Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/Oi1LQnm4lsa7_1hR1J20jJ6vxNI.roa
File: Oi1LQnm4lsa7_1hR1J20jJ6vxNI.roa (raw, json)
Hash identifier: SY2CzV8LXx9B2pkUZksUiYNXDfeS5dNBeKSh1IfycAI=
Subject key identifier: 3A:2D:4B:42:79:B8:96:C6:BB:FF:58:51:D4:9D:B4:8C:9E:AF:C4:D2
Certificate issuer: /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial: 01941F8C09079B24223E1C0F6B8521399432
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/Oi1LQnm4lsa7_1hR1J20jJ6vxNI.roa
Signing time: Wed 01 Jan 2025 01:47:38 +0000
ROA not before: Wed 01 Jan 2025 01:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60800
IP address blocks: 91.210.100.0/22 maxlen: 24
103.82.0.0/22 maxlen: 24
125.62.72.0/22 maxlen: 24
185.17.172.0/22 maxlen: 24
185.42.16.0/22 maxlen: 24
185.222.112.0/22 maxlen: 24
2a03:ec40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:09:07:9b:24:22:3e:1c:0f:6b:85:21:39:94:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Validity
Not Before: Jan 1 01:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a2d4b4279b896c6bbff5851d49db48c9eafc4d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:53:8a:50:39:cf:5d:55:51:6c:0c:36:34:26:
ef:d4:4a:f2:34:25:66:ea:35:e1:ce:01:1b:19:48:
89:ed:0f:f1:63:ae:77:b7:99:5d:e2:a0:ee:f3:50:
2c:bd:d1:29:a8:4d:a3:4e:05:7d:87:b6:4c:03:cf:
6f:38:bd:10:4e:67:a2:4c:80:fb:07:79:71:f2:9b:
95:8c:18:70:e5:b9:56:5f:7f:72:10:86:fe:96:4d:
07:4b:9c:74:80:36:60:5a:b1:92:c5:45:09:f3:6b:
29:2f:42:01:02:0a:94:16:f2:a0:a3:e5:17:bf:cc:
5a:d9:0f:3c:46:43:cd:f6:f8:a7:27:60:60:bc:fa:
db:ae:76:c0:c9:bf:f6:09:46:92:55:5a:93:62:59:
1c:ac:ae:77:e1:4b:db:79:e2:c2:44:b2:59:10:6d:
a7:4a:33:f8:11:81:9d:69:80:ef:b3:4c:d1:8b:44:
c7:5b:2b:02:a8:93:7b:c0:e4:7c:63:42:a1:5c:3d:
c4:ea:6e:60:32:81:37:fc:41:fa:8f:ba:4a:d7:07:
f5:e1:18:63:02:cd:3a:bf:ae:58:5e:0a:09:cc:b4:
77:ed:b0:7f:fe:74:d4:c0:27:34:67:43:b6:4c:84:
1f:35:a0:30:23:57:ea:4c:5f:63:73:f2:e8:7d:78:
d7:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:2D:4B:42:79:B8:96:C6:BB:FF:58:51:D4:9D:B4:8C:9E:AF:C4:D2
X509v3 Authority Key Identifier:
keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/Oi1LQnm4lsa7_1hR1J20jJ6vxNI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.100.0/22
103.82.0.0/22
125.62.72.0/22
185.17.172.0/22
185.42.16.0/22
185.222.112.0/22
IPv6:
2a03:ec40::/29
Signature Algorithm: sha256WithRSAEncryption
3c:9a:c5:5a:9a:03:9a:ee:99:52:47:18:d4:8e:a0:76:56:2e:
68:e3:83:8a:c8:f4:95:f1:ec:a6:67:25:62:2c:01:35:dc:ba:
78:88:f9:52:bd:48:bf:46:86:8e:84:ce:a0:1d:ab:25:d5:ee:
55:7e:ff:35:84:16:ab:5f:01:2d:51:08:d2:df:a2:87:98:d2:
90:5e:7a:4d:9e:87:24:eb:e7:4c:b9:a0:dd:5c:d7:55:1e:5e:
80:9e:3c:4d:e8:c9:cd:76:dc:38:9b:35:ee:96:69:bf:cc:d1:
33:2f:4f:84:25:61:18:11:cd:7a:81:9c:21:88:eb:c2:83:b0:
1a:87:4f:f1:ae:e6:88:8d:de:24:6c:a3:be:69:b7:e8:cb:88:
06:d5:9a:be:bf:7e:84:8e:05:0b:ee:fc:15:d1:d0:15:e2:51:
9d:f8:18:dc:4a:3c:e3:cb:1e:ce:29:5e:74:95:d4:cc:ed:d3:
bc:91:88:10:df:03:04:0f:7d:a9:bf:d8:15:a0:4a:ab:3e:70:
50:b5:cd:c4:ba:c5:7d:6e:03:6a:13:54:c9:bc:5a:15:31:b0:
e0:e9:3f:b3:aa:2f:2e:21:b2:b4:ce:2c:8a:12:a0:31:f6:6f:
c8:04:f3:c9:da:20:27:39:b1:34:c6:5d:3a:b7:97:84:9d:42:
86:86:64:49
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQfjAkHmyQiPhwPa4UhOZQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwMTAxMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTJkNGI0Mjc5Yjg5NmM2YmJmZjU4NTFkNDlkYjQ4YzllYWZjNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFOKUDnPXVVRbAw2NCbv1EryNCVm
6jXhzgEbGUiJ7Q/xY653t5ld4qDu81AsvdEpqE2jTgV9h7ZMA89vOL0QTmeiTID7
B3lx8puVjBhw5blWX39yEIb+lk0HS5x0gDZgWrGSxUUJ82spL0IBAgqUFvKgo+UX
v8xa2Q88RkPN9vinJ2BgvPrbrnbAyb/2CUaSVVqTYlkcrK534UvbeeLCRLJZEG2n
SjP4EYGdaYDvs0zRi0THWysCqJN7wOR8Y0KhXD3E6m5gMoE3/EH6j7pK1wf14Rhj
As06v65YXgoJzLR37bB//nTUwCc0Z0O2TIQfNaAwI1fqTF9jc/LofXjXWQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDotS0J5uJbGu/9YUdSdtIyer8TSMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvT2kxTFFubTRsc2E3XzFoUjFKMjBqSjZ2eE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCW9JkAwQC
Z1IAAwQCfT5IAwQCuRGsAwQCuSoQAwQCud5wMA0EAgACMAcDBQMqA+xAMA0GCSqG
SIb3DQEBCwUAA4IBAQA8msVamgOa7plSRxjUjqB2Vi5o44OKyPSV8eymZyViLAE1
3Lp4iPlSvUi/RoaOhM6gHasl1e5Vfv81hBarXwEtUQjS36KHmNKQXnpNnock6+dM
uaDdXNdVHl6AnjxN6MnNdtw4mzXulmm/zNEzL0+EJWEYEc16gZwhiOvCg7Aah0/x
ruaIjd4kbKO+abfoy4gG1Zq+v36EjgUL7vwV0dAV4lGd+BjcSjzjyx7OKV50ldTM
7dO8kYgQ3wMED32pv9gVoEqrPnBQtc3EusV9bgNqE1TJvFoVMbDg6T+zqi8uIbK0
ziyKEqAx9m/IBPPJ2iAnObE0xl06t5eEnUKGhmRJ
-----END CERTIFICATE-----
Generated at Wed Feb 5 08:39:53 2025 by rpki-client