Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/0sXA3IeAoIVAXrLvJHnvifdk6W4.roa
File: 0sXA3IeAoIVAXrLvJHnvifdk6W4.roa (raw, json)
Hash identifier: EFrw6dc9D3S3/lhfk9rHsXpO4ttSJES+k0IjLuAxkE4=
Subject key identifier: D2:C5:C0:DC:87:80:A0:85:40:5E:B2:EF:24:79:EF:89:F7:64:E9:6E
Certificate issuer: /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial: 019667CB7A775CFFCCE1ACF42642F120CB6B
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/0sXA3IeAoIVAXrLvJHnvifdk6W4.roa
Signing time: Thu 24 Apr 2025 12:35:10 +0000
ROA not before: Thu 24 Apr 2025 12:35:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54339
IP address blocks: 45.147.156.0/24 maxlen: 24
45.147.157.0/24 maxlen: 24
45.147.158.0/24 maxlen: 24
77.111.116.0/24 maxlen: 24
77.111.121.0/24 maxlen: 24
92.61.102.0/24 maxlen: 24
194.152.137.0/24 maxlen: 24
194.152.139.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 13:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:67:cb:7a:77:5c:ff:cc:e1:ac:f4:26:42:f1:20:cb:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Validity
Not Before: Apr 24 12:35:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2c5c0dc8780a085405eb2ef2479ef89f764e96e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:c2:a8:0f:91:b4:e1:73:95:de:76:b5:3e:c9:
f6:52:ed:fa:fa:19:a9:29:13:ff:48:57:9c:f3:2b:
1b:c1:19:2a:2f:f0:a1:7f:e0:4f:0e:64:f4:88:f7:
aa:1b:c7:cf:47:8f:34:45:d3:4c:68:18:db:f1:de:
76:a3:6b:95:d1:1b:de:60:6f:7a:cb:5a:cd:05:6f:
70:fc:3b:d6:96:d8:70:7c:54:16:f8:1a:49:3d:f1:
f5:f2:c8:11:54:b3:4d:1b:9c:6a:e9:d9:ca:c5:55:
91:fb:15:dc:92:dd:75:1d:a0:af:1f:60:ef:c4:8d:
a3:3c:dc:c7:be:df:69:52:5d:45:76:a3:61:a8:69:
0f:79:ed:2b:b1:d0:c3:b1:59:37:91:04:2b:19:92:
eb:b1:39:78:80:25:e5:65:ea:c7:af:0b:d5:ee:f8:
28:5c:c5:99:eb:e4:d3:d1:02:9c:d4:a1:77:b2:a7:
64:56:ba:90:5f:24:64:6e:5b:70:95:fb:8b:5e:12:
23:2b:d6:1e:51:ce:4e:36:03:fd:f7:cb:9e:dc:ac:
9a:22:40:61:12:7f:bc:ec:ba:bb:f8:22:9a:df:4a:
9f:16:a2:ac:77:2d:79:54:16:4a:36:96:55:fb:92:
08:0f:bf:01:29:b4:39:6f:e5:0a:13:15:f7:49:cb:
9d:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:C5:C0:DC:87:80:A0:85:40:5E:B2:EF:24:79:EF:89:F7:64:E9:6E
X509v3 Authority Key Identifier:
keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/0sXA3IeAoIVAXrLvJHnvifdk6W4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.147.156.0-45.147.158.255
77.111.116.0/24
77.111.121.0/24
92.61.102.0/24
194.152.137.0/24
194.152.139.0/24
Signature Algorithm: sha256WithRSAEncryption
39:53:bd:01:b8:24:b0:15:5d:2b:08:40:bf:63:8c:1e:a1:54:
e5:aa:12:7a:84:25:50:29:76:2d:80:37:6e:5a:6b:1c:c8:97:
67:45:2b:4d:45:51:ca:27:9c:49:9e:f7:93:60:45:df:fc:1b:
2a:87:96:48:92:f4:71:33:2e:46:3f:ae:43:08:98:c3:a5:eb:
99:e7:a8:be:1a:e1:d7:68:42:8b:c3:42:28:ae:09:05:8c:6a:
f4:96:e0:d9:43:8d:2f:77:d0:ae:67:44:d8:b2:a7:e4:3f:59:
55:67:f0:2c:b2:2a:97:c8:f7:15:72:27:6c:99:38:14:d1:a3:
b7:54:25:b6:d0:c4:bc:a0:4a:a4:d8:4b:c5:aa:77:d1:9f:d2:
da:aa:ee:4e:2c:d7:0a:32:31:0a:dd:81:9e:b9:63:fa:f4:1f:
de:96:9e:34:b3:dd:46:77:69:14:06:16:4a:d3:3f:6d:bf:e7:
11:97:e2:fc:b4:a1:6e:06:36:dc:8f:5d:63:c9:86:b1:57:93:
ab:2e:02:63:66:3e:b9:ab:75:b8:6e:dd:ec:76:8c:bc:5f:ff:
d3:c7:95:89:cb:b1:f1:91:1f:88:1a:14:b4:ce:1d:c6:93:9f:
37:70:44:32:2a:a4:14:dc:4e:f1:e7:1e:9c:c8:a7:78:23:f2:
6b:2d:af:b7
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZZny3p3XP/M4az0JkLxIMtrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwNDI0MTIzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM1YzBkYzg3ODBhMDg1NDA1ZWIyZWYyNDc5ZWY4OWY3NjRlOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8KoD5G04XOV3na1Psn2Uu36+hmp
KRP/SFec8ysbwRkqL/Chf+BPDmT0iPeqG8fPR480RdNMaBjb8d52o2uV0RveYG96
y1rNBW9w/DvWlthwfFQW+BpJPfH18sgRVLNNG5xq6dnKxVWR+xXckt11HaCvH2Dv
xI2jPNzHvt9pUl1FdqNhqGkPee0rsdDDsVk3kQQrGZLrsTl4gCXlZerHrwvV7vgo
XMWZ6+TT0QKc1KF3sqdkVrqQXyRkbltwlfuLXhIjK9YeUc5ONgP998ue3KyaIkBh
En+87Lq7+CKa30qfFqKsdy15VBZKNpZV+5IID78BKbQ5b+UKExX3ScudQwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNLFwNyHgKCFQF6y7yR574n3ZOluMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvMHNYQTNJZUFvSVZBWHJMdkpIbnZpZmRrNlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBAItk5wD
BAAtk54DBABNb3QDBABNb3kDBABcPWYDBADCmIkDBADCmIswDQYJKoZIhvcNAQEL
BQADggEBADlTvQG4JLAVXSsIQL9jjB6hVOWqEnqEJVApdi2AN25aaxzIl2dFK01F
UconnEme95NgRd/8GyqHlkiS9HEzLkY/rkMImMOl65nnqL4a4ddoQovDQiiuCQWM
avSW4NlDjS930K5nRNiyp+Q/WVVn8CyyKpfI9xVyJ2yZOBTRo7dUJbbQxLygSqTY
S8Wqd9Gf0tqq7k4s1woyMQrdgZ65Y/r0H96WnjSz3UZ3aRQGFkrTP22/5xGX4vy0
oW4GNtyPXWPJhrFXk6suAmNmPrmrdbhu3ex2jLxf/9PHlYnLsfGRH4gaFLTOHcaT
nzdwRDIqpBTcTvHnHpzIp3gj8mstr7c=
-----END CERTIFICATE-----
Generated at Mon Apr 28 19:53:37 2025 by rpki-client