Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/On6R4nNTZ0YYv_0GBGytm6COqe8.roa
File: On6R4nNTZ0YYv_0GBGytm6COqe8.roa (raw, json)
Hash identifier: bNbiiOOyNE6FHV7YY8Nd3d02QHZTqUZthKpv3jqVHn4=
Subject key identifier: 3A:7E:91:E2:73:53:67:46:18:BF:FD:06:04:6C:AD:9B:A0:8E:A9:EF
Certificate issuer: /CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
Certificate serial: 0194206855E1BDE38233560EACD2D12F6CE9
Authority key identifier: DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/On6R4nNTZ0YYv_0GBGytm6COqe8.roa
Signing time: Wed 01 Jan 2025 05:48:16 +0000
ROA not before: Wed 01 Jan 2025 05:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209242
IP address blocks: 25.25.25.0/24 maxlen: 24
25.26.27.0/24 maxlen: 24
25.129.196.0/23 maxlen: 23
25.129.198.0/23 maxlen: 23
2a08:600::/48 maxlen: 48
2a08:600:e0::/47 maxlen: 47
2a08:600:ee::/47 maxlen: 47
2a08:600:ff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/3EThniu05wI8wboQ1Jt07eS_hlw.crl
rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/3EThniu05wI8wboQ1Jt07eS_hlw.mft
rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:55:e1:bd:e3:82:33:56:0e:ac:d2:d1:2f:6c:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
Validity
Not Before: Jan 1 05:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a7e91e27353674618bffd06046cad9ba08ea9ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:cb:74:20:cb:2b:de:fc:6b:1b:b3:cb:02:d5:
f8:a8:27:19:58:62:b2:91:87:03:30:43:5d:1d:f7:
20:4c:d8:2f:ea:94:30:9c:1a:d2:1f:74:31:8d:46:
01:e0:15:38:32:52:5f:da:df:b9:59:d5:c4:05:84:
bd:3c:12:09:bf:fc:27:4d:55:12:f9:6f:42:6c:ac:
5d:87:e5:8b:98:b2:78:fd:ae:49:dc:93:12:c4:2c:
e4:fa:dd:0e:62:b2:ed:39:25:f9:1a:9f:8a:40:6a:
0c:c0:b3:c0:90:a0:6b:18:96:09:be:00:5e:a6:22:
62:a9:db:16:f5:9f:71:7f:ee:d6:37:3f:e0:6c:fb:
97:f3:1a:3e:81:ad:f1:26:7f:48:4b:c5:6d:dc:ea:
19:28:ed:55:37:21:72:06:bd:f8:d1:e7:5d:1c:74:
6d:89:55:a8:5e:e2:d5:de:c8:66:9a:8f:27:8b:64:
56:dc:47:a6:66:b6:50:5f:12:26:82:07:4c:2c:2b:
19:cc:69:58:e6:f3:76:5f:b7:be:5d:0c:61:b9:a5:
3b:23:fa:7f:60:98:76:3f:55:70:b5:7c:75:f1:ca:
cf:08:9f:b0:c8:f5:23:6f:25:e1:0c:75:96:7d:6d:
9e:fd:f2:bb:21:42:24:4b:c7:4e:52:92:8f:f7:46:
56:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:7E:91:E2:73:53:67:46:18:BF:FD:06:04:6C:AD:9B:A0:8E:A9:EF
X509v3 Authority Key Identifier:
keyid:DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/On6R4nNTZ0YYv_0GBGytm6COqe8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/3EThniu05wI8wboQ1Jt07eS_hlw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
25.25.25.0/24
25.26.27.0/24
25.129.196.0/22
IPv6:
2a08:600::/48
2a08:600:e0::/47
2a08:600:ee::/47
2a08:600:ff::/48
Signature Algorithm: sha256WithRSAEncryption
55:69:39:c9:6e:ef:2c:8d:36:b9:47:b7:b9:9f:98:26:72:54:
90:d1:74:2a:28:22:a6:a0:bf:d8:4e:0e:94:f8:60:31:a9:e1:
cd:6d:ea:d1:07:85:23:de:57:a6:a1:59:d9:eb:7e:a6:89:95:
83:c1:c1:05:b2:29:a3:ac:13:3b:d2:25:93:9d:6f:66:d6:bd:
66:34:23:31:6a:34:64:1b:ce:0e:bc:3f:3a:34:e1:06:56:01:
59:00:e0:0e:06:82:87:31:11:e8:bc:66:14:39:ac:ba:80:86:
44:bc:cc:62:1b:42:83:c8:5b:fe:d1:69:80:22:b7:96:e6:46:
13:cf:43:35:39:67:df:09:e2:73:d0:32:69:8b:d0:d6:bb:43:
86:09:15:3f:ba:8b:12:e7:93:cc:23:0e:0d:56:c0:99:ed:7a:
88:fd:98:84:13:19:f2:63:21:d5:8b:5e:d5:47:74:7e:e0:35:
21:dd:e4:ce:c5:eb:5b:b0:4b:50:3f:38:b2:0c:af:43:90:22:
29:6c:92:28:18:c3:02:46:ec:be:69:74:d7:7f:49:5c:f9:5d:
83:43:35:b1:c8:32:f6:e6:b9:5c:f6:e9:40:a5:f8:eb:6b:f7:
27:f9:2a:e4:37:7b:27:45:21:74:f7:f3:30:94:54:03:08:9c:
8f:a2:7f:b2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQgaFXhveOCM1YOrNLRL2zpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDRlMTllMmJiNGU3MDIzY2MxYmExMGQ0OWI3NGVkZTRi
Zjg2NWMwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdlOTFlMjczNTM2NzQ2MThiZmZkMDYwNDZjYWQ5YmEwOGVhOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmct0IMsr3vxrG7PLAtX4qCcZWGKy
kYcDMENdHfcgTNgv6pQwnBrSH3QxjUYB4BU4MlJf2t+5WdXEBYS9PBIJv/wnTVUS
+W9CbKxdh+WLmLJ4/a5J3JMSxCzk+t0OYrLtOSX5Gp+KQGoMwLPAkKBrGJYJvgBe
piJiqdsW9Z9xf+7WNz/gbPuX8xo+ga3xJn9IS8Vt3OoZKO1VNyFyBr340eddHHRt
iVWoXuLV3shmmo8ni2RW3EemZrZQXxImggdMLCsZzGlY5vN2X7e+XQxhuaU7I/p/
YJh2P1VwtXx18crPCJ+wyPUjbyXhDHWWfW2e/fK7IUIkS8dOUpKP90ZWMwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDp+keJzU2dGGL/9BgRsrZugjqnvMB8GA1UdIwQY
MBaAFNxE4Z4rtOcCPMG6ENSbdO3kv4ZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjIt
NGM4MmFjZTcyYzg1LzEvT242UjRuTlRaMFlZdl8wR0JHeXRtNkNPcWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjItNGM4MmFjZTcyYzg1
LzEvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAYBAIAATASAwQAGRkZAwQA
GRobAwQCGYHEMCoEAgACMCQDBwAqCAYAAAADBwEqCAYAAOADBwEqCAYAAO4DBwAq
CAYAAP8wDQYJKoZIhvcNAQELBQADggEBAFVpOclu7yyNNrlHt7mfmCZyVJDRdCoo
Iqagv9hODpT4YDGp4c1t6tEHhSPeV6ahWdnrfqaJlYPBwQWyKaOsEzvSJZOdb2bW
vWY0IzFqNGQbzg68Pzo04QZWAVkA4A4GgocxEei8ZhQ5rLqAhkS8zGIbQoPIW/7R
aYAit5bmRhPPQzU5Z98J4nPQMmmL0Na7Q4YJFT+6ixLnk8wjDg1WwJnteoj9mIQT
GfJjIdWLXtVHdH7gNSHd5M7F61uwS1A/OLIMr0OQIilskigYwwJG7L5pdNd/SVz5
XYNDNbHIMvbmuVz26UCl+Otr9yf5KuQ3eydFIXT38zCUVAMInI+if7I=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:38:05 2025 by rpki-client