Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/0MC_mgqy8S3uuOpq48vPwLlAc6o.roa
File: 0MC_mgqy8S3uuOpq48vPwLlAc6o.roa (raw, json)
Hash identifier: 2hFoNuDhicdnMhH4Xy6GE21md0yJ2m3TqWU79A2ZzG0=
Subject key identifier: D0:C0:BF:9A:0A:B2:F1:2D:EE:B8:EA:6A:E3:CB:CF:C0:B9:40:73:AA
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 01958AA4C84F1A4A934FBB65E74ADA4778B6
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/0MC_mgqy8S3uuOpq48vPwLlAc6o.roa
Signing time: Wed 12 Mar 2025 13:56:49 +0000
ROA not before: Wed 12 Mar 2025 13:56:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34358
IP address blocks: 37.251.128.0/19 maxlen: 19
37.251.160.0/20 maxlen: 20
37.251.248.0/21 maxlen: 24
37.251.254.0/24 maxlen: 24
37.251.255.0/24 maxlen: 24
77.81.164.0/23 maxlen: 23
86.105.192.0/24 maxlen: 24
89.32.44.0/22 maxlen: 22
89.32.44.0/24 maxlen: 24
89.35.173.0/24 maxlen: 24
89.36.128.0/23 maxlen: 23
89.36.128.0/24 maxlen: 24
89.36.129.0/24 maxlen: 24
89.36.130.0/24 maxlen: 24
89.36.132.0/23 maxlen: 24
89.36.134.0/24 maxlen: 24
89.36.135.0/24 maxlen: 24
89.38.248.0/24 maxlen: 24
89.38.249.0/24 maxlen: 24
89.38.250.0/23 maxlen: 23
89.38.252.0/22 maxlen: 22
89.42.11.0/24 maxlen: 24
89.45.192.0/21 maxlen: 21
89.45.192.0/23 maxlen: 23
91.200.120.0/22 maxlen: 22
91.200.120.0/23 maxlen: 23
91.200.122.0/23 maxlen: 23
91.208.142.0/24 maxlen: 24
93.119.227.0/24 maxlen: 24
94.24.29.0/24 maxlen: 24
94.24.48.0/21 maxlen: 21
94.24.72.0/22 maxlen: 22
94.24.76.0/23 maxlen: 23
94.24.78.0/24 maxlen: 24
109.95.8.0/21 maxlen: 21
128.0.46.0/23 maxlen: 23
185.171.184.0/24 maxlen: 24
185.171.185.0/24 maxlen: 24
185.171.187.0/24 maxlen: 24
188.214.142.0/24 maxlen: 24
188.215.48.0/21 maxlen: 21
193.239.130.0/23 maxlen: 23
193.242.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.mft
rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:8a:a4:c8:4f:1a:4a:93:4f:bb:65:e7:4a:da:47:78:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Mar 12 13:56:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0c0bf9a0ab2f12deeb8ea6ae3cbcfc0b94073aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fe:67:a0:9f:a3:cd:1a:f7:ff:c3:11:2d:ac:d4:
b3:e1:b0:dd:14:de:6f:47:53:65:86:0e:f2:df:cc:
db:08:81:6d:61:5e:5b:93:37:10:32:b2:25:f8:c6:
0d:f0:5d:c6:3c:36:bc:35:4a:93:ba:d1:80:9e:24:
e1:a9:fa:a8:09:ca:18:17:4f:3d:27:13:40:e6:8a:
35:4e:5d:f9:32:19:8d:48:53:7f:14:d4:d3:47:60:
54:3d:b2:02:c5:e7:e1:15:f7:6f:de:3c:74:de:83:
c8:8b:f1:9f:13:b6:e4:29:75:97:17:20:6a:ad:89:
87:0c:d5:e1:81:06:ea:48:af:90:25:30:a0:cc:3a:
62:59:7f:87:f7:9a:a7:1a:54:40:a8:69:e2:e3:bc:
e1:16:a4:51:c1:96:83:14:f5:8a:b1:6e:b5:73:87:
fa:7f:0c:75:32:94:d8:18:58:5e:3f:41:d4:41:b3:
98:57:82:9e:a8:55:96:58:47:74:93:58:0e:a6:c3:
2f:aa:2a:37:a3:54:72:45:11:57:23:f9:2e:64:4f:
dc:62:53:2f:4f:9f:c8:e1:05:dc:42:eb:7c:f2:26:
ff:f1:12:e9:e5:73:54:61:02:12:06:3a:26:33:01:
bc:d0:85:60:65:78:ff:a7:a7:88:be:da:64:8a:36:
1e:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:C0:BF:9A:0A:B2:F1:2D:EE:B8:EA:6A:E3:CB:CF:C0:B9:40:73:AA
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/0MC_mgqy8S3uuOpq48vPwLlAc6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.251.128.0-37.251.175.255
37.251.248.0/21
77.81.164.0/23
86.105.192.0/24
89.32.44.0/22
89.35.173.0/24
89.36.128.0-89.36.130.255
89.36.132.0/22
89.38.248.0/21
89.42.11.0/24
89.45.192.0/21
91.200.120.0/22
91.208.142.0/24
93.119.227.0/24
94.24.29.0/24
94.24.48.0/21
94.24.72.0-94.24.78.255
109.95.8.0/21
128.0.46.0/23
185.171.184.0/23
185.171.187.0/24
188.214.142.0/24
188.215.48.0/21
193.239.130.0/23
193.242.120.0/24
Signature Algorithm: sha256WithRSAEncryption
08:53:39:74:64:4d:cc:27:2a:7f:72:51:10:af:62:79:ce:7e:
a1:df:1a:78:6e:a6:d4:d5:4a:d5:b9:c0:3e:cd:8c:87:bc:0f:
dd:2b:b5:91:80:ff:64:55:2e:b9:77:4f:3b:67:1e:c6:61:68:
8e:87:6c:19:1e:2e:63:e2:ae:5f:bc:ce:64:37:62:29:08:86:
2f:f2:0f:e1:9a:96:0c:c0:eb:e4:c6:11:6c:79:9e:e7:b5:10:
a9:5b:15:45:72:ee:84:3e:bb:f9:60:97:04:9b:3b:c2:83:a9:
5e:1c:1a:61:07:92:e0:53:a6:06:7b:e9:3d:b2:ab:2c:54:6e:
ba:5e:b3:20:85:2b:60:1d:20:af:6a:22:0c:a7:d2:11:cb:17:
bc:89:1f:f7:fe:b4:f3:77:ab:09:b6:7c:81:44:d8:c8:02:11:
d0:80:10:00:d4:bd:60:79:0d:08:a8:92:15:3a:75:56:6d:c9:
8e:12:ee:18:b9:47:0a:15:2a:cb:ea:c3:72:d7:6a:88:87:d8:
e1:86:4d:4d:c4:b5:33:cd:69:34:57:89:43:f6:b3:b7:b1:65:
81:d7:82:8b:44:db:c8:dc:37:66:b6:de:98:b7:51:a4:b7:1a:
79:b4:7c:e8:79:2b:86:5b:f1:ca:a1:e8:3b:60:86:ed:22:fc:
ec:09:87:45
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAZWKpMhPGkqTT7tl50raR3i2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjUwMzEyMTM1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGMwYmY5YTBhYjJmMTJkZWViOGVhNmFlM2NiY2ZjMGI5NDA3M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/megn6PNGvf/wxEtrNSz4bDdFN5v
R1Nlhg7y38zbCIFtYV5bkzcQMrIl+MYN8F3GPDa8NUqTutGAniThqfqoCcoYF089
JxNA5oo1Tl35MhmNSFN/FNTTR2BUPbICxefhFfdv3jx03oPIi/GfE7bkKXWXFyBq
rYmHDNXhgQbqSK+QJTCgzDpiWX+H95qnGlRAqGni47zhFqRRwZaDFPWKsW61c4f6
fwx1MpTYGFheP0HUQbOYV4KeqFWWWEd0k1gOpsMvqio3o1RyRRFXI/kuZE/cYlMv
T5/I4QXcQut88ib/8RLp5XNUYQISBjomMwG80IVgZXj/p6eIvtpkijYeUQIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFNDAv5oKsvEt7rjqauPLz8C5QHOqMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvME1DX21ncXk4UzN1dU9wcTQ4dlB3TGxBYzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4wDAME
ByX7gAMEBCX7oAMEAyX7+AMEAU1RpAMEAFZpwAMEAlkgLAMEAFkjrTAMAwQHWSSA
AwQAWSSCAwQCWSSEAwQDWSb4AwQAWSoLAwQDWS3AAwQCW8h4AwQAW9COAwQAXXfj
AwQAXhgdAwQDXhgwMAwDBANeGEgDBABeGE4DBANtXwgDBAGAAC4DBAG5q7gDBAC5
q7sDBAC81o4DBAO81zADBAHB74IDBADB8ngwDQYJKoZIhvcNAQELBQADggEBAAhT
OXRkTcwnKn9yURCvYnnOfqHfGnhuptTVStW5wD7NjIe8D90rtZGA/2RVLrl3Tztn
HsZhaI6HbBkeLmPirl+8zmQ3YikIhi/yD+GalgzA6+TGEWx5nue1EKlbFUVy7oQ+
u/lglwSbO8KDqV4cGmEHkuBTpgZ76T2yqyxUbrpesyCFK2AdIK9qIgyn0hHLF7yJ
H/f+tPN3qwm2fIFE2MgCEdCAEADUvWB5DQiokhU6dVZtyY4S7hi5RwoVKsvqw3LX
aoiH2OGGTU3EtTPNaTRXiUP2s7exZYHXgotE28jcN2a23pi3UaS3Gnm0fOh5K4Zb
8cqh6Dtghu0i/OwJh0U=
-----END CERTIFICATE-----
Generated at Mon Apr 7 12:01:07 2025 by rpki-client