Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/3klZTNM9YhJqZUNp3PJkFRczFX8.roa
File: 3klZTNM9YhJqZUNp3PJkFRczFX8.roa (raw, json)
Hash identifier: OyXgZ5l4rO5Wt2TcoTvX9gJZ0hgPAdu2wTU0n6/gZoU=
Subject key identifier: DE:49:59:4C:D3:3D:62:12:6A:65:43:69:DC:F2:64:15:17:33:15:7F
Certificate issuer: /CN=485ddb678c4c0d0c488efd3b8367142189f3358a
Certificate serial: 0196C5BAB8716C37E654D103A26261BE5087
Authority key identifier: 48:5D:DB:67:8C:4C:0D:0C:48:8E:FD:3B:83:67:14:21:89:F3:35:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SF3bZ4xMDQxIjv07g2cUIYnzNYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/3klZTNM9YhJqZUNp3PJkFRczFX8.roa
Signing time: Mon 12 May 2025 18:21:10 +0000
ROA not before: Mon 12 May 2025 18:21:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51500
IP address blocks: 109.235.10.0/23 maxlen: 23
109.235.10.0/24 maxlen: 24
109.235.11.0/24 maxlen: 24
109.235.12.0/23 maxlen: 23
109.235.12.0/24 maxlen: 24
109.235.13.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/SF3bZ4xMDQxIjv07g2cUIYnzNYo.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/SF3bZ4xMDQxIjv07g2cUIYnzNYo.mft
rsync://rpki.ripe.net/repository/DEFAULT/SF3bZ4xMDQxIjv07g2cUIYnzNYo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 09:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c5:ba:b8:71:6c:37:e6:54:d1:03:a2:62:61:be:50:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=485ddb678c4c0d0c488efd3b8367142189f3358a
Validity
Not Before: May 12 18:21:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de49594cd33d62126a654369dcf264151733157f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:0b:60:3b:13:31:ef:c8:f6:9d:3f:29:05:61:
3b:65:61:d9:6c:27:8d:ac:10:b9:3b:3d:21:cd:dc:
fd:21:ff:4e:7b:87:2a:94:bb:12:b8:c5:ed:4b:0e:
1f:c2:cc:ec:6a:26:78:92:7c:9e:60:80:08:83:20:
62:52:13:70:95:09:f5:ca:9e:e4:7b:64:78:e0:a7:
41:c8:ed:e7:bc:8e:c5:f9:80:ed:ba:6a:06:9b:99:
fe:ab:6f:d3:d8:73:70:7c:69:6f:ae:70:0e:14:ef:
29:d5:b7:ad:24:f7:e4:1d:1e:9b:d7:b1:f6:50:6c:
ff:d9:8e:76:b6:9a:20:5d:32:3b:32:f7:1b:f5:b4:
f4:43:8c:d4:79:43:98:70:a8:97:eb:19:30:9c:43:
d5:38:0f:44:47:65:51:3a:5c:76:23:6f:0b:95:f6:
9f:0f:a4:e1:50:70:50:7b:ba:a3:31:ba:6f:e9:ed:
cc:31:a5:0e:45:f4:64:61:89:ca:32:7d:25:76:e2:
6d:a7:6b:ca:bc:99:85:b7:e4:e0:4f:95:33:fa:d3:
c2:a6:08:21:46:f1:c6:55:6e:be:36:fc:78:8a:ca:
33:24:dc:90:18:f0:aa:b1:10:86:14:7b:50:95:24:
6f:09:a6:bc:2a:cd:19:db:f4:71:29:68:1e:3f:46:
40:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:49:59:4C:D3:3D:62:12:6A:65:43:69:DC:F2:64:15:17:33:15:7F
X509v3 Authority Key Identifier:
keyid:48:5D:DB:67:8C:4C:0D:0C:48:8E:FD:3B:83:67:14:21:89:F3:35:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SF3bZ4xMDQxIjv07g2cUIYnzNYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/3klZTNM9YhJqZUNp3PJkFRczFX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/beb200-e5d6-4696-ae25-debfcd9eb20e/1/SF3bZ4xMDQxIjv07g2cUIYnzNYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.10.0-109.235.13.255
Signature Algorithm: sha256WithRSAEncryption
2a:ca:16:81:3e:f2:f6:bc:1b:41:fd:fd:ca:13:0c:1a:1d:b9:
24:7c:da:db:44:23:b9:27:82:3d:c3:03:66:98:ae:eb:da:de:
45:0a:e8:4e:fc:6d:a3:b8:2c:ca:a8:c3:c6:c6:68:8b:32:c8:
27:12:c4:97:b3:69:f8:d3:08:e1:98:65:34:6e:e2:15:2f:db:
66:82:75:db:d0:1f:7c:99:21:6b:0e:43:20:48:de:47:55:09:
18:9b:ea:62:94:95:9e:1d:e4:72:e5:c2:c8:3a:6d:c5:f0:3d:
7a:31:93:5c:76:71:b0:a0:a2:3a:65:60:97:0a:44:dc:c0:14:
1d:ec:d2:bb:4a:b2:0f:20:be:5f:18:f2:52:ef:37:4a:26:4f:
b6:bc:b2:39:91:d3:19:93:d2:7c:28:7c:ee:f3:a2:91:bd:9e:
2b:55:45:6f:50:0a:6d:8a:f7:ad:74:36:03:13:cf:75:44:ea:
74:66:56:f0:78:eb:8d:71:bc:7d:01:65:c2:7d:0d:79:4c:9c:
3d:75:bd:e5:f2:99:22:a2:73:cd:56:b5:a3:d8:2f:b3:8e:8e:
98:9f:64:3e:4d:96:96:a9:89:8e:65:68:58:78:97:88:9a:c2:
09:bf:cf:2a:61:84:9c:2a:27:0b:a2:d4:61:4a:14:90:35:90:
d3:f9:97:1a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZbFurhxbDfmVNEDomJhvlCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NWRkYjY3OGM0YzBkMGM0ODhlZmQzYjgzNjcxNDIxODlm
MzM1OGEwHhcNMjUwNTEyMTgyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQ5NTk0Y2QzM2Q2MjEyNmE2NTQzNjlkY2YyNjQxNTE3MzMxNTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAtgOxMx78j2nT8pBWE7ZWHZbCeN
rBC5Oz0hzdz9If9Oe4cqlLsSuMXtSw4fwszsaiZ4knyeYIAIgyBiUhNwlQn1yp7k
e2R44KdByO3nvI7F+YDtumoGm5n+q2/T2HNwfGlvrnAOFO8p1betJPfkHR6b17H2
UGz/2Y52tpogXTI7Mvcb9bT0Q4zUeUOYcKiX6xkwnEPVOA9ER2VROlx2I28Llfaf
D6ThUHBQe7qjMbpv6e3MMaUORfRkYYnKMn0lduJtp2vKvJmFt+TgT5Uz+tPCpggh
RvHGVW6+Nvx4isozJNyQGPCqsRCGFHtQlSRvCaa8Ks0Z2/RxKWgeP0ZAgwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN5JWUzTPWISamVDadzyZBUXMxV/MB8GA1UdIwQY
MBaAFEhd22eMTA0MSI79O4NnFCGJ8zWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0YzYlo0eE1EUXhJanYwN2cyY1VJWW56TllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iZWIyMDAtZTVkNi00Njk2LWFlMjUt
ZGViZmNkOWViMjBlLzEvM2tsWlROTTlZaEpxWlVOcDNQSmtGUmN6Rlg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iZWIyMDAtZTVkNi00Njk2LWFlMjUtZGViZmNkOWViMjBl
LzEvU0YzYlo0eE1EUXhJanYwN2cyY1VJWW56TllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFt6woD
BAFt6wwwDQYJKoZIhvcNAQELBQADggEBACrKFoE+8va8G0H9/coTDBoduSR82ttE
I7kngj3DA2aYruva3kUK6E78baO4LMqow8bGaIsyyCcSxJezafjTCOGYZTRu4hUv
22aCddvQH3yZIWsOQyBI3kdVCRib6mKUlZ4d5HLlwsg6bcXwPXoxk1x2cbCgojpl
YJcKRNzAFB3s0rtKsg8gvl8Y8lLvN0omT7a8sjmR0xmT0nwofO7zopG9nitVRW9Q
Cm2K9610NgMTz3VE6nRmVvB4641xvH0BZcJ9DXlMnD11veXymSKic81WtaPYL7OO
jpifZD5NlpapiY5laFh4l4iawgm/zyphhJwqJwui1GFKFJA1kNP5lxo=
-----END CERTIFICATE-----
Generated at Sat Jun 7 17:45:20 2025 by rpki-client