Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/I_zTEANA5HgNFK3xcWmr5JQSd4w.roa
File: I_zTEANA5HgNFK3xcWmr5JQSd4w.roa (raw, json)
Hash identifier: 8kt6pXomqbmYP20u6DRlj+fZL0R8g/8XjkQCzdnUfBs=
Subject key identifier: 23:FC:D3:10:03:40:E4:78:0D:14:AD:F1:71:69:AB:E4:94:12:77:8C
Certificate issuer: /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial: 019424B29C16C527DC352D55504F5385529D
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/I_zTEANA5HgNFK3xcWmr5JQSd4w.roa
Signing time: Thu 02 Jan 2025 01:47:52 +0000
ROA not before: Thu 02 Jan 2025 01:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397233
IP address blocks: 37.209.192.0/24 maxlen: 24
37.209.194.0/24 maxlen: 24
37.209.196.0/24 maxlen: 24
37.209.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 04:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:9c:16:c5:27:dc:35:2d:55:50:4f:53:85:52:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Validity
Not Before: Jan 2 01:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23fcd3100340e4780d14adf17169abe49412778c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:9c:8d:d3:cd:a0:a0:f9:03:27:4f:22:a2:c7:
1c:9c:fd:6f:ba:3c:5e:44:e0:f5:09:93:d1:dc:29:
60:26:0d:cd:d7:5c:2a:96:08:9d:13:a3:35:c7:c7:
de:a9:6d:5f:a6:53:49:c1:69:f3:6c:d6:64:b8:13:
44:b2:0e:49:70:59:5d:19:5c:b0:5a:08:cd:9d:8b:
f2:6e:b8:91:5e:22:4c:ce:6e:5e:fb:11:93:58:11:
2e:93:ca:15:1d:51:6f:b2:ab:81:0f:83:6f:29:a9:
38:40:59:98:12:49:71:62:79:12:e2:6c:99:ce:01:
98:a7:32:a4:e8:88:72:3c:fc:9b:0d:e2:d7:75:73:
72:a6:98:80:a5:e2:b8:f4:fb:7a:67:01:aa:3e:05:
68:36:12:88:cc:18:57:cd:00:b7:5e:68:cc:8a:e1:
c5:6a:48:49:37:49:ef:f2:d1:17:bb:54:c5:a9:40:
b9:4a:e9:21:fe:b8:49:d7:38:db:ff:16:d1:3a:0d:
da:94:ba:99:f9:86:5b:7f:b9:5f:70:3c:97:ab:a8:
10:15:00:09:a8:4c:53:59:45:22:af:a2:6e:d9:3b:
8b:78:50:ad:5e:4c:d6:f3:cb:04:ad:b6:2f:9e:cd:
4e:d3:51:83:6b:3e:18:1d:69:18:d3:da:06:0f:cc:
6c:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:FC:D3:10:03:40:E4:78:0D:14:AD:F1:71:69:AB:E4:94:12:77:8C
X509v3 Authority Key Identifier:
keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/I_zTEANA5HgNFK3xcWmr5JQSd4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.192.0/24
37.209.194.0/24
37.209.196.0/24
37.209.198.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:b6:5a:6c:bc:ba:72:f0:75:79:02:4d:66:5a:06:20:b1:a6:
56:b9:a1:46:76:0d:72:c5:dc:39:d9:ad:9d:c1:94:21:27:a6:
03:13:c2:b7:91:95:11:1b:ab:04:cd:78:28:12:52:01:19:c3:
c3:2b:d3:e2:71:22:6e:86:44:61:5d:ca:c8:2e:93:4a:9d:81:
f5:45:ca:85:10:62:04:b3:6c:25:7f:9c:9b:36:91:66:70:74:
45:28:8e:ae:27:80:5f:ec:0c:36:00:9e:cf:2d:af:f6:bb:a1:
c5:d6:15:6e:3c:e1:fc:ec:c3:12:ae:52:93:76:c3:15:94:f7:
a3:9b:71:69:1a:2d:f1:af:92:01:bd:e0:f4:61:5b:36:47:b8:
3d:24:dc:70:7f:0e:ad:67:d8:55:a5:3f:bc:a9:03:ac:b8:2b:
2a:c3:bf:06:a4:7f:57:07:97:d7:c3:83:03:9b:85:e6:2e:84:
47:ac:cb:a9:04:88:f0:10:14:ed:e1:b4:3b:a1:ae:85:d2:ab:
c5:c9:ba:a8:22:95:ba:86:bd:62:62:e5:1c:b2:44:4c:00:70:
ab:52:44:04:8b:2c:bc:e3:c2:0c:bb:06:54:9e:a4:ec:c1:a7:
6b:66:a5:f1:4d:ea:89:91:06:90:bc:0c:da:83:4e:ea:5f:d4:
46:3b:3b:8a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQkspwWxSfcNS1VUE9ThVKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjUwMTAyMDE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2ZjZDMxMDAzNDBlNDc4MGQxNGFkZjE3MTY5YWJlNDk0MTI3NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZyN082goPkDJ08iosccnP1vujxe
ROD1CZPR3ClgJg3N11wqlgidE6M1x8feqW1fplNJwWnzbNZkuBNEsg5JcFldGVyw
WgjNnYvybriRXiJMzm5e+xGTWBEuk8oVHVFvsquBD4NvKak4QFmYEklxYnkS4myZ
zgGYpzKk6IhyPPybDeLXdXNyppiApeK49Pt6ZwGqPgVoNhKIzBhXzQC3XmjMiuHF
akhJN0nv8tEXu1TFqUC5Sukh/rhJ1zjb/xbROg3alLqZ+YZbf7lfcDyXq6gQFQAJ
qExTWUUir6Ju2TuLeFCtXkzW88sErbYvns1O01GDaz4YHWkY09oGD8xsGQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCP80xADQOR4DRSt8XFpq+SUEneMMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvSV96VEVBTkE1SGdORkszeGNXbXI1SlFTZDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQAqtlpsvLpy8HV5Ak1m
WgYgsaZWuaFGdg1yxdw52a2dwZQhJ6YDE8K3kZURG6sEzXgoElIBGcPDK9PicSJu
hkRhXcrILpNKnYH1RcqFEGIEs2wlf5ybNpFmcHRFKI6uJ4Bf7Aw2AJ7PLa/2u6HF
1hVuPOH87MMSrlKTdsMVlPejm3FpGi3xr5IBveD0YVs2R7g9JNxwfw6tZ9hVpT+8
qQOsuCsqw78GpH9XB5fXw4MDm4XmLoRHrMupBIjwEBTt4bQ7oa6F0qvFybqoIpW6
hr1iYuUcskRMAHCrUkQEiyy848IMuwZUnqTswadrZqXxTeqJkQaQvAzag07qX9RG
OzuK
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:54:35 2025 by rpki-client