Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/t21KiufosQo5FokIl-zuM5q85cQ.roa
File: t21KiufosQo5FokIl-zuM5q85cQ.roa (raw, json)
Hash identifier: ORk8mRTrURZ5LhEnK810DaoqajLoQtqn9GMcGAQKm3A=
Subject key identifier: B7:6D:4A:8A:E7:E8:B1:0A:39:16:89:08:97:EC:EE:33:9A:BC:E5:C4
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 01967D1EC499077E9B07DE8FEDAC3E2AF6E7
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/t21KiufosQo5FokIl-zuM5q85cQ.roa
Signing time: Mon 28 Apr 2025 15:58:10 +0000
ROA not before: Mon 28 Apr 2025 15:58:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49603
IP address blocks: 46.19.152.0/21 maxlen: 24
185.88.60.0/22 maxlen: 24
185.92.152.0/22 maxlen: 24
2a02:2980::/32 maxlen: 32
2a05:ca80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 02 May 2025 06:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7d:1e:c4:99:07:7e:9b:07:de:8f:ed:ac:3e:2a:f6:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Apr 28 15:58:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b76d4a8ae7e8b10a3916890897ecee339abce5c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fc:c0:34:7b:6d:0a:bf:28:aa:c1:d1:f1:b8:93:
84:c0:27:80:9d:17:67:dc:ea:d1:c0:cf:e5:db:d6:
51:ec:22:82:f7:42:4e:d3:40:a5:e4:4a:4a:fc:f0:
01:ff:98:b3:3f:72:53:36:21:82:28:97:d0:9f:d1:
74:43:03:9a:95:4e:c0:da:5a:95:43:37:3a:5f:7d:
eb:66:a6:76:bf:ca:53:f6:87:8d:6f:af:98:d9:f1:
df:05:fc:1a:88:ac:ad:fd:47:a9:25:39:7b:92:81:
f3:97:c5:5f:13:7c:b6:ef:c5:14:e5:90:16:73:1b:
e8:80:a3:bf:fe:6a:28:3b:4c:3b:72:78:37:a7:d0:
11:42:20:84:a4:d1:24:1e:8f:38:d7:56:2f:31:3a:
80:df:5c:12:ee:b1:c0:25:d3:23:d0:10:f5:11:88:
e6:bc:13:7e:b9:8d:4f:1c:db:6b:5e:b5:9c:86:66:
4a:59:eb:e0:2c:72:7f:c5:c5:61:4c:e0:00:9e:58:
9f:bd:bd:de:1f:5c:f9:3e:ee:77:34:59:fd:78:ba:
f4:f6:3a:ad:47:d6:e3:ce:e5:0a:12:b7:5a:d0:c0:
9e:76:af:a7:2a:60:04:9e:9d:d0:33:f8:94:26:bf:
87:73:38:f1:ee:45:de:3d:be:4c:58:84:54:db:45:
31:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:6D:4A:8A:E7:E8:B1:0A:39:16:89:08:97:EC:EE:33:9A:BC:E5:C4
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/t21KiufosQo5FokIl-zuM5q85cQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
185.88.60.0/22
185.92.152.0/22
IPv6:
2a02:2980::/32
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
58:5c:ba:85:91:ed:5d:a5:02:47:fa:c9:66:29:2c:e2:27:fc:
76:38:db:f0:61:d6:c7:56:a2:10:99:bb:19:f4:11:70:f8:b9:
33:57:55:15:bf:98:53:9b:38:5d:ae:98:21:64:55:a5:d4:fb:
ee:53:c3:53:15:57:5f:14:2c:85:fe:63:89:a0:e3:b4:04:ac:
44:40:90:83:78:27:c5:d2:99:93:a7:fe:92:d8:0d:dd:e9:37:
01:d4:fd:9e:30:a6:e9:e6:df:ca:a5:06:3d:29:e8:86:1b:67:
1c:96:71:ec:09:fb:c5:6f:88:dd:37:f1:72:20:15:34:5e:df:
a9:34:03:71:61:ec:b2:86:27:c2:48:8c:0c:50:d6:ab:fa:02:
b1:f3:6f:48:fb:2f:13:6e:61:fe:0f:b3:96:6e:7e:c3:77:1f:
be:83:0a:6e:81:e0:3e:7f:30:5f:b8:2a:79:fb:af:dd:aa:97:
5f:31:1c:4e:f9:54:a2:2b:7f:50:53:c3:77:6f:4d:7a:74:3d:
62:90:cf:0d:c1:c7:d4:de:70:1d:e0:f8:3d:f9:12:96:77:72:
74:bf:78:b7:f9:73:6c:83:f7:cc:17:9f:4d:50:bf:49:54:b6:
e5:ac:dd:66:1d:db:3a:31:30:2e:be:14:ae:c7:fa:02:c4:a4:
7b:3b:fc:fb
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZZ9HsSZB36bB96P7aw+KvbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNGU0OTkyNDBjZWE1ODg1NDFhN2RjNzRmMzIxYzkxNDE3
NDRiYjYwHhcNMjUwNDI4MTU1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZkNGE4YWU3ZThiMTBhMzkxNjg5MDg5N2VjZWUzMzlhYmNlNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/MA0e20KvyiqwdHxuJOEwCeAnRdn
3OrRwM/l29ZR7CKC90JO00Cl5EpK/PAB/5izP3JTNiGCKJfQn9F0QwOalU7A2lqV
Qzc6X33rZqZ2v8pT9oeNb6+Y2fHfBfwaiKyt/UepJTl7koHzl8VfE3y278UU5ZAW
cxvogKO//mooO0w7cng3p9ARQiCEpNEkHo8411YvMTqA31wS7rHAJdMj0BD1EYjm
vBN+uY1PHNtrXrWchmZKWevgLHJ/xcVhTOAAnlifvb3eH1z5Pu53NFn9eLr09jqt
R9bjzuUKErda0MCedq+nKmAEnp3QM/iUJr+Hczjx7kXePb5MWIRU20UxrwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFLdtSorn6LEKORaJCJfs7jOavOXEMB8GA1UdIwQY
MBaAFKFOSZJAzqWIVBp9x08yHJFBdEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEt
MzZhODA4ZjNkMTRkLzEvdDIxS2l1Zm9zUW81Rm9rSWwtenVNNXE4NWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEtMzZhODA4ZjNkMTRk
LzEvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQDLhOYAwQC
uVg8AwQCuVyYMBQEAgACMA4DBQAqAimAAwUDKgXKgDANBgkqhkiG9w0BAQsFAAOC
AQEAWFy6hZHtXaUCR/rJZiks4if8djjb8GHWx1aiEJm7GfQRcPi5M1dVFb+YU5s4
Xa6YIWRVpdT77lPDUxVXXxQshf5jiaDjtASsRECQg3gnxdKZk6f+ktgN3ek3AdT9
njCm6ebfyqUGPSnohhtnHJZx7An7xW+I3TfxciAVNF7fqTQDcWHssoYnwkiMDFDW
q/oCsfNvSPsvE25h/g+zlm5+w3cfvoMKboHgPn8wX7gqefuv3aqXXzEcTvlUoit/
UFPDd29NenQ9YpDPDcHH1N5wHeD4PfkSlndydL94t/lzbIP3zBefTVC/SVS25azd
Zh3bOjEwLr4Ursf6AsSkezv8+w==
-----END CERTIFICATE-----
Generated at Thu May 1 11:10:27 2025 by rpki-client