Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/0QOnXjCP1dn_5lYUQyJg0t_En4o.roa
File: 0QOnXjCP1dn_5lYUQyJg0t_En4o.roa (raw, json)
Hash identifier: y1cgMbD2nAWnJWQ78XcxrC+CxzOJJUBHTrD59gymQbQ=
Subject key identifier: D1:03:A7:5E:30:8F:D5:D9:FF:E6:56:14:43:22:60:D2:DF:C4:9F:8A
Certificate issuer: /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial: 01966491ACE90B19B518DFBE665401887C72
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/0QOnXjCP1dn_5lYUQyJg0t_En4o.roa
Signing time: Wed 23 Apr 2025 21:33:10 +0000
ROA not before: Wed 23 Apr 2025 21:33:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48314
IP address blocks: 5.175.233.0/24 maxlen: 24
77.90.0.0/24 maxlen: 24
77.90.2.0/24 maxlen: 24
77.90.8.0/24 maxlen: 24
77.90.13.0/24 maxlen: 24
77.90.18.0/24 maxlen: 24
77.90.51.0/24 maxlen: 24
87.239.130.0/24 maxlen: 24
94.249.193.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 05:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:64:91:ac:e9:0b:19:b5:18:df:be:66:54:01:88:7c:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
Validity
Not Before: Apr 23 21:33:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d103a75e308fd5d9ffe65614432260d2dfc49f8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:7b:01:09:c4:6d:da:0c:6d:10:01:9a:d8:1e:
17:e3:5e:be:72:96:cc:9b:6b:81:36:7f:f2:ad:19:
2e:ba:21:e7:fe:19:92:c9:76:25:68:64:20:bd:af:
82:9f:d7:d4:43:cb:73:c3:33:0d:a8:69:ad:29:d5:
a0:35:4a:8c:b9:78:f8:a0:d1:53:30:30:4a:45:70:
42:61:2f:cd:3f:61:70:8f:11:96:ce:05:8d:2c:41:
a0:97:89:db:dd:b6:b2:ab:1d:9f:2b:4f:9d:10:14:
ea:b2:87:77:5f:e7:e0:1d:c0:af:5d:7b:22:90:b9:
bf:59:ec:85:4a:b2:59:dc:29:0f:b8:a8:7e:a3:9b:
c6:b1:ed:fe:9d:04:05:66:0f:07:9a:10:76:de:1a:
e5:d7:a1:7f:ff:b6:e3:0d:cc:6a:cf:c5:3a:2d:a6:
fa:97:f9:0f:85:37:01:cb:89:3c:4c:61:c9:7b:b9:
35:44:ae:59:f6:84:e2:76:4b:45:cc:c7:8d:3e:70:
cf:79:61:41:0f:37:f4:bd:65:33:76:36:88:65:79:
19:ff:6d:3c:fd:fe:bd:d1:c6:ea:be:fe:aa:c5:e9:
5e:4c:c2:a6:a6:72:18:8c:28:85:39:e8:65:e9:8e:
9d:2a:d6:5b:06:ba:fe:05:00:f6:ab:38:7e:ed:60:
b0:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:03:A7:5E:30:8F:D5:D9:FF:E6:56:14:43:22:60:D2:DF:C4:9F:8A
X509v3 Authority Key Identifier:
keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/0QOnXjCP1dn_5lYUQyJg0t_En4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.175.233.0/24
77.90.0.0/24
77.90.2.0/24
77.90.8.0/24
77.90.13.0/24
77.90.18.0/24
77.90.51.0/24
87.239.130.0/24
94.249.193.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:00:53:85:60:e6:d2:2e:0a:67:1c:0c:bc:f0:45:6e:88:e8:
55:d2:02:5b:62:78:a7:23:58:94:91:7f:70:bd:e2:2c:32:22:
a4:bd:45:2a:2f:5b:50:d8:47:c9:76:1c:c7:6f:d1:f0:c2:a9:
2b:85:b4:16:30:81:56:4d:ef:ec:0b:a9:58:be:4e:47:ef:f4:
76:ef:3c:90:65:56:2b:21:75:6f:54:27:09:8e:4d:39:35:80:
15:81:c7:63:b9:73:a8:bf:6f:25:77:0e:a1:3c:40:ac:3f:63:
19:ea:86:75:14:93:40:ca:54:fe:5d:cc:fa:d3:82:88:dc:14:
5d:28:97:e1:7b:d3:67:db:e0:c4:4c:b4:d8:f1:59:ac:3b:6c:
ee:3f:d5:58:3e:52:7c:61:e4:9f:08:49:d0:6f:8d:a2:ff:bc:
b8:92:da:4d:61:12:b0:b5:64:d5:f5:96:9a:b2:04:23:c2:96:
fc:4a:5c:00:5d:f9:f6:d1:9c:a0:2a:36:55:90:0b:c8:a8:19:
5c:67:49:81:7e:a4:3a:ba:e0:22:5f:65:e1:d8:dc:e8:d1:eb:
7c:73:25:82:93:06:6e:ed:02:a4:50:d8:5b:b8:4a:2e:e5:8d:
b5:5e:d4:fb:97:0f:a8:c9:9e:67:1d:c0:84:0a:a3:6b:d8:eb:
89:81:4a:96
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZZkkazpCxm1GN++ZlQBiHxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDIzMjEzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTAzYTc1ZTMwOGZkNWQ5ZmZlNjU2MTQ0MzIyNjBkMmRmYzQ5ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHsBCcRt2gxtEAGa2B4X416+cpbM
m2uBNn/yrRkuuiHn/hmSyXYlaGQgva+Cn9fUQ8tzwzMNqGmtKdWgNUqMuXj4oNFT
MDBKRXBCYS/NP2FwjxGWzgWNLEGgl4nb3bayqx2fK0+dEBTqsod3X+fgHcCvXXsi
kLm/WeyFSrJZ3CkPuKh+o5vGse3+nQQFZg8HmhB23hrl16F//7bjDcxqz8U6Lab6
l/kPhTcBy4k8TGHJe7k1RK5Z9oTidktFzMeNPnDPeWFBDzf0vWUzdjaIZXkZ/208
/f690cbqvv6qxeleTMKmpnIYjCiFOehl6Y6dKtZbBrr+BQD2qzh+7WCw+wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNEDp14wj9XZ/+ZWFEMiYNLfxJ+KMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMFFPblhqQ1AxZG5fNWxZVVF5SmcwdF9FbjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQABa/pAwQA
TVoAAwQATVoCAwQATVoIAwQATVoNAwQATVoSAwQATVozAwQAV++CAwQAXvnBMA0G
CSqGSIb3DQEBCwUAA4IBAQAMAFOFYObSLgpnHAy88EVuiOhV0gJbYninI1iUkX9w
veIsMiKkvUUqL1tQ2EfJdhzHb9HwwqkrhbQWMIFWTe/sC6lYvk5H7/R27zyQZVYr
IXVvVCcJjk05NYAVgcdjuXOov28ldw6hPECsP2MZ6oZ1FJNAylT+Xcz604KI3BRd
KJfhe9Nn2+DETLTY8VmsO2zuP9VYPlJ8YeSfCEnQb42i/7y4ktpNYRKwtWTV9Zaa
sgQjwpb8SlwAXfn20ZygKjZVkAvIqBlcZ0mBfqQ6uuAiX2Xh2Nzo0et8cyWCkwZu
7QKkUNhbuEou5Y21XtT7lw+oyZ5nHcCECqNr2OuJgUqW
-----END CERTIFICATE-----
Generated at Sun Apr 27 15:43:15 2025 by rpki-client