Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/38tGSJTH2yH52258Ye6YFzIMdgI.roa
File: 38tGSJTH2yH52258Ye6YFzIMdgI.roa (raw, json)
Hash identifier: GABMb3Q8l+ABw8g0O4cQUivmVnqkwd4lJQ0kvagm4eM=
Subject key identifier: DF:CB:46:48:94:C7:DB:21:F9:DB:6E:7C:61:EE:98:17:32:0C:76:02
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019537D15F1E305A4BF0DFA2244786B1C462
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/38tGSJTH2yH52258Ye6YFzIMdgI.roa
Signing time: Mon 24 Feb 2025 11:57:03 +0000
ROA not before: Mon 24 Feb 2025 11:57:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:37:d1:5f:1e:30:5a:4b:f0:df:a2:24:47:86:b1:c4:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Feb 24 11:57:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dfcb464894c7db21f9db6e7c61ee9817320c7602
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:cd:7a:9f:ae:10:5c:db:58:40:63:1c:d9:ed:
de:07:9d:f3:06:aa:1c:36:e8:8a:d0:b4:51:9b:31:
72:c6:24:d0:3a:7f:21:b4:7e:6c:e9:fe:21:fe:e4:
5a:bb:68:a7:e1:9f:29:0d:f2:60:40:16:e9:ff:d1:
cb:cf:ca:b1:08:26:5e:bf:3f:e4:57:e2:7c:4c:ac:
e8:91:30:db:a4:05:b2:76:33:5e:3d:cb:bd:ce:3b:
6c:23:75:bf:19:56:de:28:04:59:1c:49:85:83:b6:
f1:de:13:04:84:25:ef:48:35:93:6f:f0:18:fb:e7:
60:82:5f:18:41:27:46:29:16:91:78:81:ab:4f:bf:
d6:13:68:5e:ce:83:69:13:ca:2a:90:ea:f4:73:7d:
55:e4:a0:23:41:a6:65:51:d1:3d:fd:5f:ff:04:71:
21:f5:a4:60:b7:1b:44:12:dd:5e:a2:15:0f:f5:dd:
25:7e:9f:c1:7b:27:25:7b:04:d1:80:e3:4d:cc:ae:
16:ab:da:dc:33:6e:c0:2b:3c:ab:c3:43:5f:72:5d:
ba:69:a6:9f:03:f6:83:64:b7:5e:d9:65:51:79:4c:
1f:48:86:64:0a:17:23:87:94:7a:7d:8e:82:3c:5a:
dd:6e:22:24:a5:8e:9d:5b:44:29:db:a9:99:0f:5d:
3d:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:CB:46:48:94:C7:DB:21:F9:DB:6E:7C:61:EE:98:17:32:0C:76:02
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/38tGSJTH2yH52258Ye6YFzIMdgI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/23
193.35.152.0/24
Signature Algorithm: sha256WithRSAEncryption
78:68:85:6b:99:a2:91:5e:44:ab:19:1d:e6:a0:be:c6:b4:81:
d8:ad:e4:21:ab:2f:c0:d9:46:01:ee:68:34:30:63:10:91:49:
d8:ef:0f:85:12:73:ca:0b:41:c7:54:04:c1:aa:9a:9d:af:c7:
29:ec:d7:6e:cb:38:e6:62:bd:21:2d:57:d0:58:39:02:6c:e4:
7e:50:cc:93:89:67:84:d9:9b:e7:76:51:f1:61:4b:7a:92:9d:
e9:47:23:3e:e3:d3:41:9e:f8:cf:4f:fb:2b:7a:31:13:4a:da:
d1:9d:fa:d1:d4:b4:2a:20:a0:d4:74:ef:2a:ee:d0:71:6d:6a:
cb:65:ae:9f:2e:39:f1:f3:94:74:c6:6a:27:75:f9:d1:b9:0d:
0a:88:f5:0a:9e:bd:2a:a7:c8:25:a4:95:bd:34:1d:8e:40:ad:
d3:42:41:cd:7c:57:df:6f:c3:27:ac:1a:1b:38:c5:89:15:51:
ef:84:67:19:6b:87:bd:df:25:4c:74:b2:0a:3f:2f:e9:22:f7:
77:6a:08:fc:6f:16:e8:67:c2:55:9f:af:a1:84:37:e6:8c:91:
ec:26:b9:51:0b:00:f7:f3:46:b8:b4:a4:c2:fb:ee:34:cc:b4:
93:ed:06:86:60:fe:99:59:f0:37:df:13:bd:92:a1:df:ab:42:
b2:4f:1e:66
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZU30V8eMFpL8N+iJEeGscRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMjI0MTE1NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNiNDY0ODk0YzdkYjIxZjlkYjZlN2M2MWVlOTgxNzMyMGM3NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjM16n64QXNtYQGMc2e3eB53zBqoc
NuiK0LRRmzFyxiTQOn8htH5s6f4h/uRau2in4Z8pDfJgQBbp/9HLz8qxCCZevz/k
V+J8TKzokTDbpAWydjNePcu9zjtsI3W/GVbeKARZHEmFg7bx3hMEhCXvSDWTb/AY
++dggl8YQSdGKRaReIGrT7/WE2hezoNpE8oqkOr0c31V5KAjQaZlUdE9/V//BHEh
9aRgtxtEEt1eohUP9d0lfp/BeyclewTRgONNzK4Wq9rcM27AKzyrw0Nfcl26aaaf
A/aDZLde2WVReUwfSIZkChcjh5R6fY6CPFrdbiIkpY6dW0Qp26mZD109YQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFN/LRkiUx9sh+dtufGHumBcyDHYCMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvMzh0R1NKVEgyeUg1MjI1OFllNllGeklNZGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABt7DED
BAJt7DADBAC5VgYDBAG5/hwDBADBI5gwDQYJKoZIhvcNAQELBQADggEBAHhohWuZ
opFeRKsZHeagvsa0gdit5CGrL8DZRgHuaDQwYxCRSdjvD4USc8oLQcdUBMGqmp2v
xyns127LOOZivSEtV9BYOQJs5H5QzJOJZ4TZm+d2UfFhS3qSnelHIz7j00Ge+M9P
+yt6MRNK2tGd+tHUtCogoNR07yru0HFtastlrp8uOfHzlHTGaid1+dG5DQqI9Qqe
vSqnyCWklb00HY5ArdNCQc18V99vwyesGhs4xYkVUe+EZxlrh73fJUx0sgo/L+ki
93dqCPxvFuhnwlWfr6GEN+aMkewmuVELAPfzRri0pML77jTMtJPtBoZg/plZ8Dff
E72Sod+rQrJPHmY=
-----END CERTIFICATE-----
Generated at Sat Apr 5 12:43:13 2025 by rpki-client