Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XD3pFL9Q_FZXp8mNCcZObqRMVXg.roa
File: XD3pFL9Q_FZXp8mNCcZObqRMVXg.roa (raw, json)
Hash identifier: g5/ZHa0TuYu8Xziy6YKoSXXXe+7v69Kf3qZJF69vu/k=
Subject key identifier: 5C:3D:E9:14:BF:50:FC:56:57:A7:C9:8D:09:C6:4E:6E:A4:4C:55:78
Certificate issuer: /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial: 019426D9F86CFD8516B53EEE68684ED5D6C5
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XD3pFL9Q_FZXp8mNCcZObqRMVXg.roa
Signing time: Thu 02 Jan 2025 11:50:06 +0000
ROA not before: Thu 02 Jan 2025 11:50:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43531
IP address blocks: 31.217.128.0/19 maxlen: 24
31.217.128.0/24 maxlen: 24
31.217.129.0/24 maxlen: 24
31.217.130.0/24 maxlen: 24
46.18.168.0/21 maxlen: 24
83.243.16.0/21 maxlen: 24
89.30.0.0/17 maxlen: 24
89.30.68.0/22 maxlen: 24
91.196.184.0/22 maxlen: 24
185.55.16.0/22 maxlen: 24
185.143.244.0/22 maxlen: 22
2a01:8200::/32 maxlen: 48
2a02:27f0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 12:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:f8:6c:fd:85:16:b5:3e:ee:68:68:4e:d5:d6:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Validity
Not Before: Jan 2 11:50:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c3de914bf50fc5657a7c98d09c64e6ea44c5578
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:9f:cd:b5:64:67:bd:73:2f:21:33:97:e7:2e:
67:71:83:12:98:c8:34:af:81:f4:00:12:a6:59:3b:
a5:07:6a:58:2b:c0:f4:f1:b5:c2:79:a1:17:b8:1b:
57:9e:ec:66:57:0d:8e:91:49:fb:81:4b:7a:55:ce:
98:38:ed:47:bc:b5:52:a9:96:70:b6:d7:fb:f2:17:
99:ea:3a:6f:c8:8e:c0:53:58:8c:4b:1b:66:b2:f2:
73:19:f4:5f:1b:a4:8c:88:85:0b:61:c5:ad:c9:5b:
af:b0:e6:19:f4:8d:3d:12:ae:28:74:e6:ed:af:ea:
aa:af:91:cd:fc:98:97:a6:83:60:e6:d8:ad:0f:5d:
40:f0:0d:a9:ff:cd:f6:c8:ae:05:dd:d6:30:5b:2f:
5f:51:0d:90:ff:c3:75:0c:ca:8d:fd:3e:aa:19:f5:
3a:42:d9:72:6f:43:f0:2c:c4:d7:46:7e:15:99:53:
83:53:6d:aa:b7:a9:fa:76:6e:f3:84:f5:2a:06:13:
61:50:96:b7:7b:0a:8e:f6:84:6d:6d:6a:21:34:28:
db:38:7c:6b:9e:00:b2:7b:ed:ee:0f:55:bb:56:d4:
23:82:48:a2:b4:f0:84:98:46:06:a9:6e:d6:47:b2:
ef:cf:0a:77:d6:8f:c9:70:fc:96:5a:4b:9e:38:4f:
1c:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:3D:E9:14:BF:50:FC:56:57:A7:C9:8D:09:C6:4E:6E:A4:4C:55:78
X509v3 Authority Key Identifier:
keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XD3pFL9Q_FZXp8mNCcZObqRMVXg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.128.0/19
46.18.168.0/21
83.243.16.0/21
89.30.0.0/17
91.196.184.0/22
185.55.16.0/22
185.143.244.0/22
IPv6:
2a01:8200::/32
2a02:27f0::/32
Signature Algorithm: sha256WithRSAEncryption
63:1f:0f:8e:e1:a6:64:9a:c0:73:bc:46:21:2d:8f:17:3c:b1:
be:3f:e2:f2:76:4b:cf:bb:4e:7e:e6:63:aa:df:de:d6:ea:02:
e8:8f:25:08:a4:4a:51:bf:9d:c1:93:fd:a6:e6:23:33:4f:f7:
78:fd:6f:57:6b:d7:72:16:dc:d9:54:8e:bc:85:31:af:a1:69:
97:3b:64:94:ae:ba:1e:a5:78:5e:52:49:df:80:5e:f1:c5:74:
ff:25:73:5e:8b:52:ae:bd:c4:8b:e8:01:ec:5c:37:a1:65:dd:
ee:40:96:a1:7a:dc:ba:8b:40:fc:ca:b1:de:65:c7:1f:e7:0b:
b4:af:41:c2:b5:00:29:9c:df:ec:e6:46:71:12:41:05:07:3c:
a8:c5:ad:f1:3c:67:41:fc:24:0c:73:b9:c3:44:a0:c9:10:53:
43:df:6b:94:9c:df:96:bf:85:db:b7:13:84:c9:b2:0f:fc:f5:
c3:ec:8f:d5:9b:a4:67:2c:ac:c1:20:df:2b:ca:f1:66:35:07:
fc:44:d2:06:29:07:fc:47:d8:8b:2e:d4:ea:98:1d:42:6d:b3:
3e:39:a8:92:43:db:62:f9:1f:40:51:df:fd:64:70:f6:1d:b2:
6c:78:dc:3a:33:72:c0:be:78:f2:11:a5:00:3e:8d:aa:b7:10:
d0:0e:c6:dc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZQm2fhs/YUWtT7uaGhO1dbFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNkZTkxNGJmNTBmYzU2NTdhN2M5OGQwOWM2NGU2ZWE0NGM1NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ/NtWRnvXMvITOX5y5ncYMSmMg0
r4H0ABKmWTulB2pYK8D08bXCeaEXuBtXnuxmVw2OkUn7gUt6Vc6YOO1HvLVSqZZw
ttf78heZ6jpvyI7AU1iMSxtmsvJzGfRfG6SMiIULYcWtyVuvsOYZ9I09Eq4odObt
r+qqr5HN/JiXpoNg5titD11A8A2p/832yK4F3dYwWy9fUQ2Q/8N1DMqN/T6qGfU6
Qtlyb0PwLMTXRn4VmVODU22qt6n6dm7zhPUqBhNhUJa3ewqO9oRtbWohNCjbOHxr
ngCye+3uD1W7VtQjgkiitPCEmEYGqW7WR7Lvzwp31o/JcPyWWkueOE8c+wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFFw96RS/UPxWV6fJjQnGTm6kTFV4MB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvWEQzcEZMOVFfRlpYcDhtTkNjWk9icVJNVlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQFH9mAAwQD
LhKoAwQDU/MQAwQHWR4AAwQCW8S4AwQCuTcQAwQCuY/0MBQEAgACMA4DBQAqAYIA
AwUAKgIn8DANBgkqhkiG9w0BAQsFAAOCAQEAYx8PjuGmZJrAc7xGIS2PFzyxvj/i
8nZLz7tOfuZjqt/e1uoC6I8lCKRKUb+dwZP9puYjM0/3eP1vV2vXchbc2VSOvIUx
r6FplztklK66HqV4XlJJ34Be8cV0/yVzXotSrr3Ei+gB7Fw3oWXd7kCWoXrcuotA
/Mqx3mXHH+cLtK9BwrUAKZzf7OZGcRJBBQc8qMWt8TxnQfwkDHO5w0SgyRBTQ99r
lJzflr+F27cThMmyD/z1w+yP1ZukZyyswSDfK8rxZjUH/ETSBikH/EfYiy7U6pgd
Qm2zPjmokkPbYvkfQFHf/WRw9h2ybHjcOjNywL548hGlAD6NqrcQ0A7G3A==
-----END CERTIFICATE-----
Generated at Thu Apr 17 20:16:15 2025 by rpki-client