Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/oxqqJb6s3Y9_xl6qI2Z76gczjAE.roa
File: oxqqJb6s3Y9_xl6qI2Z76gczjAE.roa (raw, json)
Hash identifier: 3Mi3svCpiZUvbXpx9Bao9teVj53BNUZ6cGIpnDn9NXg=
Subject key identifier: A3:1A:AA:25:BE:AC:DD:8F:7F:C6:5E:AA:23:66:7B:EA:07:33:8C:01
Certificate issuer: /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial: 019424B29A4378F788EF035E2A77CDA68B5C
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/oxqqJb6s3Y9_xl6qI2Z76gczjAE.roa
Signing time: Thu 02 Jan 2025 01:47:52 +0000
ROA not before: Thu 02 Jan 2025 01:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397227
IP address blocks: 37.209.192.0/24 maxlen: 24
37.209.194.0/24 maxlen: 24
37.209.196.0/24 maxlen: 24
37.209.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 04:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:9a:43:78:f7:88:ef:03:5e:2a:77:cd:a6:8b:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Validity
Not Before: Jan 2 01:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a31aaa25beacdd8f7fc65eaa23667bea07338c01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:1c:ff:84:c4:af:2f:c5:34:53:2a:78:3a:70:
37:d3:c3:37:c4:1b:d0:cb:7e:1a:38:f7:40:4b:68:
97:74:aa:ce:f6:6b:6a:87:c0:17:70:59:b8:8d:c0:
95:66:95:68:3a:81:c6:79:45:bf:d3:56:bf:a5:75:
7e:98:47:79:c8:ef:f1:05:bd:90:72:42:69:9e:cf:
ee:4a:f5:39:de:b3:ed:71:16:1d:69:da:d8:86:a4:
4e:c9:cf:30:0f:d8:b0:db:b6:67:aa:2e:76:d3:63:
45:b8:22:96:0e:94:a3:a1:04:7b:16:7f:ff:e4:47:
da:7f:0f:04:07:77:c2:18:65:ac:7e:c5:76:1c:69:
12:52:d0:a7:45:64:23:38:b0:40:14:4e:ef:d2:bc:
af:69:81:71:2d:d7:8c:da:fe:2e:e5:d3:01:a9:1c:
63:f5:e8:7e:41:58:75:9b:72:27:c3:8d:90:dd:91:
a5:37:bc:63:36:db:de:75:ac:0c:f2:4e:f6:c8:32:
38:10:fa:ea:cf:7f:5c:29:db:40:9f:80:fe:fb:4b:
24:db:35:c6:c1:a8:9d:4b:00:ff:09:4f:c5:1a:86:
f2:9c:50:1b:e6:4c:3d:b0:a6:d1:7a:ac:fc:73:7f:
4f:33:f0:7c:64:62:f0:05:06:53:ef:e5:36:f7:fb:
18:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:1A:AA:25:BE:AC:DD:8F:7F:C6:5E:AA:23:66:7B:EA:07:33:8C:01
X509v3 Authority Key Identifier:
keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/oxqqJb6s3Y9_xl6qI2Z76gczjAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.192.0/24
37.209.194.0/24
37.209.196.0/24
37.209.198.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:63:36:c4:50:75:52:19:02:28:0a:48:a8:5b:0b:7f:e5:1a:
62:59:a1:25:ff:a8:3e:c0:af:23:02:e3:0b:51:9d:fd:63:73:
aa:ce:f4:9e:59:9e:91:ec:2b:b6:2b:d3:eb:02:8f:42:b3:80:
a8:63:9f:6a:49:1f:c2:d8:dc:c8:ef:c9:2e:c4:e6:4f:6a:0a:
e9:6e:7f:b4:f6:8f:38:94:68:d3:46:ce:a1:e5:38:fb:0e:7a:
9e:5a:08:d0:d6:6f:16:0f:6f:3a:10:4b:cc:93:af:a6:45:84:
5d:cc:a4:b5:dc:2e:50:19:f9:80:7e:27:19:02:9c:d6:4d:63:
47:8f:37:6a:fb:18:a9:c4:9f:67:21:f8:c5:d9:a8:38:9d:cb:
b4:89:31:c4:59:2a:43:b0:5a:98:d1:a4:f3:74:df:9f:65:06:
38:74:f7:2e:98:3a:d7:92:e6:c1:f7:b6:f5:cc:b4:3e:bc:28:
2c:f1:e5:e9:5f:7d:ba:97:17:23:c0:11:e8:76:19:a1:d1:4e:
d7:bf:e8:fd:c2:6b:81:53:e0:fe:e4:32:56:3c:c0:00:c2:60:
b3:14:f3:8f:90:84:61:0d:e8:5a:1b:05:fe:3c:bc:ae:33:bd:
56:43:81:12:75:0d:4e:9e:9e:bc:1d:37:a3:41:75:b2:a9:44:
fb:7d:7c:00
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQksppDePeI7wNeKnfNpotcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjUwMTAyMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzFhYWEyNWJlYWNkZDhmN2ZjNjVlYWEyMzY2N2JlYTA3MzM4YzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxz/hMSvL8U0Uyp4OnA308M3xBvQ
y34aOPdAS2iXdKrO9mtqh8AXcFm4jcCVZpVoOoHGeUW/01a/pXV+mEd5yO/xBb2Q
ckJpns/uSvU53rPtcRYdadrYhqROyc8wD9iw27Znqi5202NFuCKWDpSjoQR7Fn//
5Efafw8EB3fCGGWsfsV2HGkSUtCnRWQjOLBAFE7v0ryvaYFxLdeM2v4u5dMBqRxj
9eh+QVh1m3Inw42Q3ZGlN7xjNtvedawM8k72yDI4EPrqz39cKdtAn4D++0sk2zXG
waidSwD/CU/FGobynFAb5kw9sKbReqz8c39PM/B8ZGLwBQZT7+U29/sYGQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKMaqiW+rN2Pf8ZeqiNme+oHM4wBMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvb3hxcUpiNnMzWTlfeGw2cUkyWjc2Z2N6akFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQB/YzbEUHVSGQIoCkio
Wwt/5RpiWaEl/6g+wK8jAuMLUZ39Y3OqzvSeWZ6R7Cu2K9PrAo9Cs4CoY59qSR/C
2NzI78kuxOZPagrpbn+09o84lGjTRs6h5Tj7DnqeWgjQ1m8WD286EEvMk6+mRYRd
zKS13C5QGfmAficZApzWTWNHjzdq+xipxJ9nIfjF2ag4ncu0iTHEWSpDsFqY0aTz
dN+fZQY4dPcumDrXkubB97b1zLQ+vCgs8eXpX326lxcjwBHodhmh0U7Xv+j9wmuB
U+D+5DJWPMAAwmCzFPOPkIRhDehaGwX+PLyuM71WQ4ESdQ1Onp68HTejQXWyqUT7
fXwA
-----END CERTIFICATE-----
Generated at Sun Apr 6 15:07:28 2025 by rpki-client