Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/3yYGs7gC6Yt8xSj2vfENPhVXFvE.roa
File: 3yYGs7gC6Yt8xSj2vfENPhVXFvE.roa (raw, json)
Hash identifier: BuidZ1GvGdKg7gwYd2Ptl6PuYSRGUATkT25l43mgSwk=
Subject key identifier: DF:26:06:B3:B8:02:E9:8B:7C:C5:28:F6:BD:F1:0D:3E:15:57:16:F1
Certificate issuer: /CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
Certificate serial: 019421443DC84FF422236AA5C22578609ED5
Authority key identifier: 93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/3yYGs7gC6Yt8xSj2vfENPhVXFvE.roa
Signing time: Wed 01 Jan 2025 09:48:27 +0000
ROA not before: Wed 01 Jan 2025 09:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42989
IP address blocks: 185.231.4.0/24 maxlen: 24
185.231.7.0/24 maxlen: 24
2a0c:3500::/48 maxlen: 48
2a0c:3500:2::/48 maxlen: 48
2a0c:3500:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.mft
rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:3d:c8:4f:f4:22:23:6a:a5:c2:25:78:60:9e:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
Validity
Not Before: Jan 1 09:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df2606b3b802e98b7cc528f6bdf10d3e155716f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:71:ce:ca:05:1f:ef:be:f8:15:78:47:c8:26:
0c:c9:bd:94:7d:29:82:15:2d:f4:2f:36:2f:d7:3b:
3f:3c:52:15:7b:b7:89:64:f0:a9:4e:5d:5e:66:f2:
d6:f4:42:85:84:29:de:a9:cf:e5:c8:53:36:94:9e:
f1:a5:f2:49:15:e4:4f:30:7f:12:ec:ae:3f:c2:7e:
19:72:c1:44:3f:25:b5:5f:c3:dd:d4:fc:82:c5:48:
7d:a5:9e:df:05:11:7b:98:37:d0:8e:b1:43:e6:36:
1d:cc:8e:ae:b9:be:c9:19:1b:58:af:a6:f9:fd:79:
04:d3:fb:90:ab:c3:33:98:82:7c:43:c0:34:60:4e:
69:30:c0:f0:87:cd:f1:1b:a2:a5:ac:77:82:de:76:
f0:8a:d9:20:13:79:c4:f0:f8:44:f6:1b:f5:ef:92:
fc:11:23:2e:41:17:da:28:c2:31:80:ec:e5:d7:0b:
57:c3:b7:57:dc:39:c3:77:fb:f1:97:5b:bf:dd:29:
b0:d4:82:31:f0:08:36:8c:9c:07:1a:fc:17:32:2d:
3f:7b:a8:79:45:96:a5:98:cb:a8:85:9b:60:c3:64:
7f:04:6b:7b:b9:22:35:20:e6:66:c6:02:70:36:30:
43:24:37:e7:96:92:08:d5:5a:81:82:30:9e:d2:d1:
53:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:26:06:B3:B8:02:E9:8B:7C:C5:28:F6:BD:F1:0D:3E:15:57:16:F1
X509v3 Authority Key Identifier:
keyid:93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/3yYGs7gC6Yt8xSj2vfENPhVXFvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.231.4.0/24
185.231.7.0/24
IPv6:
2a0c:3500::/48
2a0c:3500:2::/47
Signature Algorithm: sha256WithRSAEncryption
31:0e:d7:22:08:70:06:5b:2c:4c:70:55:81:dc:fb:5f:47:7c:
30:47:d8:d9:3a:72:0c:2c:eb:54:5d:22:5e:0d:90:57:c8:02:
88:f5:50:c0:ac:63:42:ad:36:f3:5c:aa:ec:9f:07:2c:a1:a9:
90:63:50:64:f0:d3:94:9f:25:84:2e:7c:b1:b8:b5:01:bf:d9:
0c:3a:99:27:d9:1d:9e:a4:a3:dd:18:ea:9d:fb:87:78:bd:6d:
39:de:53:d2:dd:f5:1d:3e:16:ff:19:18:a0:01:a4:22:bf:4c:
de:ab:57:ff:39:b2:b1:8b:3c:9d:d0:45:b9:a9:23:d3:d7:7f:
82:52:46:ba:3d:75:b3:0d:eb:60:a6:d9:3a:60:43:06:0d:7d:
42:3b:fb:e5:40:eb:34:94:a1:d7:3c:3a:b2:d0:22:77:61:8b:
46:f5:15:97:71:40:d4:91:4c:1f:ff:f4:e4:d9:c6:18:86:cb:
e3:fe:9d:dd:40:54:4b:54:06:11:4e:03:82:84:9d:c1:a0:4a:
b5:bc:64:4f:93:a9:47:68:41:9a:a5:3c:5b:80:0e:9d:5e:1d:
06:e1:21:77:7b:1b:6c:a1:f4:b7:66:bb:9f:e7:94:f7:05:83:
1b:ae:99:f1:a1:57:d5:9c:e2:bc:f1:d1:ac:aa:5b:b6:c6:09:
2f:bb:56:18
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQhRD3IT/QiI2qlwiV4YJ7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMmU4MDc4ZWE0MjBhZmMxYTc4YmY5MjJhOWEyZjI3NDY3
OWM4YTgwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjI2MDZiM2I4MDJlOThiN2NjNTI4ZjZiZGYxMGQzZTE1NTcxNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHHOygUf7774FXhHyCYMyb2UfSmC
FS30LzYv1zs/PFIVe7eJZPCpTl1eZvLW9EKFhCneqc/lyFM2lJ7xpfJJFeRPMH8S
7K4/wn4ZcsFEPyW1X8Pd1PyCxUh9pZ7fBRF7mDfQjrFD5jYdzI6uub7JGRtYr6b5
/XkE0/uQq8MzmIJ8Q8A0YE5pMMDwh83xG6KlrHeC3nbwitkgE3nE8PhE9hv175L8
ESMuQRfaKMIxgOzl1wtXw7dX3DnDd/vxl1u/3Smw1IIx8Ag2jJwHGvwXMi0/e6h5
RZalmMuohZtgw2R/BGt7uSI1IOZmxgJwNjBDJDfnlpII1VqBgjCe0tFT6wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFN8mBrO4AumLfMUo9r3xDT4VVxbxMB8GA1UdIwQY
MBaAFJMugHjqQgr8Gni/kiqaLydGecioMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODkt
MzRiYTA3MzhhMzQxLzEvM3lZR3M3Z0M2WXQ4eFNqMnZmRU5QaFZYRnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODktMzRiYTA3MzhhMzQx
LzEva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAuecEAwQA
uecHMBgEAgACMBIDBwAqDDUAAAADBwEqDDUAAAIwDQYJKoZIhvcNAQELBQADggEB
ADEO1yIIcAZbLExwVYHc+19HfDBH2Nk6cgws61RdIl4NkFfIAoj1UMCsY0KtNvNc
quyfByyhqZBjUGTw05SfJYQufLG4tQG/2Qw6mSfZHZ6ko90Y6p37h3i9bTneU9Ld
9R0+Fv8ZGKABpCK/TN6rV/85srGLPJ3QRbmpI9PXf4JSRro9dbMN62Cm2TpgQwYN
fUI7++VA6zSUodc8OrLQIndhi0b1FZdxQNSRTB//9OTZxhiGy+P+nd1AVEtUBhFO
A4KEncGgSrW8ZE+TqUdoQZqlPFuADp1eHQbhIXd7G2yh9Ldmu5/nlPcFgxuumfGh
V9Wc4rzx0ayqW7bGCS+7Vhg=
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:48:45 2025 by rpki-client