Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/OCoDEhkkUUK4CPoatcgNov_ZXFM.roa
File: OCoDEhkkUUK4CPoatcgNov_ZXFM.roa (raw, json)
Hash identifier: Vw4DPLJpcDpZqDqziJ/5/3/Wk2tB5IyX+IIC8Dh/HQU=
Subject key identifier: 38:2A:03:12:19:24:51:42:B8:08:FA:1A:B5:C8:0D:A2:FF:D9:5C:53
Certificate issuer: /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial: 01977803B372B453C6B2104E3F940D8B5598
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/OCoDEhkkUUK4CPoatcgNov_ZXFM.roa
Signing time: Mon 16 Jun 2025 09:13:17 +0000
ROA not before: Mon 16 Jun 2025 09:13:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59437
IP address blocks: 85.234.64.0/24 maxlen: 24
85.234.66.0/24 maxlen: 24
85.234.84.0/24 maxlen: 24
85.234.86.0/24 maxlen: 24
92.38.143.0/24 maxlen: 24
93.119.168.0/24 maxlen: 24
93.119.169.0/24 maxlen: 24
109.61.121.0/24 maxlen: 24
2a03:90c0:680::/44 maxlen: 44
2a03:90c0:7b0::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:78:03:b3:72:b4:53:c6:b2:10:4e:3f:94:0d:8b:55:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Validity
Not Before: Jun 16 09:13:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=382a031219245142b808fa1ab5c80da2ffd95c53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:64:21:f9:1c:34:a7:44:e3:d0:96:83:37:9c:
75:f4:e7:15:45:c6:7e:74:fa:85:8d:5b:3e:92:ea:
b9:29:aa:b5:c7:d7:64:be:9e:59:55:cf:5f:5f:88:
9b:6f:57:48:bf:0a:62:e8:68:42:42:93:85:a1:2f:
6e:25:aa:6b:63:82:7d:02:99:11:be:66:25:d6:6e:
b9:56:6e:b8:df:8e:11:d3:e9:5b:15:de:95:1c:dc:
2d:a3:81:53:33:19:ed:df:48:38:01:1d:98:d0:35:
3a:65:44:f6:e0:1f:dc:07:16:d8:40:f9:06:b9:69:
c9:2b:c7:33:d2:4e:3e:1a:de:41:40:75:1e:65:06:
4c:09:6a:9c:81:24:ae:66:a6:84:8e:ff:55:26:58:
18:b4:b0:79:18:fd:fd:38:32:83:b2:2e:a9:c4:25:
85:cf:4a:5d:c0:25:f5:0b:1f:ed:27:30:6d:ac:1a:
f1:1b:84:7d:9a:dd:bd:9b:b0:fb:7f:e1:0c:15:bd:
58:d5:d6:54:a8:a9:bd:83:ea:c8:e1:72:1e:d6:4e:
2c:38:16:54:9a:43:8e:9a:ba:bd:06:1c:48:24:fc:
6a:d2:61:d6:dd:9e:33:f2:18:35:7d:36:89:e4:bf:
d4:2f:83:31:26:36:ff:da:26:31:26:f2:44:b6:33:
c4:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:2A:03:12:19:24:51:42:B8:08:FA:1A:B5:C8:0D:A2:FF:D9:5C:53
X509v3 Authority Key Identifier:
keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/OCoDEhkkUUK4CPoatcgNov_ZXFM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.234.64.0/24
85.234.66.0/24
85.234.84.0/24
85.234.86.0/24
92.38.143.0/24
93.119.168.0/23
109.61.121.0/24
IPv6:
2a03:90c0:680::/44
2a03:90c0:7b0::/44
Signature Algorithm: sha256WithRSAEncryption
16:7a:62:81:10:b9:f6:33:2e:70:df:c2:1d:40:86:2e:a1:d6:
97:91:20:84:c5:f5:1f:fd:e0:b5:50:9e:5c:9b:66:6a:b6:5d:
56:29:0d:03:52:46:0e:46:bd:58:43:36:eb:41:36:99:eb:de:
7b:73:75:07:44:3b:76:a6:e6:46:d7:64:8c:6f:50:4c:da:53:
0d:85:49:c4:8e:1a:1e:ee:07:2d:51:e9:21:d9:64:35:d9:e6:
2f:7c:48:57:b0:4c:d4:ef:23:6f:69:bd:c0:2f:f2:3b:f2:83:
a4:86:95:fe:c3:28:ab:3a:bf:db:45:bd:4f:92:21:c9:e3:fe:
08:f4:dc:df:be:b7:0e:69:49:97:c5:f3:b6:4d:7a:59:cf:bb:
8a:e0:e6:6e:8e:9a:73:1d:09:a5:c6:51:2f:d6:6f:9f:d7:66:
34:27:4a:d0:9e:d4:99:65:34:c7:c6:16:70:34:3a:3d:28:ae:
a3:08:40:8c:97:d7:83:fb:92:4d:19:27:b5:a4:a4:13:2f:77:
72:c8:12:2b:12:22:32:f5:22:89:30:4e:96:11:40:41:ba:ca:
04:ae:97:bf:6e:e9:2e:21:b1:01:43:7c:b6:7b:ea:e6:eb:2a:
98:c5:01:b9:8a:66:37:67:6a:b3:51:93:8c:64:54:c0:bf:50:
1b:b2:17:9b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZd4A7NytFPGshBOP5QNi1WYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjUwNjE2MDkxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJhMDMxMjE5MjQ1MTQyYjgwOGZhMWFiNWM4MGRhMmZmZDk1YzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2Qh+Rw0p0Tj0JaDN5x19OcVRcZ+
dPqFjVs+kuq5Kaq1x9dkvp5ZVc9fX4ibb1dIvwpi6GhCQpOFoS9uJaprY4J9ApkR
vmYl1m65Vm64344R0+lbFd6VHNwto4FTMxnt30g4AR2Y0DU6ZUT24B/cBxbYQPkG
uWnJK8cz0k4+Gt5BQHUeZQZMCWqcgSSuZqaEjv9VJlgYtLB5GP39ODKDsi6pxCWF
z0pdwCX1Cx/tJzBtrBrxG4R9mt29m7D7f+EMFb1Y1dZUqKm9g+rI4XIe1k4sOBZU
mkOOmrq9BhxIJPxq0mHW3Z4z8hg1fTaJ5L/UL4MxJjb/2iYxJvJEtjPErQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDgqAxIZJFFCuAj6GrXIDaL/2VxTMB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvT0NvREVoa2tVVUs0Q1BvYXRjZ05vdl9aWEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAwBAIAATAqAwQAVepAAwQA
VepCAwQAVepUAwQAVepWAwQAXCaPAwQBXXeoAwQAbT15MBgEAgACMBIDBwQqA5DA
BoADBwQqA5DAB7AwDQYJKoZIhvcNAQELBQADggEBABZ6YoEQufYzLnDfwh1Ahi6h
1peRIITF9R/94LVQnlybZmq2XVYpDQNSRg5GvVhDNutBNpnr3ntzdQdEO3am5kbX
ZIxvUEzaUw2FScSOGh7uBy1R6SHZZDXZ5i98SFewTNTvI29pvcAv8jvyg6SGlf7D
KKs6v9tFvU+SIcnj/gj03N++tw5pSZfF87ZNelnPu4rg5m6OmnMdCaXGUS/Wb5/X
ZjQnStCe1JllNMfGFnA0Oj0orqMIQIyX14P7kk0ZJ7WkpBMvd3LIEisSIjL1Iokw
TpYRQEG6ygSul79u6S4hsQFDfLZ76ubrKpjFAbmKZjdnarNRk4xkVMC/UBuyF5s=
-----END CERTIFICATE-----
Generated at Sun Jun 29 06:01:55 2025 by rpki-client