Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PswHAOcrsawlzzoFKiE5C_T1c0o.roa
File: PswHAOcrsawlzzoFKiE5C_T1c0o.roa (raw, json)
Hash identifier: c+ZKgenwJFHggMQXMtFIiy3e6zpevNzKkxnm9RBOrl4=
Subject key identifier: 3E:CC:07:00:E7:2B:B1:AC:25:CF:3A:05:2A:21:39:0B:F4:F5:73:4A
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 0195CDEE70388D33B17327D5957DF329B9C4
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PswHAOcrsawlzzoFKiE5C_T1c0o.roa
Signing time: Tue 25 Mar 2025 15:31:50 +0000
ROA not before: Tue 25 Mar 2025 15:31:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 77.76.0.0/23 maxlen: 23
77.76.4.0/22 maxlen: 22
78.128.2.0/23 maxlen: 23
78.128.10.0/23 maxlen: 23
78.128.12.0/22 maxlen: 22
78.128.16.0/20 maxlen: 20
78.128.36.0/22 maxlen: 22
78.128.40.0/23 maxlen: 23
78.128.52.0/22 maxlen: 22
78.128.56.0/22 maxlen: 22
78.128.82.0/23 maxlen: 23
78.128.84.0/22 maxlen: 22
78.128.88.0/22 maxlen: 22
78.128.96.0/23 maxlen: 23
78.128.100.0/22 maxlen: 22
78.128.104.0/22 maxlen: 22
78.128.115.0/24 maxlen: 24
78.128.116.0/23 maxlen: 23
78.128.120.0/23 maxlen: 23
78.128.122.0/24 maxlen: 24
78.128.123.0/24 maxlen: 24
78.142.9.0/24 maxlen: 24
78.142.10.0/23 maxlen: 23
78.142.12.0/22 maxlen: 22
78.142.30.0/23 maxlen: 23
84.201.224.0/20 maxlen: 20
91.148.149.0/24 maxlen: 24
91.148.150.0/23 maxlen: 23
91.148.152.0/21 maxlen: 21
91.148.162.0/23 maxlen: 23
91.148.164.0/23 maxlen: 23
91.148.166.0/24 maxlen: 24
91.148.169.0/24 maxlen: 24
91.148.170.0/23 maxlen: 23
91.148.172.0/22 maxlen: 22
91.148.176.0/21 maxlen: 21
91.148.186.0/23 maxlen: 23
130.185.227.0/24 maxlen: 24
193.24.240.0/22 maxlen: 22
193.200.14.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 05:01:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:cd:ee:70:38:8d:33:b1:73:27:d5:95:7d:f3:29:b9:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Mar 25 15:31:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ecc0700e72bb1ac25cf3a052a21390bf4f5734a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:b6:99:4e:1a:33:c4:3e:4f:71:76:05:e6:25:
2c:5e:ec:18:8e:76:40:8e:e3:b2:ea:43:dc:aa:ea:
01:b2:08:dc:57:37:60:b8:5c:93:35:4b:53:2e:4e:
93:fc:ec:73:91:bd:fd:9f:60:24:31:da:80:b9:50:
6b:05:9f:27:5a:b8:6e:52:f6:26:d8:78:ce:59:78:
1f:e0:61:c1:3d:eb:ed:73:8b:da:1e:55:fd:ac:4c:
38:43:80:09:0b:a4:f1:13:6c:9b:eb:46:4f:3f:ac:
a5:8d:79:4e:2a:9a:2b:48:13:7d:c5:09:00:1c:49:
48:a0:a3:a8:9b:ee:96:b1:bc:08:40:5b:72:c8:4f:
39:d5:95:8f:b7:7f:46:b2:65:dd:6f:4d:1e:81:57:
f2:13:14:cb:21:c4:a6:a3:96:9b:83:fb:21:48:e8:
6d:b0:c4:11:84:7e:e1:6a:26:13:6c:8b:38:f1:ce:
14:78:a6:93:86:e0:89:4d:94:35:59:a0:16:35:1b:
01:c1:87:b6:62:8e:30:5e:2a:6e:1d:40:8a:b5:f0:
a3:42:f1:5c:e4:0f:2e:9b:4d:f4:be:7b:24:9f:61:
26:8e:ab:48:c4:44:59:8a:b6:71:15:9b:e0:e6:4a:
2c:0d:59:d7:ed:53:ea:53:c1:2f:62:53:31:e3:ea:
51:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:CC:07:00:E7:2B:B1:AC:25:CF:3A:05:2A:21:39:0B:F4:F5:73:4A
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PswHAOcrsawlzzoFKiE5C_T1c0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.76.0.0/23
77.76.4.0/22
78.128.2.0/23
78.128.10.0-78.128.31.255
78.128.36.0-78.128.41.255
78.128.52.0-78.128.59.255
78.128.82.0-78.128.91.255
78.128.96.0/23
78.128.100.0-78.128.107.255
78.128.115.0-78.128.117.255
78.128.120.0/22
78.142.9.0-78.142.15.255
78.142.30.0/23
84.201.224.0/20
91.148.149.0-91.148.159.255
91.148.162.0-91.148.166.255
91.148.169.0-91.148.183.255
91.148.186.0/23
130.185.227.0/24
193.24.240.0/22
193.200.14.0/23
Signature Algorithm: sha256WithRSAEncryption
4c:2b:5f:ca:6d:19:6b:3a:1e:db:ab:ad:6e:06:fa:df:bc:12:
a8:ed:39:d1:5f:6b:fc:b5:b9:dd:be:a7:33:0f:cb:48:12:53:
54:b6:c4:d2:2d:f1:f3:bd:0c:fc:7f:89:f7:30:cb:1c:48:8f:
98:20:10:31:42:4e:83:57:0c:70:8c:23:d4:e7:40:8a:95:b4:
4e:43:89:30:04:af:9b:7b:cc:3a:8a:8f:5c:0b:e1:ef:8f:53:
f1:7b:0b:f1:16:98:d7:a0:72:e4:06:eb:7f:6c:ce:cc:2e:d4:
c4:d2:1c:5c:e9:e2:3d:3e:b6:94:cf:41:25:c5:4c:95:58:9e:
70:00:4d:52:1a:71:a8:53:46:ac:52:e0:28:90:17:b3:ee:6d:
7b:26:8b:71:63:15:16:3e:6c:98:cb:23:90:0d:21:67:6c:3e:
48:5e:b6:5c:97:32:2b:6b:f7:03:53:6a:2f:dc:cc:91:cd:0a:
45:69:42:ac:fe:c1:24:09:7e:3e:2c:65:82:0f:2a:d1:1d:50:
32:b5:99:4d:35:ec:b5:25:27:3d:ef:cf:2e:65:a3:e7:93:a7:
7f:7a:a9:93:0b:f8:4a:20:0a:61:89:b5:b1:a5:58:dd:d5:ac:
54:c3:bb:04:59:f1:83:74:65:c1:d1:2f:36:d5:e7:4e:58:f5:
d1:98:44:6f
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZXN7nA4jTOxcyfVlX3zKbnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMzI1MTUzMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWNjMDcwMGU3MmJiMWFjMjVjZjNhMDUyYTIxMzkwYmY0ZjU3MzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxraZThozxD5PcXYF5iUsXuwYjnZA
juOy6kPcquoBsgjcVzdguFyTNUtTLk6T/Oxzkb39n2AkMdqAuVBrBZ8nWrhuUvYm
2HjOWXgf4GHBPevtc4vaHlX9rEw4Q4AJC6TxE2yb60ZPP6yljXlOKporSBN9xQkA
HElIoKOom+6WsbwIQFtyyE851ZWPt39GsmXdb00egVfyExTLIcSmo5abg/shSOht
sMQRhH7haiYTbIs48c4UeKaThuCJTZQ1WaAWNRsBwYe2Yo4wXipuHUCKtfCjQvFc
5A8um030vnskn2EmjqtIxERZirZxFZvg5kosDVnX7VPqU8EvYlMx4+pR3QIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFD7MBwDnK7GsJc86BSohOQv09XNKMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUHN3SEFPY3JzYXdsenpvRktpRTVDX1QxYzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4DBAFN
TAADBAJNTAQDBAFOgAIwDAMEAU6ACgMEBU6AADAMAwQCToAkAwQBToAoMAwDBAJO
gDQDBAJOgDgwDAMEAU6AUgMEAk6AWAMEAU6AYDAMAwQCToBkAwQCToBoMAwDBABO
gHMDBAFOgHQDBAJOgHgwDAMEAE6OCQMEBE6OAAMEAU6OHgMEBFTJ4DAMAwQAW5SV
AwQFW5SAMAwDBAFblKIDBABblKYwDAMEAFuUqQMEA1uUsAMEAVuUugMEAIK54wME
AsEY8AMEAcHIDjANBgkqhkiG9w0BAQsFAAOCAQEATCtfym0Zazoe26utbgb637wS
qO050V9r/LW53b6nMw/LSBJTVLbE0i3x870M/H+J9zDLHEiPmCAQMUJOg1cMcIwj
1OdAipW0TkOJMASvm3vMOoqPXAvh749T8XsL8RaY16By5Abrf2zOzC7UxNIcXOni
PT62lM9BJcVMlViecABNUhpxqFNGrFLgKJAXs+5teyaLcWMVFj5smMsjkA0hZ2w+
SF62XJcyK2v3A1NqL9zMkc0KRWlCrP7BJAl+Pixlgg8q0R1QMrWZTTXstSUnPe/P
LmWj55Onf3qpkwv4SiAKYYm1saVY3dWsVMO7BFnxg3RlwdEvNtXnTlj10ZhEbw==
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:08:11 2025 by rpki-client