Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/39Hl2YtVKmMlT4Np8aTqcLmOeDQ.roa
File: 39Hl2YtVKmMlT4Np8aTqcLmOeDQ.roa (raw, json)
Hash identifier: J30KXNySdgIczVtUgN74dsxfOaEmv254pBQGUApoGWU=
Subject key identifier: DF:D1:E5:D9:8B:55:2A:63:25:4F:83:69:F1:A4:EA:70:B9:8E:78:34
Certificate issuer: /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial: 01961E742C98FD16FACD738F24BFEF5BFC0D
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/39Hl2YtVKmMlT4Np8aTqcLmOeDQ.roa
Signing time: Thu 10 Apr 2025 06:47:32 +0000
ROA not before: Thu 10 Apr 2025 06:47:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31500
IP address blocks: 91.108.40.0/24 maxlen: 24
91.108.50.0/24 maxlen: 24
94.124.180.0/23 maxlen: 23
94.124.182.0/24 maxlen: 24
94.124.183.0/24 maxlen: 24
95.140.80.0/20 maxlen: 20
95.140.80.0/24 maxlen: 32
95.140.81.0/24 maxlen: 24
95.140.82.0/24 maxlen: 24
95.140.83.0/24 maxlen: 24
95.140.88.0/24 maxlen: 24
95.140.89.0/24 maxlen: 24
95.140.90.0/24 maxlen: 24
95.140.91.0/24 maxlen: 24
95.140.93.0/24 maxlen: 24
95.140.95.0/24 maxlen: 24
95.161.128.0/24 maxlen: 24
95.161.240.0/20 maxlen: 24
109.239.128.0/24 maxlen: 24
109.239.129.0/24 maxlen: 24
109.239.130.0/24 maxlen: 24
109.239.130.128/25 maxlen: 25
109.239.131.0/24 maxlen: 24
109.239.132.0/24 maxlen: 24
109.239.133.0/24 maxlen: 24
109.239.134.0/24 maxlen: 24
109.239.135.0/24 maxlen: 24
109.239.136.0/23 maxlen: 23
109.239.138.0/24 maxlen: 24
109.239.139.0/24 maxlen: 24
109.239.140.0/24 maxlen: 24
109.239.141.0/24 maxlen: 24
109.239.142.0/24 maxlen: 24
109.239.143.0/24 maxlen: 24
178.18.228.0/24 maxlen: 24
178.18.229.0/24 maxlen: 24
178.18.231.0/24 maxlen: 24
178.18.232.0/24 maxlen: 24
2001:b28::/32 maxlen: 32
2001:b28:4::/48 maxlen: 48
2001:b28:7b0c::/48 maxlen: 48
2001:b28:9999::/48 maxlen: 48
2001:b28:9a9c::/48 maxlen: 48
2001:b28:a451::/48 maxlen: 48
2001:b28:ffff::/48 maxlen: 48
2a03:5f80::/46 maxlen: 46
2a03:5f80:2:10::/64 maxlen: 64
2a03:5f80:8::/46 maxlen: 46
2a03:5f80:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:1e:74:2c:98:fd:16:fa:cd:73:8f:24:bf:ef:5b:fc:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Validity
Not Before: Apr 10 06:47:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dfd1e5d98b552a63254f8369f1a4ea70b98e7834
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e7:01:a8:d8:29:c2:91:f6:f7:36:9f:3d:ac:
18:7b:d6:bb:66:76:9a:4f:54:70:b9:e0:86:89:08:
d6:73:dc:8c:14:50:c2:ff:20:a4:2d:bc:10:0c:3b:
af:a9:fb:15:da:ec:d0:bf:9b:fd:24:c6:c8:41:6a:
28:b3:75:43:34:85:a8:30:ae:8e:97:b9:d0:bd:64:
af:c9:15:19:13:50:15:64:49:87:bc:ef:97:23:f0:
7b:5a:93:c9:92:b6:a0:c5:14:25:1f:f9:bf:30:b6:
25:12:d2:07:c5:1e:d7:18:44:a0:c0:6b:a7:27:18:
4a:a5:42:ba:46:de:8a:7d:c1:dd:73:da:e0:4f:3d:
3d:ea:9b:30:5a:a7:01:e8:5b:2a:ac:45:13:59:e8:
b9:25:b9:4c:b9:77:da:93:fc:5f:09:16:90:4c:5c:
54:ed:9a:8a:41:13:56:b3:ba:86:5d:ea:e7:e3:71:
c7:80:35:40:b9:d7:a8:0c:cd:cf:65:8e:5b:d0:10:
d6:7b:a4:2b:8f:59:19:c9:ea:cf:34:98:e9:c3:5e:
d1:48:f1:28:ae:b9:3c:b7:b3:bd:e1:5d:9a:a8:96:
d4:d5:32:61:2f:59:a7:09:f9:3c:d9:d3:bb:93:33:
7a:13:cb:4a:e8:1e:2b:0d:42:33:81:e2:13:c3:2b:
f6:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:D1:E5:D9:8B:55:2A:63:25:4F:83:69:F1:A4:EA:70:B9:8E:78:34
X509v3 Authority Key Identifier:
keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/39Hl2YtVKmMlT4Np8aTqcLmOeDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.40.0/24
91.108.50.0/24
94.124.180.0/22
95.140.80.0/20
95.161.128.0/24
95.161.240.0/20
109.239.128.0/20
178.18.228.0/23
178.18.231.0-178.18.232.255
IPv6:
2001:b28::/32
2a03:5f80::/46
2a03:5f80:8::/46
Signature Algorithm: sha256WithRSAEncryption
82:53:91:15:05:0c:b3:b0:2f:9b:30:3a:51:9f:96:8d:f5:de:
35:d7:52:95:d5:db:1c:59:45:7c:0b:00:0a:b9:59:94:17:10:
9d:22:40:9b:17:82:2a:5e:80:52:da:49:43:fa:95:5f:5e:e4:
70:d9:5d:cd:66:ef:1f:09:22:65:cc:33:ce:6e:a0:e8:f5:fc:
12:49:14:1c:7c:74:b9:9c:6a:6c:34:e8:65:2e:6d:ce:4e:70:
00:c8:5c:74:e5:01:08:9c:bc:c6:eb:76:cf:cd:0e:00:b1:2f:
20:15:51:fc:a3:42:90:22:92:67:47:64:c3:2a:2a:b5:e6:7b:
c2:93:82:d7:5f:a8:27:86:c8:0c:9b:3c:3a:ee:71:26:41:29:
00:c3:05:fc:09:22:e9:21:e0:49:e4:3d:2e:31:8f:b8:ef:46:
95:c7:7f:79:2e:b5:d0:7a:40:67:35:35:08:10:f9:c3:6b:76:
32:df:af:57:1b:11:79:c3:5f:27:04:ec:a0:40:46:63:71:7f:
19:39:b2:96:86:3e:52:23:7a:99:92:7a:02:65:43:8a:d5:ae:
24:fb:aa:ef:21:b7:42:d5:e8:3f:7a:4d:0f:c0:fe:de:23:16:
7e:b3:03:82:9d:ad:da:8a:05:9e:cc:a2:47:d2:1f:48:f1:ed:
2b:d2:45:5b
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZYedCyY/Rb6zXOPJL/vW/wNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjUwNDEwMDY0NzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmQxZTVkOThiNTUyYTYzMjU0ZjgzNjlmMWE0ZWE3MGI5OGU3ODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuucBqNgpwpH29zafPawYe9a7Znaa
T1RwueCGiQjWc9yMFFDC/yCkLbwQDDuvqfsV2uzQv5v9JMbIQWoos3VDNIWoMK6O
l7nQvWSvyRUZE1AVZEmHvO+XI/B7WpPJkragxRQlH/m/MLYlEtIHxR7XGESgwGun
JxhKpUK6Rt6KfcHdc9rgTz096pswWqcB6FsqrEUTWei5JblMuXfak/xfCRaQTFxU
7ZqKQRNWs7qGXern43HHgDVAudeoDM3PZY5b0BDWe6Qrj1kZyerPNJjpw17RSPEo
rrk8t7O94V2aqJbU1TJhL1mnCfk82dO7kzN6E8tK6B4rDUIzgeITwyv2nQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFN/R5dmLVSpjJU+DafGk6nC5jng0MB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvMzlIbDJZdFZLbU1sVDROcDhhVHFjTG1PZURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBEBAIAATA+AwQAW2woAwQA
W2wyAwQCXny0AwQEX4xQAwQAX6GAAwQEX6HwAwQEbe+AAwQBshLkMAwDBACyEucD
BACyEugwHwQCAAIwGQMFACABCygDBwIqA1+AAAADBwIqA1+AAAgwDQYJKoZIhvcN
AQELBQADggEBAIJTkRUFDLOwL5swOlGflo313jXXUpXV2xxZRXwLAAq5WZQXEJ0i
QJsXgipegFLaSUP6lV9e5HDZXc1m7x8JImXMM85uoOj1/BJJFBx8dLmcamw06GUu
bc5OcADIXHTlAQicvMbrds/NDgCxLyAVUfyjQpAikmdHZMMqKrXme8KTgtdfqCeG
yAybPDrucSZBKQDDBfwJIukh4EnkPS4xj7jvRpXHf3kutdB6QGc1NQgQ+cNrdjLf
r1cbEXnDXycE7KBARmNxfxk5spaGPlIjepmSegJlQ4rVriT7qu8ht0LV6D96TQ/A
/t4jFn6zA4KdrdqKBZ7MokfSH0jx7SvSRVs=
-----END CERTIFICATE-----
Generated at Tue Apr 22 18:45:55 2025 by rpki-client