Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/pnddHirjNCKxYSqPtn_sWaDmNxU.roa
File: pnddHirjNCKxYSqPtn_sWaDmNxU.roa (raw, json)
Hash identifier: HVJptrd3yeSfrIUH7AUm9UPFYH8L+twTA4AttYwqX2E=
Subject key identifier: A6:77:5D:1E:2A:E3:34:22:B1:61:2A:8F:B6:7F:EC:59:A0:E6:37:15
Certificate issuer: /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial: 01953869576440D9DE628157980E380604C6
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/pnddHirjNCKxYSqPtn_sWaDmNxU.roa
Signing time: Mon 24 Feb 2025 14:43:02 +0000
ROA not before: Mon 24 Feb 2025 14:43:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29134
IP address blocks: 37.46.80.0/21 maxlen: 21
62.109.128.0/19 maxlen: 19
130.193.8.0/21 maxlen: 24
171.33.136.0/21 maxlen: 21
185.100.92.0/22 maxlen: 22
185.102.76.0/22 maxlen: 22
213.109.164.0/22 maxlen: 24
217.31.48.0/20 maxlen: 20
2001:1ab0::/32 maxlen: 32
2a00:ca80::/32 maxlen: 32
2a03:b780::/32 maxlen: 32
2a09:ec00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.mft
rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 05:01:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:38:69:57:64:40:d9:de:62:81:57:98:0e:38:06:04:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Validity
Not Before: Feb 24 14:43:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6775d1e2ae33422b1612a8fb67fec59a0e63715
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:b1:79:52:69:30:be:b0:d7:7f:1d:2a:e2:8d:
c2:a8:18:39:d4:ff:2f:ee:fc:1e:36:f5:94:eb:9f:
98:c6:53:0e:b9:97:3c:05:1e:b9:5c:e2:ba:18:cc:
7b:31:51:ec:08:02:5e:07:ce:60:25:d2:7c:b1:e8:
49:21:e2:3c:bb:b7:7e:a3:d8:d0:c3:62:d8:b5:fa:
c7:23:c8:57:82:55:9f:cf:55:f1:82:b4:e9:21:df:
24:c4:ec:0a:76:6f:08:85:a9:9a:32:1a:cf:b4:57:
0b:75:0f:76:99:f0:bb:ca:3d:5f:d0:3d:7e:e1:cf:
dc:83:8b:cc:01:02:67:fb:4d:71:f7:a6:d9:78:ff:
b9:55:b6:42:50:a0:3b:f9:fa:90:01:6c:6f:9d:6c:
e8:89:77:ce:c9:7a:72:11:63:d5:98:35:15:fc:e3:
0b:27:a5:61:8d:58:8c:68:ca:9c:5f:57:fc:b5:36:
8f:63:28:ae:68:fd:f9:65:fa:37:5b:ba:fe:8c:d2:
62:93:59:36:f5:fb:4a:db:e5:77:21:b9:99:47:ef:
60:13:6a:76:4c:e4:0d:c4:f4:dd:ab:b0:f6:d0:61:
c5:8e:38:95:e8:2f:49:c0:e0:5d:51:d0:92:6d:90:
e4:8f:09:61:62:a1:72:2e:80:66:78:73:55:d9:05:
d1:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:77:5D:1E:2A:E3:34:22:B1:61:2A:8F:B6:7F:EC:59:A0:E6:37:15
X509v3 Authority Key Identifier:
keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/pnddHirjNCKxYSqPtn_sWaDmNxU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.80.0/21
62.109.128.0/19
130.193.8.0/21
171.33.136.0/21
185.100.92.0/22
185.102.76.0/22
213.109.164.0/22
217.31.48.0/20
IPv6:
2001:1ab0::/32
2a00:ca80::/32
2a03:b780::/32
2a09:ec00::/29
Signature Algorithm: sha256WithRSAEncryption
a3:72:65:8d:8d:47:ed:00:61:9b:66:88:27:2e:30:a2:a7:a7:
77:5e:08:d5:a3:a4:f3:a5:b2:25:53:c4:07:b2:84:28:54:0f:
27:ab:50:84:6d:6f:1a:b0:c3:82:c3:e8:2e:5d:09:a1:24:52:
83:ef:3b:7f:eb:32:bd:a7:87:29:14:65:6d:c8:c4:34:6e:e2:
fd:c6:b4:d8:ad:1d:44:08:25:d8:06:8e:b9:52:05:c1:16:14:
b6:fe:f8:be:95:fc:0e:b8:7c:d8:be:0b:73:0e:de:14:ff:fb:
c3:16:03:02:f7:cf:e9:1d:4d:8b:68:2e:d5:d3:3f:4b:50:ad:
3e:9e:28:b4:5e:3f:55:47:83:db:80:03:96:38:15:0e:c6:45:
78:51:dd:b4:73:1f:f3:b1:ce:ee:31:eb:e1:18:cc:9d:03:50:
59:df:9d:85:b6:6e:48:d4:4c:b0:61:3d:a7:5a:17:52:01:c8:
ca:40:55:35:8e:d1:9d:a0:51:35:e6:c8:9b:a9:a5:a6:8d:c7:
d5:d8:37:8c:3c:fc:18:ff:87:d6:76:9c:35:14:5e:39:88:e1:
df:6b:95:93:53:6b:3f:51:f8:f5:91:aa:73:3d:23:c5:5f:15:
04:3e:aa:f2:04:94:de:4c:28:9b:37:97:35:e8:0a:b3:e3:e6:
04:60:98:a6
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZU4aVdkQNneYoFXmA44BgTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjUwMjI0MTQ0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc3NWQxZTJhZTMzNDIyYjE2MTJhOGZiNjdmZWM1OWEwZTYzNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrF5UmkwvrDXfx0q4o3CqBg51P8v
7vweNvWU65+YxlMOuZc8BR65XOK6GMx7MVHsCAJeB85gJdJ8sehJIeI8u7d+o9jQ
w2LYtfrHI8hXglWfz1XxgrTpId8kxOwKdm8IhamaMhrPtFcLdQ92mfC7yj1f0D1+
4c/cg4vMAQJn+01x96bZeP+5VbZCUKA7+fqQAWxvnWzoiXfOyXpyEWPVmDUV/OML
J6VhjViMaMqcX1f8tTaPYyiuaP35Zfo3W7r+jNJik1k29ftK2+V3IbmZR+9gE2p2
TOQNxPTdq7D20GHFjjiV6C9JwOBdUdCSbZDkjwlhYqFyLoBmeHNV2QXROwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFKZ3XR4q4zQisWEqj7Z/7Fmg5jcVMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvcG5kZEhpcmpOQ0t4WVNxUHRuX3NXYURtTnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA2BAIAATAwAwQDJS5QAwQF
Pm2AAwQDgsEIAwQDqyGIAwQCuWRcAwQCuWZMAwQC1W2kAwQE2R8wMCIEAgACMBwD
BQAgARqwAwUAKgDKgAMFACoDt4ADBQMqCewAMA0GCSqGSIb3DQEBCwUAA4IBAQCj
cmWNjUftAGGbZognLjCip6d3XgjVo6TzpbIlU8QHsoQoVA8nq1CEbW8asMOCw+gu
XQmhJFKD7zt/6zK9p4cpFGVtyMQ0buL9xrTYrR1ECCXYBo65UgXBFhS2/vi+lfwO
uHzYvgtzDt4U//vDFgMC98/pHU2LaC7V0z9LUK0+nii0Xj9VR4PbgAOWOBUOxkV4
Ud20cx/zsc7uMevhGMydA1BZ352Ftm5I1EywYT2nWhdSAcjKQFU1jtGdoFE15sib
qaWmjcfV2DeMPPwY/4fWdpw1FF45iOHfa5WTU2s/Ufj1kapzPSPFXxUEPqryBJTe
TCibN5c16Aqz4+YEYJim
-----END CERTIFICATE-----
Generated at Sun Apr 13 12:21:08 2025 by rpki-client