Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/rDOeOIZHtpPMFp7ZvqijSlcSrPY.roa
File: rDOeOIZHtpPMFp7ZvqijSlcSrPY.roa (raw, json)
Hash identifier: KAlE3KZ7uNCdWIDdG89Kmu2kcJj4D3LOA+bTH/oK4Uo=
Subject key identifier: AC:33:9E:38:86:47:B6:93:CC:16:9E:D9:BE:A8:A3:4A:57:12:AC:F6
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 01964AC50F460CA8F88201C31816471A6A94
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/rDOeOIZHtpPMFp7ZvqijSlcSrPY.roa
Signing time: Fri 18 Apr 2025 21:19:10 +0000
ROA not before: Fri 18 Apr 2025 21:19:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47447
IP address blocks: 46.19.152.0/21 maxlen: 24
185.88.60.0/22 maxlen: 24
185.92.152.0/22 maxlen: 24
2a05:ca80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 06:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:4a:c5:0f:46:0c:a8:f8:82:01:c3:18:16:47:1a:6a:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Apr 18 21:19:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ac339e388647b693cc169ed9bea8a34a5712acf6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:52:cc:6e:0a:99:4f:50:ee:df:6e:8a:f8:13:
12:04:6f:3a:70:ba:02:bf:3f:45:51:08:8f:bb:3b:
93:4e:2d:5c:e9:fc:ea:7c:36:b1:b8:7f:56:8a:94:
8d:dc:52:e4:f5:84:2f:d2:bf:e1:0a:46:fe:c1:d2:
57:00:d4:75:85:53:6b:80:fe:a8:4b:dc:a3:27:bc:
b6:f7:d1:cf:04:e3:05:dc:74:f1:a2:1b:de:2d:bc:
33:66:55:a2:26:ae:c1:54:b7:95:c3:c7:6a:b2:2d:
3e:68:6d:ca:9e:d1:a8:65:48:d7:ae:64:bb:aa:5b:
73:1f:ae:3e:68:0b:f4:93:21:b0:61:4a:50:79:a4:
6a:51:9d:84:6b:a3:c6:01:89:49:ab:f4:53:12:6d:
bb:b1:c2:d7:4b:55:ff:ee:84:df:6d:e3:75:a0:a8:
c2:ce:e1:d9:83:e4:c0:9c:3c:c6:43:16:ad:db:e4:
c0:8c:49:f3:84:27:d2:f7:5f:bc:b6:d2:f0:04:e7:
91:3c:d4:68:4b:0b:f7:94:d1:e1:bd:fe:40:7a:c2:
3e:6c:17:2f:f9:d0:e8:05:d9:8d:38:f4:c8:b5:d2:
cd:75:a4:17:49:66:5c:30:f3:c4:39:50:70:46:80:
0d:ff:e1:4e:2c:43:b9:11:cb:e9:3a:21:30:47:86:
ef:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:33:9E:38:86:47:B6:93:CC:16:9E:D9:BE:A8:A3:4A:57:12:AC:F6
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/rDOeOIZHtpPMFp7ZvqijSlcSrPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
185.88.60.0/22
185.92.152.0/22
IPv6:
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
1e:24:bc:40:a3:eb:3d:07:1a:ed:f2:e8:d9:98:09:88:36:b0:
06:37:a7:89:af:0e:38:51:4d:e6:02:c4:24:dc:c8:2f:36:b4:
cc:62:2b:d7:85:13:10:11:5e:24:cb:d6:f4:44:9f:67:ef:16:
19:ac:af:86:06:e0:6d:36:9b:64:b7:14:67:3b:c9:96:98:91:
d4:b5:6a:ca:03:7f:6d:21:9e:8f:1d:79:1d:e9:bf:84:8d:89:
5f:e6:47:94:95:c7:c2:a7:27:79:d0:e8:f5:8f:27:f0:79:b9:
ae:c5:aa:13:da:2e:c0:c2:14:3d:81:fb:05:c4:e3:6a:5a:a3:
6c:62:b1:40:ba:af:30:38:21:50:ec:a1:2a:9d:e8:e9:ed:3e:
74:96:87:d9:15:4e:a4:e1:67:64:93:9b:2d:68:d9:b9:29:8f:
58:23:0a:77:b5:e6:97:23:29:da:e6:12:a2:53:70:fa:4b:7a:
37:1d:8e:61:e7:42:9b:38:cd:d8:1b:fd:41:5f:b3:97:a4:36:
fd:49:3b:7c:2f:65:ea:1a:4f:bf:8d:22:e7:a7:77:8b:38:25:
b4:90:80:37:f4:b8:29:68:64:7e:45:e2:01:f8:0c:57:6c:10:
7f:30:d4:dc:d7:24:ab:3e:fb:d9:af:cb:35:a8:30:83:eb:65:
b2:5f:2f:dc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZZKxQ9GDKj4ggHDGBZHGmqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNGU0OTkyNDBjZWE1ODg1NDFhN2RjNzRmMzIxYzkxNDE3
NDRiYjYwHhcNMjUwNDE4MjExOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMzOWUzODg2NDdiNjkzY2MxNjllZDliZWE4YTM0YTU3MTJhY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVLMbgqZT1Du326K+BMSBG86cLoC
vz9FUQiPuzuTTi1c6fzqfDaxuH9WipSN3FLk9YQv0r/hCkb+wdJXANR1hVNrgP6o
S9yjJ7y299HPBOMF3HTxohveLbwzZlWiJq7BVLeVw8dqsi0+aG3KntGoZUjXrmS7
qltzH64+aAv0kyGwYUpQeaRqUZ2Ea6PGAYlJq/RTEm27scLXS1X/7oTfbeN1oKjC
zuHZg+TAnDzGQxat2+TAjEnzhCfS91+8ttLwBOeRPNRoSwv3lNHhvf5AesI+bBcv
+dDoBdmNOPTItdLNdaQXSWZcMPPEOVBwRoAN/+FOLEO5EcvpOiEwR4bvEwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKwznjiGR7aTzBae2b6oo0pXEqz2MB8GA1UdIwQY
MBaAFKFOSZJAzqWIVBp9x08yHJFBdEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEt
MzZhODA4ZjNkMTRkLzEvckRPZU9JWkh0cFBNRnA3WnZxaWpTbGNTclBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEtMzZhODA4ZjNkMTRk
LzEvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLhOYAwQC
uVg8AwQCuVyYMA0EAgACMAcDBQMqBcqAMA0GCSqGSIb3DQEBCwUAA4IBAQAeJLxA
o+s9Bxrt8ujZmAmINrAGN6eJrw44UU3mAsQk3MgvNrTMYivXhRMQEV4ky9b0RJ9n
7xYZrK+GBuBtNptktxRnO8mWmJHUtWrKA39tIZ6PHXkd6b+EjYlf5keUlcfCpyd5
0Oj1jyfwebmuxaoT2i7AwhQ9gfsFxONqWqNsYrFAuq8wOCFQ7KEqnejp7T50lofZ
FU6k4Wdkk5staNm5KY9YIwp3teaXIyna5hKiU3D6S3o3HY5h50KbOM3YG/1BX7OX
pDb9STt8L2XqGk+/jSLnp3eLOCW0kIA39LgpaGR+ReIB+AxXbBB/MNTc1ySrPvvZ
r8s1qDCD62WyXy/c
-----END CERTIFICATE-----
Generated at Mon Apr 28 09:44:01 2025 by rpki-client