Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/onG_yjL71KBjT6qb1tlriGXEPkI.roa
File: onG_yjL71KBjT6qb1tlriGXEPkI.roa (raw, json)
Hash identifier: p0uEFp4aWU/cii43fYdqNq07qdotCor+2MbAKHw7Hr8=
Subject key identifier: A2:71:BF:CA:32:FB:D4:A0:63:4F:AA:9B:D6:D9:6B:88:65:C4:3E:42
Certificate issuer: /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial: 0194AD33959942423D1674843A897C2603EF
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/onG_yjL71KBjT6qb1tlriGXEPkI.roa
Signing time: Tue 28 Jan 2025 13:57:06 +0000
ROA not before: Tue 28 Jan 2025 13:57:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207252
IP address blocks: 37.114.36.0/24 maxlen: 24
37.114.39.0/24 maxlen: 24
37.114.40.0/24 maxlen: 24
37.114.58.0/24 maxlen: 24
43.251.160.0/24 maxlen: 24
43.251.161.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 16:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ad:33:95:99:42:42:3d:16:74:84:3a:89:7c:26:03:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Validity
Not Before: Jan 28 13:57:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a271bfca32fbd4a0634faa9bd6d96b8865c43e42
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:47:dc:64:92:0d:41:a5:61:aa:c6:ab:4b:9c:
2f:d4:67:ec:4b:51:ca:e8:44:13:63:81:ad:3a:84:
c9:10:dc:20:7d:c1:d4:6d:5b:4c:52:5a:d2:1a:61:
ff:9e:d3:72:79:68:9f:31:0a:15:a9:29:e9:de:51:
f3:22:92:e0:49:55:0f:ca:72:9e:f4:f8:89:cf:68:
c1:73:68:30:0d:1c:da:61:af:2d:7a:3a:90:cf:32:
a5:55:ef:fc:44:10:dc:ff:cb:9c:b4:24:4d:e8:b9:
21:88:08:f0:4e:47:6c:c9:e7:57:f7:3e:a3:0f:3e:
83:e2:2c:03:ba:88:18:92:d4:bc:b8:23:6e:f1:6f:
d4:4d:45:a0:20:a9:0d:30:c7:84:24:e0:16:b5:6e:
41:0b:ef:7d:48:57:ed:2c:db:f2:4a:b8:0e:88:33:
ed:60:f4:e3:12:f4:a3:94:82:f9:15:41:a6:81:40:
69:e6:0e:1b:74:ba:73:8b:e7:10:68:b1:e0:bd:79:
9c:7b:36:cc:99:48:1c:43:66:4f:b6:3c:80:40:72:
2d:b2:ce:41:de:0a:49:c1:98:93:90:94:ae:34:00:
03:29:23:74:37:80:b6:af:56:7f:c9:97:86:9b:6b:
d6:b2:9c:34:c8:6b:f8:51:dc:43:7f:80:c5:c6:39:
14:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:71:BF:CA:32:FB:D4:A0:63:4F:AA:9B:D6:D9:6B:88:65:C4:3E:42
X509v3 Authority Key Identifier:
keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/onG_yjL71KBjT6qb1tlriGXEPkI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.114.36.0/24
37.114.39.0-37.114.40.255
37.114.58.0/24
43.251.160.0/23
Signature Algorithm: sha256WithRSAEncryption
08:8d:2d:9c:31:99:f6:a5:dd:ce:78:c7:da:fe:45:66:94:d2:
62:27:c6:f7:46:7c:b3:14:5c:eb:cf:23:80:65:df:90:1a:35:
3f:a0:6c:62:57:1c:f8:ae:c2:4c:d7:d7:b8:52:b1:ea:86:c4:
2d:1d:6f:41:17:d9:f1:6e:5b:14:c5:0f:6d:42:ec:1f:01:9c:
40:3a:7b:5e:27:e7:93:4a:79:ae:dd:c2:d0:63:11:0f:31:6b:
47:02:56:1b:62:3d:41:c1:cc:28:76:42:83:43:5c:53:6e:be:
47:54:0b:92:00:d5:a4:e7:3f:db:f5:ac:85:ce:4a:10:aa:0c:
8a:c3:52:07:f1:78:41:a3:f8:1e:6f:11:53:53:41:59:3c:55:
ce:8d:0f:c7:cf:dd:4c:61:60:19:0c:4b:3a:f2:6d:35:b4:b9:
2c:ac:d8:97:2c:c1:ef:72:dd:61:62:45:55:3a:8d:1a:3f:6b:
e8:e9:0f:6d:1e:ad:b4:d6:76:8f:64:54:4a:7a:1c:9e:5d:f3:
57:68:5b:8e:f0:f3:01:ee:16:eb:a5:26:ac:9a:92:fd:47:38:
11:8b:e8:aa:80:41:b6:28:0f:a0:63:d2:1a:3c:79:ed:53:9a:
45:8a:f1:91:34:a5:c3:da:1f:f9:54:3c:2f:d3:58:80:31:19:
f3:77:88:84
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZStM5WZQkI9FnSEOol8JgPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwMTI4MTM1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjcxYmZjYTMyZmJkNGEwNjM0ZmFhOWJkNmQ5NmI4ODY1YzQzZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkfcZJINQaVhqsarS5wv1GfsS1HK
6EQTY4GtOoTJENwgfcHUbVtMUlrSGmH/ntNyeWifMQoVqSnp3lHzIpLgSVUPynKe
9PiJz2jBc2gwDRzaYa8tejqQzzKlVe/8RBDc/8uctCRN6LkhiAjwTkdsyedX9z6j
Dz6D4iwDuogYktS8uCNu8W/UTUWgIKkNMMeEJOAWtW5BC+99SFftLNvySrgOiDPt
YPTjEvSjlIL5FUGmgUBp5g4bdLpzi+cQaLHgvXmcezbMmUgcQ2ZPtjyAQHItss5B
3gpJwZiTkJSuNAADKSN0N4C2r1Z/yZeGm2vWspw0yGv4UdxDf4DFxjkUDQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKJxv8oy+9SgY0+qm9bZa4hlxD5CMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvb25HX3lqTDcxS0JqVDZxYjF0bHJpR1hFUGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAJXIkMAwD
BAAlcicDBAAlcigDBAAlcjoDBAEr+6AwDQYJKoZIhvcNAQELBQADggEBAAiNLZwx
mfal3c54x9r+RWaU0mInxvdGfLMUXOvPI4Bl35AaNT+gbGJXHPiuwkzX17hSseqG
xC0db0EX2fFuWxTFD21C7B8BnEA6e14n55NKea7dwtBjEQ8xa0cCVhtiPUHBzCh2
QoNDXFNuvkdUC5IA1aTnP9v1rIXOShCqDIrDUgfxeEGj+B5vEVNTQVk8Vc6ND8fP
3UxhYBkMSzrybTW0uSys2Jcswe9y3WFiRVU6jRo/a+jpD20erbTWdo9kVEp6HJ5d
81doW47w8wHuFuulJqyakv1HOBGL6KqAQbYoD6Bj0ho8ee1TmkWK8ZE0pcPaH/lU
PC/TWIAxGfN3iIQ=
-----END CERTIFICATE-----
Generated at Sun Apr 6 21:23:41 2025 by rpki-client