Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/b8fc55-b4cd-4d1f-9990-47ac389d3261/1/P2UQcbFTLm1JjzHyScx5R1wasug.roa
File: P2UQcbFTLm1JjzHyScx5R1wasug.roa (raw, json)
Hash identifier: Nb4x4bENzybsdF+q1TgBVXUx3iJnvDGrhKB7YNtcTnk=
Subject key identifier: 3F:65:10:71:B1:53:2E:6D:49:8F:31:F2:49:CC:79:47:5C:1A:B2:E8
Certificate issuer: /CN=ff711054a89446a76f493ce2c127a948eba4a8ff
Certificate serial: 01971E9780C093C781956C3E16811771E671
Authority key identifier: FF:71:10:54:A8:94:46:A7:6F:49:3C:E2:C1:27:A9:48:EB:A4:A8:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_3EQVKiURqdvSTziwSepSOukqP8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/b8fc55-b4cd-4d1f-9990-47ac389d3261/1/P2UQcbFTLm1JjzHyScx5R1wasug.roa
Signing time: Fri 30 May 2025 00:28:54 +0000
ROA not before: Fri 30 May 2025 00:28:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7488
IP address blocks: 185.13.108.0/22 maxlen: 22
185.34.144.0/22 maxlen: 22
185.92.188.0/22 maxlen: 22
185.93.148.0/22 maxlen: 22
185.170.76.0/22 maxlen: 22
195.34.70.0/24 maxlen: 24
195.34.71.0/24 maxlen: 24
2a14:7a40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fc/b8fc55-b4cd-4d1f-9990-47ac389d3261/1/_3EQVKiURqdvSTziwSepSOukqP8.crl
rsync://rpki.ripe.net/repository/DEFAULT/fc/b8fc55-b4cd-4d1f-9990-47ac389d3261/1/_3EQVKiURqdvSTziwSepSOukqP8.mft
rsync://rpki.ripe.net/repository/DEFAULT/_3EQVKiURqdvSTziwSepSOukqP8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 21:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:1e:97:80:c0:93:c7:81:95:6c:3e:16:81:17:71:e6:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff711054a89446a76f493ce2c127a948eba4a8ff
Validity
Not Before: May 30 00:28:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f651071b1532e6d498f31f249cc79475c1ab2e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:ca:0b:9c:54:5b:55:88:6e:b2:d0:2a:c8:f7:
f3:70:f8:38:9c:19:a2:a6:c9:25:8c:fb:4d:9f:3f:
7a:4a:90:de:5c:0a:1c:e0:5d:8a:f2:b8:1c:c0:9f:
3b:13:ce:cb:8e:aa:17:3f:04:f5:2e:bc:8f:2e:b6:
51:cc:6c:2e:2e:86:a5:c7:20:63:2b:08:88:f2:ae:
ce:39:15:48:82:7f:01:69:67:55:5f:85:00:7f:53:
50:c6:a8:ec:f6:f8:55:0c:47:5c:eb:3c:14:6f:7c:
38:4b:cb:53:eb:db:67:d5:22:9f:72:11:f5:65:c3:
63:b1:4f:4b:42:a9:2b:62:f7:13:9e:9d:d7:a6:5c:
cc:7c:b3:f8:f2:72:fa:cd:6d:90:6d:f0:d5:e2:9a:
11:e5:8e:c2:42:95:17:69:93:63:85:a2:9d:9e:d7:
a9:8a:6b:a3:5f:eb:d7:1e:49:73:7b:6e:a5:43:58:
ae:77:f5:81:d2:34:4d:0a:cc:db:5f:e4:f7:58:37:
e0:5e:0d:7c:86:61:f8:fe:3d:f6:19:03:93:ed:4e:
f0:ad:1b:3e:1b:20:07:ad:bb:e0:5e:af:5a:43:b1:
60:9d:9e:a0:a5:da:a8:03:4a:76:d1:d4:39:bc:66:
4f:54:a2:fb:47:6e:6b:3c:47:43:bd:73:8e:6f:e0:
48:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:65:10:71:B1:53:2E:6D:49:8F:31:F2:49:CC:79:47:5C:1A:B2:E8
X509v3 Authority Key Identifier:
keyid:FF:71:10:54:A8:94:46:A7:6F:49:3C:E2:C1:27:A9:48:EB:A4:A8:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_3EQVKiURqdvSTziwSepSOukqP8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/b8fc55-b4cd-4d1f-9990-47ac389d3261/1/P2UQcbFTLm1JjzHyScx5R1wasug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/b8fc55-b4cd-4d1f-9990-47ac389d3261/1/_3EQVKiURqdvSTziwSepSOukqP8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.13.108.0/22
185.34.144.0/22
185.92.188.0/22
185.93.148.0/22
185.170.76.0/22
195.34.70.0/23
IPv6:
2a14:7a40::/29
Signature Algorithm: sha256WithRSAEncryption
10:50:ca:e7:64:a8:db:22:54:3b:0d:5d:d6:e8:56:f7:23:9c:
4e:71:bc:42:fa:1d:95:c6:ef:d2:98:78:3c:e0:da:26:a6:2f:
b1:65:ea:b4:af:0f:5d:85:2d:f8:e4:28:37:0f:46:36:95:5c:
ec:ea:5e:2a:69:7f:df:1f:6c:bb:67:7c:72:f4:ea:e6:e3:db:
0c:13:75:fd:62:a4:8f:bb:53:be:19:e8:9f:67:be:4e:d7:5f:
c0:04:ce:52:55:9f:0c:65:79:18:7a:68:97:62:0e:c5:31:48:
f0:92:44:a4:1e:ba:90:16:13:6a:e4:b8:7e:55:e7:61:dc:07:
a7:42:da:fe:07:eb:2b:ff:6f:7f:d2:6d:f5:08:1b:62:3e:6b:
e4:36:f8:5a:bf:89:22:ba:a1:96:29:76:76:59:72:09:6e:cb:
29:24:bc:fc:87:0c:d5:e5:42:28:df:80:4b:fb:b1:28:89:c8:
a7:24:7a:3a:14:68:8c:85:b2:a7:3c:0f:17:1f:57:32:10:fe:
b2:ed:ac:e6:27:5b:2a:63:de:98:3c:e9:0e:3c:4d:9e:99:3e:
14:c8:09:3b:9c:3f:64:c5:e7:7b:67:be:63:94:8a:56:f6:84:
37:90:52:28:99:7e:85:46:fb:f7:b3:7c:48:fc:e4:1d:11:0b:
b6:92:c5:ef
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZcel4DAk8eBlWw+FoEXceZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNzExMDU0YTg5NDQ2YTc2ZjQ5M2NlMmMxMjdhOTQ4ZWJh
NGE4ZmYwHhcNMjUwNTMwMDAyODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjY1MTA3MWIxNTMyZTZkNDk4ZjMxZjI0OWNjNzk0NzVjMWFiMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MoLnFRbVYhustAqyPfzcPg4nBmi
pskljPtNnz96SpDeXAoc4F2K8rgcwJ87E87LjqoXPwT1LryPLrZRzGwuLoalxyBj
KwiI8q7OORVIgn8BaWdVX4UAf1NQxqjs9vhVDEdc6zwUb3w4S8tT69tn1SKfchH1
ZcNjsU9LQqkrYvcTnp3XplzMfLP48nL6zW2QbfDV4poR5Y7CQpUXaZNjhaKdntep
imujX+vXHklze26lQ1iud/WB0jRNCszbX+T3WDfgXg18hmH4/j32GQOT7U7wrRs+
GyAHrbvgXq9aQ7FgnZ6gpdqoA0p20dQ5vGZPVKL7R25rPEdDvXOOb+BIuwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFD9lEHGxUy5tSY8x8knMeUdcGrLoMB8GA1UdIwQY
MBaAFP9xEFSolEanb0k84sEnqUjrpKj/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzNFUVZLaVVScWR2U1R6aXdTZXBTT3VrcVA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9iOGZjNTUtYjRjZC00ZDFmLTk5OTAt
NDdhYzM4OWQzMjYxLzEvUDJVUWNiRlRMbTFKanpIeVNjeDVSMXdhc3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9iOGZjNTUtYjRjZC00ZDFmLTk5OTAtNDdhYzM4OWQzMjYx
LzEvXzNFUVZLaVVScWR2U1R6aXdTZXBTT3VrcVA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCuQ1sAwQC
uSKQAwQCuVy8AwQCuV2UAwQCuapMAwQBwyJGMA0EAgACMAcDBQMqFHpAMA0GCSqG
SIb3DQEBCwUAA4IBAQAQUMrnZKjbIlQ7DV3W6Fb3I5xOcbxC+h2Vxu/SmHg84Nom
pi+xZeq0rw9dhS345Cg3D0Y2lVzs6l4qaX/fH2y7Z3xy9Orm49sME3X9YqSPu1O+
GeifZ75O11/ABM5SVZ8MZXkYemiXYg7FMUjwkkSkHrqQFhNq5Lh+Vedh3AenQtr+
B+sr/29/0m31CBtiPmvkNvhav4kiuqGWKXZ2WXIJbsspJLz8hwzV5UIo34BL+7Eo
icinJHo6FGiMhbKnPA8XH1cyEP6y7azmJ1sqY96YPOkOPE2emT4UyAk7nD9kxed7
Z75jlIpW9oQ3kFIomX6FRvv3s3xI/OQdEQu2ksXv
-----END CERTIFICATE-----
Generated at Sat Jun 7 04:07:41 2025 by rpki-client