Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/3y2t9Y4w34qiFBdy_Ek4JJUO21Q.roa
File: 3y2t9Y4w34qiFBdy_Ek4JJUO21Q.roa (raw, json)
Hash identifier: /TZVDNQyK0D1wC867uTU8KAEMW8e+Zi9YcbvlB1rMAE=
Subject key identifier: DF:2D:AD:F5:8E:30:DF:8A:A2:14:17:72:FC:49:38:24:95:0E:DB:54
Certificate issuer: /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial: 019420685013209A90F0B0806AA5CD10149D
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/3y2t9Y4w34qiFBdy_Ek4JJUO21Q.roa
Signing time: Wed 01 Jan 2025 05:48:14 +0000
ROA not before: Wed 01 Jan 2025 05:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 185.71.228.0/24 maxlen: 24
185.71.229.0/24 maxlen: 24
185.71.230.0/24 maxlen: 24
185.71.231.0/24 maxlen: 24
185.125.84.0/24 maxlen: 24
185.125.85.0/24 maxlen: 24
185.125.86.0/24 maxlen: 24
185.125.87.0/24 maxlen: 24
193.0.180.0/24 maxlen: 24
193.0.181.0/24 maxlen: 24
193.0.182.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.mft
rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 08:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:50:13:20:9a:90:f0:b0:80:6a:a5:cd:10:14:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Validity
Not Before: Jan 1 05:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df2dadf58e30df8aa2141772fc493824950edb54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:6c:dd:7b:56:2e:c4:d8:b7:87:db:67:53:be:
bd:ae:3e:02:a5:19:82:42:ab:21:5c:e8:70:ab:14:
94:d6:67:2b:4c:3f:b8:0b:c3:74:21:57:92:40:70:
4c:3c:ec:2a:08:d5:88:7a:2d:90:9c:99:e2:87:38:
51:0e:63:b1:4c:27:c4:11:54:fb:d8:46:3b:fa:68:
f1:7b:14:56:1a:e6:a1:4a:54:71:1d:df:c6:7b:c1:
e9:0a:f1:0c:d2:33:9c:c5:72:51:eb:67:4d:4e:9e:
76:2f:19:6a:43:10:11:df:78:d3:35:cc:5e:57:c4:
c3:e1:19:c7:5d:bf:fe:11:4f:a4:61:11:53:da:3a:
42:7b:a5:35:72:bd:c8:ca:b2:98:7c:3d:45:9f:7d:
07:fe:b5:45:83:eb:44:8a:1b:fa:23:9d:19:01:c8:
f4:35:ff:84:a1:ff:44:94:6e:f2:3b:e7:d7:64:83:
7d:2c:86:11:63:d0:7d:fc:7e:05:80:a9:20:25:bd:
f5:76:68:a8:2e:97:c2:51:47:ee:c6:6b:eb:1a:bd:
7b:1c:40:a9:bc:0c:cd:51:df:14:65:4b:9e:48:c9:
5d:c0:8c:b7:ba:74:ca:a0:2b:4c:a4:a7:da:96:67:
2e:fa:f6:d9:56:a2:de:05:bb:70:43:a1:77:c5:2b:
b5:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:2D:AD:F5:8E:30:DF:8A:A2:14:17:72:FC:49:38:24:95:0E:DB:54
X509v3 Authority Key Identifier:
keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/3y2t9Y4w34qiFBdy_Ek4JJUO21Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.71.228.0/22
185.125.84.0/22
193.0.180.0-193.0.182.255
Signature Algorithm: sha256WithRSAEncryption
69:b3:6e:37:34:f8:4c:f5:09:0a:b5:e1:82:80:78:0d:cb:b3:
99:a2:45:61:10:01:de:c2:cd:19:e3:46:26:5e:c6:dc:f1:f6:
62:66:8c:39:8b:72:d9:e7:d9:d6:f8:83:7d:12:08:72:5c:2e:
1b:e3:23:3e:23:59:05:c3:33:8a:6a:6c:17:7a:f1:c3:0d:17:
b2:9b:16:6d:25:42:7a:1b:7d:31:67:5f:43:2f:d4:86:0b:62:
15:17:b9:5a:e2:d6:da:85:ec:30:bb:17:e8:c0:fa:5c:9f:f7:
62:ea:c1:fa:b1:ed:00:a1:ce:3b:78:7c:40:dd:e8:f3:1c:89:
87:81:69:d5:27:1d:51:0b:7f:fd:0b:71:33:1d:39:5c:f8:02:
51:bf:ca:c6:b2:bb:90:9e:b3:31:55:23:2d:0a:1d:9c:4f:0e:
89:1d:ad:af:3d:22:a4:8f:83:97:7d:73:8f:35:dd:f3:ab:96:
fa:97:94:e2:90:fc:f5:16:fa:c0:b7:e5:b3:d3:13:be:0a:a2:
4b:03:8d:54:ce:f2:4e:53:ee:cc:56:88:e3:31:43:b6:d3:95:
ef:3f:31:68:67:ad:5e:36:48:0b:81:c8:42:a5:b2:d1:0f:d6:
6c:67:c4:0d:08:c3:39:35:c1:67:7e:26:1b:d8:06:03:ea:2f:
a4:1a:75:48
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQgaFATIJqQ8LCAaqXNEBSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJkYWRmNThlMzBkZjhhYTIxNDE3NzJmYzQ5MzgyNDk1MGVkYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGzde1YuxNi3h9tnU769rj4CpRmC
QqshXOhwqxSU1mcrTD+4C8N0IVeSQHBMPOwqCNWIei2QnJnihzhRDmOxTCfEEVT7
2EY7+mjxexRWGuahSlRxHd/Ge8HpCvEM0jOcxXJR62dNTp52LxlqQxAR33jTNcxe
V8TD4RnHXb/+EU+kYRFT2jpCe6U1cr3IyrKYfD1Fn30H/rVFg+tEihv6I50ZAcj0
Nf+Eof9ElG7yO+fXZIN9LIYRY9B9/H4FgKkgJb31dmioLpfCUUfuxmvrGr17HECp
vAzNUd8UZUueSMldwIy3unTKoCtMpKfalmcu+vbZVqLeBbtwQ6F3xSu1aQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN8trfWOMN+KohQXcvxJOCSVDttUMB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvM3kydDlZNHczNHFpRkJkeV9FazRKSlVPMjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCuUfkAwQC
uX1UMAwDBALBALQDBADBALYwDQYJKoZIhvcNAQELBQADggEBAGmzbjc0+Ez1CQq1
4YKAeA3Ls5miRWEQAd7CzRnjRiZextzx9mJmjDmLctnn2db4g30SCHJcLhvjIz4j
WQXDM4pqbBd68cMNF7KbFm0lQnobfTFnX0Mv1IYLYhUXuVri1tqF7DC7F+jA+lyf
92Lqwfqx7QChzjt4fEDd6PMciYeBadUnHVELf/0LcTMdOVz4AlG/ysayu5CeszFV
Iy0KHZxPDokdra89IqSPg5d9c4813fOrlvqXlOKQ/PUW+sC35bPTE74KoksDjVTO
8k5T7sxWiOMxQ7bTle8/MWhnrV42SAuByEKlstEP1mxnxA0Iwzk1wWd+JhvYBgPq
L6QadUg=
-----END CERTIFICATE-----
Generated at Sat Apr 12 16:49:35 2025 by rpki-client