Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/PwHMe4i6pz51Ahrp1W-49Rgc_vo.roa
File: PwHMe4i6pz51Ahrp1W-49Rgc_vo.roa (raw, json)
Hash identifier: DVJmDnhZvnviJ4n66jT0o+c4DIjAzAehQrpeXl6SGUU=
Subject key identifier: 3F:01:CC:7B:88:BA:A7:3E:75:02:1A:E9:D5:6F:B8:F5:18:1C:FE:FA
Certificate issuer: /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial: 019423D755AE0F70273001BCC754787BBFE1
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/PwHMe4i6pz51Ahrp1W-49Rgc_vo.roa
Signing time: Wed 01 Jan 2025 21:48:22 +0000
ROA not before: Wed 01 Jan 2025 21:48:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205888
IP address blocks: 5.40.0.0/24 maxlen: 24
5.40.122.0/24 maxlen: 24
5.40.133.0/24 maxlen: 24
5.40.155.0/24 maxlen: 24
5.40.157.0/24 maxlen: 24
5.40.168.0/24 maxlen: 24
5.40.225.0/24 maxlen: 24
62.175.210.0/24 maxlen: 24
89.140.57.0/24 maxlen: 24
95.39.64.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 22:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:55:ae:0f:70:27:30:01:bc:c7:54:78:7b:bf:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Validity
Not Before: Jan 1 21:48:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f01cc7b88baa73e75021ae9d56fb8f5181cfefa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:a5:76:47:3d:31:4f:9d:00:25:97:25:6f:6e:
7e:c9:aa:49:8e:46:62:bf:ee:d5:88:dd:44:a7:5c:
c4:0e:86:ba:2e:cd:e8:5b:04:9c:66:6e:76:5c:5d:
12:36:d4:29:a5:21:a3:9f:94:d6:a3:6d:7e:86:ca:
6d:49:f5:eb:f8:45:fb:20:1a:6e:13:a4:41:41:29:
0e:44:da:45:42:af:8b:61:c9:68:80:38:dd:d2:0b:
c2:fe:fb:5e:aa:ca:41:29:e1:44:d7:d5:90:5b:bd:
88:b2:a5:4a:9b:2a:06:b8:b3:71:43:af:c4:16:7d:
2e:aa:ca:71:80:cc:da:f7:c9:1b:62:0c:72:1b:45:
0a:e6:46:4d:74:16:ea:2c:9c:14:38:73:20:7b:86:
17:4c:37:4a:b9:b0:4d:9e:59:95:e4:bd:9d:ab:e9:
9c:d0:2c:06:2f:16:24:74:39:8f:5d:6d:69:af:aa:
ee:49:5a:b6:2f:23:96:12:f3:85:4f:01:ec:b9:b8:
85:0b:2c:63:65:15:af:42:44:91:39:dd:36:04:d9:
f2:23:af:c8:14:8e:03:72:e1:c6:c9:28:64:0a:d8:
bb:22:b4:9e:a1:91:83:16:c3:fb:6a:56:10:78:38:
21:fb:6a:86:14:d7:9c:35:fb:83:2a:0f:6c:51:b7:
40:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:01:CC:7B:88:BA:A7:3E:75:02:1A:E9:D5:6F:B8:F5:18:1C:FE:FA
X509v3 Authority Key Identifier:
keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/PwHMe4i6pz51Ahrp1W-49Rgc_vo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.40.0.0/24
5.40.122.0/24
5.40.133.0/24
5.40.155.0/24
5.40.157.0/24
5.40.168.0/24
5.40.225.0/24
62.175.210.0/24
89.140.57.0/24
95.39.64.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:cd:33:3a:f9:f0:29:e5:12:49:c7:af:e5:1d:a3:05:da:cf:
01:42:56:02:0b:83:13:43:7f:96:56:5a:12:3b:9a:6d:c8:c2:
1e:ad:0e:9c:07:92:44:e1:03:47:96:f5:31:0b:67:0e:0b:67:
1a:0f:46:33:3a:59:00:da:f1:af:c0:76:7f:14:f4:08:56:a7:
00:1f:bb:98:9e:5a:3e:28:2e:34:f7:f6:c2:2b:72:ee:b2:8d:
65:c2:7f:74:4d:87:ec:e6:a1:bd:0d:44:b5:19:8c:17:7b:40:
09:d1:0c:62:14:66:64:db:7e:42:c8:ff:65:30:c8:7d:79:dc:
f1:a2:15:c2:1a:3e:53:32:01:6d:23:04:ee:d4:55:09:2e:16:
3a:ad:d6:c9:ec:89:ca:5b:26:3c:80:a8:23:0d:69:d6:60:9e:
a0:c7:d4:f9:db:a5:e7:02:fe:c9:6d:d2:ba:fa:f4:60:a7:e2:
d5:aa:21:91:b3:91:e4:ee:ca:96:22:f6:35:52:ae:36:5c:0e:
9b:be:88:5d:f6:e3:90:a5:99:2b:4a:f5:3d:53:de:50:d0:3e:
e1:07:f1:a2:15:36:19:1b:03:d8:ac:46:59:63:ea:c5:db:54:
dc:d2:8d:da:c6:b2:9e:ff:a7:79:54:58:b2:83:2c:17:b0:80:
e8:ed:4f:83
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQj11WuD3AnMAG8x1R4e7/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwMTAxMjE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjAxY2M3Yjg4YmFhNzNlNzUwMjFhZTlkNTZmYjhmNTE4MWNmZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6V2Rz0xT50AJZclb25+yapJjkZi
v+7ViN1Ep1zEDoa6Ls3oWwScZm52XF0SNtQppSGjn5TWo21+hsptSfXr+EX7IBpu
E6RBQSkORNpFQq+LYclogDjd0gvC/vteqspBKeFE19WQW72IsqVKmyoGuLNxQ6/E
Fn0uqspxgMza98kbYgxyG0UK5kZNdBbqLJwUOHMge4YXTDdKubBNnlmV5L2dq+mc
0CwGLxYkdDmPXW1pr6ruSVq2LyOWEvOFTwHsubiFCyxjZRWvQkSROd02BNnyI6/I
FI4DcuHGyShkCti7IrSeoZGDFsP7alYQeDgh+2qGFNecNfuDKg9sUbdACwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFD8BzHuIuqc+dQIa6dVvuPUYHP76MB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvUHdITWU0aTZwejUxQWhycDFXLTQ5UmdjX3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABSgAAwQA
BSh6AwQABSiFAwQABSibAwQABSidAwQABSioAwQABSjhAwQAPq/SAwQAWYw5AwQA
XydAMA0GCSqGSIb3DQEBCwUAA4IBAQBfzTM6+fAp5RJJx6/lHaMF2s8BQlYCC4MT
Q3+WVloSO5ptyMIerQ6cB5JE4QNHlvUxC2cOC2caD0YzOlkA2vGvwHZ/FPQIVqcA
H7uYnlo+KC409/bCK3Luso1lwn90TYfs5qG9DUS1GYwXe0AJ0QxiFGZk235CyP9l
MMh9edzxohXCGj5TMgFtIwTu1FUJLhY6rdbJ7InKWyY8gKgjDWnWYJ6gx9T526Xn
Av7JbdK6+vRgp+LVqiGRs5Hk7sqWIvY1Uq42XA6bvohd9uOQpZkrSvU9U95Q0D7h
B/GiFTYZGwPYrEZZY+rF21Tc0o3axrKe/6d5VFiygywXsIDo7U+D
-----END CERTIFICATE-----
Generated at Thu Apr 17 08:16:07 2025 by rpki-client