Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/O84I_LAanBtJYvSSTZhnAsP3iQA.roa
File: O84I_LAanBtJYvSSTZhnAsP3iQA.roa (raw, json)
Hash identifier: 6ivMoGITrJjRBuEurkZGNP+0M6whX3cvNI3NRDFJ7b8=
Subject key identifier: 3B:CE:08:FC:B0:1A:9C:1B:49:62:F4:92:4D:98:67:02:C3:F7:89:00
Certificate issuer: /CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Certificate serial: 0194252237729885E39991333164A46D5673
Authority key identifier: D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/O84I_LAanBtJYvSSTZhnAsP3iQA.roa
Signing time: Thu 02 Jan 2025 03:49:46 +0000
ROA not before: Thu 02 Jan 2025 03:49:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25540
IP address blocks: 37.122.200.0/21 maxlen: 21
46.254.224.0/21 maxlen: 21
79.141.0.0/20 maxlen: 24
83.167.128.0/19 maxlen: 24
95.140.0.0/20 maxlen: 20
95.170.8.0/22 maxlen: 22
141.101.48.0/21 maxlen: 21
171.33.152.0/21 maxlen: 21
178.251.80.0/21 maxlen: 21
185.4.20.0/22 maxlen: 23
185.14.120.0/22 maxlen: 22
217.15.80.0/20 maxlen: 20
2a01:6380::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 21:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:22:37:72:98:85:e3:99:91:33:31:64:a4:6d:56:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Validity
Not Before: Jan 2 03:49:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3bce08fcb01a9c1b4962f4924d986702c3f78900
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:cd:84:e3:2a:23:b0:cc:3f:1c:91:a4:99:8c:
0d:28:8d:b6:fd:1b:e3:b3:64:d1:05:f5:b8:50:8d:
da:c2:1e:55:12:1d:44:67:ad:ce:01:ce:55:4e:f2:
9e:97:77:e3:ce:64:33:cb:8e:e8:4f:56:ab:58:e3:
41:a8:d2:ad:19:f4:39:b7:48:e0:1f:b9:2a:f2:04:
0c:52:79:53:8f:55:0c:e1:c1:be:c6:df:2c:9b:1c:
69:10:90:4d:74:5f:d2:24:61:28:4a:d8:ae:2f:84:
8d:e6:a3:e5:6a:94:79:17:ab:4d:1a:cb:38:d0:b4:
9e:f6:d9:e1:cc:3a:83:6c:ee:6a:1f:19:89:62:55:
51:d8:89:be:bd:c2:95:e4:90:26:19:dc:6b:b5:fa:
6c:8a:22:dc:8f:e4:4f:08:41:34:5a:52:5a:77:ac:
82:8e:c7:36:e5:ed:06:a6:30:bc:38:0a:1e:4a:fe:
66:38:97:5c:b7:07:02:8c:cb:56:d0:25:95:33:53:
0c:4d:85:08:74:ec:5d:40:9f:04:c1:11:f1:95:00:
b9:98:04:33:2d:87:a8:3e:21:aa:e5:bb:63:05:4b:
45:2e:e1:9c:ca:1b:75:38:2a:d6:63:1a:94:b7:8f:
76:43:c1:b3:1c:11:c9:0e:b2:68:1f:d2:5a:23:5d:
83:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:CE:08:FC:B0:1A:9C:1B:49:62:F4:92:4D:98:67:02:C3:F7:89:00
X509v3 Authority Key Identifier:
keyid:D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/O84I_LAanBtJYvSSTZhnAsP3iQA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.122.200.0/21
46.254.224.0/21
79.141.0.0/20
83.167.128.0/19
95.140.0.0/20
95.170.8.0/22
141.101.48.0/21
171.33.152.0/21
178.251.80.0/21
185.4.20.0/22
185.14.120.0/22
217.15.80.0/20
IPv6:
2a01:6380::/32
Signature Algorithm: sha256WithRSAEncryption
b2:94:d1:1d:35:c1:18:52:82:25:ca:eb:60:1b:08:58:22:f9:
e5:c2:8e:a8:83:a2:ac:77:f4:d1:dc:bc:d9:cf:9b:48:be:59:
a9:62:87:e1:0c:d6:b3:db:0c:43:93:72:40:b3:e1:a1:08:ac:
41:24:94:46:7e:74:97:33:0b:71:b2:f1:01:e7:f9:85:42:8b:
59:fe:b4:23:05:72:b0:9b:69:22:fa:7d:2e:7a:7e:20:21:98:
16:7b:b4:ec:8b:97:5b:57:72:49:10:ea:ae:89:18:32:74:07:
f7:e5:d9:04:7b:23:a6:ef:ae:1d:ea:9e:4c:ec:cc:1d:37:ae:
48:1d:ad:63:10:9a:a8:d7:1c:32:cc:9d:07:b2:e5:b0:69:67:
2b:f9:38:7b:26:31:ab:c8:6b:05:3e:7c:7d:e8:e2:a7:35:3a:
96:93:5b:f1:44:f8:a6:21:03:ee:51:a5:1c:50:e3:7c:f2:00:
2d:b5:c5:0c:04:d6:72:9c:43:40:9d:fd:b8:70:d2:d9:f6:31:
fb:dd:fc:7c:1e:ba:a4:3b:75:47:d9:e4:b2:49:1d:d9:a6:4d:
40:ad:08:77:7f:53:48:48:42:74:ee:5d:50:00:9d:f0:2b:cd:
28:b7:af:e1:89:0e:5b:6e:ef:85:48:f2:4c:3e:d8:2e:ee:42:
ef:3c:45:39
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQlIjdymIXjmZEzMWSkbVZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZWUwMzg5Njg3ZGJkNDQ1ZGU2ZjkyMzljMWQwMmMzNzcw
Y2Y1NzQwHhcNMjUwMTAyMDM0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNlMDhmY2IwMWE5YzFiNDk2MmY0OTI0ZDk4NjcwMmMzZjc4OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArs2E4yojsMw/HJGkmYwNKI22/Rvj
s2TRBfW4UI3awh5VEh1EZ63OAc5VTvKel3fjzmQzy47oT1arWONBqNKtGfQ5t0jg
H7kq8gQMUnlTj1UM4cG+xt8smxxpEJBNdF/SJGEoStiuL4SN5qPlapR5F6tNGss4
0LSe9tnhzDqDbO5qHxmJYlVR2Im+vcKV5JAmGdxrtfpsiiLcj+RPCEE0WlJad6yC
jsc25e0GpjC8OAoeSv5mOJdctwcCjMtW0CWVM1MMTYUIdOxdQJ8EwRHxlQC5mAQz
LYeoPiGq5btjBUtFLuGcyht1OCrWYxqUt492Q8GzHBHJDrJoH9JaI12DwwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFDvOCPywGpwbSWL0kk2YZwLD94kAMB8GA1UdIwQY
MBaAFNDuA4lofb1EXeb5I5wdAsN3DPV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEt
MWEyOWE0NDhkMzA5LzEvTzg0SV9MQWFuQnRKWXZTU1RaaG5Bc1AzaVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEtMWEyOWE0NDhkMzA5
LzEvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJXrIAwQD
Lv7gAwQET40AAwQFU6eAAwQEX4wAAwQCX6oIAwQDjWUwAwQDqyGYAwQDsvtQAwQC
uQQUAwQCuQ54AwQE2Q9QMA0EAgACMAcDBQAqAWOAMA0GCSqGSIb3DQEBCwUAA4IB
AQCylNEdNcEYUoIlyutgGwhYIvnlwo6og6Ksd/TR3LzZz5tIvlmpYofhDNaz2wxD
k3JAs+GhCKxBJJRGfnSXMwtxsvEB5/mFQotZ/rQjBXKwm2ki+n0uen4gIZgWe7Ts
i5dbV3JJEOquiRgydAf35dkEeyOm764d6p5M7MwdN65IHa1jEJqo1xwyzJ0HsuWw
aWcr+Th7JjGryGsFPnx96OKnNTqWk1vxRPimIQPuUaUcUON88gAttcUMBNZynENA
nf24cNLZ9jH73fx8HrqkO3VH2eSySR3Zpk1ArQh3f1NISEJ07l1QAJ3wK80ot6/h
iQ5bbu+FSPJMPtgu7kLvPEU5
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:10:47 2025 by rpki-client