVkAAwQFU9igAwQFVm6AAwQCuXsIAwQF1a6gAwQG1dHAMA0EAgACMAcDBQAqA8OA
MA0GCSqGSIb3DQEBCwUAA4IBAQDO091xNGd7eVxZcy1sXJm/OPHZopAIcsPxr0e6
3I+lelvUdXHApeuQHc9W19N5AjQc8x+PbMpxmlpZ4P1ovPfFlMxl5Vg27pwYZ48X
BLURSvj0fVYt9tEVYyG0NRyBBAPnlXDDFsj8GWOra4K3Pu9IVAP9o0n2KHtMoOFr
3iXvE2OZyDiHFJbPCe5cvicLZKMJ6X8vhy0jMcXMcvcaedGweTHconvJoii01KnI
lYd38XEV+rcmq8DoAf5cpGRGRJOIr2QBtKNyrhPavJ5kXJcbqRX3Trb3AVTnPMrd
Ki1DngloHyNqMNm3qP4MkDMLtz8wXDKjq8KjJhxhJdP7uK4I
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:30:24 2025 by rpki-client