Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/M9EtDFxlEJ9A-FmeV5HNDDZqAp0.roa
File: M9EtDFxlEJ9A-FmeV5HNDDZqAp0.roa (raw, json)
Hash identifier: WI4ltzw0D8SzP8YIN3g88mLVBUuOvksyWitDll+8J8M=
Subject key identifier: 33:D1:2D:0C:5C:65:10:9F:40:F8:59:9E:57:91:CD:0C:36:6A:02:9D
Certificate issuer: /CN=61e565562d3e3f565e9c0a41946ea53d45d5d657
Certificate serial: 0196390EADA02BC9D743AECB828C61AD1E93
Authority key identifier: 61:E5:65:56:2D:3E:3F:56:5E:9C:0A:41:94:6E:A5:3D:45:D5:D6:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YeVlVi0-P1ZenApBlG6lPUXV1lc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/M9EtDFxlEJ9A-FmeV5HNDDZqAp0.roa
Signing time: Tue 15 Apr 2025 10:46:25 +0000
ROA not before: Tue 15 Apr 2025 10:46:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211186
IP address blocks: 91.218.22.0/24 maxlen: 24
185.14.96.0/24 maxlen: 24
185.42.209.0/24 maxlen: 24
185.42.210.0/24 maxlen: 24
195.95.189.0/24 maxlen: 24
2a0c:2580::/30 maxlen: 30
2a0c:2580::/36 maxlen: 36
2a0c:2580:1000::/36 maxlen: 36
2a0c:2580:2000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/YeVlVi0-P1ZenApBlG6lPUXV1lc.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/YeVlVi0-P1ZenApBlG6lPUXV1lc.mft
rsync://rpki.ripe.net/repository/DEFAULT/YeVlVi0-P1ZenApBlG6lPUXV1lc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 18:19:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:39:0e:ad:a0:2b:c9:d7:43:ae:cb:82:8c:61:ad:1e:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61e565562d3e3f565e9c0a41946ea53d45d5d657
Validity
Not Before: Apr 15 10:46:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=33d12d0c5c65109f40f8599e5791cd0c366a029d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:56:ac:27:55:2c:52:b2:8a:66:ff:2c:fa:db:
16:24:54:92:86:e7:4e:71:60:d5:14:c6:9a:d9:fc:
54:a6:a0:bd:6f:dd:85:43:a6:37:e8:e5:64:96:a3:
76:5a:c3:a9:db:a7:28:de:b5:12:ec:f7:58:48:e3:
b4:cc:15:af:c2:c8:d8:34:8a:a4:1b:01:55:fc:d0:
60:82:c4:e1:8e:f8:b7:ca:82:3b:20:73:87:db:34:
78:7f:24:1a:e0:ef:30:56:b8:d0:30:60:f9:8b:84:
b4:9e:d8:d6:dc:34:c0:7a:f7:21:ee:b2:ac:da:ad:
d6:8d:68:a4:d3:36:d7:9c:b2:fc:d9:ef:23:0a:b9:
0b:29:b8:28:ae:f9:ce:b3:2e:78:f6:63:8f:46:55:
1d:3d:c8:ea:f1:08:2f:27:4f:11:9d:74:55:4f:6b:
e3:a1:44:ba:c4:e8:9f:fd:b4:2f:24:b9:60:e4:38:
82:f2:fd:67:de:8c:c8:c2:a5:12:98:2d:c2:98:db:
da:92:3d:e4:93:30:b5:93:61:05:7d:a8:17:67:4a:
9c:e0:9c:4f:f7:7d:5f:e2:be:a1:49:a9:ff:14:88:
c7:ab:8f:ae:c2:3a:01:31:e1:b6:6a:4d:b2:b8:cf:
7d:b1:b0:18:ef:88:25:50:8f:38:36:fb:8a:79:5b:
12:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:D1:2D:0C:5C:65:10:9F:40:F8:59:9E:57:91:CD:0C:36:6A:02:9D
X509v3 Authority Key Identifier:
keyid:61:E5:65:56:2D:3E:3F:56:5E:9C:0A:41:94:6E:A5:3D:45:D5:D6:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YeVlVi0-P1ZenApBlG6lPUXV1lc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/M9EtDFxlEJ9A-FmeV5HNDDZqAp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/YeVlVi0-P1ZenApBlG6lPUXV1lc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.218.22.0/24
185.14.96.0/24
185.42.209.0-185.42.210.255
195.95.189.0/24
IPv6:
2a0c:2580::/30
Signature Algorithm: sha256WithRSAEncryption
28:38:ba:09:f5:5a:20:fc:30:1b:1c:62:58:f8:5a:6b:a5:61:
47:c3:3a:21:1b:54:4f:7d:7a:ae:3e:26:c5:8a:1c:8c:d7:db:
5f:04:d7:9e:6b:53:b8:da:3c:a3:70:2e:db:2e:35:2a:d9:09:
47:33:38:7a:d9:3d:10:73:e5:ee:c4:de:fc:39:f0:cd:46:22:
f5:ff:a4:c3:29:e5:05:8a:9f:e0:3a:06:fa:3c:8a:26:ac:0c:
2f:77:70:0e:8b:bc:d9:1f:08:9a:23:87:7d:42:11:58:1f:80:
b0:ff:16:66:d1:00:c8:3e:2c:d0:e2:f2:d0:eb:8a:4f:98:18:
19:ce:52:67:f1:cc:99:02:b3:77:b5:27:5a:3b:d8:52:14:cc:
5c:2f:06:a4:dc:ff:7a:dd:09:27:48:a0:19:e5:48:39:2a:ac:
ae:37:aa:7f:93:0d:72:c6:54:1d:62:6b:a8:27:6d:b7:01:e1:
d5:bd:d1:6b:60:33:19:23:92:b5:b6:d3:03:f3:04:61:e7:7c:
ce:44:a0:ec:dd:12:11:2b:43:4e:c6:38:de:f7:e9:1f:f8:57:
df:37:e5:9c:b7:20:91:93:94:a0:dc:ad:15:65:b5:66:5a:c7:
86:5d:b9:6e:89:0f:1a:87:ee:75:fc:0a:5d:ab:2b:0f:cf:2d:
a7:e8:b3:8c
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZY5Dq2gK8nXQ67LgoxhrR6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTU2NTU2MmQzZTNmNTY1ZTljMGE0MTk0NmVhNTNkNDVk
NWQ2NTcwHhcNMjUwNDE1MTA0NjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2QxMmQwYzVjNjUxMDlmNDBmODU5OWU1NzkxY2QwYzM2NmEwMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVasJ1UsUrKKZv8s+tsWJFSShudO
cWDVFMaa2fxUpqC9b92FQ6Y36OVklqN2WsOp26co3rUS7PdYSOO0zBWvwsjYNIqk
GwFV/NBggsThjvi3yoI7IHOH2zR4fyQa4O8wVrjQMGD5i4S0ntjW3DTAevch7rKs
2q3WjWik0zbXnLL82e8jCrkLKbgorvnOsy549mOPRlUdPcjq8QgvJ08RnXRVT2vj
oUS6xOif/bQvJLlg5DiC8v1n3ozIwqUSmC3CmNvakj3kkzC1k2EFfagXZ0qc4JxP
931f4r6hSan/FIjHq4+uwjoBMeG2ak2yuM99sbAY74glUI84NvuKeVsSzwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFDPRLQxcZRCfQPhZnleRzQw2agKdMB8GA1UdIwQY
MBaAFGHlZVYtPj9WXpwKQZRupT1F1dZXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVWbFZpMC1QMVplbkFwQmxHNmxQVVhWMWxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NjIxNGItMDFkZi00YjAxLWJhNzYt
ZjRjYmQ2YmE2YzBmLzEvTTlFdERGeGxFSjlBLUZtZVY1SE5ERFpxQXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NjIxNGItMDFkZi00YjAxLWJhNzYtZjRjYmQ2YmE2YzBm
LzEvWWVWbFZpMC1QMVplbkFwQmxHNmxQVVhWMWxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQAW9oWAwQA
uQ5gMAwDBAC5KtEDBAC5KtIDBADDX70wDQQCAAIwBwMFAioMJYAwDQYJKoZIhvcN
AQELBQADggEBACg4ugn1WiD8MBscYlj4WmulYUfDOiEbVE99eq4+JsWKHIzX218E
155rU7jaPKNwLtsuNSrZCUczOHrZPRBz5e7E3vw58M1GIvX/pMMp5QWKn+A6Bvo8
iiasDC93cA6LvNkfCJojh31CEVgfgLD/FmbRAMg+LNDi8tDrik+YGBnOUmfxzJkC
s3e1J1o72FIUzFwvBqTc/3rdCSdIoBnlSDkqrK43qn+TDXLGVB1ia6gnbbcB4dW9
0WtgMxkjkrW20wPzBGHnfM5EoOzdEhErQ07GON736R/4V9835Zy3IJGTlKDcrRVl
tWZax4ZduW6JDxqH7nX8Cl2rKw/PLafos4w=
-----END CERTIFICATE-----
Generated at Tue May 6 03:40:22 2025 by rpki-client