Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/09aa61-87d7-4f53-9818-dec21eefa38b/1/oTJ3WFdDrwDwPRwq0KV_9933-4Y.roa
File: oTJ3WFdDrwDwPRwq0KV_9933-4Y.roa (raw, json)
Hash identifier: mhBZetUkSVK2917d65VbBa4ZgrfV11qg/and0h4flas=
Subject key identifier: A1:32:77:58:57:43:AF:00:F0:3D:1C:2A:D0:A5:7F:F7:DD:F7:FB:86
Certificate issuer: /CN=d73492e4d25c3bbd0c5e20c5a85ecb22ec97360a
Certificate serial: 0194244509FECF8D9335CBD29B6AFC4FE70E
Authority key identifier: D7:34:92:E4:D2:5C:3B:BD:0C:5E:20:C5:A8:5E:CB:22:EC:97:36:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1zSS5NJcO70MXiDFqF7LIuyXNgo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/09aa61-87d7-4f53-9818-dec21eefa38b/1/oTJ3WFdDrwDwPRwq0KV_9933-4Y.roa
Signing time: Wed 01 Jan 2025 23:48:11 +0000
ROA not before: Wed 01 Jan 2025 23:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208715
IP address blocks: 37.140.252.0/24 maxlen: 25
185.200.132.0/22 maxlen: 24
194.61.128.0/22 maxlen: 24
194.61.128.0/24 maxlen: 24
194.61.129.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/09aa61-87d7-4f53-9818-dec21eefa38b/1/1zSS5NJcO70MXiDFqF7LIuyXNgo.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/09aa61-87d7-4f53-9818-dec21eefa38b/1/1zSS5NJcO70MXiDFqF7LIuyXNgo.mft
rsync://rpki.ripe.net/repository/DEFAULT/1zSS5NJcO70MXiDFqF7LIuyXNgo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:09:fe:cf:8d:93:35:cb:d2:9b:6a:fc:4f:e7:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d73492e4d25c3bbd0c5e20c5a85ecb22ec97360a
Validity
Not Before: Jan 1 23:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a13277585743af00f03d1c2ad0a57ff7ddf7fb86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:30:31:20:2f:4b:8c:05:ae:6f:4f:0e:4f:56:
be:96:e4:23:a0:81:0b:5b:b0:0f:ee:8e:10:63:fe:
ba:b6:e3:b4:1d:c5:64:56:41:04:96:5a:ba:d8:dd:
62:f5:42:7d:2a:06:db:4e:8f:76:90:f3:cf:95:14:
b4:c8:2b:1e:f0:98:5a:6d:95:69:87:15:d3:f8:cb:
c7:eb:7c:7a:2b:ce:09:49:5e:b3:cf:07:dd:32:c0:
5c:ea:cf:b8:62:85:0c:f5:6e:e4:d9:23:55:9b:a5:
d7:12:30:82:ab:59:6d:f0:b8:55:35:40:9d:f4:04:
14:3e:40:5e:75:2d:b9:d1:62:71:b2:92:d3:0c:f4:
84:50:88:9f:30:94:09:40:eb:30:d6:e5:51:c4:64:
50:7f:20:10:e8:f1:c1:13:0e:03:f1:8d:9f:82:01:
79:35:eb:9e:b0:f6:07:32:a0:13:6b:e7:30:df:5c:
79:2d:93:f2:4d:b8:91:95:d4:f2:34:4e:05:26:a9:
6b:4a:8f:4a:69:d9:dc:34:92:63:cd:27:81:65:f1:
11:31:7f:ba:e7:d4:fd:07:8c:f0:bb:4b:a3:a8:3a:
2a:10:e7:71:ca:ed:85:3b:18:bf:67:13:be:5f:7a:
cc:17:cc:f3:d5:4d:2d:aa:3a:6e:d5:92:4f:df:89:
8b:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:32:77:58:57:43:AF:00:F0:3D:1C:2A:D0:A5:7F:F7:DD:F7:FB:86
X509v3 Authority Key Identifier:
keyid:D7:34:92:E4:D2:5C:3B:BD:0C:5E:20:C5:A8:5E:CB:22:EC:97:36:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zSS5NJcO70MXiDFqF7LIuyXNgo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/09aa61-87d7-4f53-9818-dec21eefa38b/1/oTJ3WFdDrwDwPRwq0KV_9933-4Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/09aa61-87d7-4f53-9818-dec21eefa38b/1/1zSS5NJcO70MXiDFqF7LIuyXNgo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.140.252.0/24
185.200.132.0/22
194.61.128.0/22
Signature Algorithm: sha256WithRSAEncryption
b7:43:48:e6:2f:20:22:ef:c2:21:b5:6d:06:5a:9c:59:07:63:
4f:94:7c:ed:17:1f:f9:b8:f7:f7:32:3d:1c:2f:8b:7b:94:57:
db:e6:99:ca:31:7f:20:97:d5:1f:20:ba:f8:90:fc:d7:4b:9c:
12:74:46:0f:66:ee:cd:05:28:95:6e:10:d0:e3:90:21:c8:98:
63:be:1c:77:fc:2f:f1:ab:a1:57:18:28:a4:80:b0:7b:0e:81:
48:a3:66:6f:67:94:f6:0e:48:90:de:f3:91:50:35:00:9a:fa:
a6:af:df:74:f5:57:af:fa:20:13:ae:2c:b3:2d:a5:c8:d7:80:
76:30:63:a4:7f:be:16:4f:48:8b:0c:16:5b:a0:1d:2c:16:37:
3a:c0:a2:b4:a3:de:bf:a2:6a:36:41:40:f4:52:60:fd:69:bd:
fe:38:c7:34:40:04:28:dc:ce:c2:ec:5d:36:70:7a:77:b2:b1:
1f:43:47:e9:8d:dd:de:3d:b1:8d:4d:19:6b:e6:d7:db:56:73:
c0:d8:38:0f:c1:ad:82:20:b9:e8:12:88:ce:92:41:74:94:ab:
ef:5e:15:6f:c2:0e:62:e3:d7:8a:39:91:18:aa:c3:7d:8d:8a:
12:55:20:15:ef:a6:72:ec:e5:3c:89:de:0b:bb:b2:57:a8:06:
48:c5:52:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQkRQn+z42TNcvSm2r8T+cOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MzQ5MmU0ZDI1YzNiYmQwYzVlMjBjNWE4NWVjYjIyZWM5
NzM2MGEwHhcNMjUwMTAxMjM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMyNzc1ODU3NDNhZjAwZjAzZDFjMmFkMGE1N2ZmN2RkZjdmYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzAxIC9LjAWub08OT1a+luQjoIEL
W7AP7o4QY/66tuO0HcVkVkEEllq62N1i9UJ9KgbbTo92kPPPlRS0yCse8JhabZVp
hxXT+MvH63x6K84JSV6zzwfdMsBc6s+4YoUM9W7k2SNVm6XXEjCCq1lt8LhVNUCd
9AQUPkBedS250WJxspLTDPSEUIifMJQJQOsw1uVRxGRQfyAQ6PHBEw4D8Y2fggF5
NeuesPYHMqATa+cw31x5LZPyTbiRldTyNE4FJqlrSo9KadncNJJjzSeBZfERMX+6
59T9B4zwu0ujqDoqEOdxyu2FOxi/ZxO+X3rMF8zz1U0tqjpu1ZJP34mLyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKEyd1hXQ68A8D0cKtClf/fd9/uGMB8GA1UdIwQY
MBaAFNc0kuTSXDu9DF4gxaheyyLslzYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXpTUzVOSmNPNzBNWGlERnFGN0xJdXlYTmdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wOWFhNjEtODdkNy00ZjUzLTk4MTgt
ZGVjMjFlZWZhMzhiLzEvb1RKM1dGZERyd0R3UFJ3cTBLVl85OTMzLTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wOWFhNjEtODdkNy00ZjUzLTk4MTgtZGVjMjFlZWZhMzhi
LzEvMXpTUzVOSmNPNzBNWGlERnFGN0xJdXlYTmdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJYz8AwQC
uciEAwQCwj2AMA0GCSqGSIb3DQEBCwUAA4IBAQC3Q0jmLyAi78IhtW0GWpxZB2NP
lHztFx/5uPf3Mj0cL4t7lFfb5pnKMX8gl9UfILr4kPzXS5wSdEYPZu7NBSiVbhDQ
45AhyJhjvhx3/C/xq6FXGCikgLB7DoFIo2ZvZ5T2DkiQ3vORUDUAmvqmr9909Vev
+iATriyzLaXI14B2MGOkf74WT0iLDBZboB0sFjc6wKK0o96/omo2QUD0UmD9ab3+
OMc0QAQo3M7C7F02cHp3srEfQ0fpjd3ePbGNTRlr5tfbVnPA2DgPwa2CILnoEojO
kkF0lKvvXhVvwg5i49eKOZEYqsN9jYoSVSAV76Zy7OU8id4Lu7JXqAZIxVIi
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:47:30 2025 by rpki-client