Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/c35KLXIqnQLDzGQrWv8LHC2jXps.roa
File: c35KLXIqnQLDzGQrWv8LHC2jXps.roa (raw, json)
Hash identifier: RoucjcIt4vL7sa6JcKcnG6f3UgWawurBha3WBbsL36o=
Subject key identifier: 73:7E:4A:2D:72:2A:9D:02:C3:CC:64:2B:5A:FF:0B:1C:2D:A3:5E:9B
Certificate issuer: /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial: 0194228D6D4F9BC91ADE87B35BD76FE08574
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/c35KLXIqnQLDzGQrWv8LHC2jXps.roa
Signing time: Wed 01 Jan 2025 15:48:01 +0000
ROA not before: Wed 01 Jan 2025 15:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200964
IP address blocks: 77.221.36.0/24 maxlen: 24
77.221.37.0/24 maxlen: 24
77.221.38.0/24 maxlen: 24
77.221.39.0/24 maxlen: 24
77.221.40.0/24 maxlen: 24
77.221.41.0/24 maxlen: 24
77.221.42.0/24 maxlen: 24
77.221.50.0/24 maxlen: 24
2a10:4941:10::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:6d:4f:9b:c9:1a:de:87:b3:5b:d7:6f:e0:85:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Validity
Not Before: Jan 1 15:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=737e4a2d722a9d02c3cc642b5aff0b1c2da35e9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:29:94:7f:fe:46:a2:66:a8:cc:73:09:d6:4c:
17:75:90:dc:40:b9:e3:65:2e:bd:31:0f:b5:b7:19:
cc:a6:92:e8:35:00:a7:ff:68:01:96:5a:09:4d:80:
75:9e:1a:e8:c2:be:7d:bd:9e:61:8b:8c:a5:f7:13:
f6:11:67:a0:bb:b2:d0:64:3a:27:e2:2b:4a:3b:84:
bf:4e:ab:1b:61:c4:36:2b:b1:91:24:1c:47:57:f3:
2e:9e:1e:d6:6f:61:90:da:06:42:46:39:63:76:91:
d4:ba:ce:65:47:17:f4:94:41:ec:92:27:84:23:f5:
a5:85:84:a9:6a:7b:fe:c2:9e:1a:a8:3b:2a:59:65:
e3:79:a4:4f:07:4a:ec:18:c0:73:14:dc:18:83:6d:
5c:a6:c7:78:7d:61:be:6a:2a:8e:2e:b2:ed:11:a8:
0d:88:d5:ff:af:e8:9a:a0:53:91:5e:d1:18:63:a5:
ca:1f:35:9a:7a:3c:b3:71:94:a7:91:c3:13:53:f2:
fe:53:82:4a:37:37:bc:df:d7:9b:46:4b:1d:c3:a0:
20:49:98:5a:dc:55:17:10:a4:e1:8a:c1:92:32:32:
23:3d:ea:d9:35:20:32:49:16:cf:25:37:aa:ad:f4:
1c:b6:16:87:3f:8e:45:f9:25:1d:b0:f1:99:da:e3:
34:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:7E:4A:2D:72:2A:9D:02:C3:CC:64:2B:5A:FF:0B:1C:2D:A3:5E:9B
X509v3 Authority Key Identifier:
keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/c35KLXIqnQLDzGQrWv8LHC2jXps.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.221.36.0-77.221.42.255
77.221.50.0/24
IPv6:
2a10:4941:10::/44
Signature Algorithm: sha256WithRSAEncryption
9e:b6:8c:63:00:48:39:85:39:95:d5:20:47:f8:65:61:4a:ef:
7a:d4:62:d2:ae:89:61:8c:39:59:be:b8:65:4c:35:71:46:67:
25:5c:87:00:27:13:48:ea:ff:92:03:b9:b1:17:03:df:ee:40:
bb:18:ec:60:d4:ab:c8:24:9d:d3:25:ed:b1:46:9a:30:0b:48:
92:9c:18:09:57:78:d8:24:96:6f:3e:19:84:f0:a0:da:64:27:
9f:aa:ab:0b:ac:9a:e9:05:86:a3:44:71:13:ad:7d:9c:f1:c6:
91:39:78:eb:99:e9:d5:6e:e5:d0:d9:26:17:c5:e1:ac:f8:f0:
dc:15:54:0e:b9:1f:a6:be:05:2e:41:40:6f:98:0a:be:d5:f7:
9d:2e:3c:41:8c:42:d5:e5:32:00:79:c3:76:ae:52:3b:76:22:
9c:d2:1d:70:d2:81:fa:fa:06:f3:62:7b:1c:87:54:ef:ac:16:
7d:12:dc:be:56:84:b5:c9:3c:30:4d:3e:05:c7:c1:70:40:c9:
9c:67:6d:b3:c6:cb:5e:19:de:73:29:af:47:ba:34:74:5a:3c:
d6:2e:35:95:dc:d2:bd:87:f1:06:3a:65:c9:98:a3:11:b3:5d:
e8:30:27:1b:53:fc:30:9f:b5:64:4a:42:59:66:41:9c:74:8b:
71:65:b6:ef
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZQijW1Pm8ka3oezW9dv4IV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzdlNGEyZDcyMmE5ZDAyYzNjYzY0MmI1YWZmMGIxYzJkYTM1ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CmUf/5GomaozHMJ1kwXdZDcQLnj
ZS69MQ+1txnMppLoNQCn/2gBlloJTYB1nhrowr59vZ5hi4yl9xP2EWegu7LQZDon
4itKO4S/TqsbYcQ2K7GRJBxHV/Munh7Wb2GQ2gZCRjljdpHUus5lRxf0lEHskieE
I/WlhYSpanv+wp4aqDsqWWXjeaRPB0rsGMBzFNwYg21cpsd4fWG+aiqOLrLtEagN
iNX/r+iaoFORXtEYY6XKHzWaejyzcZSnkcMTU/L+U4JKNze839ebRksdw6AgSZha
3FUXEKThisGSMjIjPerZNSAySRbPJTeqrfQcthaHP45F+SUdsPGZ2uM0ZQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFHN+Si1yKp0Cw8xkK1r/Cxwto16bMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvYzM1S0xYSXFuUUxEekdRcld2OExIQzJqWHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBAJN3SQD
BABN3SoDBABN3TIwDwQCAAIwCQMHBCoQSUEAEDANBgkqhkiG9w0BAQsFAAOCAQEA
nraMYwBIOYU5ldUgR/hlYUrvetRi0q6JYYw5Wb64ZUw1cUZnJVyHACcTSOr/kgO5
sRcD3+5AuxjsYNSryCSd0yXtsUaaMAtIkpwYCVd42CSWbz4ZhPCg2mQnn6qrC6ya
6QWGo0RxE619nPHGkTl465np1W7l0NkmF8XhrPjw3BVUDrkfpr4FLkFAb5gKvtX3
nS48QYxC1eUyAHnDdq5SO3YinNIdcNKB+voG82J7HIdU76wWfRLcvlaEtck8ME0+
BcfBcEDJnGdts8bLXhnecymvR7o0dFo81i41ldzSvYfxBjplyZijEbNd6DAnG1P8
MJ+1ZEpCWWZBnHSLcWW27w==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:44:13 2025 by rpki-client