Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/76e3b3-ab55-4ac9-bb28-a4f333654cc9/1/9o3lcP-4u3MnLvx0kAlBujW4rP8.roa
File: 9o3lcP-4u3MnLvx0kAlBujW4rP8.roa (raw, json)
Hash identifier: dshKKlZMjXCloMnE9oVR3HuOAnY6dIKys+Z7e0GPVnw=
Subject key identifier: F6:8D:E5:70:FF:B8:BB:73:27:2E:FC:74:90:09:41:BA:35:B8:AC:FF
Certificate issuer: /CN=de52fee9542d63a68e49b2c8ed7838f8a0346b08
Certificate serial: 019420D5C2E605B70E8F8984905429F24027
Authority key identifier: DE:52:FE:E9:54:2D:63:A6:8E:49:B2:C8:ED:78:38:F8:A0:34:6B:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3lL-6VQtY6aOSbLI7Xg4-KA0awg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/76e3b3-ab55-4ac9-bb28-a4f333654cc9/1/9o3lcP-4u3MnLvx0kAlBujW4rP8.roa
Signing time: Wed 01 Jan 2025 07:47:47 +0000
ROA not before: Wed 01 Jan 2025 07:47:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202440
IP address blocks: 194.11.84.0/22 maxlen: 22
194.11.84.0/23 maxlen: 23
194.11.84.0/24 maxlen: 24
194.11.85.0/24 maxlen: 24
194.11.86.0/23 maxlen: 23
194.11.86.0/24 maxlen: 24
194.11.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/76e3b3-ab55-4ac9-bb28-a4f333654cc9/1/3lL-6VQtY6aOSbLI7Xg4-KA0awg.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/76e3b3-ab55-4ac9-bb28-a4f333654cc9/1/3lL-6VQtY6aOSbLI7Xg4-KA0awg.mft
rsync://rpki.ripe.net/repository/DEFAULT/3lL-6VQtY6aOSbLI7Xg4-KA0awg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Apr 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:c2:e6:05:b7:0e:8f:89:84:90:54:29:f2:40:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=de52fee9542d63a68e49b2c8ed7838f8a0346b08
Validity
Not Before: Jan 1 07:47:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f68de570ffb8bb73272efc74900941ba35b8acff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:08:6a:51:74:14:98:0a:56:5c:12:a0:32:6e:
af:5d:e1:3f:12:6e:91:1d:4d:2e:56:3d:2c:51:22:
f1:71:9c:b7:9d:02:54:d3:54:48:24:07:ef:fe:e6:
68:95:cb:69:76:bc:d7:89:cd:c4:c7:3f:55:8a:66:
88:be:d0:90:6b:4e:18:93:bf:39:db:76:9f:40:f4:
98:cd:a9:cd:c4:d6:c0:66:cb:10:cc:78:30:7a:57:
05:0d:a8:b6:77:c6:8a:4c:6b:58:e0:8e:21:85:0c:
5e:e4:39:7a:a1:7c:99:de:99:92:40:ef:ce:3a:08:
f4:59:0e:87:b1:72:57:f8:67:ca:84:fd:12:d1:d7:
21:65:8a:f9:83:7c:27:c1:e2:5c:73:13:d7:6b:22:
cd:b9:30:42:6e:dc:f0:11:fe:76:79:b0:93:3e:2d:
03:1e:45:d3:10:fe:17:66:80:5f:c4:c6:f5:9f:71:
97:68:17:8b:13:e8:d0:ad:25:32:f7:26:b7:0b:d9:
8a:30:39:70:a1:d7:07:1f:92:8b:83:9f:65:be:de:
12:61:db:c2:18:e0:30:f1:9d:43:a6:9d:2b:11:ab:
68:97:be:a4:66:68:cb:20:ef:c4:d6:2f:d9:b2:cc:
21:3a:4a:d0:8d:d2:e1:80:45:9e:17:ca:a4:e1:8f:
05:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:8D:E5:70:FF:B8:BB:73:27:2E:FC:74:90:09:41:BA:35:B8:AC:FF
X509v3 Authority Key Identifier:
keyid:DE:52:FE:E9:54:2D:63:A6:8E:49:B2:C8:ED:78:38:F8:A0:34:6B:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3lL-6VQtY6aOSbLI7Xg4-KA0awg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/76e3b3-ab55-4ac9-bb28-a4f333654cc9/1/9o3lcP-4u3MnLvx0kAlBujW4rP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/76e3b3-ab55-4ac9-bb28-a4f333654cc9/1/3lL-6VQtY6aOSbLI7Xg4-KA0awg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.11.84.0/22
Signature Algorithm: sha256WithRSAEncryption
10:13:3d:9a:ef:26:91:df:a2:7d:10:9a:ed:39:1b:00:9f:f4:
9a:d3:3e:72:5a:c5:3e:c8:fe:d5:d5:aa:c1:22:e6:96:ac:64:
26:41:b9:6e:34:4a:bb:90:94:3f:fd:f1:e7:ef:e0:80:fd:0e:
ae:3c:58:ba:e8:80:9f:32:4a:f3:07:4d:b9:ea:ec:b3:c7:a4:
b2:50:61:8a:5b:49:cf:c8:2e:1d:28:3c:84:55:61:25:24:58:
02:ed:7e:27:bc:a4:61:ae:68:57:e6:6c:51:b9:ce:48:60:06:
ac:00:4c:51:e5:50:f3:a2:d4:3f:74:03:a2:30:c8:41:6d:0e:
e5:1b:c8:47:81:19:a7:e7:db:fd:3b:ef:51:29:52:af:77:c7:
cf:fc:13:f5:7b:d8:68:3d:3a:60:cc:a9:bb:8c:6c:88:55:db:
f8:f5:c7:a2:d9:38:19:78:7c:3c:77:9d:8a:c7:ee:40:72:cb:
28:28:a8:e7:35:53:a3:0b:7a:aa:91:2c:1b:3b:2d:dc:db:9c:
b8:63:50:6f:ae:35:e0:2e:52:9f:6e:ef:30:b2:66:3e:4b:68:
2d:2e:07:df:94:02:dc:8f:46:f6:1c:f0:a5:11:fb:d9:7a:8e:
ab:c1:df:6e:e6:bb:62:96:1e:bd:e9:5b:01:cc:ce:27:2c:c9:
83:ee:c9:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cLmBbcOj4mEkFQp8kAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNTJmZWU5NTQyZDYzYTY4ZTQ5YjJjOGVkNzgzOGY4YTAz
NDZiMDgwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjhkZTU3MGZmYjhiYjczMjcyZWZjNzQ5MDA5NDFiYTM1YjhhY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQhqUXQUmApWXBKgMm6vXeE/Em6R
HU0uVj0sUSLxcZy3nQJU01RIJAfv/uZolctpdrzXic3Exz9VimaIvtCQa04Yk785
23afQPSYzanNxNbAZssQzHgwelcFDai2d8aKTGtY4I4hhQxe5Dl6oXyZ3pmSQO/O
Ogj0WQ6HsXJX+GfKhP0S0dchZYr5g3wnweJccxPXayLNuTBCbtzwEf52ebCTPi0D
HkXTEP4XZoBfxMb1n3GXaBeLE+jQrSUy9ya3C9mKMDlwodcHH5KLg59lvt4SYdvC
GOAw8Z1Dpp0rEatol76kZmjLIO/E1i/ZsswhOkrQjdLhgEWeF8qk4Y8FVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPaN5XD/uLtzJy78dJAJQbo1uKz/MB8GA1UdIwQY
MBaAFN5S/ulULWOmjkmyyO14OPigNGsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2xMLTZWUXRZNmFPU2JMSTdYZzQtS0EwYXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC83NmUzYjMtYWI1NS00YWM5LWJiMjgt
YTRmMzMzNjU0Y2M5LzEvOW8zbGNQLTR1M01uTHZ4MGtBbEJ1alc0clA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC83NmUzYjMtYWI1NS00YWM5LWJiMjgtYTRmMzMzNjU0Y2M5
LzEvM2xMLTZWUXRZNmFPU2JMSTdYZzQtS0EwYXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwgtUMA0G
CSqGSIb3DQEBCwUAA4IBAQAQEz2a7yaR36J9EJrtORsAn/Sa0z5yWsU+yP7V1arB
IuaWrGQmQbluNEq7kJQ//fHn7+CA/Q6uPFi66ICfMkrzB0256uyzx6SyUGGKW0nP
yC4dKDyEVWElJFgC7X4nvKRhrmhX5mxRuc5IYAasAExR5VDzotQ/dAOiMMhBbQ7l
G8hHgRmn59v9O+9RKVKvd8fP/BP1e9hoPTpgzKm7jGyIVdv49cei2TgZeHw8d52K
x+5AcssoKKjnNVOjC3qqkSwbOy3c25y4Y1BvrjXgLlKfbu8wsmY+S2gtLgfflALc
j0b2HPClEfvZeo6rwd9u5rtilh696VsBzM4nLMmD7slE
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:55:20 2025 by rpki-client