Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/xz6DVtU3-Ra9kwVQS1hT5B1NgIk.roa
File: xz6DVtU3-Ra9kwVQS1hT5B1NgIk.roa (raw, json)
Hash identifier: L6obqobAUv8Kf3w8kISkegiNvXZC3M7YbdVJnQVDNRA=
Subject key identifier: C7:3E:83:56:D5:37:F9:16:BD:93:05:50:4B:58:53:E4:1D:4D:80:89
Certificate issuer: /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial: 019423D6EB88A9DE7EE732DA7C2267CA6E42
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/xz6DVtU3-Ra9kwVQS1hT5B1NgIk.roa
Signing time: Wed 01 Jan 2025 21:47:55 +0000
ROA not before: Wed 01 Jan 2025 21:47:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201925
IP address blocks: 109.207.104.0/24 maxlen: 24
109.207.106.0/24 maxlen: 24
109.207.107.0/24 maxlen: 24
109.207.108.0/24 maxlen: 24
185.165.151.0/24 maxlen: 24
194.126.165.0/24 maxlen: 24
194.126.166.0/24 maxlen: 24
194.126.167.0/24 maxlen: 24
217.117.132.0/22 maxlen: 22
2001:67c:2fd0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:eb:88:a9:de:7e:e7:32:da:7c:22:67:ca:6e:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Validity
Not Before: Jan 1 21:47:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c73e8356d537f916bd9305504b5853e41d4d8089
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:32:94:6e:e3:46:89:23:3d:39:2e:d7:fd:63:
27:dd:83:41:f8:7f:f2:de:dd:8c:d1:74:5e:70:f9:
a3:3f:d6:0e:24:9c:65:46:c8:4f:48:62:93:85:25:
19:0b:fb:fc:41:39:df:2f:16:37:77:6f:0d:a3:0a:
33:99:c6:3c:56:13:66:f2:e5:e8:16:57:68:2c:e4:
2a:86:51:f4:40:c9:d8:02:27:50:46:59:65:e9:b0:
69:d7:a7:a5:ff:ec:98:e7:1a:14:17:19:e1:83:bc:
50:61:3f:7b:e0:90:c9:28:fc:d9:01:e3:11:ca:f1:
75:cd:e9:1e:b7:33:26:ba:91:b6:93:3e:46:90:ca:
61:cb:64:23:06:8a:7f:a1:23:ce:dd:b7:6c:ac:c4:
db:a7:83:4b:b5:06:c7:ae:69:4e:ab:34:a9:82:25:
7c:bb:5b:47:ba:2c:b9:03:de:79:e1:85:1a:ec:b6:
e9:8f:e0:df:26:49:a3:0f:9d:21:b7:ba:e3:26:a0:
c0:5b:8d:96:7a:6c:d6:b6:bc:6b:c0:e8:ba:4e:b4:
24:2e:db:19:8b:fe:d6:65:82:06:d3:77:c7:5d:15:
94:04:79:98:54:52:27:ae:7c:36:87:db:1b:66:06:
23:dd:cd:20:45:ba:80:b4:8e:04:56:0d:2c:65:7d:
da:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:3E:83:56:D5:37:F9:16:BD:93:05:50:4B:58:53:E4:1D:4D:80:89
X509v3 Authority Key Identifier:
keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/xz6DVtU3-Ra9kwVQS1hT5B1NgIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.207.104.0/24
109.207.106.0-109.207.108.255
185.165.151.0/24
194.126.165.0-194.126.167.255
217.117.132.0/22
IPv6:
2001:67c:2fd0::/48
Signature Algorithm: sha256WithRSAEncryption
86:32:f3:e5:d3:ee:b1:59:5e:03:26:68:c4:09:82:1d:41:59:
a6:e3:29:77:e9:04:5f:a4:05:b6:0f:d8:ea:c5:a7:b9:e6:8c:
1f:38:ca:64:32:aa:52:48:09:37:fb:05:51:85:97:ec:dd:8c:
c0:84:aa:26:d2:e9:32:a9:4a:ff:01:5d:e6:e8:45:d4:a8:51:
2b:a4:6c:85:5c:95:89:62:85:9a:f7:db:8c:49:44:63:f5:18:
c3:3c:54:bb:c2:a3:f0:31:c0:47:d5:10:6e:e9:be:67:55:55:
5c:aa:e2:41:90:4a:e9:4e:63:93:15:1f:ac:7f:4f:df:6a:2d:
0f:43:f7:82:59:ab:02:50:04:60:d1:f7:4e:08:45:9b:32:79:
f7:09:ce:6c:d6:6d:05:6a:a9:1d:46:b7:47:c2:91:a0:03:b4:
ad:61:f3:98:92:c8:35:b9:49:45:49:d4:27:63:1e:a2:d5:1b:
28:84:ac:12:30:7a:67:b1:c6:66:d7:fe:1f:d5:ab:cb:e9:eb:
1c:37:5c:f5:8e:a6:a6:8b:53:29:e5:21:37:2a:81:01:3e:7d:
cf:77:91:a1:00:a9:98:23:57:df:01:2b:72:95:9f:ae:0b:5e:
42:9f:b6:ed:4f:d0:fc:e5:ae:32:55:04:93:88:b2:96:cd:34:
4b:86:58:fa
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQj1uuIqd5+5zLafCJnym5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjUwMTAxMjE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzNlODM1NmQ1MzdmOTE2YmQ5MzA1NTA0YjU4NTNlNDFkNGQ4MDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDKUbuNGiSM9OS7X/WMn3YNB+H/y
3t2M0XRecPmjP9YOJJxlRshPSGKThSUZC/v8QTnfLxY3d28NowozmcY8VhNm8uXo
FldoLOQqhlH0QMnYAidQRlll6bBp16el/+yY5xoUFxnhg7xQYT974JDJKPzZAeMR
yvF1zeketzMmupG2kz5GkMphy2QjBop/oSPO3bdsrMTbp4NLtQbHrmlOqzSpgiV8
u1tHuiy5A9554YUa7Lbpj+DfJkmjD50ht7rjJqDAW42WemzWtrxrwOi6TrQkLtsZ
i/7WZYIG03fHXRWUBHmYVFInrnw2h9sbZgYj3c0gRbqAtI4EVg0sZX3aNQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFMc+g1bVN/kWvZMFUEtYU+QdTYCJMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEveHo2RFZ0VTMtUmE5a3dWUVMxaFQ1QjFOZ0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA0BAIAATAuAwQAbc9oMAwD
BAFtz2oDBABtz2wDBAC5pZcwDAMEAMJ+pQMEA8J+oAMEAtl1hDAPBAIAAjAJAwcA
IAEGfC/QMA0GCSqGSIb3DQEBCwUAA4IBAQCGMvPl0+6xWV4DJmjECYIdQVmm4yl3
6QRfpAW2D9jqxae55owfOMpkMqpSSAk3+wVRhZfs3YzAhKom0ukyqUr/AV3m6EXU
qFErpGyFXJWJYoWa99uMSURj9RjDPFS7wqPwMcBH1RBu6b5nVVVcquJBkErpTmOT
FR+sf0/fai0PQ/eCWasCUARg0fdOCEWbMnn3Cc5s1m0FaqkdRrdHwpGgA7StYfOY
ksg1uUlFSdQnYx6i1RsohKwSMHpnscZm1/4f1avL6escN1z1jqami1Mp5SE3KoEB
Pn3Pd5GhAKmYI1ffAStylZ+uC15Cn7btT9D85a4yVQSTiLKWzTRLhlj6
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:05:29 2025 by rpki-client