Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/dJ9hQp4AyQPJ5u1HFrps2_Ul2MI.roa
File: dJ9hQp4AyQPJ5u1HFrps2_Ul2MI.roa (raw, json)
Hash identifier: 2jcBuiHkvMfpaWxIkDJB9xWun6GcUPMuMYEixN7pU5w=
Subject key identifier: 74:9F:61:42:9E:00:C9:03:C9:E6:ED:47:16:BA:6C:DB:F5:25:D8:C2
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 01968C87C5C6FBACFDA99FC7F7118D13221B
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/dJ9hQp4AyQPJ5u1HFrps2_Ul2MI.roa
Signing time: Thu 01 May 2025 15:47:10 +0000
ROA not before: Thu 01 May 2025 15:47:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 31.44.32.0/20 maxlen: 20
31.44.46.0/23 maxlen: 23
45.143.158.0/23 maxlen: 24
45.143.159.0/24 maxlen: 24
46.21.29.0/24 maxlen: 24
185.155.176.0/22 maxlen: 24
185.155.184.0/23 maxlen: 24
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
193.222.105.0/24 maxlen: 24
2a00:bd00::/32 maxlen: 32
2a0f:e880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:8c:87:c5:c6:fb:ac:fd:a9:9f:c7:f7:11:8d:13:22:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: May 1 15:47:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=749f61429e00c903c9e6ed4716ba6cdbf525d8c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:6f:06:b7:1d:1a:03:79:96:fc:67:c3:2d:61:
75:ec:e0:01:89:6b:2b:b2:8d:fd:0d:33:d8:91:86:
a0:b8:a7:2a:5c:f0:09:18:8d:28:ca:33:f5:f0:ba:
17:e9:a7:34:a7:76:5b:38:b7:a3:e0:30:c7:f8:c2:
fa:0f:c8:6e:f3:14:76:98:91:fc:18:c2:76:94:b4:
77:62:59:d2:df:52:1a:4f:c0:74:eb:61:7a:22:f4:
ed:9d:32:0e:8c:ee:6a:15:fd:e8:65:bf:9a:e8:2b:
c2:98:65:f5:66:56:b7:04:20:a7:c9:fb:17:a1:6f:
05:42:74:1e:a3:78:bf:de:d3:37:d3:05:9d:9e:a3:
15:78:1e:d7:39:61:fd:f2:de:16:7d:c9:07:82:ec:
dc:a8:99:c7:a0:d0:e1:3b:5e:35:02:8c:c2:f3:dc:
6f:ee:2b:27:30:26:3a:6e:48:6d:f6:8b:e4:70:55:
11:dc:08:ae:44:60:a3:5b:0e:1d:08:f4:2c:c4:f2:
90:3f:04:13:78:27:80:ac:1c:72:6a:11:07:d3:83:
ef:50:6f:15:52:ae:32:49:5e:49:21:d9:a0:d6:de:
47:b4:dc:e0:3f:af:22:43:ee:51:d6:0a:f1:96:5d:
6d:96:c7:85:14:3a:5e:d9:cc:17:5c:b3:24:1d:f8:
61:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:9F:61:42:9E:00:C9:03:C9:E6:ED:47:16:BA:6C:DB:F5:25:D8:C2
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/dJ9hQp4AyQPJ5u1HFrps2_Ul2MI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
45.143.158.0/23
46.21.29.0/24
185.155.176.0/22
185.155.184.0/23
193.221.216.0/23
193.222.104.0/23
IPv6:
2a00:bd00::/32
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
51:dd:78:98:d9:a3:db:4b:30:c5:f9:72:d4:61:d9:ea:ff:1c:
3d:6f:51:61:50:99:75:60:bc:00:05:2e:5c:e6:d9:db:eb:de:
08:ea:64:89:0d:53:9e:c7:84:4e:59:ba:c1:e0:9e:45:16:1d:
81:99:7c:97:6b:46:7a:dd:cc:bf:1c:eb:6b:7c:92:3d:41:03:
c6:35:41:9c:1a:96:75:22:b8:ba:31:74:f3:13:be:70:9e:51:
67:65:82:71:c7:cb:f5:36:90:a4:20:dc:1d:e8:36:43:91:35:
6b:7d:ee:45:aa:3b:13:41:b9:91:9f:7d:29:ba:79:c5:99:54:
36:8c:78:4e:ea:14:f7:40:72:b9:db:03:6e:2d:9d:5d:48:52:
c1:aa:85:77:60:f7:e6:f7:0e:44:23:3e:52:72:f9:bc:54:4a:
85:74:28:9a:db:40:94:62:fe:b1:92:6a:a0:95:80:74:ff:57:
c0:79:45:6b:aa:32:b8:17:f5:ad:12:68:af:93:5e:54:25:13:
63:86:5d:71:95:6b:d5:54:dc:7e:bd:04:45:0d:f7:df:03:51:
a8:c2:75:f5:71:9f:63:95:9c:58:5b:49:1c:9b:30:a7:c8:b8:
31:c3:cf:c1:f7:03:1a:16:40:97:1c:f9:b1:a5:8b:07:13:d7:
ea:11:50:46
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZaMh8XG+6z9qZ/H9xGNEyIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwNTAxMTU0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDlmNjE0MjllMDBjOTAzYzllNmVkNDcxNmJhNmNkYmY1MjVkOGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjm8Gtx0aA3mW/GfDLWF17OABiWsr
so39DTPYkYaguKcqXPAJGI0oyjP18LoX6ac0p3ZbOLej4DDH+ML6D8hu8xR2mJH8
GMJ2lLR3YlnS31IaT8B062F6IvTtnTIOjO5qFf3oZb+a6CvCmGX1Zla3BCCnyfsX
oW8FQnQeo3i/3tM30wWdnqMVeB7XOWH98t4WfckHguzcqJnHoNDhO141AozC89xv
7isnMCY6bkht9ovkcFUR3AiuRGCjWw4dCPQsxPKQPwQTeCeArBxyahEH04PvUG8V
Uq4ySV5JIdmg1t5HtNzgP68iQ+5R1grxll1tlseFFDpe2cwXXLMkHfhhhQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFHSfYUKeAMkDyebtRxa6bNv1JdjCMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvZEo5aFFwNEF5UVBKNXUxSEZycHMyX1VsMk1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQEHywgAwQB
LY+eAwQALhUdAwQCuZuwAwQBuZu4AwQBwd3YAwQBwd5oMBQEAgACMA4DBQAqAL0A
AwUDKg/ogDANBgkqhkiG9w0BAQsFAAOCAQEAUd14mNmj20swxfly1GHZ6v8cPW9R
YVCZdWC8AAUuXObZ2+veCOpkiQ1TnseETlm6weCeRRYdgZl8l2tGet3Mvxzra3yS
PUEDxjVBnBqWdSK4ujF08xO+cJ5RZ2WCccfL9TaQpCDcHeg2Q5E1a33uRao7E0G5
kZ99Kbp5xZlUNox4TuoU90ByudsDbi2dXUhSwaqFd2D35vcORCM+UnL5vFRKhXQo
mttAlGL+sZJqoJWAdP9XwHlFa6oyuBf1rRJor5NeVCUTY4ZdcZVr1VTcfr0ERQ33
3wNRqMJ19XGfY5WcWFtJHJswp8i4McPPwfcDGhZAlxz5saWLBxPX6hFQRg==
-----END CERTIFICATE-----
Generated at Sun May 11 15:11:01 2025 by rpki-client