Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/O4ZnlVhhx3zd5V2McWkK5lXbTfU.roa
File: O4ZnlVhhx3zd5V2McWkK5lXbTfU.roa (raw, json)
Hash identifier: 1/S6pfTZfcr0nY65o+eT5Gg2Gukw2uRx/s1OdeKWKmE=
Subject key identifier: 3B:86:67:95:58:61:C7:7C:DD:E5:5D:8C:71:69:0A:E6:55:DB:4D:F5
Certificate issuer: /CN=4f50a0dcc71c42923e407011bd212afa5c62e59d
Certificate serial: 019424B3B08A96AAADDCD98B62B6F6D99F86
Authority key identifier: 4F:50:A0:DC:C7:1C:42:92:3E:40:70:11:BD:21:2A:FA:5C:62:E5:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T1Cg3MccQpI-QHARvSEq-lxi5Z0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/O4ZnlVhhx3zd5V2McWkK5lXbTfU.roa
Signing time: Thu 02 Jan 2025 01:49:03 +0000
ROA not before: Thu 02 Jan 2025 01:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33915
IP address blocks: 193.176.6.0/24 maxlen: 24
193.176.7.0/24 maxlen: 24
193.176.8.0/21 maxlen: 21
193.176.159.0/24 maxlen: 24
193.176.160.0/20 maxlen: 20
193.176.176.0/24 maxlen: 24
193.176.177.0/24 maxlen: 24
193.176.178.0/24 maxlen: 24
194.104.64.0/20 maxlen: 20
194.104.70.0/24 maxlen: 24
2a00:7740::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/T1Cg3MccQpI-QHARvSEq-lxi5Z0.crl
rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/T1Cg3MccQpI-QHARvSEq-lxi5Z0.mft
rsync://rpki.ripe.net/repository/DEFAULT/T1Cg3MccQpI-QHARvSEq-lxi5Z0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:b0:8a:96:aa:ad:dc:d9:8b:62:b6:f6:d9:9f:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f50a0dcc71c42923e407011bd212afa5c62e59d
Validity
Not Before: Jan 2 01:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b8667955861c77cdde55d8c71690ae655db4df5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:43:ec:17:e7:7d:00:0b:77:f7:95:d5:45:df:
4a:8d:df:cf:14:ee:76:56:17:67:4d:2d:ac:04:01:
f8:2d:0d:77:b5:3f:d9:7c:0f:9e:d6:c9:64:08:de:
2f:8d:f1:ef:e6:83:98:ea:99:a2:9e:ec:81:23:58:
f2:be:e2:63:6c:3e:b2:ab:96:9c:52:fa:5a:ae:a1:
1a:66:b7:3b:2a:b7:9e:9a:af:c5:79:5e:fb:3f:30:
01:26:4a:d3:dd:82:da:9b:05:27:57:9d:73:48:81:
da:c0:ca:b8:1d:f0:0c:34:e7:50:bf:f8:5c:9f:2a:
35:a5:76:55:b6:25:6e:23:f4:7c:1f:1c:d5:e7:6b:
96:d9:92:5e:33:e4:b9:cc:4f:b5:26:71:46:f4:70:
23:bd:5a:4e:e0:30:b8:1e:1e:a7:83:a9:48:69:80:
0d:9f:cf:4b:76:ce:0b:7d:eb:fe:3d:4c:6e:b0:31:
2a:f8:5d:16:d0:f1:7e:27:cc:82:de:fa:2d:7e:da:
ec:c3:e8:73:d3:81:06:46:a1:b3:96:d1:5c:09:e8:
da:9e:6a:4b:4c:8a:65:d3:98:cd:dc:dd:83:70:a0:
d5:64:af:55:9c:3b:bf:f1:b0:4a:3e:63:0a:90:ca:
58:1c:9b:5b:84:a1:39:38:60:71:a6:2b:5e:1c:7a:
42:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:86:67:95:58:61:C7:7C:DD:E5:5D:8C:71:69:0A:E6:55:DB:4D:F5
X509v3 Authority Key Identifier:
keyid:4F:50:A0:DC:C7:1C:42:92:3E:40:70:11:BD:21:2A:FA:5C:62:E5:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T1Cg3MccQpI-QHARvSEq-lxi5Z0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/O4ZnlVhhx3zd5V2McWkK5lXbTfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/30a2bf-b51e-4d72-b409-ca8b2758be15/1/T1Cg3MccQpI-QHARvSEq-lxi5Z0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.176.6.0-193.176.15.255
193.176.159.0-193.176.178.255
194.104.64.0/20
IPv6:
2a00:7740::/32
Signature Algorithm: sha256WithRSAEncryption
88:87:1b:34:1a:d9:a7:22:17:dd:81:1c:d9:fd:4f:85:62:e2:
e4:69:b2:74:0d:c1:f3:36:09:f2:c1:66:65:db:88:2c:12:cc:
23:ea:77:98:eb:58:99:d5:d2:2f:53:b7:27:a6:98:3f:f2:2a:
a5:90:9f:af:9e:e5:34:0f:ae:ff:ed:66:ae:4c:84:1b:48:e8:
fa:6e:f8:6f:f6:47:05:63:e9:e5:fc:65:ed:af:8e:db:68:14:
48:86:b7:64:f6:b5:06:6d:fa:fa:41:57:34:af:2d:5a:2c:9c:
53:6c:8d:91:84:20:f2:62:86:ac:e7:e4:b3:02:5d:91:c7:ec:
ac:2b:34:1f:4b:99:f7:d5:d9:5e:33:7e:e0:b9:95:ac:7a:11:
03:a9:01:5d:4e:d5:7f:c2:95:5b:a8:34:a1:3a:0c:cb:77:24:
b5:b0:e5:e9:c4:4a:45:28:78:2a:95:eb:48:5f:48:17:2a:32:
d7:28:41:11:72:ad:95:42:a8:5a:c6:31:0b:74:f3:b0:7f:d4:
0d:d5:94:9f:07:c7:e8:2b:96:b8:99:c4:28:89:2c:d8:ae:b7:
48:3b:e8:8e:e0:0e:a5:0c:28:e4:a7:3a:7f:38:3a:8f:69:c1:
50:7a:ff:a9:e0:93:f0:0f:87:74:ee:97:c4:1b:55:60:2a:ce:
f5:65:a0:de
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZQks7CKlqqt3NmLYrb22Z+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNTBhMGRjYzcxYzQyOTIzZTQwNzAxMWJkMjEyYWZhNWM2
MmU1OWQwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg2Njc5NTU4NjFjNzdjZGRlNTVkOGM3MTY5MGFlNjU1ZGI0ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEPsF+d9AAt395XVRd9Kjd/PFO52
VhdnTS2sBAH4LQ13tT/ZfA+e1slkCN4vjfHv5oOY6pminuyBI1jyvuJjbD6yq5ac
UvparqEaZrc7Kreemq/FeV77PzABJkrT3YLamwUnV51zSIHawMq4HfAMNOdQv/hc
nyo1pXZVtiVuI/R8HxzV52uW2ZJeM+S5zE+1JnFG9HAjvVpO4DC4Hh6ng6lIaYAN
n89Lds4Lfev+PUxusDEq+F0W0PF+J8yC3votftrsw+hz04EGRqGzltFcCejanmpL
TIpl05jN3N2DcKDVZK9VnDu/8bBKPmMKkMpYHJtbhKE5OGBxpiteHHpC9wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFDuGZ5VYYcd83eVdjHFpCuZV2031MB8GA1UdIwQY
MBaAFE9QoNzHHEKSPkBwEb0hKvpcYuWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDFDZzNNY2NRcEktUUhBUnZTRXEtbHhpNVowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zMGEyYmYtYjUxZS00ZDcyLWI0MDkt
Y2E4YjI3NThiZTE1LzEvTzRabmxWaGh4M3pkNVYyTWNXa0s1bFhiVGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zMGEyYmYtYjUxZS00ZDcyLWI0MDktY2E4YjI3NThiZTE1
LzEvVDFDZzNNY2NRcEktUUhBUnZTRXEtbHhpNVowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAHBsAYD
BATBsAAwDAMEAMGwnwMEAMGwsgMEBMJoQDANBAIAAjAHAwUAKgB3QDANBgkqhkiG
9w0BAQsFAAOCAQEAiIcbNBrZpyIX3YEc2f1PhWLi5GmydA3B8zYJ8sFmZduILBLM
I+p3mOtYmdXSL1O3J6aYP/IqpZCfr57lNA+u/+1mrkyEG0jo+m74b/ZHBWPp5fxl
7a+O22gUSIa3ZPa1Bm36+kFXNK8tWiycU2yNkYQg8mKGrOfkswJdkcfsrCs0H0uZ
99XZXjN+4LmVrHoRA6kBXU7Vf8KVW6g0oToMy3cktbDl6cRKRSh4KpXrSF9IFyoy
1yhBEXKtlUKoWsYxC3TzsH/UDdWUnwfH6CuWuJnEKIks2K63SDvojuAOpQwo5Kc6
fzg6j2nBUHr/qeCT8A+HdO6XxBtVYCrO9WWg3g==
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:30:40 2025 by rpki-client