Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/OgyHPVOxxDF1gtXIFmpFjTEh0NU.roa
File: OgyHPVOxxDF1gtXIFmpFjTEh0NU.roa (raw, json)
Hash identifier: ThD9NsQC9pDV7Fs1qz4vOasM1Z8UEsULvub4LCikQUA=
Subject key identifier: 3A:0C:87:3D:53:B1:C4:31:75:82:D5:C8:16:6A:45:8D:31:21:D0:D5
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0194222008CF0CA8AA063DB9DC3D9CEB7CE9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/OgyHPVOxxDF1gtXIFmpFjTEh0NU.roa
Signing time: Wed 01 Jan 2025 13:48:31 +0000
ROA not before: Wed 01 Jan 2025 13:48:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3758
IP address blocks: 2.56.56.0/22 maxlen: 24
91.217.236.0/24 maxlen: 24
193.84.132.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:08:cf:0c:a8:aa:06:3d:b9:dc:3d:9c:eb:7c:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a0c873d53b1c4317582d5c8166a458d3121d0d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:4a:87:49:1c:ea:7c:30:5f:35:dc:e7:e0:22:
fc:eb:56:ae:a6:28:6a:5d:18:97:8e:16:be:b3:45:
e7:a6:5d:e3:de:2c:7f:bd:f6:fe:4f:8a:f4:d9:8e:
99:b2:3b:ed:db:08:6b:8a:c7:46:a7:4d:76:c1:16:
0b:76:9d:bc:e8:64:57:cf:21:11:48:06:03:6f:6b:
cf:e9:da:16:ba:e6:ff:01:36:b3:c6:fa:7b:e2:cd:
bf:f9:ea:7c:eb:64:a1:72:60:5b:05:dc:e9:02:c5:
0e:10:f0:bf:9a:f2:a8:14:69:96:b2:c2:50:09:ac:
9b:34:29:d1:13:a2:39:d9:3d:98:d4:81:44:a0:4a:
dc:94:2b:8b:21:78:84:2f:f5:bc:5e:88:b0:d4:2a:
cb:53:a3:be:34:50:33:8e:3e:fb:d6:04:00:fd:c8:
e7:90:b0:fd:24:02:dc:09:dd:c4:f5:fc:25:b4:69:
d8:38:69:0c:b3:2e:89:01:cc:ea:61:e0:58:77:8e:
e9:60:36:dc:a8:b2:93:57:43:63:71:3e:5f:ca:7b:
a9:8c:8f:e2:60:be:ef:2f:b9:85:e3:d3:f5:3a:57:
66:84:95:96:b8:47:6e:9a:d7:19:b4:9c:57:b7:99:
51:b7:9f:90:4c:67:b4:07:5c:8d:9c:8d:b9:de:62:
b0:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:0C:87:3D:53:B1:C4:31:75:82:D5:C8:16:6A:45:8D:31:21:D0:D5
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/OgyHPVOxxDF1gtXIFmpFjTEh0NU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.56.0/22
91.217.236.0/24
193.84.132.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:7d:6d:fe:b0:81:84:b0:af:a2:66:20:4b:ed:f2:93:21:1c:
f6:ba:5e:39:7b:5f:3d:05:de:ca:27:2e:b7:8e:8d:d4:dc:94:
e5:0c:9a:35:3b:60:db:50:2d:f8:1b:ae:9a:ff:de:44:f9:bb:
16:f4:03:85:a4:8c:ad:53:a2:9d:4f:98:e8:86:52:48:fe:d5:
89:e5:ce:7c:e5:e0:5f:d1:38:40:78:e9:67:3c:2e:2c:82:de:
d7:69:53:52:cd:65:bf:ab:ff:49:64:7d:cc:cc:29:08:f0:fe:
10:20:cd:e3:d9:3f:34:c9:a1:9e:2e:37:f3:42:e6:24:1b:02:
cb:f1:d0:06:58:52:fd:9b:7d:3f:24:3c:07:9d:b7:b9:a4:15:
31:10:81:7b:2d:ef:b6:b2:fd:2c:4e:24:31:e4:65:ab:cf:7a:
d8:62:ff:d9:8a:e6:55:5a:73:50:51:14:97:0d:d1:a4:be:36:
b4:7b:50:20:9c:10:ef:69:af:4e:41:67:a9:15:47:2c:83:c3:
64:bc:42:e0:8a:8a:47:72:7a:4f:38:69:4a:c2:74:96:0e:e3:
40:69:7c:41:28:85:a5:da:02:b5:3b:2f:16:d8:4e:d9:11:6d:
3a:ef:a5:05:fa:61:6d:ab:5b:5b:32:b2:0e:f3:6f:e1:96:19:
ad:e5:71:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiIAjPDKiqBj253D2c63zpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTBjODczZDUzYjFjNDMxNzU4MmQ1YzgxNjZhNDU4ZDMxMjFkMGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUqHSRzqfDBfNdzn4CL861aupihq
XRiXjha+s0Xnpl3j3ix/vfb+T4r02Y6Zsjvt2whrisdGp012wRYLdp286GRXzyER
SAYDb2vP6doWuub/ATazxvp74s2/+ep862ShcmBbBdzpAsUOEPC/mvKoFGmWssJQ
CaybNCnRE6I52T2Y1IFEoErclCuLIXiEL/W8Xoiw1CrLU6O+NFAzjj771gQA/cjn
kLD9JALcCd3E9fwltGnYOGkMsy6JAczqYeBYd47pYDbcqLKTV0NjcT5fynupjI/i
YL7vL7mF49P1OldmhJWWuEdumtcZtJxXt5lRt5+QTGe0B1yNnI253mKwwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDoMhz1TscQxdYLVyBZqRY0xIdDVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvT2d5SFBWT3h4REYxZ3RYSUZtcEZqVEVoME5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjg4AwQA
W9nsAwQAwVSEMA0GCSqGSIb3DQEBCwUAA4IBAQB6fW3+sIGEsK+iZiBL7fKTIRz2
ul45e189Bd7KJy63jo3U3JTlDJo1O2DbUC34G66a/95E+bsW9AOFpIytU6KdT5jo
hlJI/tWJ5c585eBf0ThAeOlnPC4sgt7XaVNSzWW/q/9JZH3MzCkI8P4QIM3j2T80
yaGeLjfzQuYkGwLL8dAGWFL9m30/JDwHnbe5pBUxEIF7Le+2sv0sTiQx5GWrz3rY
Yv/ZiuZVWnNQURSXDdGkvja0e1AgnBDvaa9OQWepFUcsg8NkvELgiopHcnpPOGlK
wnSWDuNAaXxBKIWl2gK1Oy8W2E7ZEW0676UF+mFtq1tbMrIO82/hlhmt5XGP
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:48:23 2025 by rpki-client