Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xxiyr1TF1xIOoFUX0M1YXhWZb_I.roa
File: xxiyr1TF1xIOoFUX0M1YXhWZb_I.roa (raw, json)
Hash identifier: zoX2/B3E0ZZiksHXuK0mgXuduet0gIWpDwY8he5Uh/M=
Subject key identifier: C7:18:B2:AF:54:C5:D7:12:0E:A0:55:17:D0:CD:58:5E:15:99:6F:F2
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0195FA90376BB13FC97114B6561DE725BCA2
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xxiyr1TF1xIOoFUX0M1YXhWZb_I.roa
Signing time: Thu 03 Apr 2025 07:31:50 +0000
ROA not before: Thu 03 Apr 2025 07:31:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2119
IP address blocks: 192.36.37.0/24 maxlen: 24
192.71.5.0/24 maxlen: 24
192.71.40.0/24 maxlen: 24
192.71.97.0/24 maxlen: 24
192.71.158.0/24 maxlen: 24
192.121.21.0/24 maxlen: 24
192.121.101.0/24 maxlen: 24
192.121.172.0/24 maxlen: 24
192.121.192.0/24 maxlen: 24
192.165.65.0/24 maxlen: 24
192.165.86.0/24 maxlen: 24
192.176.161.0/24 maxlen: 24
193.180.61.0/24 maxlen: 24
193.181.0.0/24 maxlen: 24
193.181.187.0/24 maxlen: 24
193.183.3.0/24 maxlen: 24
193.183.118.0/24 maxlen: 24
193.234.68.0/23 maxlen: 23
193.234.220.0/23 maxlen: 23
193.234.237.0/24 maxlen: 24
193.235.142.0/23 maxlen: 24
194.14.129.0/24 maxlen: 24
194.14.212.0/24 maxlen: 24
194.68.56.0/23 maxlen: 23
194.68.99.0/24 maxlen: 24
194.68.126.0/24 maxlen: 24
194.68.194.0/23 maxlen: 23
194.71.27.0/24 maxlen: 24
194.71.83.0/24 maxlen: 24
194.71.140.0/23 maxlen: 23
194.71.168.0/24 maxlen: 24
194.103.50.0/24 maxlen: 24
194.132.108.0/23 maxlen: 23
194.132.174.0/24 maxlen: 24
194.132.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 21:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:fa:90:37:6b:b1:3f:c9:71:14:b6:56:1d:e7:25:bc:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Apr 3 07:31:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c718b2af54c5d7120ea05517d0cd585e15996ff2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:cd:ec:49:d6:20:63:b4:33:db:09:3d:50:2f:
50:34:90:9e:8d:fc:f4:a9:fb:de:2e:9a:c5:15:e6:
28:78:b3:94:91:52:3b:1a:d1:ff:fc:4e:a6:e3:4a:
5c:39:77:09:a6:80:b7:67:4c:86:91:7f:4c:80:25:
cc:dc:14:d6:7e:4e:12:bf:91:fb:28:4c:0a:0f:72:
e1:8e:18:01:2c:8e:cb:6d:15:f9:cd:2b:b5:f9:37:
a9:2a:4e:bd:55:e1:72:22:dd:c5:69:27:9a:29:d5:
e2:b9:e6:f8:d1:ca:eb:c1:7f:66:2a:9a:a2:0d:6f:
b7:98:65:42:b1:c4:7e:36:cc:1a:e0:c0:90:a4:4d:
f2:10:39:f4:20:99:8a:b7:7b:0b:be:f0:c4:2a:57:
11:1a:88:05:29:c4:5c:6c:e5:79:9e:26:03:73:76:
2e:aa:c4:d8:02:95:72:ba:98:21:02:2e:5e:80:e2:
10:7e:44:f2:b6:54:78:f1:19:00:74:01:bc:9e:22:
5a:1d:df:27:85:25:2e:bd:44:73:94:ed:2f:09:df:
a5:74:0c:d6:59:df:24:8a:00:6d:54:d2:00:1c:70:
35:91:d6:e9:2e:30:a2:b7:7d:0e:e2:0e:b8:8c:8d:
7f:bb:09:0a:a3:63:f2:c8:4d:8e:a8:1d:50:03:79:
7c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:18:B2:AF:54:C5:D7:12:0E:A0:55:17:D0:CD:58:5E:15:99:6F:F2
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xxiyr1TF1xIOoFUX0M1YXhWZb_I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.37.0/24
192.71.5.0/24
192.71.40.0/24
192.71.97.0/24
192.71.158.0/24
192.121.21.0/24
192.121.101.0/24
192.121.172.0/24
192.121.192.0/24
192.165.65.0/24
192.165.86.0/24
192.176.161.0/24
193.180.61.0/24
193.181.0.0/24
193.181.187.0/24
193.183.3.0/24
193.183.118.0/24
193.234.68.0/23
193.234.220.0/23
193.234.237.0/24
193.235.142.0/23
194.14.129.0/24
194.14.212.0/24
194.68.56.0/23
194.68.99.0/24
194.68.126.0/24
194.68.194.0/23
194.71.27.0/24
194.71.83.0/24
194.71.140.0/23
194.71.168.0/24
194.103.50.0/24
194.132.108.0/23
194.132.174.0/23
Signature Algorithm: sha256WithRSAEncryption
87:2e:41:56:5c:43:02:ac:b5:c8:f9:29:68:b1:0d:64:47:ec:
cc:e5:3a:34:38:96:75:f5:3e:0f:86:43:3e:29:6d:bb:d6:80:
77:9b:74:20:31:b9:9b:5e:73:ae:55:8d:20:cc:d2:c7:bc:b2:
bb:e8:18:95:8a:2b:f5:eb:7c:08:98:75:e3:16:a2:b9:2f:ff:
ef:05:f8:f8:97:d7:54:2c:4a:56:a0:e9:fa:53:af:f8:5f:6b:
26:d7:7c:b0:f2:19:35:fa:b9:88:ed:7b:8d:52:10:be:8f:84:
16:21:d9:88:a9:97:ec:0f:aa:41:97:f2:c1:77:fb:81:ca:b9:
4b:97:a9:42:99:54:f4:14:0e:e6:20:cf:a7:1d:13:1d:82:f7:
be:e2:7d:e3:a4:79:af:82:ae:3a:30:23:78:6e:29:41:0a:fc:
e3:8e:3f:80:b2:a6:8f:ce:41:c7:23:35:18:e6:68:e5:2d:1e:
01:e0:91:82:20:3d:96:2a:bd:6a:40:d4:09:eb:60:bf:db:2d:
79:9f:f4:77:57:e5:06:5a:ec:92:4e:85:31:bd:47:bd:9c:db:
b9:e0:96:11:8e:16:1d:9c:a8:f0:64:1e:75:a5:32:06:9a:d1:
93:b5:9e:08:e1:92:0e:92:9d:a7:a3:84:a2:ad:26:db:4a:37:
b9:68:96:75
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgISAZX6kDdrsT/JcRS2Vh3nJbyiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNDAzMDczMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE4YjJhZjU0YzVkNzEyMGVhMDU1MTdkMGNkNTg1ZTE1OTk2ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5s3sSdYgY7Qz2wk9UC9QNJCejfz0
qfveLprFFeYoeLOUkVI7GtH//E6m40pcOXcJpoC3Z0yGkX9MgCXM3BTWfk4Sv5H7
KEwKD3LhjhgBLI7LbRX5zSu1+TepKk69VeFyIt3FaSeaKdXiueb40crrwX9mKpqi
DW+3mGVCscR+Nswa4MCQpE3yEDn0IJmKt3sLvvDEKlcRGogFKcRcbOV5niYDc3Yu
qsTYApVyupghAi5egOIQfkTytlR48RkAdAG8niJaHd8nhSUuvURzlO0vCd+ldAzW
Wd8kigBtVNIAHHA1kdbpLjCit30O4g64jI1/uwkKo2PyyE2OqB1QA3l8lQIDAQAB
o4IC1DCCAtAwHQYDVR0OBBYEFMcYsq9UxdcSDqBVF9DNWF4VmW/yMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveHhpeXIxVEYxeElPb0ZVWDBNMVlYaFdaYl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHpBggrBgEFBQcBBwEB/wSB2TCB1jCB0wQCAAEwgcwDBADA
JCUDBADARwUDBADARygDBADAR2EDBADAR54DBADAeRUDBADAeWUDBADAeawDBADA
ecADBADApUEDBADApVYDBADAsKEDBADBtD0DBADBtQADBADBtbsDBADBtwMDBADB
t3YDBAHB6kQDBAHB6twDBADB6u0DBAHB644DBADCDoEDBADCDtQDBAHCRDgDBADC
RGMDBADCRH4DBAHCRMIDBADCRxsDBADCR1MDBAHCR4wDBADCR6gDBADCZzIDBAHC
hGwDBAHChK4wDQYJKoZIhvcNAQELBQADggEBAIcuQVZcQwKstcj5KWixDWRH7Mzl
OjQ4lnX1Pg+GQz4pbbvWgHebdCAxuZtec65VjSDM0se8srvoGJWKK/XrfAiYdeMW
orkv/+8F+PiX11QsSlag6fpTr/hfaybXfLDyGTX6uYjte41SEL6PhBYh2Yipl+wP
qkGX8sF3+4HKuUuXqUKZVPQUDuYgz6cdEx2C977ifeOkea+CrjowI3huKUEK/OOO
P4Cypo/OQccjNRjmaOUtHgHgkYIgPZYqvWpA1AnrYL/bLXmf9HdX5QZa7JJOhTG9
R72c27nglhGOFh2cqPBkHnWlMgaa0ZO1ngjhkg6SnaejhKKtJttKN7lolnU=
-----END CERTIFICATE-----
Generated at Mon Apr 7 07:06:20 2025 by rpki-client