Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/EEHOXZie7GfjFP8O_aL3DaZW-cs.roa
File: EEHOXZie7GfjFP8O_aL3DaZW-cs.roa (raw, json)
Hash identifier: X68IlMoKqFdfJQq29aFoZvl4dyUrIU6qUuNNpdY5QY0=
Subject key identifier: 10:41:CE:5D:98:9E:EC:67:E3:14:FF:0E:FD:A2:F7:0D:A6:56:F9:CB
Certificate issuer: /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial: 01975AAAE1FA1341F77F411A6E43214144A9
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/EEHOXZie7GfjFP8O_aL3DaZW-cs.roa
Signing time: Tue 10 Jun 2025 16:27:17 +0000
ROA not before: Tue 10 Jun 2025 16:27:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3258
IP address blocks: 91.243.68.0/24 maxlen: 24
146.19.19.0/24 maxlen: 32
146.19.163.0/24 maxlen: 32
194.50.154.0/24 maxlen: 32
2a12:a300::/29 maxlen: 128
2a14:1f80::/29 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5a:aa:e1:fa:13:41:f7:7f:41:1a:6e:43:21:41:44:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
Validity
Not Before: Jun 10 16:27:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1041ce5d989eec67e314ff0efda2f70da656f9cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:2c:1d:f2:c1:cf:f0:8c:f6:04:4d:16:e7:35:
b3:ae:88:36:12:33:68:cb:5a:32:d2:ae:23:54:3c:
7b:8e:7d:e2:b5:ce:b6:87:c7:62:39:25:ea:94:65:
a2:94:86:26:ef:c6:a3:4d:9a:17:ba:59:5b:ab:ea:
42:c8:35:20:06:51:52:f3:95:64:82:c6:5d:46:1a:
12:52:74:d6:bf:1c:45:c9:86:36:89:76:d8:27:1b:
86:1a:1c:26:ff:c8:0a:d0:4a:8f:d2:78:89:d2:5d:
02:ba:9c:6f:4d:a6:d0:25:0e:d6:fe:f4:4d:e1:fc:
c0:de:43:e5:27:2c:04:80:c7:dc:bc:4d:8e:28:e4:
fb:97:19:c2:50:73:8c:5c:4d:97:ad:7c:86:6c:71:
b1:a6:9b:7a:c3:5e:4a:6f:3b:b7:a1:60:b3:c6:7b:
f2:e5:21:7a:bd:17:c9:48:87:20:1f:84:18:9c:a1:
07:86:66:ac:51:18:53:12:e2:f2:f2:c2:89:bb:67:
0c:ad:46:99:1a:f8:2e:63:16:10:c7:54:15:45:7f:
d6:54:8a:16:51:34:58:26:38:e1:c5:b0:f9:63:f5:
40:a3:1e:aa:3f:50:4e:ce:4b:df:65:86:07:6d:1b:
d2:1e:d7:d2:7f:64:b5:4c:db:9d:0b:7d:9a:43:e9:
8f:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:41:CE:5D:98:9E:EC:67:E3:14:FF:0E:FD:A2:F7:0D:A6:56:F9:CB
X509v3 Authority Key Identifier:
keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/EEHOXZie7GfjFP8O_aL3DaZW-cs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.68.0/24
146.19.19.0/24
146.19.163.0/24
194.50.154.0/24
IPv6:
2a12:a300::/29
2a14:1f80::/29
Signature Algorithm: sha256WithRSAEncryption
4e:8c:87:c8:37:d9:19:b3:39:06:ad:c7:04:5f:ed:73:e6:8f:
99:bb:c2:ea:a5:b8:20:01:99:c6:8e:6e:e0:5e:97:ac:75:f0:
da:a8:f9:46:7f:83:d3:78:ee:05:58:6c:81:53:3d:9f:35:b2:
23:80:8e:4b:e6:11:aa:76:bf:67:59:55:31:3a:a6:97:96:57:
bc:23:34:57:5d:52:a5:fb:93:82:22:6a:6f:09:f2:c1:da:8a:
1c:46:fa:f3:8a:77:ea:24:5f:e5:20:8f:85:6f:b5:33:fb:43:
01:5c:8a:59:37:21:15:53:59:ee:c0:29:be:60:77:8f:c3:1e:
46:c6:6b:0c:c6:b5:f7:c9:68:29:aa:0b:f4:66:ed:24:e4:21:
ce:30:e7:60:8c:72:39:e8:22:f5:a9:fc:8e:72:38:01:5c:6f:
62:c7:8e:79:c9:fa:0a:61:6c:52:ca:eb:5e:34:69:31:fe:af:
60:d3:00:9a:54:a7:9f:cf:fe:28:c0:d5:60:00:7f:40:a4:64:
76:ca:40:a8:6d:76:63:9a:5d:3b:da:7b:c3:a8:eb:fe:bf:89:
51:13:89:99:84:57:c1:f6:d3:6e:10:cf:27:17:46:d1:31:fc:
c8:fc:da:4c:9b:0e:1b:a1:71:cd:b8:00:ec:ee:86:d4:c9:b9:
9d:f5:8d:65
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZdaquH6E0H3f0EabkMhQUSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjUwNjEwMTYyNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQxY2U1ZDk4OWVlYzY3ZTMxNGZmMGVmZGEyZjcwZGE2NTZmOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSwd8sHP8Iz2BE0W5zWzrog2EjNo
y1oy0q4jVDx7jn3itc62h8diOSXqlGWilIYm78ajTZoXullbq+pCyDUgBlFS85Vk
gsZdRhoSUnTWvxxFyYY2iXbYJxuGGhwm/8gK0EqP0niJ0l0CupxvTabQJQ7W/vRN
4fzA3kPlJywEgMfcvE2OKOT7lxnCUHOMXE2XrXyGbHGxppt6w15Kbzu3oWCzxnvy
5SF6vRfJSIcgH4QYnKEHhmasURhTEuLy8sKJu2cMrUaZGvguYxYQx1QVRX/WVIoW
UTRYJjjhxbD5Y/VAox6qP1BOzkvfZYYHbRvSHtfSf2S1TNudC32aQ+mPPQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFBBBzl2Ynuxn4xT/Dv2i9w2mVvnLMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvRUVIT1haaWU3R2ZqRlA4T19hTDNEYVpXLWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAW/NEAwQA
khMTAwQAkhOjAwQAwjKaMBQEAgACMA4DBQMqEqMAAwUDKhQfgDANBgkqhkiG9w0B
AQsFAAOCAQEAToyHyDfZGbM5Bq3HBF/tc+aPmbvC6qW4IAGZxo5u4F6XrHXw2qj5
Rn+D03juBVhsgVM9nzWyI4COS+YRqna/Z1lVMTqml5ZXvCM0V11SpfuTgiJqbwny
wdqKHEb684p36iRf5SCPhW+1M/tDAVyKWTchFVNZ7sApvmB3j8MeRsZrDMa198lo
KaoL9GbtJOQhzjDnYIxyOegi9an8jnI4AVxvYseOecn6CmFsUsrrXjRpMf6vYNMA
mlSnn8/+KMDVYAB/QKRkdspAqG12Y5pdO9p7w6jr/r+JUROJmYRXwfbTbhDPJxdG
0TH8yPzaTJsOG6FxzbgA7O6G1Mm5nfWNZQ==
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:13:16 2025 by rpki-client