Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/130bf4-f192-4ef9-b852-9d315d115cbb/1/Bvl-Ue7SkDahQi1EYqyGw7UPWAQ.roa
File: Bvl-Ue7SkDahQi1EYqyGw7UPWAQ.roa (raw, json)
Hash identifier: 7s/5EydJ0RA7GfaLPuDbrwS3RicCjtZz+jUH77HvUOc=
Subject key identifier: 06:F9:7E:51:EE:D2:90:36:A1:42:2D:44:62:AC:86:C3:B5:0F:58:04
Certificate issuer: /CN=54f9d5819d440adcecda1eeeb7c98ae99c4d0707
Certificate serial: 0196627497C734D8FB571616D8AD2C092309
Authority key identifier: 54:F9:D5:81:9D:44:0A:DC:EC:DA:1E:EE:B7:C9:8A:E9:9C:4D:07:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VPnVgZ1ECtzs2h7ut8mK6ZxNBwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/130bf4-f192-4ef9-b852-9d315d115cbb/1/Bvl-Ue7SkDahQi1EYqyGw7UPWAQ.roa
Signing time: Wed 23 Apr 2025 11:42:10 +0000
ROA not before: Wed 23 Apr 2025 11:42:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208527
IP address blocks: 185.28.208.0/22 maxlen: 22
185.28.208.0/24 maxlen: 24
185.28.209.0/24 maxlen: 24
185.28.210.0/24 maxlen: 24
185.28.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ff/130bf4-f192-4ef9-b852-9d315d115cbb/1/VPnVgZ1ECtzs2h7ut8mK6ZxNBwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ff/130bf4-f192-4ef9-b852-9d315d115cbb/1/VPnVgZ1ECtzs2h7ut8mK6ZxNBwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/VPnVgZ1ECtzs2h7ut8mK6ZxNBwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 02:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:62:74:97:c7:34:d8:fb:57:16:16:d8:ad:2c:09:23:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=54f9d5819d440adcecda1eeeb7c98ae99c4d0707
Validity
Not Before: Apr 23 11:42:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=06f97e51eed29036a1422d4462ac86c3b50f5804
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:23:ba:a7:fd:65:8d:5e:43:c5:d6:d5:d4:68:
55:69:52:f4:2e:00:62:00:49:66:f0:02:59:a2:1f:
f4:87:c3:54:22:2a:03:ec:d9:8f:55:ae:51:c9:6c:
8f:91:82:0d:b4:8a:5f:ae:ee:1b:31:e0:17:01:83:
ce:30:22:60:57:46:ff:f5:47:0a:00:4f:d0:87:7f:
e7:01:70:75:76:4a:b9:12:c1:94:03:54:1e:4b:d6:
1e:b2:d3:93:8c:d3:0a:10:2f:d4:83:51:28:d1:56:
3e:d2:02:34:05:f7:a7:1d:3d:20:99:6e:19:b1:5e:
c9:29:b6:8f:38:99:18:40:3d:1a:55:1c:5c:2e:2a:
47:02:08:83:5c:79:52:bd:5a:8c:7c:9a:3c:db:74:
3d:ab:39:59:a3:bf:a1:cd:40:95:1a:d8:43:b4:0f:
7b:3a:eb:01:0b:c2:a8:7e:46:c3:be:31:d8:f8:c9:
b6:be:24:cf:33:69:89:a4:d3:76:c5:31:8f:81:6e:
a5:14:73:08:83:f5:0a:5b:53:c1:5b:bd:b3:f8:68:
31:3a:ec:57:7f:93:fb:7e:5f:5e:ab:72:f7:e8:8b:
af:ce:53:09:1d:ef:13:48:5d:39:c0:34:c7:6e:3d:
09:2c:e0:32:dc:f8:b4:3b:c0:af:b1:87:f6:0e:c9:
c4:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:F9:7E:51:EE:D2:90:36:A1:42:2D:44:62:AC:86:C3:B5:0F:58:04
X509v3 Authority Key Identifier:
keyid:54:F9:D5:81:9D:44:0A:DC:EC:DA:1E:EE:B7:C9:8A:E9:9C:4D:07:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VPnVgZ1ECtzs2h7ut8mK6ZxNBwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/130bf4-f192-4ef9-b852-9d315d115cbb/1/Bvl-Ue7SkDahQi1EYqyGw7UPWAQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/130bf4-f192-4ef9-b852-9d315d115cbb/1/VPnVgZ1ECtzs2h7ut8mK6ZxNBwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.28.208.0/22
Signature Algorithm: sha256WithRSAEncryption
24:b9:5b:12:4c:3e:98:17:52:ca:c9:e8:68:0c:50:41:46:dd:
15:5a:81:14:59:77:dd:5f:5a:0c:85:b4:75:3a:b3:9e:ad:e9:
d8:94:7d:66:64:a4:b6:ab:f6:ec:d0:fc:7c:47:f5:02:d7:b0:
c4:0a:11:c4:46:a6:ff:e7:2e:d6:f6:3d:c9:f4:b1:21:cb:44:
ed:b3:c7:ca:d5:08:35:1d:f7:ed:b8:20:10:ba:46:78:6c:75:
4c:4a:c2:e7:dd:20:69:08:ff:80:5c:f1:04:e1:84:05:54:fb:
3d:15:b8:73:07:10:1e:6c:98:da:a9:95:53:39:2f:a9:bf:29:
7f:0a:ca:9c:de:e8:fb:bc:59:63:3c:d0:98:8a:0a:90:37:e5:
71:55:d6:b1:7f:a7:8e:b8:8f:f9:54:db:51:6f:86:d7:65:51:
68:d3:e9:7d:97:00:7e:6a:f5:82:cf:b6:26:3d:b0:29:f2:ef:
3d:cb:48:51:d5:a3:bf:84:20:5d:ce:02:3b:1f:3b:cc:e0:f8:
b5:f2:db:a1:19:a9:4f:47:21:df:30:9d:d3:fb:23:f3:31:aa:
fa:ff:c9:fd:35:1a:46:cf:6c:2e:82:78:48:aa:63:55:5c:18:
3d:d1:1e:21:fe:e6:de:e6:99:22:15:11:b0:06:2e:30:9a:08:
4c:f2:44:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZidJfHNNj7VxYW2K0sCSMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZjlkNTgxOWQ0NDBhZGNlY2RhMWVlZWI3Yzk4YWU5OWM0
ZDA3MDcwHhcNMjUwNDIzMTE0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmY5N2U1MWVlZDI5MDM2YTE0MjJkNDQ2MmFjODZjM2I1MGY1ODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiO6p/1ljV5DxdbV1GhVaVL0LgBi
AElm8AJZoh/0h8NUIioD7NmPVa5RyWyPkYINtIpfru4bMeAXAYPOMCJgV0b/9UcK
AE/Qh3/nAXB1dkq5EsGUA1QeS9YestOTjNMKEC/Ug1Eo0VY+0gI0BfenHT0gmW4Z
sV7JKbaPOJkYQD0aVRxcLipHAgiDXHlSvVqMfJo823Q9qzlZo7+hzUCVGthDtA97
OusBC8KofkbDvjHY+Mm2viTPM2mJpNN2xTGPgW6lFHMIg/UKW1PBW72z+GgxOuxX
f5P7fl9eq3L36IuvzlMJHe8TSF05wDTHbj0JLOAy3Pi0O8CvsYf2DsnEOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAb5flHu0pA2oUItRGKshsO1D1gEMB8GA1UdIwQY
MBaAFFT51YGdRArc7Noe7rfJiumcTQcHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlBuVmdaMUVDdHpzMmg3dXQ4bUs2WnhOQndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8xMzBiZjQtZjE5Mi00ZWY5LWI4NTIt
OWQzMTVkMTE1Y2JiLzEvQnZsLVVlN1NrRGFoUWkxRVlxeUd3N1VQV0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8xMzBiZjQtZjE5Mi00ZWY5LWI4NTItOWQzMTVkMTE1Y2Ji
LzEvVlBuVmdaMUVDdHpzMmg3dXQ4bUs2WnhOQndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRzQMA0G
CSqGSIb3DQEBCwUAA4IBAQAkuVsSTD6YF1LKyehoDFBBRt0VWoEUWXfdX1oMhbR1
OrOerenYlH1mZKS2q/bs0Px8R/UC17DEChHERqb/5y7W9j3J9LEhy0Tts8fK1Qg1
HfftuCAQukZ4bHVMSsLn3SBpCP+AXPEE4YQFVPs9FbhzBxAebJjaqZVTOS+pvyl/
Csqc3uj7vFljPNCYigqQN+VxVdaxf6eOuI/5VNtRb4bXZVFo0+l9lwB+avWCz7Ym
PbAp8u89y0hR1aO/hCBdzgI7HzvM4Pi18tuhGalPRyHfMJ3T+yPzMar6/8n9NRpG
z2wugnhIqmNVXBg90R4h/ube5pkiFRGwBi4wmghM8kSj
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:03:08 2025 by rpki-client