Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/jbYstHl9eNr23Jq3qTy5iGy6eBQ.roa
File: jbYstHl9eNr23Jq3qTy5iGy6eBQ.roa (raw, json)
Hash identifier: Lve17P3msRjfEEotpPfeH+DVrG5F50fxFPNO/sauogM=
Subject key identifier: 8D:B6:2C:B4:79:7D:78:DA:F6:DC:9A:B7:A9:3C:B9:88:6C:BA:78:14
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019765A84D1F1080CF0896B2B5774D4AAD29
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/jbYstHl9eNr23Jq3qTy5iGy6eBQ.roa
Signing time: Thu 12 Jun 2025 19:40:17 +0000
ROA not before: Thu 12 Jun 2025 19:40:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 45.43.146.0/24 maxlen: 24
104.167.0.0/24 maxlen: 24
104.222.169.0/24 maxlen: 24
104.222.170.0/24 maxlen: 24
104.222.171.0/24 maxlen: 24
104.222.172.0/24 maxlen: 24
104.222.173.0/24 maxlen: 24
104.222.174.0/24 maxlen: 24
104.222.175.0/24 maxlen: 24
104.233.20.0/24 maxlen: 24
104.239.13.0/24 maxlen: 24
104.239.16.0/22 maxlen: 22
104.239.20.0/22 maxlen: 22
104.239.32.0/22 maxlen: 22
104.239.36.0/22 maxlen: 22
104.239.54.0/24 maxlen: 24
104.239.57.0/24 maxlen: 24
104.239.82.0/24 maxlen: 24
104.239.90.0/23 maxlen: 23
104.239.92.0/23 maxlen: 23
104.239.98.0/24 maxlen: 24
104.243.193.0/24 maxlen: 24
104.243.194.0/24 maxlen: 24
104.243.195.0/24 maxlen: 24
104.243.196.0/24 maxlen: 24
104.243.197.0/24 maxlen: 24
104.243.198.0/24 maxlen: 24
104.243.207.0/24 maxlen: 24
216.173.80.0/23 maxlen: 23
216.173.88.0/23 maxlen: 23
216.173.122.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 22:19:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:65:a8:4d:1f:10:80:cf:08:96:b2:b5:77:4d:4a:ad:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jun 12 19:40:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8db62cb4797d78daf6dc9ab7a93cb9886cba7814
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:d0:ce:d5:ff:e5:9b:8e:25:69:ba:61:a7:00:
22:5c:62:73:27:5e:72:89:5c:c1:37:c1:23:1a:c8:
41:3b:48:c4:dd:7d:2a:b5:3b:06:18:ba:bb:7b:09:
cf:48:ca:92:7f:53:29:50:fc:a1:64:eb:3e:bd:02:
4b:dd:b0:a8:19:d7:d3:b9:54:17:fb:85:79:e4:b1:
5d:77:94:35:8f:fc:cf:1c:57:b0:57:be:97:73:b1:
49:f8:92:8b:87:94:d6:58:11:d9:d1:88:3a:04:1f:
59:dd:f1:a5:82:3b:64:59:72:85:f8:30:8a:1f:cc:
43:51:04:7e:4f:cb:c9:85:c8:2e:3f:12:1b:e5:96:
d0:21:92:0e:82:dc:79:55:9e:34:79:cb:12:83:e4:
f2:25:29:28:a7:6d:57:9d:78:46:59:51:f6:d3:96:
54:2f:4e:69:14:5a:c2:86:d3:65:7f:56:47:b0:04:
29:e8:ea:92:46:e5:f2:d5:93:70:dd:96:57:f4:05:
2f:86:63:0a:d0:9a:18:e8:15:ab:8f:de:68:e2:de:
d6:ef:ca:63:a8:06:04:57:d8:03:f1:10:dc:13:03:
24:c1:4a:68:f3:6e:aa:78:96:31:46:f9:44:a1:18:
07:ec:46:22:2d:1a:09:f0:2e:6a:8a:f3:37:b1:62:
86:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:B6:2C:B4:79:7D:78:DA:F6:DC:9A:B7:A9:3C:B9:88:6C:BA:78:14
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/jbYstHl9eNr23Jq3qTy5iGy6eBQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.146.0/24
104.167.0.0/24
104.222.169.0-104.222.175.255
104.233.20.0/24
104.239.13.0/24
104.239.16.0/21
104.239.32.0/21
104.239.54.0/24
104.239.57.0/24
104.239.82.0/24
104.239.90.0-104.239.93.255
104.239.98.0/24
104.243.193.0-104.243.198.255
104.243.207.0/24
216.173.80.0/23
216.173.88.0/23
216.173.122.0/23
Signature Algorithm: sha256WithRSAEncryption
86:64:77:b4:2b:53:b0:ff:b3:64:ac:3c:f8:3f:b6:0b:7f:bb:
56:c0:44:f7:cc:84:e0:e2:f5:40:23:6a:b6:c7:d3:2f:20:bc:
6e:1c:26:2b:ee:1a:10:15:14:01:75:f2:04:52:43:7e:c5:1f:
2e:45:e7:35:40:0d:dd:a6:17:36:be:fb:1c:f7:fd:a3:d9:d7:
f2:bd:89:3a:3b:94:ff:f2:07:37:c6:43:40:79:a1:b5:46:22:
a4:b5:31:79:0e:f8:17:97:1e:1a:14:37:b7:d0:0f:c0:d8:d7:
00:05:5c:14:55:eb:7f:fc:f0:43:5c:af:cc:b0:37:df:06:d8:
0b:47:95:88:62:3b:31:5a:74:00:44:e3:b2:8c:31:82:cc:f9:
a2:26:df:1a:ed:67:59:7d:12:96:bc:3c:fc:51:98:f8:25:10:
4c:65:2a:1e:cf:c6:ed:94:f1:a8:8e:e3:f7:d9:7b:75:d3:14:
7f:38:fc:32:60:35:01:71:cf:4c:40:12:5b:5b:b8:0c:33:42:
3d:02:76:67:b7:b9:51:99:f1:a6:c2:7c:b6:c5:09:31:78:6e:
0c:9b:56:ba:07:b5:98:cc:1a:4f:07:61:bc:85:f5:83:83:19:
ca:55:7d:d4:49:93:9e:b5:a1:a0:a2:d6:6d:6d:06:2e:c3:6a:
02:ef:80:72
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZdlqE0fEIDPCJaytXdNSq0pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNjEyMTk0MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGI2MmNiNDc5N2Q3OGRhZjZkYzlhYjdhOTNjYjk4ODZjYmE3ODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tDO1f/lm44labphpwAiXGJzJ15y
iVzBN8EjGshBO0jE3X0qtTsGGLq7ewnPSMqSf1MpUPyhZOs+vQJL3bCoGdfTuVQX
+4V55LFdd5Q1j/zPHFewV76Xc7FJ+JKLh5TWWBHZ0Yg6BB9Z3fGlgjtkWXKF+DCK
H8xDUQR+T8vJhcguPxIb5ZbQIZIOgtx5VZ40ecsSg+TyJSkop21XnXhGWVH205ZU
L05pFFrChtNlf1ZHsAQp6OqSRuXy1ZNw3ZZX9AUvhmMK0JoY6BWrj95o4t7W78pj
qAYEV9gD8RDcEwMkwUpo826qeJYxRvlEoRgH7EYiLRoJ8C5qivM3sWKGtQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFI22LLR5fXja9tyat6k8uYhsungUMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvamJZc3RIbDllTnIyM0pxM3FUeTVpR3k2ZUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAC0r
kgMEAGinADAMAwQAaN6pAwQEaN6gAwQAaOkUAwQAaO8NAwQDaO8QAwQDaO8gAwQA
aO82AwQAaO85AwQAaO9SMAwDBAFo71oDBAFo71wDBABo72IwDAMEAGjzwQMEAGjz
xgMEAGjzzwMEAditUAMEAditWAMEAditejANBgkqhkiG9w0BAQsFAAOCAQEAhmR3
tCtTsP+zZKw8+D+2C3+7VsBE98yE4OL1QCNqtsfTLyC8bhwmK+4aEBUUAXXyBFJD
fsUfLkXnNUAN3aYXNr77HPf9o9nX8r2JOjuU//IHN8ZDQHmhtUYipLUxeQ74F5ce
GhQ3t9APwNjXAAVcFFXrf/zwQ1yvzLA33wbYC0eViGI7MVp0AETjsowxgsz5oibf
Gu1nWX0Slrw8/FGY+CUQTGUqHs/G7ZTxqI7j99l7ddMUfzj8MmA1AXHPTEASW1u4
DDNCPQJ2Z7e5UZnxpsJ8tsUJMXhuDJtWuge1mMwaTwdhvIX1g4MZylV91EmTnrWh
oKLWbW0GLsNqAu+Acg==
-----END CERTIFICATE-----
Generated at Sun Jun 15 08:39:33 2025 by rpki-client