Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/OXMJLOofLgGgDhgmm1sTvNtyqE4.roa
File: OXMJLOofLgGgDhgmm1sTvNtyqE4.roa (raw, json)
Hash identifier: 1d0wZte0/S8hoLFDvjBYdD2zzn23SOBG/nHxGyCGbEY=
Subject key identifier: 39:73:09:2C:EA:1F:2E:01:A0:0E:18:26:9B:5B:13:BC:DB:72:A8:4E
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 01944A64C0CEB5A812C458BE02ED30A02E45
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/OXMJLOofLgGgDhgmm1sTvNtyqE4.roa
Signing time: Thu 09 Jan 2025 09:28:24 +0000
ROA not before: Thu 09 Jan 2025 09:28:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205085
IP address blocks: 78.128.110.0/23 maxlen: 24
78.142.7.0/24 maxlen: 24
78.142.37.0/24 maxlen: 24
78.142.38.0/24 maxlen: 24
78.142.39.0/24 maxlen: 24
79.124.87.0/24 maxlen: 24
91.148.188.0/23 maxlen: 24
91.191.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 05:01:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4a:64:c0:ce:b5:a8:12:c4:58:be:02:ed:30:a0:2e:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Jan 9 09:28:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3973092cea1f2e01a00e18269b5b13bcdb72a84e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:37:59:19:79:5b:0f:97:7f:74:96:56:ae:59:
38:38:e6:75:f9:40:fe:ab:21:b6:6d:54:1d:fe:3a:
91:3b:6b:11:2c:6c:a4:2f:6c:ee:f6:dd:bd:d7:43:
d4:e5:b0:41:97:db:a3:88:0f:01:b8:73:9f:62:d8:
e1:f3:8b:eb:e6:c0:5a:0b:0e:83:ef:fe:99:3b:5f:
55:05:10:9c:6c:b7:e1:86:7e:29:b1:b2:1b:cc:9d:
82:8e:84:2d:42:0f:c5:bf:d2:ae:70:32:75:2e:ec:
d7:43:7e:0a:3e:a3:1a:58:72:c1:9a:62:c8:7a:68:
f2:6a:c9:69:c5:a9:2f:5b:1a:9e:a9:18:7e:58:69:
f7:1d:2f:98:a7:e9:8c:b2:71:60:61:a1:46:fa:76:
da:91:2f:00:9b:21:02:74:03:7b:ca:1f:7e:27:52:
be:1c:90:c0:e8:a1:11:a2:33:f5:1f:d9:9d:1b:00:
2a:27:ab:ed:0d:81:d3:59:1d:2e:24:27:85:f7:7a:
f1:bb:8c:3d:26:a7:7c:8b:6f:c7:fb:e8:4f:bd:be:
53:c9:35:4e:05:4f:72:ad:49:f0:5e:42:ac:28:9a:
fb:3d:4e:d0:7d:2f:eb:92:7f:85:b0:88:02:bc:b3:
34:dc:2f:64:ac:0f:20:c9:0a:94:d1:53:c2:2e:f5:
20:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:73:09:2C:EA:1F:2E:01:A0:0E:18:26:9B:5B:13:BC:DB:72:A8:4E
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/OXMJLOofLgGgDhgmm1sTvNtyqE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.128.110.0/23
78.142.7.0/24
78.142.37.0-78.142.39.255
79.124.87.0/24
91.148.188.0/23
91.191.219.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:cf:67:d6:be:e9:05:40:18:e0:c4:32:ea:6d:db:fb:1f:9b:
4e:3d:8a:de:ba:9d:aa:57:0e:73:37:fe:50:b4:16:1d:45:8d:
75:e5:bb:e0:8a:04:f2:a7:7f:33:68:f0:df:d5:01:57:c0:1b:
ca:a3:83:e6:d9:34:d4:45:e6:9c:16:10:ac:77:2c:3b:e6:53:
95:a4:7b:c2:87:d1:74:2b:57:49:b4:78:9e:e1:b7:a5:d6:73:
75:ef:63:5e:68:a0:7e:05:73:9a:0b:2e:b1:1d:7b:b0:b2:90:
c6:14:b0:02:e6:f3:2d:af:b3:81:58:d0:41:fd:52:3b:b9:5e:
f4:e5:be:6f:f8:9a:bd:54:bc:5b:11:8a:a5:ba:5f:a3:bc:85:
e4:a5:9f:a1:dc:40:71:2e:fc:39:c9:fd:d4:a9:3e:8a:62:7f:
91:26:c0:e0:cb:87:89:be:5d:2c:78:ed:db:99:d6:76:c0:e4:
20:d2:0a:58:28:cc:3c:91:21:12:4d:b8:84:e8:59:0e:c2:19:
b1:d1:95:0b:33:96:b6:72:3b:90:55:04:94:18:40:54:55:53:
7c:9a:c8:a7:7b:7d:9a:a7:0a:94:23:0e:b2:ce:e1:8e:d9:90:
a9:70:bf:7c:51:33:11:81:30:41:16:a4:0f:19:c5:32:80:4c:
8f:01:ac:d3
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZRKZMDOtagSxFi+Au0woC5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTczMDkyY2VhMWYyZTAxYTAwZTE4MjY5YjViMTNiY2RiNzJhODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DdZGXlbD5d/dJZWrlk4OOZ1+UD+
qyG2bVQd/jqRO2sRLGykL2zu9t2910PU5bBBl9ujiA8BuHOfYtjh84vr5sBaCw6D
7/6ZO19VBRCcbLfhhn4psbIbzJ2CjoQtQg/Fv9KucDJ1LuzXQ34KPqMaWHLBmmLI
emjyaslpxakvWxqeqRh+WGn3HS+Yp+mMsnFgYaFG+nbakS8AmyECdAN7yh9+J1K+
HJDA6KERojP1H9mdGwAqJ6vtDYHTWR0uJCeF93rxu4w9Jqd8i2/H++hPvb5TyTVO
BU9yrUnwXkKsKJr7PU7QfS/rkn+FsIgCvLM03C9krA8gyQqU0VPCLvUgHQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDlzCSzqHy4BoA4YJptbE7zbcqhOMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvT1hNSkxPb2ZMZ0dnRGhnbW0xc1R2TnR5cUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBToBuAwQA
To4HMAwDBABOjiUDBANOjiADBABPfFcDBAFblLwDBABbv9swDQYJKoZIhvcNAQEL
BQADggEBAJ/PZ9a+6QVAGODEMupt2/sfm049it66napXDnM3/lC0Fh1FjXXlu+CK
BPKnfzNo8N/VAVfAG8qjg+bZNNRF5pwWEKx3LDvmU5Wke8KH0XQrV0m0eJ7ht6XW
c3XvY15ooH4Fc5oLLrEde7CykMYUsALm8y2vs4FY0EH9Uju5XvTlvm/4mr1UvFsR
iqW6X6O8heSln6HcQHEu/DnJ/dSpPopif5EmwODLh4m+XSx47duZ1nbA5CDSClgo
zDyRIRJNuIToWQ7CGbHRlQszlrZyO5BVBJQYQFRVU3yayKd7fZqnCpQjDrLO4Y7Z
kKlwv3xRMxGBMEEWpA8ZxTKATI8BrNM=
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:02:51 2025 by rpki-client