Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/55a74f-49ca-4a63-9eda-517eff908975/1/BF5uYM34somF3uKBjwVBv6TvSUc.roa
File: BF5uYM34somF3uKBjwVBv6TvSUc.roa (raw, json)
Hash identifier: LMQTKQzXnQ/SBYJGX5sPOQPjZo/gmRmiCPcpMivc64U=
Subject key identifier: 04:5E:6E:60:CD:F8:B2:89:85:DE:E2:81:8F:05:41:BF:A4:EF:49:47
Certificate issuer: /CN=be125cad7dd4c5f0201ee2a21deac387366981c4
Certificate serial: 0196FCC471E630F28BE182ECA93F3499FD67
Authority key identifier: BE:12:5C:AD:7D:D4:C5:F0:20:1E:E2:A2:1D:EA:C3:87:36:69:81:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vhJcrX3UxfAgHuKiHerDhzZpgcQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/55a74f-49ca-4a63-9eda-517eff908975/1/BF5uYM34somF3uKBjwVBv6TvSUc.roa
Signing time: Fri 23 May 2025 10:50:54 +0000
ROA not before: Fri 23 May 2025 10:50:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41202
IP address blocks: 37.110.208.0/21 maxlen: 21
37.110.208.0/22 maxlen: 22
37.110.208.0/24 maxlen: 24
37.110.209.0/24 maxlen: 24
37.110.210.0/24 maxlen: 24
37.110.212.0/22 maxlen: 22
37.110.214.0/24 maxlen: 24
37.110.215.0/24 maxlen: 24
185.183.240.0/22 maxlen: 22
185.183.240.0/23 maxlen: 23
185.183.240.0/24 maxlen: 24
185.183.242.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/55a74f-49ca-4a63-9eda-517eff908975/1/vhJcrX3UxfAgHuKiHerDhzZpgcQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/55a74f-49ca-4a63-9eda-517eff908975/1/vhJcrX3UxfAgHuKiHerDhzZpgcQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/vhJcrX3UxfAgHuKiHerDhzZpgcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:fc:c4:71:e6:30:f2:8b:e1:82:ec:a9:3f:34:99:fd:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be125cad7dd4c5f0201ee2a21deac387366981c4
Validity
Not Before: May 23 10:50:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=045e6e60cdf8b28985dee2818f0541bfa4ef4947
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:08:04:20:d8:70:fe:65:f9:17:1a:9f:80:9b:
cd:2f:21:02:45:27:65:51:7f:e8:30:3f:6b:fa:a0:
0a:ae:4d:05:9d:e3:fe:1f:37:87:2d:d1:13:34:53:
54:e5:12:e5:61:67:06:27:0b:7f:67:03:16:7f:26:
32:0d:7c:d3:ef:d8:f8:89:fa:e5:03:07:80:18:55:
b3:3c:99:55:65:7b:5f:4d:88:47:47:65:15:1b:3c:
85:3f:d9:d1:0b:8b:55:1d:b0:d0:11:85:83:5c:bd:
64:01:98:06:bc:8a:3a:cf:76:0b:02:e8:c4:6a:da:
ec:1b:9e:0b:95:e0:29:0b:25:9a:ad:cb:00:ff:5c:
ad:84:ef:5d:5d:b0:09:bd:58:1d:29:2d:1a:7e:69:
07:75:8c:bc:f5:28:1c:51:c9:37:6d:80:53:0e:07:
1a:4e:d8:8a:2b:ef:0e:59:9e:fc:71:ef:9c:ca:14:
f6:6d:0a:70:24:0f:fb:48:17:47:7b:24:39:b2:b9:
52:f5:28:2c:47:06:75:f0:d7:5b:ad:21:b0:1c:d5:
a2:af:fc:29:c3:e1:ce:f6:66:70:8a:e9:b0:f5:95:
7c:b0:4a:05:19:1f:83:fa:31:b3:59:49:82:8b:ea:
8a:d5:69:e7:ec:53:33:43:b5:c3:b5:93:d1:cd:33:
ce:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:5E:6E:60:CD:F8:B2:89:85:DE:E2:81:8F:05:41:BF:A4:EF:49:47
X509v3 Authority Key Identifier:
keyid:BE:12:5C:AD:7D:D4:C5:F0:20:1E:E2:A2:1D:EA:C3:87:36:69:81:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vhJcrX3UxfAgHuKiHerDhzZpgcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55a74f-49ca-4a63-9eda-517eff908975/1/BF5uYM34somF3uKBjwVBv6TvSUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55a74f-49ca-4a63-9eda-517eff908975/1/vhJcrX3UxfAgHuKiHerDhzZpgcQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.110.208.0/21
185.183.240.0/22
Signature Algorithm: sha256WithRSAEncryption
66:56:24:e7:9a:73:22:bf:6b:a7:ab:3d:98:35:e5:21:df:12:
69:51:9e:19:82:1f:e8:a1:d5:95:01:84:20:9d:f1:2b:d2:8b:
d1:2c:08:46:86:95:40:da:81:16:94:71:ec:8b:c4:ce:5d:ba:
aa:e8:51:2e:80:6a:5e:6a:9b:10:b5:c3:c1:31:e7:6f:19:85:
2d:03:04:1f:e0:e2:6a:b7:26:0a:4a:6d:9d:d5:37:ae:f1:ea:
53:00:82:e1:d1:6b:f6:1d:d9:11:b8:84:8a:d2:fb:57:f0:4b:
dd:e7:ed:e8:e1:a6:b7:39:f8:76:3e:0c:87:64:65:09:19:fd:
bf:89:4b:da:fa:f0:c1:51:b6:c5:7b:1b:09:92:60:1f:04:1b:
75:d6:bb:fb:61:ad:e9:ed:21:aa:e2:57:08:57:65:6d:ad:fc:
89:6c:2e:10:b2:d8:43:79:ef:2e:97:43:e0:0d:c3:c5:77:09:
f0:7f:df:19:88:84:64:e2:fd:cf:9d:b5:68:37:31:47:3c:14:
c9:34:b0:47:05:c6:19:53:df:81:3c:2a:08:de:24:b4:0e:a9:
ac:e3:b1:4e:80:8d:1f:28:d9:4c:2b:f4:ff:9d:2c:a4:f0:0d:
8e:d8:e3:4d:4d:de:0a:ed:10:d6:c9:52:08:fd:f4:5f:39:b0:
8c:46:79:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb8xHHmMPKL4YLsqT80mf1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMTI1Y2FkN2RkNGM1ZjAyMDFlZTJhMjFkZWFjMzg3MzY2
OTgxYzQwHhcNMjUwNTIzMTA1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDVlNmU2MGNkZjhiMjg5ODVkZWUyODE4ZjA1NDFiZmE0ZWY0OTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAgEINhw/mX5FxqfgJvNLyECRSdl
UX/oMD9r+qAKrk0FneP+HzeHLdETNFNU5RLlYWcGJwt/ZwMWfyYyDXzT79j4ifrl
AweAGFWzPJlVZXtfTYhHR2UVGzyFP9nRC4tVHbDQEYWDXL1kAZgGvIo6z3YLAujE
atrsG54LleApCyWarcsA/1ythO9dXbAJvVgdKS0afmkHdYy89SgcUck3bYBTDgca
TtiKK+8OWZ78ce+cyhT2bQpwJA/7SBdHeyQ5srlS9SgsRwZ18NdbrSGwHNWir/wp
w+HO9mZwiumw9ZV8sEoFGR+D+jGzWUmCi+qK1Wnn7FMzQ7XDtZPRzTPOnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFARebmDN+LKJhd7igY8FQb+k70lHMB8GA1UdIwQY
MBaAFL4SXK191MXwIB7ioh3qw4c2aYHEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmhKY3JYM1V4ZkFnSHVLaUhlckRoelpwZ2NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy81NWE3NGYtNDljYS00YTYzLTllZGEt
NTE3ZWZmOTA4OTc1LzEvQkY1dVlNMzRzb21GM3VLQmp3VkJ2NlR2U1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy81NWE3NGYtNDljYS00YTYzLTllZGEtNTE3ZWZmOTA4OTc1
LzEvdmhKY3JYM1V4ZkFnSHVLaUhlckRoelpwZ2NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJW7QAwQC
ubfwMA0GCSqGSIb3DQEBCwUAA4IBAQBmViTnmnMiv2unqz2YNeUh3xJpUZ4Zgh/o
odWVAYQgnfEr0ovRLAhGhpVA2oEWlHHsi8TOXbqq6FEugGpeapsQtcPBMedvGYUt
AwQf4OJqtyYKSm2d1Teu8epTAILh0Wv2HdkRuISK0vtX8Evd5+3o4aa3Ofh2PgyH
ZGUJGf2/iUva+vDBUbbFexsJkmAfBBt11rv7Ya3p7SGq4lcIV2VtrfyJbC4QsthD
ee8ul0PgDcPFdwnwf98ZiIRk4v3PnbVoNzFHPBTJNLBHBcYZU9+BPCoI3iS0Dqms
47FOgI0fKNlMK/T/nSyk8A2O2ONNTd4K7RDWyVII/fRfObCMRnkl
-----END CERTIFICATE-----
Generated at Mon Jun 16 12:29:55 2025 by rpki-client