Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/O0F84RWu36-icdnEP0gqMSZmFC0.roa
File: O0F84RWu36-icdnEP0gqMSZmFC0.roa (raw, json)
Hash identifier: VjIGx/MTrmEnOtVvtOZHwU506/ftw5kzWXyYKquguXQ=
Subject key identifier: 3B:41:7C:E1:15:AE:DF:AF:A2:71:D9:C4:3F:48:2A:31:26:66:14:2D
Certificate issuer: /CN=36451a2ea40af1715e6313169468996aca71bb8a
Certificate serial: 019423D731997BDBA42901659179E0992746
Authority key identifier: 36:45:1A:2E:A4:0A:F1:71:5E:63:13:16:94:68:99:6A:CA:71:BB:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NkUaLqQK8XFeYxMWlGiZaspxu4o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/O0F84RWu36-icdnEP0gqMSZmFC0.roa
Signing time: Wed 01 Jan 2025 21:48:12 +0000
ROA not before: Wed 01 Jan 2025 21:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31383
IP address blocks: 78.41.72.0/21 maxlen: 21
78.41.72.0/24 maxlen: 24
78.41.73.0/24 maxlen: 24
78.41.74.0/24 maxlen: 24
78.41.75.0/24 maxlen: 24
78.41.76.0/24 maxlen: 24
78.41.77.0/24 maxlen: 24
78.41.78.0/24 maxlen: 24
78.41.79.0/24 maxlen: 24
83.137.16.0/21 maxlen: 21
83.137.16.0/24 maxlen: 24
83.137.17.0/24 maxlen: 24
83.137.18.0/24 maxlen: 24
83.137.19.0/24 maxlen: 24
83.137.20.0/24 maxlen: 24
83.137.21.0/24 maxlen: 24
83.137.22.0/24 maxlen: 24
83.137.23.0/24 maxlen: 24
2001:4038::/32 maxlen: 32
2001:4038::/33 maxlen: 33
2001:4038:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/NkUaLqQK8XFeYxMWlGiZaspxu4o.crl
rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/NkUaLqQK8XFeYxMWlGiZaspxu4o.mft
rsync://rpki.ripe.net/repository/DEFAULT/NkUaLqQK8XFeYxMWlGiZaspxu4o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:31:99:7b:db:a4:29:01:65:91:79:e0:99:27:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36451a2ea40af1715e6313169468996aca71bb8a
Validity
Not Before: Jan 1 21:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b417ce115aedfafa271d9c43f482a312666142d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:17:3c:2f:ea:5c:75:71:91:74:7f:2a:30:0c:
ad:c1:ff:6e:47:ce:79:f7:d4:5b:12:44:45:3f:dc:
33:e7:ce:44:bd:99:dc:b6:67:69:6a:5b:e3:73:7c:
9f:d6:ea:6c:3e:40:b6:fa:2a:f1:02:4f:a1:3c:eb:
39:bf:71:70:b7:1d:dd:84:a4:d6:50:35:52:fa:b8:
ac:b6:9b:02:44:39:e7:8f:ed:fa:b1:03:db:ce:99:
82:31:3e:a5:be:55:98:17:e8:08:10:95:6c:41:fe:
9b:4d:f4:14:ac:00:df:11:7d:01:b8:95:8a:d4:27:
3c:19:22:42:bf:c3:e6:80:54:37:41:c2:79:d0:70:
9d:1e:ff:15:d8:5a:c9:2d:a9:df:d8:8f:d1:0f:9c:
81:aa:ff:d4:9c:2f:83:45:5f:72:51:da:76:2c:a6:
57:87:a2:da:d7:66:16:63:dc:5d:50:e3:3f:e8:b1:
71:41:ab:ab:41:54:16:0e:0a:09:42:c0:5a:2c:23:
41:a3:46:87:7b:7b:aa:cd:08:d1:1f:81:2b:94:c0:
a1:8f:e1:c3:d1:5b:3f:95:2a:ec:6d:bd:16:53:ee:
15:94:e6:72:65:74:d7:69:eb:6b:5f:58:4b:03:2e:
23:8e:7c:17:70:4b:d0:6f:6c:c1:25:21:d2:13:6c:
73:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:41:7C:E1:15:AE:DF:AF:A2:71:D9:C4:3F:48:2A:31:26:66:14:2D
X509v3 Authority Key Identifier:
keyid:36:45:1A:2E:A4:0A:F1:71:5E:63:13:16:94:68:99:6A:CA:71:BB:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NkUaLqQK8XFeYxMWlGiZaspxu4o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/O0F84RWu36-icdnEP0gqMSZmFC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8b3822-6eaa-43a2-9a32-be308c12f7bc/1/NkUaLqQK8XFeYxMWlGiZaspxu4o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.41.72.0/21
83.137.16.0/21
IPv6:
2001:4038::/32
Signature Algorithm: sha256WithRSAEncryption
85:06:e2:ce:f1:99:86:09:b7:d1:1d:f8:04:dd:7e:33:3b:36:
9e:26:33:84:36:0e:5b:f6:30:d4:f0:e9:de:83:f9:e5:d3:cc:
72:9e:81:2b:9b:99:74:48:1b:94:86:22:9d:17:57:d5:75:47:
6d:b9:4c:9e:b4:33:d3:97:b5:4a:a2:07:be:e1:54:19:21:dc:
38:18:ef:62:93:2f:23:b7:62:9c:2f:29:93:3e:a4:99:e8:c9:
5a:bf:42:37:de:c3:3a:f6:6f:19:32:3a:5d:8c:b5:7b:ef:de:
15:7a:e4:23:71:5a:a4:9c:f4:77:b1:89:f2:98:8c:21:ea:5c:
05:4b:90:08:b6:f1:2e:69:96:ed:f9:cf:83:d3:98:3b:26:ba:
7c:0f:84:26:b5:3a:9b:09:75:83:42:57:c7:11:e8:94:ff:6a:
0f:d1:6e:b3:80:9e:4c:9e:24:1f:fe:fc:67:e9:e5:6b:44:31:
80:f0:31:c1:1e:a8:49:ed:c0:66:10:07:95:b3:59:42:ef:74:
7a:e6:5c:f5:3c:2e:ef:19:d7:da:cd:88:d9:29:1d:f6:8b:b0:
28:26:5d:54:79:b1:8d:8f:5a:7a:6d:ca:79:58:69:a3:b5:d4:
d3:80:0b:e5:32:b7:0c:8c:ed:f5:22:6a:be:55:8f:e0:2a:36:
82:87:8c:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1zGZe9ukKQFlkXngmSdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NDUxYTJlYTQwYWYxNzE1ZTYzMTMxNjk0Njg5OTZhY2E3
MWJiOGEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQxN2NlMTE1YWVkZmFmYTI3MWQ5YzQzZjQ4MmEzMTI2NjYxNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBc8L+pcdXGRdH8qMAytwf9uR855
99RbEkRFP9wz585EvZnctmdpalvjc3yf1upsPkC2+irxAk+hPOs5v3Fwtx3dhKTW
UDVS+ristpsCRDnnj+36sQPbzpmCMT6lvlWYF+gIEJVsQf6bTfQUrADfEX0BuJWK
1Cc8GSJCv8PmgFQ3QcJ50HCdHv8V2FrJLanf2I/RD5yBqv/UnC+DRV9yUdp2LKZX
h6La12YWY9xdUOM/6LFxQaurQVQWDgoJQsBaLCNBo0aHe3uqzQjRH4ErlMChj+HD
0Vs/lSrsbb0WU+4VlOZyZXTXaetrX1hLAy4jjnwXcEvQb2zBJSHSE2xzOQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDtBfOEVrt+vonHZxD9IKjEmZhQtMB8GA1UdIwQY
MBaAFDZFGi6kCvFxXmMTFpRomWrKcbuKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmtVYUxxUUs4WEZlWXhNV2xHaVphc3B4dTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84YjM4MjItNmVhYS00M2EyLTlhMzIt
YmUzMDhjMTJmN2JjLzEvTzBGODRSV3UzNi1pY2RuRVAwZ3FNU1ptRkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84YjM4MjItNmVhYS00M2EyLTlhMzItYmUzMDhjMTJmN2Jj
LzEvTmtVYUxxUUs4WEZlWXhNV2xHaVphc3B4dTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDTilIAwQD
U4kQMA0EAgACMAcDBQAgAUA4MA0GCSqGSIb3DQEBCwUAA4IBAQCFBuLO8ZmGCbfR
HfgE3X4zOzaeJjOENg5b9jDU8Oneg/nl08xynoErm5l0SBuUhiKdF1fVdUdtuUye
tDPTl7VKoge+4VQZIdw4GO9iky8jt2KcLymTPqSZ6Mlav0I33sM69m8ZMjpdjLV7
794VeuQjcVqknPR3sYnymIwh6lwFS5AItvEuaZbt+c+D05g7Jrp8D4QmtTqbCXWD
QlfHEeiU/2oP0W6zgJ5MniQf/vxn6eVrRDGA8DHBHqhJ7cBmEAeVs1lC73R65lz1
PC7vGdfazYjZKR32i7AoJl1UebGNj1p6bcp5WGmjtdTTgAvlMrcMjO31Imq+VY/g
KjaCh4wh
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:50:38 2025 by rpki-client