Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VOehP0nNcmpfZKhBwTXULFGZEvw.roa
File: VOehP0nNcmpfZKhBwTXULFGZEvw.roa (raw, json)
Hash identifier: 1agnvIndtvA8mIKjCsNJG21HV2gFeQ7JSDLX3c6TNRQ=
Subject key identifier: 54:E7:A1:3F:49:CD:72:6A:5F:64:A8:41:C1:35:D4:2C:51:99:12:FC
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01973BAEC33F37E172775A1D10B91A3908A8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VOehP0nNcmpfZKhBwTXULFGZEvw.roa
Signing time: Wed 04 Jun 2025 16:03:18 +0000
ROA not before: Wed 04 Jun 2025 16:03:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211439
IP address blocks: 37.252.28.0/24 maxlen: 24
79.99.149.0/24 maxlen: 24
89.213.117.0/24 maxlen: 24
89.213.171.0/24 maxlen: 24
89.213.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3b:ae:c3:3f:37:e1:72:77:5a:1d:10:b9:1a:39:08:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 4 16:03:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=54e7a13f49cd726a5f64a841c135d42c519912fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4f:e0:c3:fd:fb:81:57:a7:90:bf:0d:e1:56:
d1:40:38:3f:1e:95:fb:91:78:be:a5:ef:6e:35:da:
10:1f:fe:c2:0a:10:1f:72:d7:25:1c:51:a7:7e:a4:
9a:b5:c9:ee:ab:7a:47:ee:ba:26:c8:fd:a3:07:79:
56:b3:d8:a6:96:d8:71:cd:d3:69:20:55:15:5f:67:
6f:3c:11:89:21:ac:6c:98:cb:39:a9:1d:74:62:6f:
b5:06:7e:05:fb:39:f6:8c:14:9d:36:a1:e5:84:47:
bf:c7:d4:d3:38:df:84:45:95:36:c9:b4:8d:cc:a8:
63:6b:18:33:0c:60:e0:ae:13:d4:79:b8:03:e7:7d:
fa:61:0b:62:2a:16:57:75:ea:0c:93:d7:7d:fc:52:
70:7c:3c:0a:43:cd:d2:9f:a0:b6:73:11:49:82:ed:
dc:20:74:72:9a:9d:33:4b:f2:68:b3:45:ab:38:aa:
a1:b8:0f:28:2b:ec:22:33:e3:e1:60:90:99:dd:06:
2a:a5:55:f9:38:22:89:c9:3e:d8:ab:3c:08:8a:b3:
82:42:d2:74:56:43:0d:f1:29:86:be:71:4b:4b:4f:
db:01:8d:7d:30:9a:4d:a5:7d:02:8a:f7:92:89:c0:
dc:22:8e:9f:66:9f:66:92:54:e3:a6:5b:ad:30:95:
66:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:E7:A1:3F:49:CD:72:6A:5F:64:A8:41:C1:35:D4:2C:51:99:12:FC
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VOehP0nNcmpfZKhBwTXULFGZEvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.28.0/24
79.99.149.0/24
89.213.117.0/24
89.213.171.0/24
89.213.221.0/24
Signature Algorithm: sha256WithRSAEncryption
84:86:0d:ea:0f:45:2b:78:5f:02:0f:a2:c7:d0:39:df:94:2e:
27:cf:a9:7a:1a:27:48:62:ba:0c:0e:e6:be:db:5a:03:54:01:
03:85:d8:5c:1c:6a:18:27:6d:49:2b:8a:60:39:40:1e:be:0b:
2a:e9:72:1a:db:51:3b:39:02:03:82:f7:eb:42:69:64:0e:0f:
9a:5a:d0:5a:39:91:70:4c:d1:14:ae:60:79:be:f9:fa:d7:9f:
a5:eb:72:aa:f4:8e:93:36:87:f1:89:80:a7:6e:d7:4a:fa:bb:
8c:08:41:f5:06:14:98:01:6f:e8:ec:14:77:d8:19:f2:b0:fe:
16:19:b8:c1:69:b6:ac:59:13:10:06:af:44:68:04:e0:07:79:
cb:a1:16:38:0f:ef:86:28:25:08:9a:a2:99:0f:bc:be:f4:10:
c5:76:41:df:3f:ed:5c:35:51:f6:d7:48:aa:36:f2:95:43:54:
e6:a9:5e:f6:49:46:1a:63:1d:11:00:54:1f:45:87:c6:87:99:
f1:43:9c:4a:76:62:7e:6a:08:46:8d:39:d7:b6:60:b8:74:10:
e4:10:f4:df:32:a8:0a:6a:ab:1a:03:c0:23:e4:25:9a:a8:d3:
0a:a5:8a:74:13:10:11:6d:c1:59:e7:18:10:5b:5d:80:f2:fa:
c3:b8:92:d5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZc7rsM/N+Fyd1odELkaOQioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjA0MTYwMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGU3YTEzZjQ5Y2Q3MjZhNWY2NGE4NDFjMTM1ZDQyYzUxOTkxMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE/gw/37gVenkL8N4VbRQDg/HpX7
kXi+pe9uNdoQH/7CChAfctclHFGnfqSatcnuq3pH7romyP2jB3lWs9imlthxzdNp
IFUVX2dvPBGJIaxsmMs5qR10Ym+1Bn4F+zn2jBSdNqHlhEe/x9TTON+ERZU2ybSN
zKhjaxgzDGDgrhPUebgD5336YQtiKhZXdeoMk9d9/FJwfDwKQ83Sn6C2cxFJgu3c
IHRymp0zS/Jos0WrOKqhuA8oK+wiM+PhYJCZ3QYqpVX5OCKJyT7YqzwIirOCQtJ0
VkMN8SmGvnFLS0/bAY19MJpNpX0CiveSicDcIo6fZp9mklTjplutMJVmkQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFTnoT9JzXJqX2SoQcE11CxRmRL8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVk9laFAwbk5jbXBmWktoQndUWFVMRkdaRXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAJfwcAwQA
T2OVAwQAWdV1AwQAWdWrAwQAWdXdMA0GCSqGSIb3DQEBCwUAA4IBAQCEhg3qD0Ur
eF8CD6LH0DnflC4nz6l6GidIYroMDua+21oDVAEDhdhcHGoYJ21JK4pgOUAevgsq
6XIa21E7OQIDgvfrQmlkDg+aWtBaOZFwTNEUrmB5vvn615+l63Kq9I6TNofxiYCn
btdK+ruMCEH1BhSYAW/o7BR32BnysP4WGbjBabasWRMQBq9EaATgB3nLoRY4D++G
KCUImqKZD7y+9BDFdkHfP+1cNVH210iqNvKVQ1TmqV72SUYaYx0RAFQfRYfGh5nx
Q5xKdmJ+aghGjTnXtmC4dBDkEPTfMqgKaqsaA8Aj5CWaqNMKpYp0ExARbcFZ5xgQ
W12A8vrDuJLV
-----END CERTIFICATE-----
Generated at Fri Jun 6 14:00:55 2025 by rpki-client