Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/AVhJFVI2rddRDN9TZkxu2cOqd_U.roa
File: AVhJFVI2rddRDN9TZkxu2cOqd_U.roa (raw, json)
Hash identifier: Z21jddbs3xWpC/IPmSRdmy8CLER4CTA+wtUEhdmSjWA=
Subject key identifier: 01:58:49:15:52:36:AD:D7:51:0C:DF:53:66:4C:6E:D9:C3:AA:77:F5
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 01957FE8D4CF2CDAA4E44A183341F8139587
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/AVhJFVI2rddRDN9TZkxu2cOqd_U.roa
Signing time: Mon 10 Mar 2025 11:55:19 +0000
ROA not before: Mon 10 Mar 2025 11:55:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36454
IP address blocks: 65.181.112.0/24 maxlen: 24
65.181.113.0/24 maxlen: 24
65.181.116.0/24 maxlen: 24
65.181.123.0/24 maxlen: 24
65.181.124.0/24 maxlen: 24
65.181.125.0/24 maxlen: 24
162.208.8.0/24 maxlen: 24
162.208.9.0/24 maxlen: 24
162.208.10.0/24 maxlen: 24
162.208.11.0/24 maxlen: 24
192.243.96.0/24 maxlen: 24
192.243.97.0/24 maxlen: 24
192.243.98.0/24 maxlen: 24
192.243.99.0/24 maxlen: 24
192.243.100.0/24 maxlen: 24
192.243.101.0/24 maxlen: 24
192.243.102.0/24 maxlen: 24
192.243.103.0/24 maxlen: 24
192.243.104.0/24 maxlen: 24
192.243.105.0/24 maxlen: 24
192.243.106.0/24 maxlen: 24
192.243.107.0/24 maxlen: 24
192.243.108.0/24 maxlen: 24
192.243.109.0/24 maxlen: 24
192.243.111.0/24 maxlen: 24
192.250.224.0/20 maxlen: 20
192.250.226.0/24 maxlen: 24
192.250.227.0/24 maxlen: 24
192.250.236.0/24 maxlen: 24
195.250.25.0/24 maxlen: 24
198.38.90.0/24 maxlen: 24
199.175.48.0/24 maxlen: 24
199.175.49.0/24 maxlen: 24
199.175.50.0/24 maxlen: 24
199.175.51.0/24 maxlen: 24
199.175.52.0/24 maxlen: 24
199.175.53.0/24 maxlen: 24
199.175.54.0/24 maxlen: 24
199.175.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 03:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:7f:e8:d4:cf:2c:da:a4:e4:4a:18:33:41:f8:13:95:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Mar 10 11:55:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=015849155236add7510cdf53664c6ed9c3aa77f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:0b:9b:92:20:75:c3:cc:a3:b6:a4:26:d3:1b:
81:86:2e:cb:ec:97:f7:26:a0:dd:d8:86:22:1f:9e:
a4:83:b6:5f:38:a2:fb:ea:02:dd:3c:0a:1d:de:10:
ee:06:ee:41:c2:b8:69:d3:f9:02:92:e3:57:b3:86:
b6:57:48:f1:fa:76:11:55:f1:8b:a0:c1:b1:fe:2c:
03:74:82:f9:2c:00:55:87:76:80:04:1a:9a:fd:13:
31:7c:a0:ee:09:99:54:9b:7e:6d:53:0c:f8:43:fd:
f0:a1:85:d9:13:4a:82:db:9f:d5:29:a4:d1:f1:e5:
da:93:9d:07:f0:a0:5f:2c:09:42:31:4b:92:52:32:
55:3e:87:a8:55:d9:65:31:36:53:12:65:75:e2:6d:
ff:5b:23:18:34:2d:f6:df:a6:b8:3d:22:2d:d8:f6:
b1:3f:bc:8c:fa:34:58:16:36:41:e8:e3:0a:2d:26:
d9:bd:94:fb:5f:05:1e:cb:22:d5:94:3a:69:b5:e6:
0a:f6:58:2a:c5:25:42:ca:e0:b1:aa:ad:21:52:fa:
b3:ae:1d:6d:ae:a6:7c:2e:61:f8:c9:f5:a8:ae:dc:
f7:63:57:ce:07:bb:7b:89:4a:b8:5d:28:ae:02:f8:
f2:44:fa:03:ed:2f:5d:2b:1c:ed:4c:1d:fc:5e:a8:
90:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:58:49:15:52:36:AD:D7:51:0C:DF:53:66:4C:6E:D9:C3:AA:77:F5
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/AVhJFVI2rddRDN9TZkxu2cOqd_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.181.112.0/23
65.181.116.0/24
65.181.123.0-65.181.125.255
162.208.8.0/22
192.243.96.0-192.243.109.255
192.243.111.0/24
192.250.224.0/20
195.250.25.0/24
198.38.90.0/24
199.175.48.0/21
Signature Algorithm: sha256WithRSAEncryption
4c:17:79:85:9a:0d:e2:82:98:f4:2e:ca:22:81:fb:21:6a:17:
09:3c:b0:a9:85:36:dd:0c:6f:f3:5f:bc:5e:db:08:fc:62:97:
6a:c3:49:3a:b1:9d:b4:35:40:e9:47:f2:7b:ce:a5:c3:0a:fc:
f9:fb:ee:1d:80:3f:24:8c:5b:49:78:ff:df:93:49:a1:32:96:
fb:7f:f3:82:46:33:64:08:81:ae:01:be:dc:e6:07:75:b6:ad:
eb:a6:4c:5c:96:9c:4b:b1:7e:11:f5:46:9d:32:31:9d:e2:f2:
a5:af:3f:0e:6e:7a:04:94:67:ce:65:88:62:14:82:37:84:89:
7c:d1:aa:82:fd:78:9c:9d:60:66:9e:68:0b:ca:6a:fe:fc:87:
67:e2:59:9c:3f:a6:17:46:d2:52:32:74:57:4e:ad:cd:6a:e6:
2d:54:b6:4f:22:91:d1:cf:6b:e0:11:57:ee:5c:3c:de:77:64:
db:7e:ce:00:c8:c1:7e:e5:a4:f8:5c:7b:a3:d7:21:c9:a1:32:
a1:17:45:b2:f5:ca:06:93:cf:fc:0a:e2:6a:87:dc:eb:4b:b1:
cc:d7:51:5e:94:52:f9:02:51:e9:ea:3b:61:d2:d8:61:94:04:
49:86:54:e4:b7:ac:cd:f0:b2:0b:24:a8:aa:83:ec:ac:24:b3:
1a:22:82:bf
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZV/6NTPLNqk5EoYM0H4E5WHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwMzEwMTE1NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTU4NDkxNTUyMzZhZGQ3NTEwY2RmNTM2NjRjNmVkOWMzYWE3N2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAubkiB1w8yjtqQm0xuBhi7L7Jf3
JqDd2IYiH56kg7ZfOKL76gLdPAod3hDuBu5Bwrhp0/kCkuNXs4a2V0jx+nYRVfGL
oMGx/iwDdIL5LABVh3aABBqa/RMxfKDuCZlUm35tUwz4Q/3woYXZE0qC25/VKaTR
8eXak50H8KBfLAlCMUuSUjJVPoeoVdllMTZTEmV14m3/WyMYNC3236a4PSIt2Pax
P7yM+jRYFjZB6OMKLSbZvZT7XwUeyyLVlDppteYK9lgqxSVCyuCxqq0hUvqzrh1t
rqZ8LmH4yfWortz3Y1fOB7t7iUq4XSiuAvjyRPoD7S9dKxztTB38XqiQ0wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFAFYSRVSNq3XUQzfU2ZMbtnDqnf1MB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvQVZoSkZWSTJyZGRSRE45VFpreHUyY09xZF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQBQbVwAwQA
QbV0MAwDBABBtXsDBAFBtXwDBAKi0AgwDAMEBcDzYAMEAcDzbAMEAMDzbwMEBMD6
4AMEAMP6GQMEAMYmWgMEA8evMDANBgkqhkiG9w0BAQsFAAOCAQEATBd5hZoN4oKY
9C7KIoH7IWoXCTywqYU23Qxv81+8XtsI/GKXasNJOrGdtDVA6Ufye86lwwr8+fvu
HYA/JIxbSXj/35NJoTKW+3/zgkYzZAiBrgG+3OYHdbat66ZMXJacS7F+EfVGnTIx
neLypa8/Dm56BJRnzmWIYhSCN4SJfNGqgv14nJ1gZp5oC8pq/vyHZ+JZnD+mF0bS
UjJ0V06tzWrmLVS2TyKR0c9r4BFX7lw83ndk237OAMjBfuWk+Fx7o9chyaEyoRdF
svXKBpPP/Ariaofc60uxzNdRXpRS+QJR6eo7YdLYYZQESYZU5LeszfCyCySoqoPs
rCSzGiKCvw==
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:41:15 2025 by rpki-client