Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/vFNkivgTExOsjU64HiM4VzsQFiw.roa
File: vFNkivgTExOsjU64HiM4VzsQFiw.roa (raw, json)
Hash identifier: DXIqZ5v2rgtSNx+D9s1xP6RBmK/3bmgJ3j5QKRP0qEA=
Subject key identifier: BC:53:64:8A:F8:13:13:13:AC:8D:4E:B8:1E:23:38:57:3B:10:16:2C
Certificate issuer: /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial: 019426D9FE318ACF5BEEC9E12CF8D2B313E6
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/vFNkivgTExOsjU64HiM4VzsQFiw.roa
Signing time: Thu 02 Jan 2025 11:50:08 +0000
ROA not before: Thu 02 Jan 2025 11:50:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39326
IP address blocks: 37.235.54.0/24 maxlen: 24
37.235.55.0/24 maxlen: 24
151.236.19.0/24 maxlen: 24
2a03:f80:44::/48 maxlen: 48
2a03:f80:441::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 12:01:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:fe:31:8a:cf:5b:ee:c9:e1:2c:f8:d2:b3:13:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Validity
Not Before: Jan 2 11:50:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bc53648af8131313ac8d4eb81e2338573b10162c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:0d:ee:b0:02:fc:fa:2b:17:a2:aa:df:5e:35:
6e:d2:14:53:7d:e5:fc:26:ad:1f:14:d7:be:33:c1:
24:c7:d7:eb:d6:ca:52:f4:02:e0:7c:f1:18:39:e0:
66:0f:8f:1c:8f:79:94:1b:53:58:0f:4c:86:68:3d:
cd:9e:a3:4e:e2:8a:b7:39:5e:90:07:fb:8a:a7:ab:
65:a4:52:e4:b0:04:91:00:6c:1e:27:62:b9:2a:fa:
ed:19:95:4c:53:16:56:52:b0:58:8f:2b:3e:4f:82:
00:e9:9d:d9:66:b5:70:fe:d5:c6:f7:55:56:b5:3b:
79:52:19:69:76:d0:6d:fd:a6:5f:3e:46:bd:cf:3f:
4e:f6:1a:2a:fb:0e:ce:76:ad:25:14:b2:38:3f:c9:
3a:ba:e0:34:0d:aa:b3:83:5c:a9:28:57:4b:b6:54:
40:bb:1c:ca:dc:b2:43:b4:d5:ff:66:47:0e:a8:e3:
2c:ef:e9:c3:87:02:ee:ac:47:75:7b:5f:cf:4e:0c:
05:80:c2:e5:7c:85:b2:41:b9:2f:96:24:75:06:89:
92:45:1a:78:9a:69:93:c4:d3:0a:00:b3:9f:24:f9:
ba:3a:c3:cc:3f:01:da:06:4c:1a:39:a3:4f:8a:1d:
bc:2b:be:70:1a:24:55:19:76:a9:a7:a5:c9:c9:19:
aa:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:53:64:8A:F8:13:13:13:AC:8D:4E:B8:1E:23:38:57:3B:10:16:2C
X509v3 Authority Key Identifier:
keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/vFNkivgTExOsjU64HiM4VzsQFiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.54.0/23
151.236.19.0/24
IPv6:
2a03:f80:44::/48
2a03:f80:441::/48
Signature Algorithm: sha256WithRSAEncryption
3f:f3:e4:e1:12:ef:96:90:3c:bb:dd:a8:60:bd:0f:d6:b8:77:
e2:9f:ad:81:3a:70:67:54:36:00:dc:c2:b8:67:fd:bd:bd:7a:
c6:47:f6:ce:5e:84:76:c6:87:c7:61:e6:d6:ff:bc:5f:3b:90:
6e:73:53:78:54:48:34:33:21:9f:e7:d2:f2:b0:39:14:e4:5c:
58:96:31:56:7a:97:06:15:9a:e6:1f:72:81:94:8d:10:7c:c1:
a2:95:14:87:70:8f:d2:d5:7a:3a:a2:fe:0f:50:49:2c:10:93:
11:0d:88:51:a5:40:4e:52:bc:77:f0:63:b4:bb:3b:21:10:9c:
fb:81:f3:96:d4:fd:f7:a7:76:8d:85:c6:b0:10:96:39:53:54:
7a:1c:ea:f5:16:97:42:40:04:0e:b6:7c:cd:f1:82:94:63:40:
bb:8d:70:c7:eb:47:72:d6:d5:79:35:71:c2:8b:bf:aa:6b:7a:
2f:99:81:6c:df:10:37:4f:1c:70:71:2f:b5:6b:05:83:eb:29:
80:17:3f:ad:24:9b:b4:94:2c:62:bd:39:29:dc:42:fa:a3:31:
d0:2c:20:76:95:f6:bc:88:c9:5f:b2:ea:a2:15:c6:d1:ac:06:
53:e3:a3:e3:ba:83:f0:65:f3:d3:e8:0b:df:fe:54:cf:a9:35:
26:84:0b:a3
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQm2f4xis9b7snhLPjSsxPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwMTAyMTE1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzUzNjQ4YWY4MTMxMzEzYWM4ZDRlYjgxZTIzMzg1NzNiMTAxNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyw3usAL8+isXoqrfXjVu0hRTfeX8
Jq0fFNe+M8Ekx9fr1spS9ALgfPEYOeBmD48cj3mUG1NYD0yGaD3NnqNO4oq3OV6Q
B/uKp6tlpFLksASRAGweJ2K5KvrtGZVMUxZWUrBYjys+T4IA6Z3ZZrVw/tXG91VW
tTt5UhlpdtBt/aZfPka9zz9O9hoq+w7Odq0lFLI4P8k6uuA0Daqzg1ypKFdLtlRA
uxzK3LJDtNX/ZkcOqOMs7+nDhwLurEd1e1/PTgwFgMLlfIWyQbkvliR1BomSRRp4
mmmTxNMKALOfJPm6OsPMPwHaBkwaOaNPih28K75wGiRVGXapp6XJyRmqHwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLxTZIr4ExMTrI1OuB4jOFc7EBYsMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvdkZOa2l2Z1RFeE9zalU2NEhpTTRWenNRRml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQBJes2AwQA
l+wTMBgEAgACMBIDBwAqAw+AAEQDBwAqAw+ABEEwDQYJKoZIhvcNAQELBQADggEB
AD/z5OES75aQPLvdqGC9D9a4d+KfrYE6cGdUNgDcwrhn/b29esZH9s5ehHbGh8dh
5tb/vF87kG5zU3hUSDQzIZ/n0vKwORTkXFiWMVZ6lwYVmuYfcoGUjRB8waKVFIdw
j9LVejqi/g9QSSwQkxENiFGlQE5SvHfwY7S7OyEQnPuB85bU/fendo2FxrAQljlT
VHoc6vUWl0JABA62fM3xgpRjQLuNcMfrR3LW1Xk1ccKLv6prei+ZgWzfEDdPHHBx
L7VrBYPrKYAXP60km7SULGK9OSncQvqjMdAsIHaV9ryIyV+y6qIVxtGsBlPjo+O6
g/Bl89PoC9/+VM+pNSaEC6M=
-----END CERTIFICATE-----
Generated at Mon Apr 7 16:56:47 2025 by rpki-client