Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/cBAOU6NilQLgyxc_R_xsZNCxa3o.roa
File: cBAOU6NilQLgyxc_R_xsZNCxa3o.roa (raw, json)
Hash identifier: 1Va+iG7tZoyq2utzAVoaMA4hrJ+B4uv1WrhEZfEJdns=
Subject key identifier: 70:10:0E:53:A3:62:95:02:E0:CB:17:3F:47:FC:6C:64:D0:B1:6B:7A
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 01967CB665476921FC99676BFDD7F8EDB2CB
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/cBAOU6NilQLgyxc_R_xsZNCxa3o.roa
Signing time: Mon 28 Apr 2025 14:04:10 +0000
ROA not before: Mon 28 Apr 2025 14:04:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13285
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
81.6.192.0/18 maxlen: 24
82.133.0.0/17 maxlen: 24
84.43.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.14.0.0/15 maxlen: 24
92.16.0.0/12 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
195.112.0.0/18 maxlen: 24
195.149.0.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
212.139.24.0/24 maxlen: 24
212.139.133.0/24 maxlen: 24
212.139.148.0/22 maxlen: 22
213.78.0.0/16 maxlen: 24
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
2001:7e0::/32 maxlen: 32
2001:4a00::/27 maxlen: 27
2a00:4340::/32 maxlen: 32
2a0b:db00::/29 maxlen: 29
2a0b:e900::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 30 Apr 2025 17:00:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7c:b6:65:47:69:21:fc:99:67:6b:fd:d7:f8:ed:b2:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Apr 28 14:04:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=70100e53a3629502e0cb173f47fc6c64d0b16b7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:04:36:46:20:56:0e:dd:ee:77:fe:d1:a2:7b:
6c:54:85:a3:d8:01:a1:dc:50:88:e9:f7:7f:d3:9a:
76:90:0d:a1:45:cf:f1:0d:f7:5b:78:26:83:fe:3a:
1d:87:1a:e2:43:5b:bd:bf:b3:1b:81:8d:c7:1e:1d:
7d:88:f0:9c:8f:5f:c5:e3:97:ec:65:59:f4:f9:4d:
c6:e7:53:60:ec:19:83:cd:1f:22:10:bc:1c:2f:a8:
d9:ce:16:3e:bd:88:b6:51:8b:38:31:6d:4a:c3:1c:
49:0b:33:61:a9:51:ae:0d:3d:7d:5b:fe:82:09:03:
f3:1c:75:e9:e0:3d:d6:c4:5c:7f:cb:f3:09:43:43:
78:f6:a5:2c:78:61:e3:6f:92:df:d9:f3:ee:5b:3f:
b1:ee:e7:cb:fd:7d:ef:ae:c9:ea:b6:02:44:89:d3:
ed:41:cf:62:98:13:3f:bd:8c:bb:6b:f0:a9:fa:35:
91:f8:0a:07:72:4f:7a:ef:8a:24:7a:70:4d:7a:de:
1d:c1:bd:97:74:ad:51:55:51:80:33:28:49:df:f9:
38:c0:87:e9:6d:c4:bd:ba:be:bd:79:c1:d3:94:8c:
65:5f:7c:b5:39:52:6a:90:37:a0:e0:63:0c:87:a2:
29:2c:78:6d:41:bd:57:90:fa:30:6d:5d:f8:d6:e7:
27:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:10:0E:53:A3:62:95:02:E0:CB:17:3F:47:FC:6C:64:D0:B1:6B:7A
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/cBAOU6NilQLgyxc_R_xsZNCxa3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
81.6.192.0/18
82.133.0.0/17
84.43.0.0/17
87.242.128.0/17
89.240.0.0/14
91.146.112.0/21
92.14.0.0-92.31.255.255
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
195.112.0.0/18
195.149.0.0/18
212.67.96.0/19
212.139.24.0/24
212.139.133.0/24
212.139.148.0/22
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a00:4340::/32
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
d1:21:c9:37:d3:37:ad:a7:e5:1c:74:d8:5b:0a:4d:15:ed:92:
74:80:06:77:a6:f6:ee:54:61:93:0b:da:6c:26:11:b7:1d:36:
5c:92:d4:d3:01:bd:c9:87:ef:05:83:c2:1c:27:94:76:26:cf:
dc:f6:1b:4c:99:51:47:48:b6:25:79:63:e6:54:b3:b3:2e:29:
e5:5a:2b:89:ca:e7:f1:4c:dc:37:f6:f6:e8:69:75:04:69:11:
4b:6a:99:90:56:1c:49:15:b8:c6:fc:e1:0a:e7:12:50:36:b6:
a7:33:81:e3:f5:7f:d6:b7:3f:24:84:72:7f:49:cc:fe:0d:19:
52:c0:53:0c:61:6a:43:83:b2:48:85:67:d1:c7:5f:19:b0:bb:
e4:05:61:b4:2f:4a:c3:72:7d:98:d1:ea:4a:02:3b:f7:9f:40:
9b:4e:93:55:08:89:ea:47:21:26:0e:db:d5:d0:73:fc:27:6f:
f3:f1:63:21:a2:bb:e1:c2:c7:6a:7a:7f:27:14:69:08:b2:77:
d8:9c:3f:cd:f2:35:a8:c3:a7:bb:30:da:01:31:b6:f6:11:19:
13:2e:6e:49:8f:b4:4d:42:cd:bc:3d:32:f5:aa:87:78:13:dc:
5d:8f:6c:7c:7c:9d:77:f2:49:e3:88:59:3d:61:d2:3c:93:ab:
6c:20:72:85
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgISAZZ8tmVHaSH8mWdr/df47bLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjUwNDI4MTQwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEwMGU1M2EzNjI5NTAyZTBjYjE3M2Y0N2ZjNmM2NGQwYjE2YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AQ2RiBWDt3ud/7RontsVIWj2AGh
3FCI6fd/05p2kA2hRc/xDfdbeCaD/jodhxriQ1u9v7MbgY3HHh19iPCcj1/F45fs
ZVn0+U3G51Ng7BmDzR8iELwcL6jZzhY+vYi2UYs4MW1KwxxJCzNhqVGuDT19W/6C
CQPzHHXp4D3WxFx/y/MJQ0N49qUseGHjb5Lf2fPuWz+x7ufL/X3vrsnqtgJEidPt
Qc9imBM/vYy7a/Cp+jWR+AoHck9674okenBNet4dwb2XdK1RVVGAMyhJ3/k4wIfp
bcS9ur69ecHTlIxlX3y1OVJqkDeg4GMMh6IpLHhtQb1XkPowbV341ucnUwIDAQAB
o4IC3zCCAtswHQYDVR0OBBYEFHAQDlOjYpUC4MsXP0f8bGTQsWt6MB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvY0JBT1U2TmlsUUxneXhjX1JfeHNaTkN4YTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH0BggrBgEFBQcBBwEB/wSB5DCB4TCBswQCAAEwgawDAwMC
YAMEBj4DwAMEBz4YgAMEBT7xoAMDA06QAwQGUQbAAwQHUoUAAwQHVCsAAwQHV/KA
AwMCWfADBANbknAwCgMDAVwOAwMFXAADBAK5cNQwDAMEArmtdAMEArmteAMEArmv
MAMEArmvkAMEAMHaYwMEBsNwAAMEBsOVAAMEBdRDYAMEANSLGAMEANSLhQMEAtSL
lAMDANVOAwQG1dBAAwQF2QgAAwQE2USAMCkEAgACMCMDBQAgAQfgAwUFIAFKAAMF
ACoAQ0ADBQMqC9sAAwUDKgvpADANBgkqhkiG9w0BAQsFAAOCAQEA0SHJN9M3rafl
HHTYWwpNFe2SdIAGd6b27lRhkwvabCYRtx02XJLU0wG9yYfvBYPCHCeUdibP3PYb
TJlRR0i2JXlj5lSzsy4p5Voricrn8UzcN/b26Gl1BGkRS2qZkFYcSRW4xvzhCucS
UDa2pzOB4/V/1rc/JIRyf0nM/g0ZUsBTDGFqQ4OySIVn0cdfGbC75AVhtC9Kw3J9
mNHqSgI7959Am06TVQiJ6kchJg7b1dBz/Cdv8/FjIaK74cLHanp/JxRpCLJ32Jw/
zfI1qMOnuzDaATG29hEZEy5uSY+0TULNvD0y9aqHeBPcXY9sfHydd/JJ44hZPWHS
PJOrbCByhQ==
-----END CERTIFICATE-----
Generated at Wed Apr 30 03:36:17 2025 by rpki-client