Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/N3QO9mAJ3Kah4lcu6LfQJpnNPaA.roa
File: N3QO9mAJ3Kah4lcu6LfQJpnNPaA.roa (raw, json)
Hash identifier: EhgCDUbDhlo/u3oroq/Vf+OE/EjUn768F1keGXxvXXU=
Subject key identifier: 37:74:0E:F6:60:09:DC:A6:A1:E2:57:2E:E8:B7:D0:26:99:CD:3D:A0
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 0194228D96E96B5C8922C8E319DB8A01C33D
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/N3QO9mAJ3Kah4lcu6LfQJpnNPaA.roa
Signing time: Wed 01 Jan 2025 15:48:11 +0000
ROA not before: Wed 01 Jan 2025 15:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9215
IP address blocks: 85.153.180.0/24 maxlen: 24
212.252.64.0/24 maxlen: 24
212.252.65.0/24 maxlen: 24
212.252.67.0/24 maxlen: 24
212.252.75.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 02:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:96:e9:6b:5c:89:22:c8:e3:19:db:8a:01:c3:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 1 15:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37740ef66009dca6a1e2572ee8b7d02699cd3da0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:1c:e4:61:d6:2c:db:0d:5e:7f:3a:83:e7:33:
a4:8f:bb:b0:04:e9:e0:3c:4a:2d:ea:49:03:75:38:
58:b2:f0:04:5c:c4:44:32:10:bd:8f:1c:88:4f:17:
f7:40:e6:38:46:26:41:75:ea:de:2a:e1:40:f0:dc:
5a:38:c5:92:3a:4e:cf:bc:23:02:19:88:51:61:87:
48:9e:fe:85:12:6a:cc:2d:ac:18:69:67:3e:39:8a:
98:c4:0a:ea:74:3d:68:ff:85:7c:de:dc:48:f8:2c:
c3:23:29:13:78:0a:3c:41:fb:59:c5:8e:73:ab:32:
a1:9b:e7:d7:df:ce:d5:ed:96:a5:2f:c8:4d:dc:d5:
55:0d:dd:d8:d8:8e:f5:43:52:76:ea:33:bb:f0:f3:
39:11:58:d0:f0:65:53:ff:c5:1e:fd:79:82:e9:77:
24:34:0b:09:3d:e4:13:c3:1f:21:12:22:fa:9c:dc:
55:e1:15:57:1b:bc:cf:e2:36:cc:12:25:c9:0c:44:
f5:ca:32:bc:13:23:4e:3f:dc:00:1e:cb:c2:c1:0a:
ba:bb:69:4b:c5:03:be:2a:21:70:8e:93:f5:d0:67:
79:cb:8f:50:55:e3:41:74:5e:fc:65:6a:5d:1a:bf:
93:c3:bc:c5:58:04:d1:28:aa:1b:17:83:c6:a4:f9:
a5:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:74:0E:F6:60:09:DC:A6:A1:E2:57:2E:E8:B7:D0:26:99:CD:3D:A0
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/N3QO9mAJ3Kah4lcu6LfQJpnNPaA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.153.180.0/24
212.252.64.0/23
212.252.67.0/24
212.252.75.0/24
Signature Algorithm: sha256WithRSAEncryption
62:44:72:a4:27:a8:05:07:df:52:6e:ba:7d:13:db:15:90:3b:
55:1d:e0:6e:67:24:d9:c2:57:0c:af:6f:b9:fd:e7:37:2e:01:
59:1e:d6:1b:82:86:7e:f2:39:77:c1:e1:3b:11:94:21:5f:13:
44:6b:65:f1:39:c4:00:fe:16:30:1e:21:b1:03:c2:41:1d:72:
f0:2a:3e:86:46:1d:86:77:d3:7d:cd:d3:8e:ff:e4:59:a4:7c:
6d:28:8c:f1:d6:21:48:8c:62:bf:ed:c7:fd:2b:40:71:8b:fb:
6b:09:2c:e9:98:ae:23:76:71:a5:8a:67:7b:97:ea:ea:c1:dd:
f2:da:a2:52:37:0e:d3:cc:94:b4:92:a0:49:82:82:26:20:73:
b7:24:12:b3:ca:e1:e0:0f:3a:be:87:c4:ef:be:b7:af:16:99:
4b:be:95:f6:12:b4:c9:72:00:a7:c7:e1:dc:1a:f3:d3:48:62:
db:34:43:c1:28:ae:d5:76:4f:14:a6:fc:a7:20:fd:91:24:6c:
f5:12:e5:c1:67:e1:79:f3:38:9f:08:12:6b:1e:5b:e4:fd:39:
54:1e:8b:f1:cc:d3:01:21:22:39:f6:ef:37:f5:bc:d2:9f:59:
6c:b7:42:a4:af:1b:1b:9a:ae:f9:e1:85:12:1f:7d:38:3a:c6:
66:ac:d9:5c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQijZbpa1yJIsjjGduKAcM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc0MGVmNjYwMDlkY2E2YTFlMjU3MmVlOGI3ZDAyNjk5Y2QzZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xzkYdYs2w1efzqD5zOkj7uwBOng
PEot6kkDdThYsvAEXMREMhC9jxyITxf3QOY4RiZBdereKuFA8NxaOMWSOk7PvCMC
GYhRYYdInv6FEmrMLawYaWc+OYqYxArqdD1o/4V83txI+CzDIykTeAo8QftZxY5z
qzKhm+fX387V7ZalL8hN3NVVDd3Y2I71Q1J26jO78PM5EVjQ8GVT/8Ue/XmC6Xck
NAsJPeQTwx8hEiL6nNxV4RVXG7zP4jbMEiXJDET1yjK8EyNOP9wAHsvCwQq6u2lL
xQO+KiFwjpP10Gd5y49QVeNBdF78ZWpdGr+Tw7zFWATRKKobF4PGpPml1QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDd0DvZgCdymoeJXLui30CaZzT2gMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTjNRTzltQUozS2FoNGxjdTZMZlFKcG5OUGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVZm0AwQB
1PxAAwQA1PxDAwQA1PxLMA0GCSqGSIb3DQEBCwUAA4IBAQBiRHKkJ6gFB99Sbrp9
E9sVkDtVHeBuZyTZwlcMr2+5/ec3LgFZHtYbgoZ+8jl3weE7EZQhXxNEa2XxOcQA
/hYwHiGxA8JBHXLwKj6GRh2Gd9N9zdOO/+RZpHxtKIzx1iFIjGK/7cf9K0Bxi/tr
CSzpmK4jdnGlimd7l+rqwd3y2qJSNw7TzJS0kqBJgoImIHO3JBKzyuHgDzq+h8Tv
vrevFplLvpX2ErTJcgCnx+HcGvPTSGLbNEPBKK7Vdk8UpvynIP2RJGz1EuXBZ+F5
8zifCBJrHlvk/TlUHovxzNMBISI59u839bzSn1lst0Kkrxsbmq754YUSH304OsZm
rNlc
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:27:25 2025 by rpki-client