Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/ONDqQfjr9_AJ9RydMAScKqXbPqA.roa
File: ONDqQfjr9_AJ9RydMAScKqXbPqA.roa (raw, json)
Hash identifier: tzIBuHIsI+gH6B58aDq25YyBMDZoGOkfi5bBeLvI+/k=
Subject key identifier: 38:D0:EA:41:F8:EB:F7:F0:09:F5:1C:9D:30:04:9C:2A:A5:DB:3E:A0
Certificate issuer: /CN=9a6e147448289634b98688ee5a5af447d42cbb07
Certificate serial: 0194228D6A77FF814EA25E98BB1B77F7A827
Authority key identifier: 9A:6E:14:74:48:28:96:34:B9:86:88:EE:5A:5A:F4:47:D4:2C:BB:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/ONDqQfjr9_AJ9RydMAScKqXbPqA.roa
Signing time: Wed 01 Jan 2025 15:48:00 +0000
ROA not before: Wed 01 Jan 2025 15:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6643
IP address blocks: 45.12.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 13:43:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:6a:77:ff:81:4e:a2:5e:98:bb:1b:77:f7:a8:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a6e147448289634b98688ee5a5af447d42cbb07
Validity
Not Before: Jan 1 15:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=38d0ea41f8ebf7f009f51c9d30049c2aa5db3ea0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:91:fd:9a:db:a2:c1:a2:8a:05:3e:a6:77:30:
5e:69:4c:bb:84:95:92:bd:dc:f7:3d:f9:cf:29:67:
ab:89:7a:43:a8:a7:f3:c6:1b:4e:15:ed:3e:03:b2:
48:fa:81:c4:8b:07:ae:2a:39:38:78:b5:5f:07:08:
a3:67:39:a5:f9:b3:aa:b7:25:d3:ea:8d:76:2d:0a:
1c:ce:06:71:5e:0c:17:ce:01:99:19:94:9d:03:f3:
a4:79:39:c3:60:c9:5d:a4:0e:07:d5:82:70:25:8f:
09:fb:15:31:c8:69:8f:c4:c7:36:27:cb:67:8a:03:
8e:d2:48:f2:3f:6c:0d:d9:9e:09:02:d2:f2:4c:9a:
ae:f8:9e:2f:70:a8:7c:2a:67:e9:13:19:d4:84:92:
76:b0:ff:98:ea:c6:06:58:d1:cc:a9:6f:18:bd:2c:
ea:2b:92:68:03:f8:c1:0b:3b:70:16:97:aa:c9:57:
d1:20:c3:68:a8:c8:e9:31:53:29:54:66:e6:7b:01:
cf:b5:b5:cc:c0:7b:e8:1d:0f:18:8e:7d:e4:ed:d0:
c5:8f:27:f4:ef:25:da:4e:3a:4d:7f:f3:b3:26:43:
f1:a7:92:f3:4b:82:0a:e5:56:89:55:17:2a:fe:aa:
de:30:7e:b3:03:7c:4e:85:68:c1:30:e5:29:bc:bd:
3c:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:D0:EA:41:F8:EB:F7:F0:09:F5:1C:9D:30:04:9C:2A:A5:DB:3E:A0
X509v3 Authority Key Identifier:
keyid:9A:6E:14:74:48:28:96:34:B9:86:88:EE:5A:5A:F4:47:D4:2C:BB:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/ONDqQfjr9_AJ9RydMAScKqXbPqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.196.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:75:45:5b:a8:f7:28:6f:58:8a:f2:0d:5e:01:a5:15:ed:99:
a3:d8:92:ab:ba:a2:ab:2f:48:38:a5:26:bf:86:ec:df:16:00:
3f:b3:9d:c0:44:97:70:77:59:22:f5:7e:d9:89:b2:1d:b1:30:
a8:ce:11:f3:dd:2c:b6:0b:ed:1d:03:a6:45:a6:aa:77:b4:cc:
45:86:33:de:2e:81:21:24:14:08:84:a1:1d:88:cd:d9:79:36:
03:aa:34:7a:55:db:f7:57:16:62:42:c0:87:c6:bb:cd:a2:93:
f6:16:88:da:ad:98:4d:6c:ed:c1:20:d2:b4:62:25:01:89:97:
b9:8a:70:49:15:c0:d4:44:b9:aa:84:15:a4:c5:c1:3e:5f:70:
da:11:3a:45:c8:0e:24:96:5e:7f:48:6c:33:71:d4:1d:a9:42:
08:ef:53:30:e6:af:6a:c0:58:7f:49:0d:24:2b:52:4d:18:4d:
af:23:bc:a6:f8:bb:57:a7:56:ab:1f:3f:90:5f:d4:f0:78:68:
e8:d5:0b:23:88:85:05:bd:7b:cd:42:43:9c:74:84:fd:f2:f0:
a5:98:36:2c:dc:37:ad:93:2e:53:cf:8f:3e:36:7b:86:8c:7b:
1d:50:76:dd:55:1a:62:5d:3f:62:a4:e5:b9:38:ef:56:52:de:
89:38:4e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWp3/4FOol6Yuxt396gnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNmUxNDc0NDgyODk2MzRiOTg2ODhlZTVhNWFmNDQ3ZDQy
Y2JiMDcwHhcNMjUwMTAxMTU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQwZWE0MWY4ZWJmN2YwMDlmNTFjOWQzMDA0OWMyYWE1ZGIzZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJH9mtuiwaKKBT6mdzBeaUy7hJWS
vdz3PfnPKWeriXpDqKfzxhtOFe0+A7JI+oHEiweuKjk4eLVfBwijZzml+bOqtyXT
6o12LQoczgZxXgwXzgGZGZSdA/OkeTnDYMldpA4H1YJwJY8J+xUxyGmPxMc2J8tn
igOO0kjyP2wN2Z4JAtLyTJqu+J4vcKh8KmfpExnUhJJ2sP+Y6sYGWNHMqW8YvSzq
K5JoA/jBCztwFpeqyVfRIMNoqMjpMVMpVGbmewHPtbXMwHvoHQ8Yjn3k7dDFjyf0
7yXaTjpNf/OzJkPxp5LzS4IK5VaJVRcq/qreMH6zA3xOhWjBMOUpvL08VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjQ6kH46/fwCfUcnTAEnCql2z6gMB8GA1UdIwQY
MBaAFJpuFHRIKJY0uYaI7lpa9EfULLsHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW00VWRFZ29salM1aG9qdVdscjBSOVFzdXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82NjFkYWQtMDBjOS00ZjE3LTk0ZDgt
MmJiZDAxZjllNTAwLzEvT05EcVFmanI5X0FKOVJ5ZE1BU2NLcVhiUHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82NjFkYWQtMDBjOS00ZjE3LTk0ZDgtMmJiZDAxZjllNTAw
LzEvbW00VWRFZ29salM1aG9qdVdscjBSOVFzdXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQzEMA0G
CSqGSIb3DQEBCwUAA4IBAQBvdUVbqPcob1iK8g1eAaUV7Zmj2JKruqKrL0g4pSa/
huzfFgA/s53ARJdwd1ki9X7ZibIdsTCozhHz3Sy2C+0dA6ZFpqp3tMxFhjPeLoEh
JBQIhKEdiM3ZeTYDqjR6Vdv3VxZiQsCHxrvNopP2FojarZhNbO3BINK0YiUBiZe5
inBJFcDURLmqhBWkxcE+X3DaETpFyA4kll5/SGwzcdQdqUII71Mw5q9qwFh/SQ0k
K1JNGE2vI7ym+LtXp1arHz+QX9TweGjo1QsjiIUFvXvNQkOcdIT98vClmDYs3Det
ky5Tz48+NnuGjHsdUHbdVRpiXT9ipOW5OO9WUt6JOE5Y
-----END CERTIFICATE-----
Generated at Tue Apr 8 20:07:14 2025 by rpki-client