Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/469d47-01e2-4fcb-a68c-a30d82bd6219/1/lbYGE0sLJ3B23IRi-OtNtyGPAp0.roa
File: lbYGE0sLJ3B23IRi-OtNtyGPAp0.roa (raw, json)
Hash identifier: DQpQYf+5h9YK3aPo5AxywjFuQIhJ9ib5nUDkQNDeYcU=
Subject key identifier: 95:B6:06:13:4B:0B:27:70:76:DC:84:62:F8:EB:4D:B7:21:8F:02:9D
Certificate issuer: /CN=f7b9d97b97fd4cbaceda81c4406e74ad6d539326
Certificate serial: 0195193907DBB959DD7C6FEB905257AD30CC
Authority key identifier: F7:B9:D9:7B:97:FD:4C:BA:CE:DA:81:C4:40:6E:74:AD:6D:53:93:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/97nZe5f9TLrO2oHEQG50rW1TkyY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/469d47-01e2-4fcb-a68c-a30d82bd6219/1/lbYGE0sLJ3B23IRi-OtNtyGPAp0.roa
Signing time: Tue 18 Feb 2025 13:22:02 +0000
ROA not before: Tue 18 Feb 2025 13:22:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214707
IP address blocks: 109.224.208.0/21 maxlen: 21
109.224.208.0/24 maxlen: 24
109.224.209.0/24 maxlen: 24
109.224.210.0/24 maxlen: 24
109.224.211.0/24 maxlen: 24
109.224.212.0/24 maxlen: 24
109.224.213.0/24 maxlen: 24
109.224.214.0/24 maxlen: 24
109.224.215.0/24 maxlen: 24
2a14:6540::/29 maxlen: 29
2a14:6540::/31 maxlen: 31
2a14:6542::/31 maxlen: 31
2a14:6544::/31 maxlen: 31
2a14:6546::/31 maxlen: 31
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6c/469d47-01e2-4fcb-a68c-a30d82bd6219/1/97nZe5f9TLrO2oHEQG50rW1TkyY.crl
rsync://rpki.ripe.net/repository/DEFAULT/6c/469d47-01e2-4fcb-a68c-a30d82bd6219/1/97nZe5f9TLrO2oHEQG50rW1TkyY.mft
rsync://rpki.ripe.net/repository/DEFAULT/97nZe5f9TLrO2oHEQG50rW1TkyY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 30 Apr 2025 07:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:19:39:07:db:b9:59:dd:7c:6f:eb:90:52:57:ad:30:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f7b9d97b97fd4cbaceda81c4406e74ad6d539326
Validity
Not Before: Feb 18 13:22:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95b606134b0b277076dc8462f8eb4db7218f029d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:cc:f9:ac:57:49:ea:cf:dd:e3:70:d5:7e:f7:
63:f4:f7:c8:cb:7f:07:ae:cc:3e:c6:99:4f:d7:42:
6b:65:d4:a4:a0:4d:6c:ee:89:91:35:f4:b1:20:7f:
5a:dd:7e:66:f3:80:f6:73:ab:81:55:27:f3:0a:68:
64:84:3b:dc:f9:22:74:dc:4b:11:e1:f6:0c:cc:b5:
84:24:2a:c0:9e:e3:52:07:70:79:26:e5:22:d9:d8:
93:78:9d:98:7b:87:b2:f3:0c:f8:c7:70:8b:9b:f0:
43:db:4a:22:83:2e:1a:24:e9:ba:e5:2f:24:a5:fe:
6f:04:a3:68:90:cf:34:7a:c3:64:7f:44:c1:30:36:
fb:7e:7e:c8:79:1b:b8:d6:4d:a0:fd:db:b8:3d:b4:
be:02:3d:fa:b3:63:3d:9c:dc:15:1d:72:62:8e:15:
22:27:40:8c:fe:50:31:ba:89:0a:e9:27:5f:c0:3b:
f6:6f:1d:93:99:02:bc:49:e2:1e:64:d0:ef:a3:d3:
5c:13:b0:a6:79:df:bb:3d:4f:35:a1:cf:9a:6f:8c:
8f:56:2f:dd:02:ed:f1:43:7d:ef:ff:75:ef:e4:64:
c4:45:cb:c0:ea:37:b8:53:00:16:6b:31:54:9f:56:
df:98:24:fa:ef:5a:bd:22:47:e1:8c:0f:12:11:6a:
e8:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:B6:06:13:4B:0B:27:70:76:DC:84:62:F8:EB:4D:B7:21:8F:02:9D
X509v3 Authority Key Identifier:
keyid:F7:B9:D9:7B:97:FD:4C:BA:CE:DA:81:C4:40:6E:74:AD:6D:53:93:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97nZe5f9TLrO2oHEQG50rW1TkyY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/469d47-01e2-4fcb-a68c-a30d82bd6219/1/lbYGE0sLJ3B23IRi-OtNtyGPAp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/469d47-01e2-4fcb-a68c-a30d82bd6219/1/97nZe5f9TLrO2oHEQG50rW1TkyY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.208.0/21
IPv6:
2a14:6540::/29
Signature Algorithm: sha256WithRSAEncryption
ac:7e:54:a6:35:e7:45:c3:05:61:44:99:d9:0c:c4:4f:37:30:
4a:56:82:3e:e6:a7:a3:43:54:a2:b9:36:a0:58:81:e3:bd:44:
52:bd:06:79:c5:90:7c:1e:ac:7b:0b:97:ee:b6:76:f0:01:46:
8f:36:3d:30:49:f6:57:96:88:6a:b3:0d:b6:7a:3b:cf:4f:ff:
0c:e2:7c:47:64:a0:e2:3c:2e:12:98:82:24:1b:94:bb:85:0e:
fb:9b:db:f4:31:53:cd:15:92:bf:f4:1e:6d:0a:e1:2d:34:48:
92:41:0c:28:9d:2b:37:93:af:94:be:08:c5:28:4c:f5:ff:65:
1d:91:13:10:fa:c0:71:b8:7f:bf:58:8d:dc:24:71:c3:60:4a:
56:a4:65:c4:24:02:fd:a9:20:fb:1f:5e:5f:a5:c7:d1:6a:fd:
00:2a:69:42:0c:f6:72:bd:bc:33:c4:e6:ac:cb:8d:77:d8:8b:
7a:9b:84:62:a7:6c:8e:41:bf:7a:cb:6f:bb:e0:24:eb:1b:3f:
3b:1f:9a:f0:f7:6e:be:e8:62:a5:c9:78:b3:3d:bd:fd:b0:24:
cc:af:cc:99:d9:94:88:34:4a:39:d8:ac:08:6e:64:d3:3e:3e:
58:b9:b8:6d:f0:ed:0a:8b:bf:0b:52:7d:ee:c0:0c:36:f2:59:
7a:fa:5a:f6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZUZOQfbuVndfG/rkFJXrTDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjlkOTdiOTdmZDRjYmFjZWRhODFjNDQwNmU3NGFkNmQ1
MzkzMjYwHhcNMjUwMjE4MTMyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI2MDYxMzRiMGIyNzcwNzZkYzg0NjJmOGViNGRiNzIxOGYwMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8z5rFdJ6s/d43DVfvdj9PfIy38H
rsw+xplP10JrZdSkoE1s7omRNfSxIH9a3X5m84D2c6uBVSfzCmhkhDvc+SJ03EsR
4fYMzLWEJCrAnuNSB3B5JuUi2diTeJ2Ye4ey8wz4x3CLm/BD20oigy4aJOm65S8k
pf5vBKNokM80esNkf0TBMDb7fn7IeRu41k2g/du4PbS+Aj36s2M9nNwVHXJijhUi
J0CM/lAxuokK6SdfwDv2bx2TmQK8SeIeZNDvo9NcE7Cmed+7PU81oc+ab4yPVi/d
Au3xQ33v/3Xv5GTERcvA6je4UwAWazFUn1bfmCT671q9IkfhjA8SEWroPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJW2BhNLCydwdtyEYvjrTbchjwKdMB8GA1UdIwQY
MBaAFPe52XuX/Uy6ztqBxEBudK1tU5MmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTduWmU1ZjlUTHJPMm9IRVFHNTByVzFUa3lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80NjlkNDctMDFlMi00ZmNiLWE2OGMt
YTMwZDgyYmQ2MjE5LzEvbGJZR0Uwc0xKM0IyM0lSaS1PdE50eUdQQXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80NjlkNDctMDFlMi00ZmNiLWE2OGMtYTMwZDgyYmQ2MjE5
LzEvOTduWmU1ZjlUTHJPMm9IRVFHNTByVzFUa3lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbeDQMA0E
AgACMAcDBQMqFGVAMA0GCSqGSIb3DQEBCwUAA4IBAQCsflSmNedFwwVhRJnZDMRP
NzBKVoI+5qejQ1SiuTagWIHjvURSvQZ5xZB8Hqx7C5futnbwAUaPNj0wSfZXlohq
sw22ejvPT/8M4nxHZKDiPC4SmIIkG5S7hQ77m9v0MVPNFZK/9B5tCuEtNEiSQQwo
nSs3k6+UvgjFKEz1/2UdkRMQ+sBxuH+/WI3cJHHDYEpWpGXEJAL9qSD7H15fpcfR
av0AKmlCDPZyvbwzxOasy4132It6m4Rip2yOQb96y2+74CTrGz87H5rw926+6GKl
yXizPb39sCTMr8yZ2ZSINEo52KwIbmTTPj5Yubht8O0Ki78LUn3uwAw28ll6+lr2
-----END CERTIFICATE-----
Generated at Tue Apr 29 14:19:41 2025 by rpki-client