Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/K6zGiisfyNDOI3oc313yAhjD4A0.roa
File: K6zGiisfyNDOI3oc313yAhjD4A0.roa (raw, json)
Hash identifier: 6AQQYPpSiTsTvRjFcFVlDWIfwUUDTzHtOyOPf+oYlEE=
Subject key identifier: 2B:AC:C6:8A:2B:1F:C8:D0:CE:23:7A:1C:DF:5D:F2:02:18:C3:E0:0D
Certificate issuer: /CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
Certificate serial: 01961F263C86C2229C0D2DA92E6298509B1F
Authority key identifier: CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/K6zGiisfyNDOI3oc313yAhjD4A0.roa
Signing time: Thu 10 Apr 2025 10:02:01 +0000
ROA not before: Thu 10 Apr 2025 10:02:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 185.112.132.0/24 maxlen: 24
185.112.133.0/24 maxlen: 24
185.112.134.0/24 maxlen: 24
185.112.135.0/24 maxlen: 24
213.156.250.0/24 maxlen: 24
213.156.251.0/24 maxlen: 24
213.156.252.0/24 maxlen: 24
213.156.253.0/24 maxlen: 24
213.156.254.0/24 maxlen: 24
213.156.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.mft
rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:1f:26:3c:86:c2:22:9c:0d:2d:a9:2e:62:98:50:9b:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
Validity
Not Before: Apr 10 10:02:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2bacc68a2b1fc8d0ce237a1cdf5df20218c3e00d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c8:67:7a:38:41:8e:b2:2e:52:69:d8:b7:28:
67:66:6e:a0:13:be:c2:cf:3a:9a:9e:6a:43:61:e0:
63:0f:2d:b8:d9:7d:b5:fb:59:b8:a4:72:d8:59:3e:
92:8a:9d:96:ea:d2:44:6a:9b:60:0f:b8:cf:52:88:
26:ac:b4:fd:3e:d3:27:d1:47:17:a0:51:26:7f:af:
bd:ca:aa:46:f5:61:eb:a3:f2:fe:0f:77:75:5f:35:
47:7f:b1:9c:56:47:ca:bc:09:b1:ec:15:9f:19:d8:
ad:1a:e3:a2:f9:11:ce:de:ee:f3:ae:2a:f7:cd:1e:
97:0e:a4:ac:4d:14:49:d1:18:06:d2:a3:f5:26:e6:
28:bf:b7:ae:c1:07:a9:bc:b9:46:8b:d4:6b:e7:77:
de:f2:df:72:af:f5:4d:61:c3:27:16:3b:55:8e:37:
a0:ca:04:3d:aa:4c:47:e4:99:22:fe:57:12:52:78:
a6:ce:ae:82:1a:bc:10:b3:65:71:40:06:d4:3b:67:
6e:42:5c:30:22:29:e8:b4:65:e3:bf:d5:69:85:e3:
d1:97:2e:d5:41:e9:ea:5a:de:ad:ba:ff:67:1e:25:
06:8a:18:ed:b0:f7:5b:01:b4:7e:37:00:7a:6f:1a:
c8:e9:3d:de:41:57:3a:7d:b4:a4:ea:c8:9e:34:52:
7f:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:AC:C6:8A:2B:1F:C8:D0:CE:23:7A:1C:DF:5D:F2:02:18:C3:E0:0D
X509v3 Authority Key Identifier:
keyid:CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/K6zGiisfyNDOI3oc313yAhjD4A0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.112.132.0/22
213.156.250.0-213.156.255.255
Signature Algorithm: sha256WithRSAEncryption
88:ce:dc:32:a2:97:07:90:d3:46:b9:06:7c:61:60:b1:02:c3:
7d:84:e1:64:47:06:e7:5e:ae:5f:46:8f:35:55:e1:2f:f4:f6:
97:70:4e:4d:24:24:85:ec:47:ce:dd:90:6b:81:b2:fa:46:ce:
29:65:cf:28:52:58:ae:d4:14:5a:89:76:a4:76:86:e0:77:71:
f8:16:7e:e8:31:15:77:b2:91:98:c8:b8:ab:cd:bb:e4:dd:34:
17:60:46:ba:3a:f1:9e:72:9e:10:42:eb:ce:57:a5:15:de:fb:
3f:9e:7e:77:97:02:48:dc:de:fe:e7:ba:a8:1d:d1:6c:e8:d2:
39:f4:d3:35:e1:d6:bb:69:3d:1a:89:a2:3a:d9:6d:0f:4d:4d:
e0:c2:19:56:a5:6e:bc:5a:3e:58:d4:30:ac:50:88:7c:2d:8f:
fd:e4:c1:be:dc:bd:8a:1f:44:9c:2e:e7:7d:79:e3:7b:69:8d:
20:ed:54:35:28:06:05:2a:21:c4:af:58:c1:d9:a7:62:2a:f8:
b9:23:6c:3d:69:a8:6f:05:ef:26:3c:b8:90:aa:01:0e:ad:b5:
aa:dc:bf:fc:7a:c9:5e:a9:6b:92:6b:4c:9a:99:e0:14:76:ac:
41:3a:d9:18:d3:87:73:7d:ae:5b:fe:58:fc:bd:87:f3:53:cb:
98:7c:10:fb
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZYfJjyGwiKcDS2pLmKYUJsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzRiMTMzODdmYWIxZGNmOGI2N2YxNmEwYTQzNzYwODYw
MGM0YzIwHhcNMjUwNDEwMTAwMjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmFjYzY4YTJiMWZjOGQwY2UyMzdhMWNkZjVkZjIwMjE4YzNlMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArchnejhBjrIuUmnYtyhnZm6gE77C
zzqanmpDYeBjDy242X21+1m4pHLYWT6Sip2W6tJEaptgD7jPUogmrLT9PtMn0UcX
oFEmf6+9yqpG9WHro/L+D3d1XzVHf7GcVkfKvAmx7BWfGditGuOi+RHO3u7zrir3
zR6XDqSsTRRJ0RgG0qP1JuYov7euwQepvLlGi9Rr53fe8t9yr/VNYcMnFjtVjjeg
ygQ9qkxH5Jki/lcSUnimzq6CGrwQs2VxQAbUO2duQlwwIinotGXjv9VphePRly7V
QenqWt6tuv9nHiUGihjtsPdbAbR+NwB6bxrI6T3eQVc6fbSk6sieNFJ/xwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFCusxoorH8jQziN6HN9d8gIYw+ANMB8GA1UdIwQY
MBaAFMo0sTOH+rHc+LZ/FqCkN2CGAMTCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYt
MDQwNTIzNGFiM2YxLzEvSzZ6R2lpc2Z5TkRPSTNvYzMxM3lBaGpENEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYtMDQwNTIzNGFiM2Yx
LzEveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQCuXCEMAsD
BAHVnPoDAwDVnDANBgkqhkiG9w0BAQsFAAOCAQEAiM7cMqKXB5DTRrkGfGFgsQLD
fYThZEcG516uX0aPNVXhL/T2l3BOTSQkhexHzt2Qa4Gy+kbOKWXPKFJYrtQUWol2
pHaG4Hdx+BZ+6DEVd7KRmMi4q8275N00F2BGujrxnnKeEELrzlelFd77P55+d5cC
SNze/ue6qB3RbOjSOfTTNeHWu2k9GomiOtltD01N4MIZVqVuvFo+WNQwrFCIfC2P
/eTBvty9ih9EnC7nfXnje2mNIO1UNSgGBSohxK9YwdmnYir4uSNsPWmobwXvJjy4
kKoBDq21qty//HrJXqlrkmtMmpngFHasQTrZGNOHc32uW/5Y/L2H81PLmHwQ+w==
-----END CERTIFICATE-----
Generated at Sat Apr 26 16:18:09 2025 by rpki-client