Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Ctl1kD2uqDs0nltLthIkWuH3q_I.roa
File: Ctl1kD2uqDs0nltLthIkWuH3q_I.roa (raw, json)
Hash identifier: nRrDiHydrsYqFGlhS3R7cILiVRi/UJqZgFPSjdVKIe4=
Subject key identifier: 0A:D9:75:90:3D:AE:A8:3B:34:9E:5B:4B:B6:12:24:5A:E1:F7:AB:F2
Certificate issuer: /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial: 01942747996C9C72473B649D2D0E0A09E3B3
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Ctl1kD2uqDs0nltLthIkWuH3q_I.roa
Signing time: Thu 02 Jan 2025 13:49:51 +0000
ROA not before: Thu 02 Jan 2025 13:49:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42337
IP address blocks: 2.182.172.0/24 maxlen: 24
2.188.40.0/21 maxlen: 24
2.188.72.0/22 maxlen: 24
2.188.160.0/21 maxlen: 24
2.188.160.0/22 maxlen: 22
2.188.161.0/24 maxlen: 24
2.188.164.0/22 maxlen: 22
2.188.165.0/24 maxlen: 24
2.188.176.0/23 maxlen: 23
2.188.192.0/19 maxlen: 24
2.188.224.0/20 maxlen: 24
2.188.225.0/24 maxlen: 24
2.188.232.0/23 maxlen: 23
2.188.234.0/24 maxlen: 24
2.188.236.0/23 maxlen: 23
2.188.240.0/20 maxlen: 24
2.189.48.0/21 maxlen: 24
2.189.64.0/22 maxlen: 24
2.189.80.0/21 maxlen: 24
2.189.88.0/21 maxlen: 24
2.189.160.0/21 maxlen: 24
2.189.168.0/21 maxlen: 24
78.38.25.0/24 maxlen: 24
78.38.243.0/24 maxlen: 24
78.38.246.0/24 maxlen: 24
78.38.248.0/24 maxlen: 24
78.38.250.0/24 maxlen: 24
78.38.251.0/24 maxlen: 24
78.38.254.0/24 maxlen: 24
78.39.40.0/24 maxlen: 24
78.39.43.0/24 maxlen: 24
78.39.46.0/24 maxlen: 24
78.39.47.0/24 maxlen: 24
78.39.48.0/24 maxlen: 24
78.39.49.0/24 maxlen: 24
78.39.50.0/24 maxlen: 24
78.39.51.0/24 maxlen: 24
78.39.53.0/24 maxlen: 24
78.39.54.0/24 maxlen: 24
78.39.55.0/24 maxlen: 24
78.39.56.0/24 maxlen: 24
78.39.57.0/24 maxlen: 24
78.39.58.0/24 maxlen: 24
78.39.59.0/24 maxlen: 24
78.39.62.0/23 maxlen: 24
78.39.155.0/24 maxlen: 24
78.39.156.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:99:6c:9c:72:47:3b:64:9d:2d:0e:0a:09:e3:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Validity
Not Before: Jan 2 13:49:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ad975903daea83b349e5b4bb612245ae1f7abf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:35:87:65:f2:99:bd:70:30:97:0c:f8:3d:47:
b3:63:9f:1d:3b:70:4b:53:f2:a5:f9:38:9f:9b:c6:
42:a7:57:55:05:94:ad:65:22:0c:aa:fb:e8:c9:ca:
e5:0f:7b:24:18:b4:b7:cf:96:98:c8:8c:af:f6:76:
b5:d7:1b:e0:61:5c:4f:52:fa:cb:21:a4:7c:fc:65:
19:74:b4:6d:20:46:5f:a0:94:d4:0c:83:36:d7:71:
84:08:19:81:32:35:76:25:aa:4b:32:7f:35:4f:91:
d0:7a:3a:83:86:2e:ff:66:29:67:5f:99:7b:59:7b:
c8:e6:ca:4a:dd:10:19:9e:7b:51:4f:10:39:96:4a:
63:1f:18:2c:00:a8:68:ab:1a:79:04:b7:c2:42:e9:
03:f8:3f:ff:41:5f:04:1c:6c:b2:a4:e0:9d:e5:cb:
1c:1a:18:7e:30:17:1f:7a:ce:c7:8e:61:be:4c:79:
79:d4:f5:a2:70:51:de:3f:b2:cc:b8:97:95:f2:2b:
4f:c7:2b:5c:8d:86:ae:74:dc:7f:af:43:68:67:df:
02:bf:3b:14:94:1b:99:e0:0e:6b:a1:01:b0:08:ab:
92:2e:51:ab:72:0e:d2:b5:d2:a8:51:6b:7a:7f:66:
ad:fe:ca:b1:0f:cc:a7:7a:1d:c3:54:6a:a1:dc:34:
5c:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:D9:75:90:3D:AE:A8:3B:34:9E:5B:4B:B6:12:24:5A:E1:F7:AB:F2
X509v3 Authority Key Identifier:
keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Ctl1kD2uqDs0nltLthIkWuH3q_I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.182.172.0/24
2.188.40.0/21
2.188.72.0/22
2.188.160.0/21
2.188.176.0/23
2.188.192.0/18
2.189.48.0/21
2.189.64.0/22
2.189.80.0/20
2.189.160.0/20
78.38.25.0/24
78.38.243.0/24
78.38.246.0/24
78.38.248.0/24
78.38.250.0/23
78.38.254.0/24
78.39.40.0/24
78.39.43.0/24
78.39.46.0-78.39.51.255
78.39.53.0-78.39.59.255
78.39.62.0/23
78.39.155.0-78.39.156.255
Signature Algorithm: sha256WithRSAEncryption
99:48:20:df:3a:34:08:0a:4a:8c:8e:51:1a:9a:74:c5:cc:41:
f2:74:10:c4:92:db:e1:83:86:66:2d:87:c3:d6:a3:2a:91:de:
72:6c:de:04:01:b3:69:81:55:ac:e2:5c:9a:b0:c2:fb:04:cf:
7d:fb:06:1a:aa:0b:1f:63:25:27:cd:1e:4b:f1:66:fc:da:1d:
5b:ab:ca:1f:ab:36:0f:37:7e:25:18:55:e8:78:b9:4f:11:c4:
22:93:b1:71:eb:ee:91:d9:f7:45:4e:d5:9a:79:2a:fb:7f:da:
f4:0f:21:4b:54:b3:93:bf:f4:91:be:9a:ec:35:30:51:aa:65:
da:ec:65:a8:c7:4b:40:1b:cf:b1:5d:21:f7:58:23:33:5c:59:
cf:45:d5:de:80:1c:42:46:84:b1:dd:09:cd:1b:d9:74:82:79:
f4:0b:e3:7e:8f:5c:6f:a0:45:81:42:9c:41:fc:a3:80:e1:cc:
a6:85:f5:00:90:0d:72:f6:42:51:58:26:a1:ea:bd:55:bb:2a:
e6:9e:19:81:69:4a:9c:6c:0f:79:bb:8c:27:28:11:33:1b:25:
8b:57:ed:8b:bf:66:ac:19:f6:d7:a4:57:b9:66:80:dc:31:d7:
c7:7c:74:c5:de:d4:49:72:2b:05:b7:82:ea:27:02:21:2a:6d:
77:e3:6b:b8
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgISAZQnR5lsnHJHO2SdLQ4KCeOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ5NzU5MDNkYWVhODNiMzQ5ZTViNGJiNjEyMjQ1YWUxZjdhYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zWHZfKZvXAwlwz4PUezY58dO3BL
U/Kl+Tifm8ZCp1dVBZStZSIMqvvoycrlD3skGLS3z5aYyIyv9na11xvgYVxPUvrL
IaR8/GUZdLRtIEZfoJTUDIM213GECBmBMjV2JapLMn81T5HQejqDhi7/ZilnX5l7
WXvI5spK3RAZnntRTxA5lkpjHxgsAKhoqxp5BLfCQukD+D//QV8EHGyypOCd5csc
Ghh+MBcfes7HjmG+THl51PWicFHeP7LMuJeV8itPxytcjYaudNx/r0NoZ98CvzsU
lBuZ4A5roQGwCKuSLlGrcg7StdKoUWt6f2at/sqxD8yneh3DVGqh3DRcdwIDAQAB
o4ICpDCCAqAwHQYDVR0OBBYEFArZdZA9rqg7NJ5bS7YSJFrh96vyMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvQ3RsMWtEMnVxRHMwbmx0THRoSWtXdUgzcV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG5BggrBgEFBQcBBwEB/wSBqTCBpjCBowQCAAEwgZwDBAAC
tqwDBAMCvCgDBAICvEgDBAMCvKADBAECvLADBAYCvMADBAMCvTADBAICvUADBAQC
vVADBAQCvaADBABOJhkDBABOJvMDBABOJvYDBABOJvgDBAFOJvoDBABOJv4DBABO
JygDBABOJyswDAMEAU4nLgMEAk4nMDAMAwQATic1AwQCTic4AwQBTic+MAwDBABO
J5sDBABOJ5wwDQYJKoZIhvcNAQELBQADggEBAJlIIN86NAgKSoyOURqadMXMQfJ0
EMSS2+GDhmYth8PWoyqR3nJs3gQBs2mBVaziXJqwwvsEz337BhqqCx9jJSfNHkvx
ZvzaHVuryh+rNg83fiUYVeh4uU8RxCKTsXHr7pHZ90VO1Zp5Kvt/2vQPIUtUs5O/
9JG+muw1MFGqZdrsZajHS0Abz7FdIfdYIzNcWc9F1d6AHEJGhLHdCc0b2XSCefQL
436PXG+gRYFCnEH8o4DhzKaF9QCQDXL2QlFYJqHqvVW7KuaeGYFpSpxsD3m7jCco
ETMbJYtX7Yu/ZqwZ9tekV7lmgNwx18d8dMXe1ElyKwW3guonAiEqbXfja7g=
-----END CERTIFICATE-----
Generated at Wed Apr 16 21:49:56 2025 by rpki-client