Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SsIIO5FLWVG4HngMcxuxZwlXX_Q.roa
File: SsIIO5FLWVG4HngMcxuxZwlXX_Q.roa (raw, json)
Hash identifier: f3nH+zKpidf/wLtjpgXLWFjJKVnRxYjtKnb9C31KuDI=
Subject key identifier: 4A:C2:08:3B:91:4B:59:51:B8:1E:78:0C:73:1B:B1:67:09:57:5F:F4
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0195EC82312C2CDD962AF521A62EB7FFBE4D
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SsIIO5FLWVG4HngMcxuxZwlXX_Q.roa
Signing time: Mon 31 Mar 2025 14:01:49 +0000
ROA not before: Mon 31 Mar 2025 14:01:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 192.36.57.0/24 maxlen: 24
192.71.227.0/24 maxlen: 24
192.71.247.0/24 maxlen: 24
192.71.249.0/24 maxlen: 24
192.121.22.0/24 maxlen: 24
192.121.23.0/24 maxlen: 24
192.121.46.0/23 maxlen: 24
192.121.46.0/24 maxlen: 24
192.121.47.0/24 maxlen: 24
192.121.162.0/24 maxlen: 24
192.121.170.0/24 maxlen: 24
194.14.208.0/24 maxlen: 24
194.14.217.0/24 maxlen: 24
194.68.26.0/24 maxlen: 24
194.68.27.0/24 maxlen: 24
194.68.44.0/24 maxlen: 24
194.71.126.0/24 maxlen: 24
194.71.227.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 08:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ec:82:31:2c:2c:dd:96:2a:f5:21:a6:2e:b7:ff:be:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Mar 31 14:01:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4ac2083b914b5951b81e780c731bb16709575ff4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a9:8a:33:ee:27:3b:85:2a:86:fd:5b:96:4d:
e9:7b:ac:e0:3c:99:03:59:3d:e3:6f:1d:9d:97:be:
1a:78:cc:c1:d3:c2:df:23:85:04:32:3f:28:92:55:
ac:8c:e6:09:57:d2:82:01:9c:07:c9:a5:b2:f1:f0:
aa:16:20:dc:b4:17:e4:b9:d2:a9:61:1a:43:e5:b1:
ca:3a:b1:27:15:31:b8:8a:03:f8:38:7a:78:58:83:
b1:8c:83:88:19:01:a8:a9:49:57:9f:28:09:2f:7f:
b8:07:2f:28:0e:9b:ed:09:2e:48:55:02:4f:84:d5:
d0:3d:c0:59:8e:53:45:ec:fa:b7:5e:b1:3b:b2:90:
e9:e8:f2:5e:5d:bd:b9:1b:39:7b:ba:42:5f:3f:fe:
2b:61:31:05:6d:00:39:0e:88:12:dd:db:22:49:aa:
18:b6:a1:ae:82:df:1b:de:ea:d2:77:cf:17:7a:14:
6a:07:64:2d:4b:b9:21:3e:98:e3:29:92:0d:b8:79:
a6:84:b9:e7:cf:52:e5:95:77:8b:95:5a:37:96:5d:
18:50:74:c6:55:98:83:e5:cb:10:84:00:e0:a6:93:
31:d7:26:cb:57:c2:32:b5:5a:3c:ff:8a:12:f7:70:
5f:70:52:e2:87:2e:2a:b4:f3:15:67:24:dc:9f:0b:
e8:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:C2:08:3B:91:4B:59:51:B8:1E:78:0C:73:1B:B1:67:09:57:5F:F4
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SsIIO5FLWVG4HngMcxuxZwlXX_Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.57.0/24
192.71.227.0/24
192.71.247.0/24
192.71.249.0/24
192.121.22.0/23
192.121.46.0/23
192.121.162.0/24
192.121.170.0/24
194.14.208.0/24
194.14.217.0/24
194.68.26.0/23
194.68.44.0/24
194.71.126.0/24
194.71.227.0/24
Signature Algorithm: sha256WithRSAEncryption
38:20:6a:60:aa:0b:8c:db:b3:e4:c9:92:17:e0:d7:6e:52:e8:
26:b5:2f:4e:a4:a7:f7:38:30:58:ed:d2:0a:68:93:f5:2f:8c:
23:e9:21:0c:05:8c:bb:8b:ba:ea:de:0e:ae:64:9a:c7:da:69:
6b:d3:e0:fa:07:f7:7d:33:ef:88:d7:05:95:d9:f2:b2:0a:88:
13:aa:e4:6f:9b:6d:eb:3d:b9:cc:00:4a:df:fc:5b:fa:e0:bf:
09:be:7f:e5:23:f6:a4:fb:f3:10:64:90:fd:78:ec:83:6f:be:
d7:0d:6b:32:4e:4b:0a:de:14:69:41:88:3e:91:ce:25:58:b8:
05:36:2e:a8:5e:ad:2b:36:e6:c8:96:e9:ad:bc:29:b9:89:6c:
86:77:87:d0:a0:67:d2:7a:96:a1:f9:ad:f6:d0:e5:e1:45:b5:
5e:fd:48:2e:28:e8:23:9f:49:50:0c:af:50:d3:39:2b:85:49:
8a:1d:9b:2d:47:85:a4:bd:ab:95:16:f4:44:55:d1:81:51:66:
10:82:30:25:50:31:31:19:8f:a4:b2:bf:25:04:c4:29:71:21:
51:23:09:1e:5e:8e:5e:64:c8:09:6f:55:46:7a:8f:aa:78:83:
5b:a3:09:58:27:82:87:bf:b5:4c:a1:9a:86:e5:4e:96:99:5c:
12:a4:59:d6
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZXsgjEsLN2WKvUhpi63/75NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMzMxMTQwMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWMyMDgzYjkxNGI1OTUxYjgxZTc4MGM3MzFiYjE2NzA5NTc1ZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqmKM+4nO4Uqhv1blk3pe6zgPJkD
WT3jbx2dl74aeMzB08LfI4UEMj8oklWsjOYJV9KCAZwHyaWy8fCqFiDctBfkudKp
YRpD5bHKOrEnFTG4igP4OHp4WIOxjIOIGQGoqUlXnygJL3+4By8oDpvtCS5IVQJP
hNXQPcBZjlNF7Pq3XrE7spDp6PJeXb25Gzl7ukJfP/4rYTEFbQA5DogS3dsiSaoY
tqGugt8b3urSd88XehRqB2QtS7khPpjjKZINuHmmhLnnz1LllXeLlVo3ll0YUHTG
VZiD5csQhADgppMx1ybLV8IytVo8/4oS93BfcFLihy4qtPMVZyTcnwvoJwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFErCCDuRS1lRuB54DHMbsWcJV1/0MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvU3NJSU81RkxXVkc0SG5nTWN4dXhad2xYWF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAwCQ5AwQA
wEfjAwQAwEf3AwQAwEf5AwQBwHkWAwQBwHkuAwQAwHmiAwQAwHmqAwQAwg7QAwQA
wg7ZAwQBwkQaAwQAwkQsAwQAwkd+AwQAwkfjMA0GCSqGSIb3DQEBCwUAA4IBAQA4
IGpgqguM27PkyZIX4NduUugmtS9OpKf3ODBY7dIKaJP1L4wj6SEMBYy7i7rq3g6u
ZJrH2mlr0+D6B/d9M++I1wWV2fKyCogTquRvm23rPbnMAErf/Fv64L8Jvn/lI/ak
+/MQZJD9eOyDb77XDWsyTksK3hRpQYg+kc4lWLgFNi6oXq0rNubIlumtvCm5iWyG
d4fQoGfSepah+a320OXhRbVe/UguKOgjn0lQDK9Q0zkrhUmKHZstR4WkvauVFvRE
VdGBUWYQgjAlUDExGY+ksr8lBMQpcSFRIwkeXo5eZMgJb1VGeo+qeINbowlYJ4KH
v7VMoZqG5U6WmVwSpFnW
-----END CERTIFICATE-----
Generated at Thu Apr 10 15:17:45 2025 by rpki-client