Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3O6a_7U-AUl7186wWf8Arm7U820.roa
File: 3O6a_7U-AUl7186wWf8Arm7U820.roa (raw, json)
Hash identifier: OKfpeLc/ldXAlRcw5NqsApR2Gx/1UmHUb8+zrBl0WsA=
Subject key identifier: DC:EE:9A:FF:B5:3E:01:49:7B:D7:CE:B0:59:FF:00:AE:6E:D4:F3:6D
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019422202056575C86D1285CC15EBCA23392
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3O6a_7U-AUl7186wWf8Arm7U820.roa
Signing time: Wed 01 Jan 2025 13:48:38 +0000
ROA not before: Wed 01 Jan 2025 13:48:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54103
IP address blocks: 5.10.193.0/24 maxlen: 24
5.10.195.0/24 maxlen: 24
5.10.197.0/24 maxlen: 24
5.10.199.0/24 maxlen: 24
45.134.129.0/24 maxlen: 24
45.134.131.0/24 maxlen: 24
62.197.129.0/24 maxlen: 24
89.31.218.0/24 maxlen: 24
89.35.154.0/23 maxlen: 24
89.40.76.0/24 maxlen: 24
93.115.109.0/24 maxlen: 24
178.239.197.0/24 maxlen: 24
185.67.137.0/24 maxlen: 24
185.67.139.0/24 maxlen: 24
185.163.208.0/22 maxlen: 22
185.216.1.0/24 maxlen: 24
185.216.3.0/24 maxlen: 24
185.244.220.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/23 maxlen: 24
188.241.110.0/24 maxlen: 24
188.241.242.0/23 maxlen: 24
193.26.112.0/23 maxlen: 24
193.84.134.0/24 maxlen: 24
194.76.132.0/23 maxlen: 24
203.159.85.0/24 maxlen: 24
203.159.87.0/24 maxlen: 24
203.159.89.0/24 maxlen: 24
203.159.91.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:20:56:57:5c:86:d1:28:5c:c1:5e:bc:a2:33:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dcee9affb53e01497bd7ceb059ff00ae6ed4f36d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:a8:36:04:e2:dd:c2:60:1f:6f:27:93:71:22:
32:c9:2c:67:f7:b3:28:79:71:00:0e:e0:f6:3d:c7:
62:ff:0d:96:e0:0d:bd:82:43:df:d1:1a:bd:f6:93:
fb:1e:ff:cd:db:66:2c:f1:32:aa:b3:bc:6b:3b:90:
57:3d:fe:e9:51:68:e8:d4:8a:5e:67:27:da:bb:59:
c7:dd:f8:e2:81:16:ec:1c:ab:32:37:04:3c:08:77:
f3:3f:4f:b7:7f:a4:93:72:f0:f9:6b:56:40:de:5e:
50:c5:2a:89:21:52:a1:ff:88:db:4c:6a:6d:97:27:
fe:97:ae:51:ba:6d:4c:78:e2:59:f8:e0:a6:27:c4:
4e:84:9d:fb:c9:39:24:db:a9:6b:d9:ef:bd:4b:3b:
27:f6:5d:e5:94:33:bf:f9:59:8c:71:19:6b:fc:3b:
ec:11:be:ae:aa:c6:a4:d9:58:e8:a0:99:c2:bc:74:
b3:13:9d:9c:72:9d:3b:36:9a:b6:ae:63:bc:a9:47:
84:64:00:44:0c:1f:3f:98:f1:45:63:97:6a:73:61:
2c:a6:95:1f:f9:b6:8a:f1:10:af:4f:9b:74:d6:8b:
c1:e3:f0:e8:fc:95:ad:54:78:09:f9:3f:6f:7b:96:
36:a4:82:76:21:bb:94:93:0f:f4:77:5e:37:e0:23:
01:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:EE:9A:FF:B5:3E:01:49:7B:D7:CE:B0:59:FF:00:AE:6E:D4:F3:6D
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3O6a_7U-AUl7186wWf8Arm7U820.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.10.193.0/24
5.10.195.0/24
5.10.197.0/24
5.10.199.0/24
45.134.129.0/24
45.134.131.0/24
62.197.129.0/24
89.31.218.0/24
89.35.154.0/23
89.40.76.0/24
93.115.109.0/24
178.239.197.0/24
185.67.137.0/24
185.67.139.0/24
185.163.208.0/22
185.216.1.0/24
185.216.3.0/24
185.244.220.0/24
188.240.230.0/24
188.240.232.0/23
188.241.110.0/24
188.241.242.0/23
193.26.112.0/23
193.84.134.0/24
194.76.132.0/23
203.159.85.0/24
203.159.87.0/24
203.159.89.0/24
203.159.91.0/24
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
44:01:3a:7b:a8:2d:31:e5:26:0e:68:bd:39:05:2c:3b:8c:da:
1e:da:1b:6f:b1:49:9b:3b:53:b8:03:2e:06:9c:90:f1:e8:4f:
17:f4:60:5d:ee:22:51:d2:f5:20:b2:04:55:7f:47:09:63:0b:
4a:ce:2a:dc:f7:55:ad:9f:62:09:f2:03:eb:76:8c:cb:15:f2:
80:d3:7e:df:47:fc:25:59:fc:e0:1b:27:f5:b3:43:6a:5b:76:
4d:b9:6b:7e:f4:11:40:1e:1f:69:94:09:c8:6a:43:e1:0e:fc:
8d:65:79:49:cf:be:84:c4:99:ef:f2:13:ce:0f:11:cf:4a:3a:
4b:1d:9c:01:67:2d:45:2f:6d:11:b7:5c:6b:dc:93:8c:ed:97:
70:89:97:18:bf:1e:90:64:4b:e0:5f:08:3b:1a:20:59:81:ae:
c1:8c:54:3d:7c:94:73:a6:44:60:17:2e:3e:0f:c3:81:3f:b1:
f6:d2:82:8e:0b:56:fc:48:32:fc:68:c1:46:a1:df:f7:29:cb:
f8:f7:a3:78:80:8d:31:79:b3:e4:51:25:89:a0:1e:fa:f5:c8:
44:ea:ec:3f:36:8e:8e:73:72:bd:5d:db:3b:02:18:04:8f:28:
17:f6:45:3f:19:2c:de:2f:bc:c4:cb:8a:b9:d9:c1:8a:46:7e:
27:f6:64:c1
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAZQiICBWV1yG0ShcwV68ojOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2VlOWFmZmI1M2UwMTQ5N2JkN2NlYjA1OWZmMDBhZTZlZDRmMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKg2BOLdwmAfbyeTcSIyySxn97Mo
eXEADuD2Pcdi/w2W4A29gkPf0Rq99pP7Hv/N22Ys8TKqs7xrO5BXPf7pUWjo1Ipe
Zyfau1nH3fjigRbsHKsyNwQ8CHfzP0+3f6STcvD5a1ZA3l5QxSqJIVKh/4jbTGpt
lyf+l65Rum1MeOJZ+OCmJ8ROhJ37yTkk26lr2e+9Szsn9l3llDO/+VmMcRlr/Dvs
Eb6uqsak2VjooJnCvHSzE52ccp07Npq2rmO8qUeEZABEDB8/mPFFY5dqc2EsppUf
+baK8RCvT5t01ovB4/Do/JWtVHgJ+T9ve5Y2pIJ2IbuUkw/0d1434CMBzwIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFNzumv+1PgFJe9fOsFn/AK5u1PNtMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM082YV83VS1BVWw3MTg2d1dmOEFybTdVODIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHRBggrBgEFBQcBBwEB/wSBwTCBvjCBuwQCAAEwgbQDBAAF
CsEDBAAFCsMDBAAFCsUDBAAFCscDBAAthoEDBAAthoMDBAA+xYEDBABZH9oDBAFZ
I5oDBABZKEwDBABdc20DBACy78UDBAC5Q4kDBAC5Q4sDBAK5o9ADBAC52AEDBAC5
2AMDBAC59NwDBAC88OYDBAG88OgDBAC88W4DBAG88fIDBAHBGnADBADBVIYDBAHC
TIQDBADLn1UDBADLn1cDBADLn1kDBADLn1sDBADfG3IwDQYJKoZIhvcNAQELBQAD
ggEBAEQBOnuoLTHlJg5ovTkFLDuM2h7aG2+xSZs7U7gDLgackPHoTxf0YF3uIlHS
9SCyBFV/RwljC0rOKtz3Va2fYgnyA+t2jMsV8oDTft9H/CVZ/OAbJ/WzQ2pbdk25
a370EUAeH2mUCchqQ+EO/I1leUnPvoTEme/yE84PEc9KOksdnAFnLUUvbRG3XGvc
k4ztl3CJlxi/HpBkS+BfCDsaIFmBrsGMVD18lHOmRGAXLj4Pw4E/sfbSgo4LVvxI
MvxowUah3/cpy/j3o3iAjTF5s+RRJYmgHvr1yETq7D82jo5zcr1d2zsCGASPKBf2
RT8ZLN4vvMTLirnZwYpGfif2ZME=
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:40:46 2025 by rpki-client