Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/oLFFYbgwgHeGsoWAlLxxn6-o7ms.roa
File: oLFFYbgwgHeGsoWAlLxxn6-o7ms.roa (raw, json)
Hash identifier: dr6W37ke4ICMcO/2XgdSWX/eEcxR7/Ru69vHyG1qXnc=
Subject key identifier: A0:B1:45:61:B8:30:80:77:86:B2:85:80:94:BC:71:9F:AF:A8:EE:6B
Certificate issuer: /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial: 019682B9660849EB376607A543C100E3C0CF
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/oLFFYbgwgHeGsoWAlLxxn6-o7ms.roa
Signing time: Tue 29 Apr 2025 18:05:10 +0000
ROA not before: Tue 29 Apr 2025 18:05:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21294
IP address blocks: 84.239.19.0/24 maxlen: 24
84.239.20.0/24 maxlen: 24
84.239.21.0/24 maxlen: 24
84.239.22.0/24 maxlen: 24
84.239.23.0/24 maxlen: 24
84.239.24.0/24 maxlen: 24
84.239.26.0/24 maxlen: 24
84.239.53.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 09:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:82:b9:66:08:49:eb:37:66:07:a5:43:c1:00:e3:c0:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
Validity
Not Before: Apr 29 18:05:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0b14561b830807786b2858094bc719fafa8ee6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:41:74:68:d7:e7:e7:a9:20:2d:d0:38:3b:85:
7b:31:95:87:79:03:ea:93:eb:8d:f6:82:69:58:57:
66:16:5d:35:0c:95:d6:80:ad:f5:03:65:8c:d9:1f:
c0:af:8b:84:79:fa:68:04:e0:8b:f4:d9:61:b8:2b:
4a:0e:8a:9a:68:ac:e0:ac:23:e3:32:19:a2:3c:7f:
25:f3:07:6d:7f:f6:3d:76:66:f4:15:03:23:6d:d6:
c2:e6:6f:2b:08:0f:71:a8:21:dd:41:23:42:fb:a6:
97:54:fd:52:35:ee:3a:5f:df:1b:e3:01:a3:a3:b2:
a2:00:63:8a:7e:e2:04:e8:5f:0c:30:2d:01:8a:cf:
4e:3f:b6:cf:07:0a:7e:d8:80:97:ec:01:9f:6e:c9:
3b:31:e6:b2:64:fe:20:38:76:bb:1a:72:e2:f7:48:
04:41:15:a1:34:4c:eb:d2:d4:25:a2:2a:25:d3:02:
20:17:04:e5:70:bd:0d:a9:50:ea:93:79:3f:c5:7d:
59:8b:1c:4b:cb:4d:9c:6c:71:40:1d:6d:b0:2b:6c:
88:f0:a9:56:8d:14:36:45:c1:4d:56:61:22:90:fc:
82:5a:9f:21:ad:f4:0a:54:3b:0b:a8:5e:4b:ac:d6:
ed:bf:ff:75:d1:ea:f3:03:e8:b1:36:c8:b1:c0:0e:
5d:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:B1:45:61:B8:30:80:77:86:B2:85:80:94:BC:71:9F:AF:A8:EE:6B
X509v3 Authority Key Identifier:
keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/oLFFYbgwgHeGsoWAlLxxn6-o7ms.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.239.19.0-84.239.24.255
84.239.26.0/24
84.239.53.0/24
Signature Algorithm: sha256WithRSAEncryption
76:82:50:e7:d1:d2:71:9a:f0:c2:4f:c1:58:1f:c7:c5:22:bd:
92:b9:8e:61:e9:3b:a0:8f:07:1f:1e:9e:db:bb:2f:e5:8a:9e:
99:8a:57:5d:ce:ac:2a:dc:b2:11:8e:ab:2e:96:ea:29:96:9e:
37:13:b7:28:2f:a9:68:66:9a:e8:c9:fe:25:df:e1:67:2a:46:
91:b7:8d:c0:48:2f:cc:6b:58:df:35:c6:e5:6f:f2:06:ac:64:
36:70:c4:99:a3:5b:39:4d:98:d3:9c:59:6d:58:ea:91:8a:6c:
ba:d8:fd:e0:13:5a:4d:02:a1:85:ec:e9:84:80:87:68:df:ea:
79:c7:9a:dd:79:2c:0a:36:05:98:97:34:f4:ac:a0:96:28:58:
92:13:b6:7b:7f:1b:4e:45:e7:2b:58:24:fd:80:41:85:60:56:
8b:fd:4c:ad:6e:eb:05:b3:f5:2e:6a:d7:d9:35:b8:10:a0:fb:
8a:a9:84:a3:5c:3e:5c:07:86:f7:5a:63:c3:fa:cf:2c:6a:17:
8e:1b:80:0f:eb:42:cc:df:5b:4b:ca:b7:11:e6:bb:a6:1d:df:
c5:9b:95:d4:2c:40:bf:14:3a:68:22:a0:ee:7d:f3:49:44:7b:
68:b4:21:b4:c2:df:5e:d2:7b:d6:1a:ab:ae:ca:93:09:b8:b9:
a5:83:b3:c9
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZaCuWYISes3ZgelQ8EA48DPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjUwNDI5MTgwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGIxNDU2MWI4MzA4MDc3ODZiMjg1ODA5NGJjNzE5ZmFmYThlZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UF0aNfn56kgLdA4O4V7MZWHeQPq
k+uN9oJpWFdmFl01DJXWgK31A2WM2R/Ar4uEefpoBOCL9NlhuCtKDoqaaKzgrCPj
MhmiPH8l8wdtf/Y9dmb0FQMjbdbC5m8rCA9xqCHdQSNC+6aXVP1SNe46X98b4wGj
o7KiAGOKfuIE6F8MMC0Bis9OP7bPBwp+2ICX7AGfbsk7MeayZP4gOHa7GnLi90gE
QRWhNEzr0tQloiol0wIgFwTlcL0NqVDqk3k/xX1ZixxLy02cbHFAHW2wK2yI8KlW
jRQ2RcFNVmEikPyCWp8hrfQKVDsLqF5LrNbtv/910erzA+ixNsixwA5d3wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKCxRWG4MIB3hrKFgJS8cZ+vqO5rMB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvb0xGRlliZ3dnSGVHc29XQWxMeHhuNi1vN21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABU7xMD
BABU7xgDBABU7xoDBABU7zUwDQYJKoZIhvcNAQELBQADggEBAHaCUOfR0nGa8MJP
wVgfx8UivZK5jmHpO6CPBx8entu7L+WKnpmKV13OrCrcshGOqy6W6imWnjcTtygv
qWhmmujJ/iXf4WcqRpG3jcBIL8xrWN81xuVv8gasZDZwxJmjWzlNmNOcWW1Y6pGK
bLrY/eATWk0CoYXs6YSAh2jf6nnHmt15LAo2BZiXNPSsoJYoWJITtnt/G05F5ytY
JP2AQYVgVov9TK1u6wWz9S5q19k1uBCg+4qphKNcPlwHhvdaY8P6zyxqF44bgA/r
QszfW0vKtxHmu6Yd38WbldQsQL8UOmgioO5980lEe2i0IbTC317Se9Yaq67Kkwm4
uaWDs8k=
-----END CERTIFICATE-----
Generated at Sat Jun 7 19:27:05 2025 by rpki-client