Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/s2J0JZZ-ObzDtacn5mrd8XtqC34.roa
File: s2J0JZZ-ObzDtacn5mrd8XtqC34.roa (raw, json)
Hash identifier: Y+AIs8qpenHiIXCup80QSbaypa7oPZCeyGun7W4ZSYw=
Subject key identifier: B3:62:74:25:96:7E:39:BC:C3:B5:A7:27:E6:6A:DD:F1:7B:6A:0B:7E
Certificate issuer: /CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
Certificate serial: 019668B405C7B5C796CB13A6A65A3B740564
Authority key identifier: C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/s2J0JZZ-ObzDtacn5mrd8XtqC34.roa
Signing time: Thu 24 Apr 2025 16:49:10 +0000
ROA not before: Thu 24 Apr 2025 16:49:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49285
IP address blocks: 141.138.64.0/21 maxlen: 21
188.93.80.0/21 maxlen: 21
188.93.80.0/22 maxlen: 22
188.93.80.0/24 maxlen: 24
188.93.84.0/22 maxlen: 22
188.93.87.0/24 maxlen: 24
2a03:3600::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl
rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.mft
rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 30 Apr 2025 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:68:b4:05:c7:b5:c7:96:cb:13:a6:a6:5a:3b:74:05:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
Validity
Not Before: Apr 24 16:49:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b3627425967e39bcc3b5a727e66addf17b6a0b7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:ce:d7:18:79:df:02:b2:31:c8:8b:70:9d:10:
6f:27:f1:e8:5d:fb:9d:69:50:ca:30:f1:ce:d6:64:
cc:c6:1a:53:85:d9:79:4d:89:cc:c3:9b:fb:8f:33:
e3:81:a5:b2:e4:8f:88:67:9e:dd:4f:5d:7c:40:24:
9e:90:f7:01:12:17:24:cf:5d:4d:4e:1f:14:bb:db:
87:4b:72:c2:d0:36:86:82:72:f7:9b:a5:0e:d1:d4:
16:1e:47:64:2c:cd:07:c5:b4:7e:d1:9b:e5:ca:aa:
59:7c:eb:ef:8e:39:f5:80:87:d5:42:50:f7:52:9f:
ac:af:41:53:ba:75:7f:f6:09:d7:f2:19:38:3f:66:
db:8b:b6:91:66:a6:4c:e0:27:ce:b9:57:d9:db:f2:
17:fc:b6:07:60:55:8c:4f:cb:75:83:88:5f:a4:43:
0c:cf:47:7a:ae:63:74:6f:55:94:4b:61:a8:bd:4f:
80:c8:21:7d:ac:19:dc:ce:1f:ca:8d:00:b8:f5:3c:
bd:b9:40:77:c2:0f:ca:0b:93:77:df:e4:f9:cf:28:
44:57:66:23:94:a1:67:b3:91:0a:ab:88:84:41:6b:
37:8c:fe:f9:cd:fd:eb:68:f0:01:84:c4:ea:2a:93:
56:34:5d:15:b9:bc:d4:55:30:32:44:d4:af:7f:67:
71:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:62:74:25:96:7E:39:BC:C3:B5:A7:27:E6:6A:DD:F1:7B:6A:0B:7E
X509v3 Authority Key Identifier:
keyid:C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/s2J0JZZ-ObzDtacn5mrd8XtqC34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.138.64.0/21
188.93.80.0/21
IPv6:
2a03:3600::/32
Signature Algorithm: sha256WithRSAEncryption
21:73:51:fb:5b:f7:ef:a8:b8:48:f0:4d:61:d7:88:33:4d:1d:
02:a6:ce:8a:89:0c:57:24:a0:2e:04:10:c2:92:ab:41:b3:9b:
97:d1:8d:46:db:43:7a:1f:5b:60:05:df:38:8b:a3:41:c6:83:
4c:c5:17:55:a8:d4:92:e2:f4:74:42:74:35:c2:f3:00:77:da:
76:02:9f:d6:11:39:02:6d:e2:3d:de:f4:30:d5:70:0f:0b:b3:
d7:fb:c9:60:9d:f6:e0:e0:24:97:3c:0a:3c:c3:07:0b:6e:f6:
0a:bf:f2:d2:7a:69:70:e2:6d:8e:a2:47:49:3b:f2:85:51:33:
f2:f2:b8:f2:77:af:73:50:68:b0:5e:38:82:0e:59:34:bb:94:
59:ea:a9:99:b8:96:6a:97:87:57:82:0f:ac:46:4e:35:e9:e1:
dd:89:3f:90:6f:76:f6:c6:7e:cc:f9:d0:d7:a6:c6:d7:21:48:
57:97:08:8e:09:e7:cd:e1:9e:f3:d8:aa:c6:19:b5:32:a1:4b:
06:c3:91:c7:74:23:5f:7b:08:91:f6:3d:20:fd:11:e5:d6:c7:
96:3b:5b:44:06:4f:ea:0d:8a:47:67:8b:ef:77:3d:3c:32:0e:
7e:8a:a8:4e:26:d8:e8:9b:00:cc:74:41:20:f6:c2:48:38:90:
8d:47:64:45
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZZotAXHtceWyxOmplo7dAVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGFkYWZiMWYzMWY5ODg5YWE0NzM1NzkyYjZlM2RiNDY5
MzFiYjkwHhcNMjUwNDI0MTY0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzYyNzQyNTk2N2UzOWJjYzNiNWE3MjdlNjZhZGRmMTdiNmEwYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM7XGHnfArIxyItwnRBvJ/HoXfud
aVDKMPHO1mTMxhpThdl5TYnMw5v7jzPjgaWy5I+IZ57dT118QCSekPcBEhckz11N
Th8Uu9uHS3LC0DaGgnL3m6UO0dQWHkdkLM0HxbR+0ZvlyqpZfOvvjjn1gIfVQlD3
Up+sr0FTunV/9gnX8hk4P2bbi7aRZqZM4CfOuVfZ2/IX/LYHYFWMT8t1g4hfpEMM
z0d6rmN0b1WUS2GovU+AyCF9rBnczh/KjQC49Ty9uUB3wg/KC5N33+T5zyhEV2Yj
lKFns5EKq4iEQWs3jP75zf3raPABhMTqKpNWNF0VubzUVTAyRNSvf2dx7QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLNidCWWfjm8w7WnJ+Zq3fF7agt+MB8GA1UdIwQY
MBaAFMmK2vsfMfmImqRzV5K249tGkxu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYt
M2IxMDNkNWE2OTBhLzEvczJKMEpaWi1PYnpEdGFjbjVtcmQ4WHRxQzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYtM2IxMDNkNWE2OTBh
LzEveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDjYpAAwQD
vF1QMA0EAgACMAcDBQAqAzYAMA0GCSqGSIb3DQEBCwUAA4IBAQAhc1H7W/fvqLhI
8E1h14gzTR0Cps6KiQxXJKAuBBDCkqtBs5uX0Y1G20N6H1tgBd84i6NBxoNMxRdV
qNSS4vR0QnQ1wvMAd9p2Ap/WETkCbeI93vQw1XAPC7PX+8lgnfbg4CSXPAo8wwcL
bvYKv/LSemlw4m2OokdJO/KFUTPy8rjyd69zUGiwXjiCDlk0u5RZ6qmZuJZql4dX
gg+sRk416eHdiT+Qb3b2xn7M+dDXpsbXIUhXlwiOCefN4Z7z2KrGGbUyoUsGw5HH
dCNfewiR9j0g/RHl1seWO1tEBk/qDYpHZ4vvdz08Mg5+iqhOJtjomwDMdEEg9sJI
OJCNR2RF
-----END CERTIFICATE-----
Generated at Tue Apr 29 07:50:03 2025 by rpki-client