Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/bce53d-d39d-4e23-aa17-27fb5822b32d/1/PDj9CbhapwaiDPTHl4V_zSatG1U.roa
File: PDj9CbhapwaiDPTHl4V_zSatG1U.roa (raw, json)
Hash identifier: y9pPTUUi0Tga4prSiUslZJiX9MosJ/c0ePSWJE6OCf4=
Subject key identifier: 3C:38:FD:09:B8:5A:A7:06:A2:0C:F4:C7:97:85:7F:CD:26:AD:1B:55
Certificate issuer: /CN=0d44da5c1904095860e868180573ee3c895a7b45
Certificate serial: 019425FC105B2AB4C514D9A59EEEEAC91A58
Authority key identifier: 0D:44:DA:5C:19:04:09:58:60:E8:68:18:05:73:EE:3C:89:5A:7B:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DUTaXBkECVhg6GgYBXPuPIlae0U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/bce53d-d39d-4e23-aa17-27fb5822b32d/1/PDj9CbhapwaiDPTHl4V_zSatG1U.roa
Signing time: Thu 02 Jan 2025 07:47:43 +0000
ROA not before: Thu 02 Jan 2025 07:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202053
IP address blocks: 109.71.54.0/24 maxlen: 24
109.71.55.0/24 maxlen: 24
2a03:3b00:1::/48 maxlen: 48
2a03:3b00:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/de/bce53d-d39d-4e23-aa17-27fb5822b32d/1/DUTaXBkECVhg6GgYBXPuPIlae0U.crl
rsync://rpki.ripe.net/repository/DEFAULT/de/bce53d-d39d-4e23-aa17-27fb5822b32d/1/DUTaXBkECVhg6GgYBXPuPIlae0U.mft
rsync://rpki.ripe.net/repository/DEFAULT/DUTaXBkECVhg6GgYBXPuPIlae0U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 10:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:10:5b:2a:b4:c5:14:d9:a5:9e:ee:ea:c9:1a:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d44da5c1904095860e868180573ee3c895a7b45
Validity
Not Before: Jan 2 07:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c38fd09b85aa706a20cf4c797857fcd26ad1b55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:bf:ec:3d:31:2c:cb:3b:de:07:4f:80:69:ad:
3a:8c:ae:fe:b4:b0:5b:c4:a3:b2:92:b3:ca:2e:0e:
06:7b:9e:d2:b2:c2:69:7c:b0:36:e8:59:16:d8:f4:
0d:af:ff:6e:11:dc:0f:5a:b2:cd:d8:44:59:61:ca:
f2:e4:2c:cc:6c:10:a1:1e:d5:13:32:d9:45:b3:bc:
b0:dc:3f:e9:bf:81:b1:74:dd:3c:11:12:a1:9c:9f:
12:90:2a:cb:39:1a:fb:20:5d:01:50:00:0d:40:7c:
c7:ee:ea:06:70:16:6f:b0:db:54:57:cb:d4:e4:ea:
de:af:ad:2b:2e:e2:2d:38:78:f1:f6:a5:2e:21:cd:
2c:48:bb:6f:a1:94:af:3e:5b:0d:be:6e:77:9c:df:
16:7f:45:b5:3b:4f:14:26:c6:c2:82:e1:f9:bd:50:
04:87:e5:a7:99:1c:06:3a:98:f3:a9:4c:ad:78:bd:
fd:a4:29:1f:74:da:a1:90:11:a7:2a:74:c1:4a:69:
b6:0a:58:9a:13:af:8a:c4:fb:4b:cc:5a:ae:aa:e2:
41:a0:51:ce:d1:24:82:2c:21:71:80:dd:28:af:80:
c4:31:64:c8:5b:a0:c4:0c:c3:81:e6:2d:6a:82:14:
bc:ab:54:79:da:6a:2a:66:d3:ad:7d:dc:f7:98:01:
85:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:38:FD:09:B8:5A:A7:06:A2:0C:F4:C7:97:85:7F:CD:26:AD:1B:55
X509v3 Authority Key Identifier:
keyid:0D:44:DA:5C:19:04:09:58:60:E8:68:18:05:73:EE:3C:89:5A:7B:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DUTaXBkECVhg6GgYBXPuPIlae0U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/bce53d-d39d-4e23-aa17-27fb5822b32d/1/PDj9CbhapwaiDPTHl4V_zSatG1U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/bce53d-d39d-4e23-aa17-27fb5822b32d/1/DUTaXBkECVhg6GgYBXPuPIlae0U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.71.54.0/23
IPv6:
2a03:3b00:1::-2a03:3b00:2:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
48:2d:22:61:5f:d5:e0:fc:cd:ff:50:35:b5:91:bd:0a:14:2e:
eb:c0:3e:41:86:c3:54:ba:43:e6:55:65:b0:c3:f9:3c:e6:ae:
df:c6:51:07:37:a0:b9:b8:f9:e9:3c:ab:55:e1:b2:aa:56:63:
07:1c:03:68:42:e6:af:e5:c8:e5:42:e2:56:9c:4f:9c:da:d6:
e4:63:80:d2:22:61:64:25:69:46:82:ea:44:2c:f2:c7:60:a3:
1b:83:2c:67:cd:8f:4b:1e:cc:01:ab:d3:73:4b:fa:f4:ab:f7:
de:87:ed:15:d8:73:ce:93:11:33:14:c9:9d:54:ab:86:bf:4a:
9b:4e:08:00:9e:86:bf:38:d9:fc:8e:2f:24:31:6a:f7:cc:ae:
ff:69:1c:bc:96:b6:39:a8:4c:1c:41:1d:dd:a9:db:6d:81:2f:
e0:76:1f:45:f7:a0:31:e8:5c:7e:fd:11:5e:7f:2d:c2:74:d8:
66:e7:b6:59:53:69:67:1b:74:15:60:79:a5:f2:6d:fe:a8:fd:
6d:6d:bd:ca:25:da:ff:96:9b:d0:d6:18:7d:b4:3c:b6:ce:5a:
a9:df:0a:1e:7c:ba:c4:af:30:f0:74:c6:27:a5:87:ee:15:20:
f1:12:6c:e3:ae:6d:f8:ef:41:45:7e:17:2d:83:d3:8a:7a:fc:
bb:d9:c7:7a
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQl/BBbKrTFFNmlnu7qyRpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNDRkYTVjMTkwNDA5NTg2MGU4NjgxODA1NzNlZTNjODk1
YTdiNDUwHhcNMjUwMTAyMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzM4ZmQwOWI4NWFhNzA2YTIwY2Y0Yzc5Nzg1N2ZjZDI2YWQxYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7/sPTEsyzveB0+Aaa06jK7+tLBb
xKOykrPKLg4Ge57SssJpfLA26FkW2PQNr/9uEdwPWrLN2ERZYcry5CzMbBChHtUT
MtlFs7yw3D/pv4GxdN08ERKhnJ8SkCrLORr7IF0BUAANQHzH7uoGcBZvsNtUV8vU
5Orer60rLuItOHjx9qUuIc0sSLtvoZSvPlsNvm53nN8Wf0W1O08UJsbCguH5vVAE
h+WnmRwGOpjzqUyteL39pCkfdNqhkBGnKnTBSmm2CliaE6+KxPtLzFququJBoFHO
0SSCLCFxgN0or4DEMWTIW6DEDMOB5i1qghS8q1R52moqZtOtfdz3mAGFSwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFDw4/Qm4WqcGogz0x5eFf80mrRtVMB8GA1UdIwQY
MBaAFA1E2lwZBAlYYOhoGAVz7jyJWntFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFVUYVhCa0VDVmhnNkdnWUJYUHVQSWxhZTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9iY2U1M2QtZDM5ZC00ZTIzLWFhMTct
MjdmYjU4MjJiMzJkLzEvUERqOUNiaGFwd2FpRFBUSGw0Vl96U2F0RzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9iY2U1M2QtZDM5ZC00ZTIzLWFhMTctMjdmYjU4MjJiMzJk
LzEvRFVUYVhCa0VDVmhnNkdnWUJYUHVQSWxhZTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQBbUc2MBoE
AgACMBQwEgMHACoDOwAAAQMHACoDOwAAAjANBgkqhkiG9w0BAQsFAAOCAQEASC0i
YV/V4PzN/1A1tZG9ChQu68A+QYbDVLpD5lVlsMP5POau38ZRBzegubj56TyrVeGy
qlZjBxwDaELmr+XI5ULiVpxPnNrW5GOA0iJhZCVpRoLqRCzyx2CjG4MsZ82PSx7M
AavTc0v69Kv33oftFdhzzpMRMxTJnVSrhr9Km04IAJ6GvzjZ/I4vJDFq98yu/2kc
vJa2OahMHEEd3anbbYEv4HYfRfegMehcfv0RXn8twnTYZue2WVNpZxt0FWB5pfJt
/qj9bW29yiXa/5ab0NYYfbQ8ts5aqd8KHny6xK8w8HTGJ6WH7hUg8RJs465t+O9B
RX4XLYPTinr8u9nHeg==
-----END CERTIFICATE-----
Generated at Tue Apr 15 19:59:44 2025 by rpki-client