Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/K5PwPytOI_jcP9He1nt3G317eYI.roa
File: K5PwPytOI_jcP9He1nt3G317eYI.roa (raw, json)
Hash identifier: cTDvsg09oLpiFvnjwcs0kSKetfHr8fv3r7qeLPsUP5A=
Subject key identifier: 2B:93:F0:3F:2B:4E:23:F8:DC:3F:D1:DE:D6:7B:77:1B:7D:7B:79:82
Certificate issuer: /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial: 019424B2989659014D8C94F5537AFA3B7B87
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/K5PwPytOI_jcP9He1nt3G317eYI.roa
Signing time: Thu 02 Jan 2025 01:47:51 +0000
ROA not before: Thu 02 Jan 2025 01:47:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397223
IP address blocks: 37.209.192.0/24 maxlen: 24
37.209.194.0/24 maxlen: 24
37.209.196.0/24 maxlen: 24
37.209.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 19:01:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:98:96:59:01:4d:8c:94:f5:53:7a:fa:3b:7b:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Validity
Not Before: Jan 2 01:47:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b93f03f2b4e23f8dc3fd1ded67b771b7d7b7982
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:05:3c:7b:be:fd:5c:0c:8a:bd:aa:54:c3:dd:
c9:53:41:18:86:c4:a9:4d:b3:52:08:97:3f:17:d0:
f1:ae:41:16:66:65:a4:36:7d:0d:12:b4:12:79:bd:
b1:6f:85:8c:b0:a3:71:fc:67:ad:63:11:da:85:24:
21:2f:54:64:9f:e4:e5:3d:06:46:e3:1e:54:18:d8:
99:e4:96:68:ca:01:cc:55:c7:20:7d:74:fe:69:3a:
30:09:a1:8c:13:0d:08:81:17:1c:ad:10:68:33:cc:
6c:ac:11:81:2c:c0:0c:75:a0:12:ec:b9:6f:1e:93:
75:a0:28:7b:36:63:e9:7a:4c:a4:ac:ca:c0:c3:7e:
f6:65:63:9e:f0:3b:dd:ec:01:4f:cd:fe:78:90:f0:
9c:17:da:1f:3b:77:2a:fb:19:fe:b3:64:1d:c3:e8:
a8:13:6d:05:77:9c:2d:38:08:4b:8b:22:91:2f:da:
71:b6:cd:e2:82:92:6e:98:49:78:07:c5:b3:d7:aa:
8c:85:fc:1e:95:83:e9:57:67:c2:bc:c1:01:8f:fa:
ca:ba:2f:d6:83:8b:ef:0c:b4:d5:f6:be:ff:f8:ea:
0c:3d:f8:b5:04:dc:b9:3a:2b:a1:41:0e:b1:f7:f3:
08:ca:53:b7:93:4f:80:2e:02:81:c8:fa:54:d2:bc:
93:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:93:F0:3F:2B:4E:23:F8:DC:3F:D1:DE:D6:7B:77:1B:7D:7B:79:82
X509v3 Authority Key Identifier:
keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/K5PwPytOI_jcP9He1nt3G317eYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.192.0/24
37.209.194.0/24
37.209.196.0/24
37.209.198.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:e4:28:28:95:f3:6d:05:2c:a8:fc:f1:54:34:31:41:17:e7:
b7:5b:e8:bd:07:2e:68:d4:a1:d1:03:5b:52:9c:e3:c2:59:7c:
01:0b:ef:07:1e:d3:e8:33:8e:c2:3c:cb:96:d6:5a:91:c6:46:
26:92:8c:9f:1d:fc:69:9a:2d:b7:9f:e5:44:af:31:b1:57:b9:
4a:bd:4e:f8:5d:40:86:e7:0b:de:a2:df:5a:97:e9:a8:60:d8:
ec:35:41:ff:72:58:e9:d9:80:e1:51:8f:78:12:55:39:44:64:
b5:fd:f9:fd:25:cf:7d:53:c6:e4:51:9e:a7:34:6f:b6:fc:00:
07:93:04:a8:da:e8:b3:1a:8d:19:94:e5:40:54:d4:85:4c:e7:
4f:33:1e:90:8e:d4:c5:cf:72:c8:67:1b:6d:49:24:0a:b8:7b:
9f:81:17:3b:d9:46:c9:27:e4:c3:a2:6c:2b:5d:1e:80:ed:cd:
b7:9f:90:88:cf:43:c6:ba:7e:55:ed:18:40:b1:e6:de:1e:04:
65:2a:c8:00:a9:1b:3a:55:90:8a:15:64:40:98:38:94:54:4d:
23:fa:92:b8:31:0a:7d:4a:5f:c6:65:a9:87:95:4b:81:f0:37:
cd:bd:fb:27:56:49:8c:4c:a5:24:ae:23:76:d2:3d:b0:63:d1:
22:d9:00:31
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQkspiWWQFNjJT1U3r6O3uHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjUwMTAyMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjkzZjAzZjJiNGUyM2Y4ZGMzZmQxZGVkNjdiNzcxYjdkN2I3OTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwU8e779XAyKvapUw93JU0EYhsSp
TbNSCJc/F9DxrkEWZmWkNn0NErQSeb2xb4WMsKNx/GetYxHahSQhL1Rkn+TlPQZG
4x5UGNiZ5JZoygHMVccgfXT+aTowCaGMEw0IgRccrRBoM8xsrBGBLMAMdaAS7Llv
HpN1oCh7NmPpekykrMrAw372ZWOe8Dvd7AFPzf54kPCcF9ofO3cq+xn+s2Qdw+io
E20Fd5wtOAhLiyKRL9pxts3igpJumEl4B8Wz16qMhfwelYPpV2fCvMEBj/rKui/W
g4vvDLTV9r7/+OoMPfi1BNy5OiuhQQ6x9/MIylO3k0+ALgKByPpU0ryTnwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCuT8D8rTiP43D/R3tZ7dxt9e3mCMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvSzVQd1B5dE9JX2pjUDlIZTFudDNHMzE3ZVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQB65CgolfNtBSyo/PFU
NDFBF+e3W+i9By5o1KHRA1tSnOPCWXwBC+8HHtPoM47CPMuW1lqRxkYmkoyfHfxp
mi23n+VErzGxV7lKvU74XUCG5wveot9al+moYNjsNUH/cljp2YDhUY94ElU5RGS1
/fn9Jc99U8bkUZ6nNG+2/AAHkwSo2uizGo0ZlOVAVNSFTOdPMx6QjtTFz3LIZxtt
SSQKuHufgRc72UbJJ+TDomwrXR6A7c23n5CIz0PGun5V7RhAsebeHgRlKsgAqRs6
VZCKFWRAmDiUVE0j+pK4MQp9Sl/GZamHlUuB8DfNvfsnVkmMTKUkriN20j2wY9Ei
2QAx
-----END CERTIFICATE-----
Generated at Sun Apr 6 03:18:23 2025 by rpki-client