Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/y3TTdcjKoEjXwgjO1xfh0tYATdA.roa
File: y3TTdcjKoEjXwgjO1xfh0tYATdA.roa (raw, json)
Hash identifier: 7D4/Czv6H7eCbZASUzHWZokIq1S56p3iwes3EPnUWKQ=
Subject key identifier: CB:74:D3:75:C8:CA:A0:48:D7:C2:08:CE:D7:17:E1:D2:D6:00:4D:D0
Certificate issuer: /CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
Certificate serial: 019426D95C993610B4CBF9BB62F34FCF92B3
Authority key identifier: 3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/y3TTdcjKoEjXwgjO1xfh0tYATdA.roa
Signing time: Thu 02 Jan 2025 11:49:26 +0000
ROA not before: Thu 02 Jan 2025 11:49:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39839
IP address blocks: 95.130.208.0/21 maxlen: 24
185.153.252.0/22 maxlen: 24
193.163.102.0/24 maxlen: 24
2a01:630::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 05:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:5c:99:36:10:b4:cb:f9:bb:62:f3:4f:cf:92:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
Validity
Not Before: Jan 2 11:49:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb74d375c8caa048d7c208ced717e1d2d6004dd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:44:c5:91:88:9c:88:ee:28:9b:52:ab:f3:4c:
9f:fe:d6:aa:5b:95:f7:da:32:95:f6:cc:52:17:eb:
b3:81:4c:02:fa:41:fa:8d:4c:2f:a1:ee:ae:15:f3:
8e:c3:1f:bd:cf:4b:21:f3:28:5e:e7:9d:84:ce:30:
9b:d3:03:10:cd:5d:74:2b:c7:be:b9:bb:c2:19:78:
7e:5d:47:f2:33:7b:5a:80:c1:8a:33:18:dd:6e:27:
0f:d2:92:c0:f5:fb:3a:4d:b7:c7:10:da:4d:56:40:
ce:52:46:ec:b9:b5:6e:01:03:9a:0c:d3:d4:85:61:
7e:e8:f5:fd:c1:92:5f:9c:3f:12:f9:05:65:a7:62:
ad:34:89:19:11:2f:9d:5e:c7:e1:e7:68:41:25:22:
c9:8e:22:65:3b:da:68:aa:26:2a:e5:46:49:33:c7:
0b:80:a5:62:f9:2d:f2:ef:35:59:7d:5e:87:03:60:
e5:c2:e4:64:a6:29:a8:f4:cb:08:be:d0:8d:c5:fe:
b9:7c:9a:5b:61:c7:75:ee:29:1f:34:48:66:92:9c:
83:cc:01:cb:e5:f2:9b:b4:3a:cd:fa:24:f8:3c:96:
0a:8f:c5:08:d1:e3:27:84:56:dc:d9:f7:fd:7e:59:
80:c7:b6:19:ca:3b:3e:da:9a:3f:65:c8:66:ee:cc:
00:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:74:D3:75:C8:CA:A0:48:D7:C2:08:CE:D7:17:E1:D2:D6:00:4D:D0
X509v3 Authority Key Identifier:
keyid:3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/y3TTdcjKoEjXwgjO1xfh0tYATdA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.130.208.0/21
185.153.252.0/22
193.163.102.0/24
IPv6:
2a01:630::/32
Signature Algorithm: sha256WithRSAEncryption
a6:84:16:f1:fa:8a:c0:10:d8:d3:56:3b:99:b2:55:b3:b9:2b:
a7:24:f8:3d:76:57:f5:f4:a8:91:72:88:4d:ec:93:30:97:84:
40:dd:90:61:da:c8:3a:03:8d:85:a6:c0:63:4a:a2:bf:5f:f9:
0f:49:3c:bd:5f:ac:e2:75:67:7a:0d:bd:1a:8d:2b:ac:ea:95:
b1:64:76:be:a6:ab:0b:be:38:b2:c6:a0:26:98:e5:9b:0a:6a:
7a:97:d8:ec:50:5b:e1:5c:29:05:5d:be:21:50:46:c0:8a:95:
47:08:ac:f5:79:ba:e2:1f:91:78:67:4e:8a:09:a8:17:94:b9:
aa:ec:30:2e:98:14:87:41:e2:03:12:dd:19:c2:e7:c3:25:52:
40:26:05:fc:2c:6f:0e:11:62:20:12:77:47:88:4c:1a:fc:a9:
ce:f8:87:d2:83:44:cf:61:72:c2:8d:88:44:c3:2b:8e:9d:af:
b5:13:c7:45:fc:de:8e:5d:c9:40:ac:08:83:c1:97:a3:b4:84:
9d:73:2a:6c:75:c5:b2:d5:27:2d:f0:9b:91:e4:37:69:ff:84:
05:57:de:e6:f0:91:a1:75:3e:08:f5:c3:49:23:30:83:86:2f:
97:94:a4:c8:87:44:6b:0e:e2:c6:7c:06:48:27:11:b2:8c:38:
2e:cc:1d:44
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQm2VyZNhC0y/m7YvNPz5KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNjg1Y2Y4OGE3ZmM0M2ZlMWM3ZmUzNGE2ZmYzZGRiYjQx
NGYwYjUwHhcNMjUwMTAyMTE0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjc0ZDM3NWM4Y2FhMDQ4ZDdjMjA4Y2VkNzE3ZTFkMmQ2MDA0ZGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUTFkYiciO4om1Kr80yf/taqW5X3
2jKV9sxSF+uzgUwC+kH6jUwvoe6uFfOOwx+9z0sh8yhe552EzjCb0wMQzV10K8e+
ubvCGXh+XUfyM3tagMGKMxjdbicP0pLA9fs6TbfHENpNVkDOUkbsubVuAQOaDNPU
hWF+6PX9wZJfnD8S+QVlp2KtNIkZES+dXsfh52hBJSLJjiJlO9poqiYq5UZJM8cL
gKVi+S3y7zVZfV6HA2DlwuRkpimo9MsIvtCNxf65fJpbYcd17ikfNEhmkpyDzAHL
5fKbtDrN+iT4PJYKj8UI0eMnhFbc2ff9flmAx7YZyjs+2po/Zchm7swA0QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMt003XIyqBI18IIztcX4dLWAE3QMB8GA1UdIwQY
MBaAFDpoXPiKf8Q/4cf+NKb/Pdu0FPC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDct
NTlkNmNhNjVjY2JjLzEveTNUVGRjaktvRWpYd2dqTzF4ZmgwdFlBVGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDctNTlkNmNhNjVjY2Jj
LzEvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDX4LQAwQC
uZn8AwQAwaNmMA0EAgACMAcDBQAqAQYwMA0GCSqGSIb3DQEBCwUAA4IBAQCmhBbx
+orAENjTVjuZslWzuSunJPg9dlf19KiRcohN7JMwl4RA3ZBh2sg6A42FpsBjSqK/
X/kPSTy9X6zidWd6Db0ajSus6pWxZHa+pqsLvjiyxqAmmOWbCmp6l9jsUFvhXCkF
Xb4hUEbAipVHCKz1ebriH5F4Z06KCagXlLmq7DAumBSHQeIDEt0ZwufDJVJAJgX8
LG8OEWIgEndHiEwa/KnO+IfSg0TPYXLCjYhEwyuOna+1E8dF/N6OXclArAiDwZej
tISdcypsdcWy1Sct8JuR5Ddp/4QFV97m8JGhdT4I9cNJIzCDhi+XlKTIh0RrDuLG
fAZIJxGyjDguzB1E
-----END CERTIFICATE-----
Generated at Wed Apr 9 15:49:24 2025 by rpki-client