Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/N9sOXFw97UnrkSQWGmd4QE2g0Pc.roa
File: N9sOXFw97UnrkSQWGmd4QE2g0Pc.roa (raw, json)
Hash identifier: FcVUr7Wqd51Nq1eKBFPb0ZOL/WKLNXNrrGtgMRztb2M=
Subject key identifier: 37:DB:0E:5C:5C:3D:ED:49:EB:91:24:16:1A:67:78:40:4D:A0:D0:F7
Certificate issuer: /CN=af73ff1ec55f49296dd734039fa0284cc400eb26
Certificate serial: 0194228DDC277E25A2C76DF99C5C8E0CF316
Authority key identifier: AF:73:FF:1E:C5:5F:49:29:6D:D7:34:03:9F:A0:28:4C:C4:00:EB:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r3P_HsVfSSlt1zQDn6AoTMQA6yY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/N9sOXFw97UnrkSQWGmd4QE2g0Pc.roa
Signing time: Wed 01 Jan 2025 15:48:29 +0000
ROA not before: Wed 01 Jan 2025 15:48:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24864
IP address blocks: 2.58.144.0/23 maxlen: 24
89.188.64.0/21 maxlen: 24
185.159.56.0/22 maxlen: 24
193.110.28.0/22 maxlen: 24
195.234.157.0/24 maxlen: 24
217.13.176.0/20 maxlen: 24
2a02:7c8::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/r3P_HsVfSSlt1zQDn6AoTMQA6yY.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/r3P_HsVfSSlt1zQDn6AoTMQA6yY.mft
rsync://rpki.ripe.net/repository/DEFAULT/r3P_HsVfSSlt1zQDn6AoTMQA6yY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:dc:27:7e:25:a2:c7:6d:f9:9c:5c:8e:0c:f3:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af73ff1ec55f49296dd734039fa0284cc400eb26
Validity
Not Before: Jan 1 15:48:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37db0e5c5c3ded49eb9124161a6778404da0d0f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:f4:d4:45:a4:36:32:62:54:5a:e3:15:b6:f1:
6f:35:f9:66:f2:4c:bc:7d:aa:e6:d8:68:ca:02:cf:
82:ab:a6:ee:72:c1:d5:da:6c:e0:a6:ca:af:1f:1b:
6f:59:2c:c7:ba:62:f0:b1:f5:87:df:6c:56:8a:32:
12:67:06:e0:01:72:d8:e8:9e:f2:e9:00:e8:4d:b2:
8c:66:ca:0b:ba:46:c8:c4:cc:00:e9:02:6b:fd:8c:
ca:51:7a:5c:7f:af:b5:f6:26:d5:8a:3e:9e:d3:5b:
28:dd:46:67:27:3b:cc:d0:10:f5:10:45:b0:cc:a7:
48:75:d1:71:8d:1b:53:1b:db:0f:2f:2f:a7:48:30:
87:54:fe:b9:56:77:11:50:88:99:83:b5:a3:57:24:
ad:ee:8c:e6:00:84:fc:75:3f:b1:d1:42:06:16:88:
d0:64:f6:a3:88:2d:aa:b3:d4:f4:8b:a8:25:b9:92:
a1:58:ef:2d:0c:44:f5:43:07:7a:42:af:10:37:38:
24:dc:f5:d8:f0:ce:10:91:b7:b2:b6:23:3e:74:11:
0c:56:2d:90:50:6d:0b:08:ab:e8:42:f3:45:ff:d4:
1e:74:0b:ee:a9:ac:67:a7:bb:25:6d:34:ac:48:75:
6e:94:a9:0d:bc:10:25:38:60:97:69:69:b9:74:4b:
57:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:DB:0E:5C:5C:3D:ED:49:EB:91:24:16:1A:67:78:40:4D:A0:D0:F7
X509v3 Authority Key Identifier:
keyid:AF:73:FF:1E:C5:5F:49:29:6D:D7:34:03:9F:A0:28:4C:C4:00:EB:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3P_HsVfSSlt1zQDn6AoTMQA6yY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/N9sOXFw97UnrkSQWGmd4QE2g0Pc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cea581-5cde-4574-ba0a-2c62de7b3e45/1/r3P_HsVfSSlt1zQDn6AoTMQA6yY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.144.0/23
89.188.64.0/21
185.159.56.0/22
193.110.28.0/22
195.234.157.0/24
217.13.176.0/20
IPv6:
2a02:7c8::/32
Signature Algorithm: sha256WithRSAEncryption
a5:c9:7d:d7:d4:a3:4e:1f:10:80:f9:b9:fc:7c:e9:f2:23:38:
3a:6f:23:ce:af:fc:b3:5a:ce:e7:dc:d3:72:60:ac:7d:83:c8:
41:50:fb:8e:7d:32:e6:dd:5e:c7:e5:6a:98:79:34:c6:a9:cc:
24:97:d6:76:1b:86:55:6c:8d:20:d0:58:a8:7f:5c:35:c3:25:
74:d4:d8:5b:2e:73:7b:91:e5:e3:05:a2:7c:5a:a6:be:ca:a8:
d4:40:be:fb:82:ab:10:3b:c3:d1:07:d9:3f:52:a8:02:de:ea:
a1:1c:5f:a6:1a:b1:f0:74:ec:6f:df:09:e8:16:c3:5b:87:68:
40:8a:bd:04:d2:11:12:68:8f:29:09:ca:75:1f:28:31:19:51:
5f:c0:e9:55:68:5f:6c:96:56:a8:c3:6f:05:32:e5:7f:39:84:
4f:aa:c2:1e:cb:3d:a7:72:e3:10:da:1a:e2:39:37:ea:7a:2f:
d4:26:df:4b:c7:ff:68:a1:dd:80:53:b1:d0:93:cb:c5:54:93:
ac:e1:01:a3:6d:b2:2a:4a:c9:1c:5f:92:f6:2c:c8:e3:bf:a2:
d3:18:12:8e:ee:c1:5e:1d:bf:8e:4b:df:19:43:08:64:a4:b8:
47:3d:df:ad:29:48:cd:59:a2:d6:5b:3e:ac:2d:a2:be:d3:a6:
a0:13:6f:5e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQijdwnfiWix235nFyODPMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzNmZjFlYzU1ZjQ5Mjk2ZGQ3MzQwMzlmYTAyODRjYzQw
MGViMjYwHhcNMjUwMTAxMTU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RiMGU1YzVjM2RlZDQ5ZWI5MTI0MTYxYTY3Nzg0MDRkYTBkMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufTURaQ2MmJUWuMVtvFvNflm8ky8
farm2GjKAs+Cq6bucsHV2mzgpsqvHxtvWSzHumLwsfWH32xWijISZwbgAXLY6J7y
6QDoTbKMZsoLukbIxMwA6QJr/YzKUXpcf6+19ibVij6e01so3UZnJzvM0BD1EEWw
zKdIddFxjRtTG9sPLy+nSDCHVP65VncRUIiZg7WjVySt7ozmAIT8dT+x0UIGFojQ
ZPajiC2qs9T0i6gluZKhWO8tDET1Qwd6Qq8QNzgk3PXY8M4QkbeytiM+dBEMVi2Q
UG0LCKvoQvNF/9QedAvuqaxnp7slbTSsSHVulKkNvBAlOGCXaWm5dEtXBQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDfbDlxcPe1J65EkFhpneEBNoND3MB8GA1UdIwQY
MBaAFK9z/x7FX0kpbdc0A5+gKEzEAOsmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNQX0hzVmZTU2x0MXpRRG42QW9UTVFBNnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jZWE1ODEtNWNkZS00NTc0LWJhMGEt
MmM2MmRlN2IzZTQ1LzEvTjlzT1hGdzk3VW5ya1NRV0dtZDRRRTJnMFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jZWE1ODEtNWNkZS00NTc0LWJhMGEtMmM2MmRlN2IzZTQ1
LzEvcjNQX0hzVmZTU2x0MXpRRG42QW9UTVFBNnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQBAjqQAwQD
WbxAAwQCuZ84AwQCwW4cAwQAw+qdAwQE2Q2wMA0EAgACMAcDBQAqAgfIMA0GCSqG
SIb3DQEBCwUAA4IBAQClyX3X1KNOHxCA+bn8fOnyIzg6byPOr/yzWs7n3NNyYKx9
g8hBUPuOfTLm3V7H5WqYeTTGqcwkl9Z2G4ZVbI0g0Fiof1w1wyV01NhbLnN7keXj
BaJ8Wqa+yqjUQL77gqsQO8PRB9k/UqgC3uqhHF+mGrHwdOxv3wnoFsNbh2hAir0E
0hESaI8pCcp1HygxGVFfwOlVaF9sllaow28FMuV/OYRPqsIeyz2ncuMQ2hriOTfq
ei/UJt9Lx/9ood2AU7HQk8vFVJOs4QGjbbIqSskcX5L2LMjjv6LTGBKO7sFeHb+O
S98ZQwhkpLhHPd+tKUjNWaLWWz6sLaK+06agE29e
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:48:38 2025 by rpki-client