Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/cTvIsND0rcbhO2LRnW_ioplG7i0.roa
File: cTvIsND0rcbhO2LRnW_ioplG7i0.roa (raw, json)
Hash identifier: cEDaT4nTfiZsrwarP2rDKx77YlDRn3t6MrTdDfbMfn0=
Subject key identifier: 71:3B:C8:B0:D0:F4:AD:C6:E1:3B:62:D1:9D:6F:E2:A2:99:46:EE:2D
Certificate issuer: /CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Certificate serial: 01942825E7525C55D89E5651C0912BF93433
Authority key identifier: DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/cTvIsND0rcbhO2LRnW_ioplG7i0.roa
Signing time: Thu 02 Jan 2025 17:52:40 +0000
ROA not before: Thu 02 Jan 2025 17:52:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58331
IP address blocks: 185.75.207.0/24 maxlen: 24
193.242.194.0/24 maxlen: 24
193.242.195.0/24 maxlen: 24
2a05:5440::/32 maxlen: 32
2a05:5441::/32 maxlen: 32
2a05:5442::/32 maxlen: 32
2a05:5443::/32 maxlen: 32
2a05:5444::/32 maxlen: 32
2a05:5445::/32 maxlen: 32
2a05:5446::/32 maxlen: 32
2a05:5447::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.mft
rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:e7:52:5c:55:d8:9e:56:51:c0:91:2b:f9:34:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Validity
Not Before: Jan 2 17:52:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=713bc8b0d0f4adc6e13b62d19d6fe2a29946ee2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:55:1c:90:e0:4e:7f:75:69:4a:bf:63:24:37:
e6:07:2f:e2:5d:f5:ed:ad:8a:56:7d:72:57:7b:73:
10:e4:fa:47:06:00:3d:87:46:cd:c0:90:dd:5a:e0:
89:3f:3c:00:68:78:81:d8:1d:79:89:52:3f:5d:a2:
fb:b7:2d:6b:eb:e9:86:d7:94:b8:9f:79:50:84:9a:
7a:a2:9c:91:ad:d8:c5:07:9e:a0:b0:4f:63:80:09:
14:bc:89:b5:c0:5c:a1:24:6b:c9:35:7b:48:85:d4:
f2:0f:d9:4a:9c:ce:6c:1b:d1:95:3e:f1:e7:d2:37:
ad:bf:f2:c0:6f:ca:b1:19:70:2c:a6:18:a8:d5:4b:
7e:8d:40:04:16:2f:55:60:0f:f9:4b:74:63:04:22:
ee:13:3b:a3:16:52:d7:0d:fd:2a:80:73:04:35:e5:
7c:34:d7:67:ac:08:b9:db:f8:7a:2d:b7:af:dc:93:
43:b5:39:0d:b9:8a:80:46:a5:ab:5d:2d:b2:42:e6:
01:eb:85:99:98:4d:66:7e:49:69:53:7d:40:d3:f0:
f0:89:17:6d:ef:27:9b:77:c5:a5:14:ee:20:44:36:
cc:25:12:c8:2e:ea:7a:97:8d:88:ec:02:33:8f:8e:
68:00:91:61:01:d3:b9:57:e0:76:70:e4:4a:aa:25:
01:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:3B:C8:B0:D0:F4:AD:C6:E1:3B:62:D1:9D:6F:E2:A2:99:46:EE:2D
X509v3 Authority Key Identifier:
keyid:DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/cTvIsND0rcbhO2LRnW_ioplG7i0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.75.207.0/24
193.242.194.0/23
IPv6:
2a05:5440::/29
Signature Algorithm: sha256WithRSAEncryption
41:67:14:b6:4b:47:12:a4:4e:42:3b:e3:0b:6d:b8:e6:8b:2c:
0e:1a:7d:6f:55:ed:98:50:3f:5d:be:2a:49:67:b6:3e:d5:b7:
4c:f8:50:52:b3:c2:34:72:be:a3:6a:48:cb:f4:81:d3:5b:71:
66:e0:67:89:bf:33:33:17:54:c7:76:84:b1:37:40:c4:a8:f1:
62:dd:4b:98:f4:29:e0:03:42:a4:7f:3c:f5:e8:9f:8a:47:6a:
dd:cb:f1:5c:32:5a:88:35:db:f7:a1:be:8b:2c:5c:b6:b7:eb:
dc:16:3e:54:b1:c8:b0:8c:f1:fb:32:54:8b:82:75:93:5a:9d:
04:fd:c2:fa:a1:5b:46:5f:80:d8:df:19:5c:63:48:8d:1f:78:
b9:25:62:7d:45:be:79:a2:57:ff:70:f6:46:83:9a:82:57:66:
8f:2c:fc:13:94:33:9a:24:6d:6c:7c:dc:8f:d2:37:e2:96:5c:
f7:4b:97:1d:e1:25:2f:53:e7:3b:cf:64:93:4d:b8:74:d2:d4:
54:f4:e8:16:ca:cf:32:9a:16:43:db:9d:55:27:54:aa:55:f4:
e3:b1:75:0e:da:46:af:ec:8a:9e:8f:e2:a3:3e:ad:a5:e1:d3:
c0:8a:73:ee:fa:2f:26:ee:74:37:59:ea:3a:d7:43:b1:68:80:
b3:09:92:2b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJedSXFXYnlZRwJEr+TQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMjdiOTM5OTM0YTJjYzIwNmZmYmE2YmNlOWM5MGZkY2Jh
MzljNzEwHhcNMjUwMTAyMTc1MjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTNiYzhiMGQwZjRhZGM2ZTEzYjYyZDE5ZDZmZTJhMjk5NDZlZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9VUckOBOf3VpSr9jJDfmBy/iXfXt
rYpWfXJXe3MQ5PpHBgA9h0bNwJDdWuCJPzwAaHiB2B15iVI/XaL7ty1r6+mG15S4
n3lQhJp6opyRrdjFB56gsE9jgAkUvIm1wFyhJGvJNXtIhdTyD9lKnM5sG9GVPvHn
0jetv/LAb8qxGXAsphio1Ut+jUAEFi9VYA/5S3RjBCLuEzujFlLXDf0qgHMENeV8
NNdnrAi52/h6Lbev3JNDtTkNuYqARqWrXS2yQuYB64WZmE1mfklpU31A0/DwiRdt
7yebd8WlFO4gRDbMJRLILup6l42I7AIzj45oAJFhAdO5V+B2cORKqiUBEQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHE7yLDQ9K3G4Tti0Z1v4qKZRu4tMB8GA1UdIwQY
MBaAFN8nuTmTSizCBv+6a86ckP3Lo5xxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0Njgt
NmVkNTRkM2ZlNGY0LzEvY1R2SXNORDByY2JoTzJMUm5XX2lvcGxHN2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0NjgtNmVkNTRkM2ZlNGY0
LzEvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuUvPAwQB
wfLCMA0EAgACMAcDBQMqBVRAMA0GCSqGSIb3DQEBCwUAA4IBAQBBZxS2S0cSpE5C
O+MLbbjmiywOGn1vVe2YUD9dvipJZ7Y+1bdM+FBSs8I0cr6jakjL9IHTW3Fm4GeJ
vzMzF1THdoSxN0DEqPFi3UuY9CngA0Kkfzz16J+KR2rdy/FcMlqINdv3ob6LLFy2
t+vcFj5UsciwjPH7MlSLgnWTWp0E/cL6oVtGX4DY3xlcY0iNH3i5JWJ9Rb55olf/
cPZGg5qCV2aPLPwTlDOaJG1sfNyP0jfillz3S5cd4SUvU+c7z2STTbh00tRU9OgW
ys8ymhZD251VJ1SqVfTjsXUO2kav7Iqej+KjPq2l4dPAinPu+i8m7nQ3Weo610Ox
aICzCZIr
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:16:33 2025 by rpki-client