Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/3Et5DSQTmjw5JoMUf-Wa1H5e4PY.roa
File: 3Et5DSQTmjw5JoMUf-Wa1H5e4PY.roa (raw, json)
Hash identifier: FOwnE+/UGLrWULx1HSQ846yUR+XWmJ/pKo/EVwX3S1M=
Subject key identifier: DC:4B:79:0D:24:13:9A:3C:39:26:83:14:7F:E5:9A:D4:7E:5E:E0:F6
Certificate issuer: /CN=038b9963c972c1d7a03df96fad25f68ebd4fa149
Certificate serial: 019426D95F37BECCFD28E8CACA16785E5492
Authority key identifier: 03:8B:99:63:C9:72:C1:D7:A0:3D:F9:6F:AD:25:F6:8E:BD:4F:A1:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A4uZY8lywdegPflvrSX2jr1PoUk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/3Et5DSQTmjw5JoMUf-Wa1H5e4PY.roa
Signing time: Thu 02 Jan 2025 11:49:27 +0000
ROA not before: Thu 02 Jan 2025 11:49:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31662
IP address blocks: 94.228.144.0/20 maxlen: 20
185.27.4.0/22 maxlen: 22
185.251.56.0/22 maxlen: 22
217.151.112.0/20 maxlen: 20
2a00:d28::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/A4uZY8lywdegPflvrSX2jr1PoUk.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/A4uZY8lywdegPflvrSX2jr1PoUk.mft
rsync://rpki.ripe.net/repository/DEFAULT/A4uZY8lywdegPflvrSX2jr1PoUk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 23:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:5f:37:be:cc:fd:28:e8:ca:ca:16:78:5e:54:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=038b9963c972c1d7a03df96fad25f68ebd4fa149
Validity
Not Before: Jan 2 11:49:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dc4b790d24139a3c392683147fe59ad47e5ee0f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:fd:aa:1e:f3:ff:7a:fd:31:62:c0:72:3a:38:
26:19:de:0d:af:51:8a:b3:e2:cf:e2:f7:ec:a5:e5:
f2:86:58:50:d7:5c:3e:75:8d:7a:dd:8f:a3:64:8b:
b1:94:80:f3:0f:01:f6:00:6b:f3:a0:ab:5d:fe:73:
ac:81:1e:1b:9c:7b:0c:68:ce:31:51:97:c5:54:5b:
73:6b:b4:81:5b:08:aa:4e:c7:fa:c6:2a:bb:64:04:
6d:69:e0:ea:6c:31:19:44:fc:cc:a9:a4:1c:fb:0e:
80:8f:4b:1c:aa:59:36:46:df:ad:d1:7a:2c:85:b3:
85:37:d0:4b:b4:ce:b0:e2:fa:aa:c3:76:05:50:7a:
19:d4:2b:44:26:c6:08:30:2e:c4:29:09:df:19:e5:
62:ce:8b:d7:da:a1:46:68:0c:f3:e8:c9:35:6e:21:
e3:16:e0:44:ff:a0:6c:b2:63:d1:9a:25:14:5f:79:
2b:a7:fe:ef:5a:73:ba:a1:c6:08:8e:18:49:d0:54:
ca:a7:5e:af:cf:cd:f6:6f:92:f6:66:90:44:5e:7b:
bb:d1:c4:55:e5:96:be:1a:90:1b:38:24:17:02:d3:
f2:d2:33:4a:65:b2:c1:12:3e:44:6a:c8:b8:df:4d:
5c:8b:b6:e1:3b:86:cf:ce:4c:f9:bf:f3:43:d5:5b:
04:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:4B:79:0D:24:13:9A:3C:39:26:83:14:7F:E5:9A:D4:7E:5E:E0:F6
X509v3 Authority Key Identifier:
keyid:03:8B:99:63:C9:72:C1:D7:A0:3D:F9:6F:AD:25:F6:8E:BD:4F:A1:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A4uZY8lywdegPflvrSX2jr1PoUk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/3Et5DSQTmjw5JoMUf-Wa1H5e4PY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/A4uZY8lywdegPflvrSX2jr1PoUk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.228.144.0/20
185.27.4.0/22
185.251.56.0/22
217.151.112.0/20
IPv6:
2a00:d28::/32
Signature Algorithm: sha256WithRSAEncryption
2e:74:48:39:fb:26:8f:64:4f:29:77:52:6f:16:42:53:cd:08:
34:0a:68:c3:19:3e:51:90:59:6b:ce:99:44:a5:3e:23:13:86:
e4:71:ef:5e:82:17:a7:cf:95:2b:09:76:27:5f:c1:9b:5c:34:
ba:58:0c:05:f0:9d:41:5a:35:fb:2c:e7:b4:e1:5d:d8:16:64:
72:b9:23:07:3a:58:48:76:15:3a:45:e0:fd:0c:b8:97:02:56:
cb:08:1b:5f:28:87:2d:8a:a8:d7:5e:a4:da:6c:f2:40:1c:b9:
7c:21:e0:fc:24:f9:9f:ee:95:2a:63:68:44:88:e3:48:dc:40:
f0:75:03:15:3a:ec:90:9b:d3:01:72:fc:e9:e0:b2:7a:3f:95:
c2:9a:8d:07:c7:f8:22:17:20:cc:43:cd:b7:fe:1e:86:87:54:
33:05:57:25:42:66:80:ad:1a:5f:d2:54:c2:59:3a:08:15:3e:
51:1d:71:f5:41:c9:72:a6:cc:9c:da:3c:c4:89:b1:4e:f9:08:
e7:70:2b:5b:f1:20:9f:51:5b:24:e9:31:fb:bb:96:27:1d:f6:
ab:c1:08:51:d6:07:7b:7e:45:fe:19:a0:6f:8e:f0:1f:77:d8:
4f:78:00:50:4d:92:90:7e:fe:81:9d:cd:13:25:d6:8b:a4:d7:
04:84:be:fc
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQm2V83vsz9KOjKyhZ4XlSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOGI5OTYzYzk3MmMxZDdhMDNkZjk2ZmFkMjVmNjhlYmQ0
ZmExNDkwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzRiNzkwZDI0MTM5YTNjMzkyNjgzMTQ3ZmU1OWFkNDdlNWVlMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjv2qHvP/ev0xYsByOjgmGd4Nr1GK
s+LP4vfspeXyhlhQ11w+dY163Y+jZIuxlIDzDwH2AGvzoKtd/nOsgR4bnHsMaM4x
UZfFVFtza7SBWwiqTsf6xiq7ZARtaeDqbDEZRPzMqaQc+w6Aj0scqlk2Rt+t0Xos
hbOFN9BLtM6w4vqqw3YFUHoZ1CtEJsYIMC7EKQnfGeVizovX2qFGaAzz6Mk1biHj
FuBE/6BssmPRmiUUX3krp/7vWnO6ocYIjhhJ0FTKp16vz832b5L2ZpBEXnu70cRV
5Za+GpAbOCQXAtPy0jNKZbLBEj5Easi4301ci7bhO4bPzkz5v/ND1VsEowIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNxLeQ0kE5o8OSaDFH/lmtR+XuD2MB8GA1UdIwQY
MBaAFAOLmWPJcsHXoD35b60l9o69T6FJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTR1Wlk4bHl3ZGVnUGZsdnJTWDJqcjFQb1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81MDY4MDEtYjk0ZC00YjVkLTk0YWIt
NjE2M2I5OTdiNjQyLzEvM0V0NURTUVRtanc1Sm9NVWYtV2ExSDVlNFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81MDY4MDEtYjk0ZC00YjVkLTk0YWItNjE2M2I5OTdiNjQy
LzEvQTR1Wlk4bHl3ZGVnUGZsdnJTWDJqcjFQb1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXuSQAwQC
uRsEAwQCufs4AwQE2ZdwMA0EAgACMAcDBQAqAA0oMA0GCSqGSIb3DQEBCwUAA4IB
AQAudEg5+yaPZE8pd1JvFkJTzQg0CmjDGT5RkFlrzplEpT4jE4bkce9eghenz5Ur
CXYnX8GbXDS6WAwF8J1BWjX7LOe04V3YFmRyuSMHOlhIdhU6ReD9DLiXAlbLCBtf
KIctiqjXXqTabPJAHLl8IeD8JPmf7pUqY2hEiONI3EDwdQMVOuyQm9MBcvzp4LJ6
P5XCmo0Hx/giFyDMQ823/h6Gh1QzBVclQmaArRpf0lTCWToIFT5RHXH1Qclypsyc
2jzEibFO+QjncCtb8SCfUVsk6TH7u5YnHfarwQhR1gd7fkX+GaBvjvAfd9hPeABQ
TZKQfv6Bnc0TJdaLpNcEhL78
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:35:29 2025 by rpki-client