Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/KYOg-dAg0vv0T7Zs4Y4I1onJjE0.roa
File: KYOg-dAg0vv0T7Zs4Y4I1onJjE0.roa (raw, json)
Hash identifier: g3qtavjbfCGQFsBz6TP8eR2TEu9Irpo7FH09zXX+uJU=
Subject key identifier: 29:83:A0:F9:D0:20:D2:FB:F4:4F:B6:6C:E1:8E:08:D6:89:C9:8C:4D
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01966FEB8E4B0BB2A7B08BBB40C8B4BA5351
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/KYOg-dAg0vv0T7Zs4Y4I1onJjE0.roa
Signing time: Sat 26 Apr 2025 02:27:10 +0000
ROA not before: Sat 26 Apr 2025 02:27:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 37.128.240.0/21 maxlen: 24
37.128.248.0/23 maxlen: 24
37.128.250.0/23 maxlen: 24
37.128.252.0/23 maxlen: 24
37.128.254.0/23 maxlen: 24
109.111.32.0/20 maxlen: 24
109.111.36.0/22 maxlen: 24
109.111.42.0/23 maxlen: 24
109.111.44.0/22 maxlen: 24
109.111.48.0/22 maxlen: 24
109.111.56.0/22 maxlen: 22
176.221.16.0/22 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.22.0/23 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.28.0/23 maxlen: 24
176.221.30.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6f:eb:8e:4b:0b:b2:a7:b0:8b:bb:40:c8:b4:ba:53:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 26 02:27:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2983a0f9d020d2fbf44fb66ce18e08d689c98c4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:7e:a4:40:92:50:44:05:99:b4:d4:7c:b6:81:
cd:f7:bd:ca:15:f7:4d:e0:19:4b:8e:ca:6e:07:e9:
1a:ad:a6:bd:01:14:6b:42:9b:c4:d0:7b:ff:5c:81:
19:ba:ad:7d:3a:9e:a1:1d:24:db:b7:ec:95:b6:b0:
77:76:5c:d0:13:7c:ce:d2:5e:6c:35:b5:39:d5:8c:
fb:11:2c:5d:76:19:0f:5a:bc:fa:0b:a9:e2:b7:fa:
36:eb:72:ef:d3:a6:6f:09:62:d4:2c:3a:25:f9:46:
a6:64:b6:78:a7:25:3f:6f:f0:6d:79:cf:db:84:82:
f4:e4:8a:e4:9c:4e:cc:91:8c:a0:c7:7a:3f:43:18:
b7:91:3c:f6:4d:9d:55:ce:10:bc:98:5f:1d:43:32:
88:a7:7d:67:e3:5b:61:d8:52:6c:21:e7:35:4f:31:
45:95:9f:37:dc:7c:d5:17:ff:55:51:5c:76:10:bb:
56:24:8e:ca:54:9d:18:1b:9e:61:41:19:c3:3f:ce:
6c:d7:4e:de:a7:d1:8f:98:e2:92:98:01:56:c6:8a:
63:8e:b1:bb:72:82:07:99:1f:ea:4a:66:f1:4e:c7:
86:80:0e:53:3d:a4:f7:9d:4a:ff:ac:e5:51:e6:5b:
d8:a4:d8:f7:ca:1b:af:49:b9:7c:45:7b:fd:a0:13:
15:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:83:A0:F9:D0:20:D2:FB:F4:4F:B6:6C:E1:8E:08:D6:89:C9:8C:4D
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/KYOg-dAg0vv0T7Zs4Y4I1onJjE0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.240.0/20
109.111.32.0-109.111.51.255
109.111.56.0/22
176.221.16.0/20
Signature Algorithm: sha256WithRSAEncryption
97:70:ec:5b:b1:5f:36:e8:b8:ba:dc:d0:61:b6:91:d8:a7:2e:
1f:60:6c:bb:a3:cb:e9:8b:d4:ee:ad:63:27:87:fe:a2:fe:91:
28:5f:79:b6:97:ca:ef:01:aa:5d:dc:82:67:db:af:9c:2b:76:
6a:b2:d8:4f:ee:55:17:d5:11:be:33:fd:24:cd:b7:bd:0b:9a:
d1:b0:01:df:34:53:39:7e:46:74:a7:5b:5d:ed:5c:a8:8f:03:
42:8b:af:90:1e:2a:50:73:8d:18:61:5a:7e:70:25:7e:7f:26:
aa:b8:d1:9d:24:e1:4d:8e:e4:89:15:14:21:5d:a2:13:3f:4b:
92:f7:3c:de:da:23:91:ca:fb:e3:5a:0e:b8:77:91:5c:5c:97:
3c:52:af:6d:ba:fe:99:11:83:35:cb:7a:43:1d:a0:c7:48:6f:
ff:46:f9:8c:56:e6:51:5a:c1:62:45:0a:8a:2f:eb:88:06:f1:
58:cd:5e:af:de:fb:02:fb:e0:3e:26:48:ec:59:87:71:2a:48:
12:f3:52:2d:e3:2b:0c:8f:7d:c6:79:82:ea:d3:0d:c7:18:6d:
e0:5b:3c:61:30:bc:89:92:93:dd:54:7d:36:d4:b9:27:4a:5a:
4b:66:c9:f6:44:87:e6:df:f0:ea:0e:b0:4e:63:4e:cb:84:49:
5b:27:30:c6
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZZv645LC7KnsIu7QMi0ulNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwNDI2MDIyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTgzYTBmOWQwMjBkMmZiZjQ0ZmI2NmNlMThlMDhkNjg5Yzk4YzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo36kQJJQRAWZtNR8toHN973KFfdN
4BlLjspuB+karaa9ARRrQpvE0Hv/XIEZuq19Op6hHSTbt+yVtrB3dlzQE3zO0l5s
NbU51Yz7ESxddhkPWrz6C6nit/o263Lv06ZvCWLULDol+UamZLZ4pyU/b/Btec/b
hIL05IrknE7MkYygx3o/Qxi3kTz2TZ1VzhC8mF8dQzKIp31n41th2FJsIec1TzFF
lZ833HzVF/9VUVx2ELtWJI7KVJ0YG55hQRnDP85s107ep9GPmOKSmAFWxopjjrG7
coIHmR/qSmbxTseGgA5TPaT3nUr/rOVR5lvYpNj3yhuvSbl8RXv9oBMV2wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCmDoPnQINL79E+2bOGOCNaJyYxNMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvS1lPZy1kQWcwdnYwVDdaczRZNEkxb25KakUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEJYDwMAwD
BAVtbyADBAJtbzADBAJtbzgDBASw3RAwDQYJKoZIhvcNAQELBQADggEBAJdw7Fux
XzbouLrc0GG2kdinLh9gbLujy+mL1O6tYyeH/qL+kShfebaXyu8Bql3cgmfbr5wr
dmqy2E/uVRfVEb4z/STNt70LmtGwAd80Uzl+RnSnW13tXKiPA0KLr5AeKlBzjRhh
Wn5wJX5/Jqq40Z0k4U2O5IkVFCFdohM/S5L3PN7aI5HK++NaDrh3kVxclzxSr226
/pkRgzXLekMdoMdIb/9G+YxW5lFawWJFCoov64gG8VjNXq/e+wL74D4mSOxZh3Eq
SBLzUi3jKwyPfcZ5gurTDccYbeBbPGEwvImSk91UfTbUuSdKWktmyfZEh+bf8OoO
sE5jTsuESVsnMMY=
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:55:49 2025 by rpki-client