Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/28OIc-bq8VTCxKhU58Yv36P1WyM.roa
File: 28OIc-bq8VTCxKhU58Yv36P1WyM.roa (raw, json)
Hash identifier: +ajQaDQDYTyzcVdwPJa3g2rlNS04zmDt63bNQGZpQAg=
Subject key identifier: DB:C3:88:73:E6:EA:F1:54:C2:C4:A8:54:E7:C6:2F:DF:A3:F5:5B:23
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01967AF3F6E5B819AB932499603BCD540DD4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/28OIc-bq8VTCxKhU58Yv36P1WyM.roa
Signing time: Mon 28 Apr 2025 05:52:10 +0000
ROA not before: Mon 28 Apr 2025 05:52:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 37.202.222.0/24 maxlen: 24
151.240.3.0/24 maxlen: 24
151.240.79.0/24 maxlen: 24
151.240.110.0/24 maxlen: 24
151.242.87.0/24 maxlen: 24
151.242.174.0/23 maxlen: 23
151.242.192.0/23 maxlen: 23
151.243.101.0/24 maxlen: 24
151.244.126.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 16 May 2025 13:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7a:f3:f6:e5:b8:19:ab:93:24:99:60:3b:cd:54:0d:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 28 05:52:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dbc38873e6eaf154c2c4a854e7c62fdfa3f55b23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:7e:66:eb:dd:61:87:25:62:12:83:4a:4e:4f:
f3:48:24:c3:1a:2a:cc:8f:e3:4e:81:c0:f7:89:9a:
ae:80:6e:6b:bf:90:6f:62:b5:f5:66:06:65:e6:cb:
f7:62:23:c7:d3:79:16:b3:d1:3a:50:83:73:48:10:
8f:99:e9:ad:2b:3b:b4:be:3c:13:f3:cd:63:61:5b:
2d:0e:63:63:78:70:63:41:1e:ee:21:b9:f2:dc:49:
1f:ce:19:1f:36:79:90:1d:9b:99:aa:03:1a:eb:72:
bf:0e:4f:33:b6:bc:d9:de:17:60:2f:1b:fa:1c:d8:
87:ac:ee:61:96:30:3f:42:26:78:bf:33:fd:df:82:
14:ad:16:19:11:0a:e0:f2:ee:7a:09:be:d9:a6:c5:
80:e2:ea:28:58:e9:42:8f:b7:0b:2d:fc:47:f0:0a:
8f:69:85:62:6c:92:c3:f7:f3:a1:41:d0:be:e7:3e:
21:9a:63:bc:a1:d1:e4:23:ab:76:77:d5:51:42:aa:
fa:c4:12:cf:c7:47:ca:f7:f2:1a:5e:55:11:0d:c4:
38:f0:5f:e5:6c:0e:56:51:fc:b6:a6:e4:65:55:f4:
71:1a:08:e8:48:37:46:c2:85:15:47:fb:bc:ee:f8:
e7:10:fa:22:07:06:6f:c8:36:a2:ec:a4:24:74:29:
10:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:C3:88:73:E6:EA:F1:54:C2:C4:A8:54:E7:C6:2F:DF:A3:F5:5B:23
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/28OIc-bq8VTCxKhU58Yv36P1WyM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.222.0/24
151.240.3.0/24
151.240.79.0/24
151.240.110.0/24
151.242.87.0/24
151.242.174.0/23
151.242.192.0/23
151.243.101.0/24
151.244.126.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:41:52:75:50:c7:e5:33:65:07:01:99:d2:6b:90:41:8e:c8:
0b:3e:17:e5:83:54:60:e6:ab:18:80:3c:18:07:72:a4:59:56:
6d:e7:48:69:2d:66:b4:70:20:cf:48:6e:69:24:be:13:00:2c:
21:4e:a7:82:47:56:29:0c:c4:e6:6d:20:67:44:fe:b0:69:1b:
f2:8d:6f:a4:05:17:38:72:2a:49:43:72:90:47:38:fb:59:9a:
58:b9:23:c4:77:57:c9:ce:2e:24:66:52:91:d8:93:a9:09:c9:
8e:f2:bc:bb:82:77:e7:ea:c0:a6:d3:38:d4:bb:67:3b:de:bf:
43:28:dc:0f:93:7c:f0:33:e2:87:72:ee:0a:a7:1d:d7:57:88:
5e:cf:0e:8f:7b:71:18:94:3e:d5:07:79:ae:ed:e4:d8:90:ef:
19:c3:e5:9e:46:23:ea:94:24:08:8e:e9:b7:c9:06:26:b6:c0:
ba:67:41:26:0b:86:bd:fe:13:88:68:86:c6:9b:5c:e5:e7:b2:
ec:f1:0f:cf:36:9f:45:19:d4:61:19:26:08:18:73:f9:af:a5:
8f:18:a8:c2:3f:49:7b:05:88:48:fe:cb:87:e3:1f:74:84:b6:
3d:8c:84:91:fa:94:ef:6a:64:65:fd:a6:1f:bf:f2:49:54:d9:
07:2a:af:3c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZZ68/bluBmrkySZYDvNVA3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI4MDU1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmMzODg3M2U2ZWFmMTU0YzJjNGE4NTRlN2M2MmZkZmEzZjU1YjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX5m691hhyViEoNKTk/zSCTDGirM
j+NOgcD3iZqugG5rv5BvYrX1ZgZl5sv3YiPH03kWs9E6UINzSBCPmemtKzu0vjwT
881jYVstDmNjeHBjQR7uIbny3EkfzhkfNnmQHZuZqgMa63K/Dk8ztrzZ3hdgLxv6
HNiHrO5hljA/QiZ4vzP934IUrRYZEQrg8u56Cb7ZpsWA4uooWOlCj7cLLfxH8AqP
aYVibJLD9/OhQdC+5z4hmmO8odHkI6t2d9VRQqr6xBLPx0fK9/IaXlURDcQ48F/l
bA5WUfy2puRlVfRxGgjoSDdGwoUVR/u87vjnEPoiBwZvyDai7KQkdCkQuwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNvDiHPm6vFUwsSoVOfGL9+j9VsjMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMjhPSWMtYnE4VlRDeEtoVTU4WXYzNlAxV3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAJcreAwQA
l/ADAwQAl/BPAwQAl/BuAwQAl/JXAwQBl/KuAwQBl/LAAwQAl/NlAwQAl/R+MA0G
CSqGSIb3DQEBCwUAA4IBAQAcQVJ1UMflM2UHAZnSa5BBjsgLPhflg1Rg5qsYgDwY
B3KkWVZt50hpLWa0cCDPSG5pJL4TACwhTqeCR1YpDMTmbSBnRP6waRvyjW+kBRc4
cipJQ3KQRzj7WZpYuSPEd1fJzi4kZlKR2JOpCcmO8ry7gnfn6sCm0zjUu2c73r9D
KNwPk3zwM+KHcu4Kpx3XV4hezw6Pe3EYlD7VB3mu7eTYkO8Zw+WeRiPqlCQIjum3
yQYmtsC6Z0EmC4a9/hOIaIbGm1zl57Ls8Q/PNp9FGdRhGSYIGHP5r6WPGKjCP0l7
BYhI/suH4x90hLY9jISR+pTvamRl/aYfv/JJVNkHKq88
-----END CERTIFICATE-----
Generated at Thu May 15 16:41:51 2025 by rpki-client