Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Y11Q9ATb9jGTPN1NuWGhs8vb8pI.roa
File: Y11Q9ATb9jGTPN1NuWGhs8vb8pI.roa (raw, json)
Hash identifier: 3ir91GmKZdnKScEdFcU46pK+N+hftRptGfcArCG4hX4=
Subject key identifier: 63:5D:50:F4:04:DB:F6:31:93:3C:DD:4D:B9:61:A1:B3:CB:DB:F2:92
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019422201C237E1E7C96E375C2D077B16AF0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Y11Q9ATb9jGTPN1NuWGhs8vb8pI.roa
Signing time: Wed 01 Jan 2025 13:48:37 +0000
ROA not before: Wed 01 Jan 2025 13:48:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47583
IP address blocks: 78.142.242.0/24 maxlen: 24
185.9.54.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:1c:23:7e:1e:7c:96:e3:75:c2:d0:77:b1:6a:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=635d50f404dbf631933cdd4db961a1b3cbdbf292
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:ea:01:bf:da:6a:c5:f0:07:04:67:26:cb:f0:
9a:1b:a0:22:7d:74:a2:78:0f:1a:88:b6:18:88:cf:
87:13:b8:cb:1c:69:dd:15:ba:04:b4:61:6d:42:0a:
a3:37:45:1a:68:d8:58:34:3a:9e:30:99:ea:68:cd:
1a:4a:cd:52:5b:56:f1:35:13:92:1e:45:85:ba:f8:
7a:4e:47:7c:b5:4a:9e:18:5f:8a:df:56:83:8e:35:
5a:f5:a9:f0:2e:e6:a0:be:64:6a:bd:84:51:66:75:
0c:e6:45:54:05:71:74:db:f5:67:30:ac:f8:57:a6:
19:55:df:f1:08:2b:22:ee:c9:2b:96:22:45:92:8b:
3d:77:79:78:88:ac:7f:5b:a8:07:8b:0c:04:40:00:
f4:9c:95:2a:9c:ed:89:54:d2:b7:5d:71:57:b0:d2:
75:ab:a3:bb:59:f6:1e:87:ff:95:06:93:25:b5:dc:
51:a9:6e:e8:85:43:0c:e1:23:06:93:14:98:42:15:
62:8e:c8:4e:b9:6e:d8:76:9d:f7:49:a3:d7:7d:12:
0f:5e:f9:1b:74:63:64:c3:15:65:56:65:ea:ea:b3:
e2:1e:ba:05:9f:b5:3a:2a:ce:bc:a9:96:ce:81:74:
0b:8a:31:57:a2:02:9e:44:ee:ad:10:93:18:fd:26:
70:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:5D:50:F4:04:DB:F6:31:93:3C:DD:4D:B9:61:A1:B3:CB:DB:F2:92
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Y11Q9ATb9jGTPN1NuWGhs8vb8pI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
185.9.54.0/24
193.19.106.0/24
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
78:0c:c1:ec:c2:03:af:4c:b0:e2:ec:e6:1d:39:a3:35:a8:5f:
58:e0:7f:79:a8:73:cc:d9:91:5f:23:53:77:2d:8f:7f:3b:0b:
b5:cc:38:fd:b6:b6:bf:cf:c3:44:8b:68:3b:68:28:03:be:fb:
81:c4:6b:1b:ec:d4:4a:42:54:a3:ba:73:9e:17:de:19:25:c7:
35:58:21:08:03:da:7d:59:f9:63:d1:55:3e:a8:ba:b9:1a:c8:
ba:cc:ef:2e:73:38:8a:b7:0b:a9:2f:c7:41:fb:42:90:62:28:
69:d0:be:66:de:7e:5c:7c:7b:90:02:75:87:67:bb:e3:8f:18:
96:de:0d:72:37:92:9b:e7:40:b0:d2:b7:56:14:10:6d:ea:32:
1f:81:f8:84:3c:56:51:13:22:28:63:b0:51:bf:28:f5:43:e5:
ec:db:b6:dc:33:3f:19:de:1f:6a:09:fe:fa:4e:ed:c5:38:3e:
a6:c9:73:e9:83:3f:a7:03:7a:2b:83:43:ce:48:de:22:fb:a2:
f4:90:e2:79:66:81:90:ad:28:21:dc:0b:d0:f4:11:83:ee:64:
30:79:30:ce:a1:75:92:1c:4a:7c:6d:69:4f:81:29:ae:e0:81:
9e:58:ee:2d:bb:7d:69:0e:af:d6:8f:26:79:79:4f:da:33:98:
0f:18:52:2d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQiIBwjfh58luN1wtB3sWrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVkNTBmNDA0ZGJmNjMxOTMzY2RkNGRiOTYxYTFiM2NiZGJmMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+oBv9pqxfAHBGcmy/CaG6AifXSi
eA8aiLYYiM+HE7jLHGndFboEtGFtQgqjN0UaaNhYNDqeMJnqaM0aSs1SW1bxNROS
HkWFuvh6Tkd8tUqeGF+K31aDjjVa9anwLuagvmRqvYRRZnUM5kVUBXF02/VnMKz4
V6YZVd/xCCsi7skrliJFkos9d3l4iKx/W6gHiwwEQAD0nJUqnO2JVNK3XXFXsNJ1
q6O7WfYeh/+VBpMltdxRqW7ohUMM4SMGkxSYQhVijshOuW7Ydp33SaPXfRIPXvkb
dGNkwxVlVmXq6rPiHroFn7U6Ks68qZbOgXQLijFXogKeRO6tEJMY/SZwgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGNdUPQE2/YxkzzdTblhobPL2/KSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWTExUTlBVGI5akdUUE4xTnVXR2hzOHZiOHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATo7yAwQA
uQk2AwQAwRNqAwQA3xtwMA0GCSqGSIb3DQEBCwUAA4IBAQB4DMHswgOvTLDi7OYd
OaM1qF9Y4H95qHPM2ZFfI1N3LY9/Owu1zDj9tra/z8NEi2g7aCgDvvuBxGsb7NRK
QlSjunOeF94ZJcc1WCEIA9p9Wflj0VU+qLq5Gsi6zO8ucziKtwupL8dB+0KQYihp
0L5m3n5cfHuQAnWHZ7vjjxiW3g1yN5Kb50Cw0rdWFBBt6jIfgfiEPFZREyIoY7BR
vyj1Q+Xs27bcMz8Z3h9qCf76Tu3FOD6myXPpgz+nA3org0POSN4i+6L0kOJ5ZoGQ
rSgh3AvQ9BGD7mQweTDOoXWSHEp8bWlPgSmu4IGeWO4tu31pDq/WjyZ5eU/aM5gP
GFIt
-----END CERTIFICATE-----
Generated at Wed Apr 16 20:30:01 2025 by rpki-client