Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rJQnHWiwZQP2QoBfSiYXMFMvFII.roa
File: rJQnHWiwZQP2QoBfSiYXMFMvFII.roa (raw, json)
Hash identifier: cfcq+kMkXCmfze2yioS3BlGfGqwcqx6hTJO+tNYPSro=
Subject key identifier: AC:94:27:1D:68:B0:65:03:F6:42:80:5F:4A:26:17:30:53:2F:14:82
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019670704FBD7A93080F47FFF0650E070664
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rJQnHWiwZQP2QoBfSiYXMFMvFII.roa
Signing time: Sat 26 Apr 2025 04:52:10 +0000
ROA not before: Sat 26 Apr 2025 04:52:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 37.202.222.0/24 maxlen: 24
151.240.3.0/24 maxlen: 24
151.240.79.0/24 maxlen: 24
151.240.110.0/24 maxlen: 24
151.242.33.0/24 maxlen: 24
151.242.87.0/24 maxlen: 24
151.242.174.0/23 maxlen: 23
151.242.192.0/23 maxlen: 23
151.243.101.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 05:55:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:70:70:4f:bd:7a:93:08:0f:47:ff:f0:65:0e:07:06:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 26 04:52:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ac94271d68b06503f642805f4a261730532f1482
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:35:9f:43:e4:6b:d6:85:39:40:ec:ec:be:b9:
df:6e:a6:2f:db:ec:45:6d:9b:37:5c:3a:11:fd:d7:
10:8e:15:e4:d2:6b:20:40:52:88:bc:65:4a:68:fd:
e8:b9:97:86:41:48:7e:a5:60:cc:db:fe:52:e8:0d:
e0:e5:d9:48:a0:12:e9:fe:8f:3b:9b:99:96:a9:16:
cd:10:7b:1c:1d:6d:91:f1:22:aa:c0:3d:8f:8a:36:
cf:a5:26:3c:37:21:a9:ec:b8:d1:a1:82:fe:86:e0:
f3:f7:4d:d8:b4:53:4f:bf:7b:d4:2f:f2:eb:db:02:
7c:4c:f1:8a:d8:a2:3c:7f:05:a2:89:de:8e:e5:79:
ad:1e:d6:2c:7c:e3:e9:e7:c4:3c:9f:93:87:28:78:
35:b6:96:fe:f3:c2:39:1a:bf:0d:a8:c5:f9:79:50:
6c:12:8a:e9:af:2c:21:8e:31:43:82:2b:74:28:6f:
ba:80:46:f2:82:02:68:83:38:19:68:ce:f5:7b:3a:
8b:79:8f:c9:66:ea:3e:8b:a0:3c:90:90:4d:c4:12:
eb:02:0f:e8:bd:9c:34:41:06:42:c1:5d:d9:f6:3f:
be:f6:92:28:13:1c:c2:2d:13:35:2e:81:f7:39:73:
1f:73:2a:03:f5:a3:ad:69:09:20:d0:4a:9e:23:fb:
b7:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:94:27:1D:68:B0:65:03:F6:42:80:5F:4A:26:17:30:53:2F:14:82
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/rJQnHWiwZQP2QoBfSiYXMFMvFII.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.222.0/24
151.240.3.0/24
151.240.79.0/24
151.240.110.0/24
151.242.33.0/24
151.242.87.0/24
151.242.174.0/23
151.242.192.0/23
151.243.101.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:84:ab:f5:39:b0:e3:4a:a8:59:2a:bf:fa:b7:a9:c8:23:25:
46:47:80:67:f7:48:24:ce:b6:4f:c1:f0:6e:82:6c:07:55:a0:
52:91:32:5c:c9:c6:f7:0d:26:f0:83:5f:8f:b2:83:72:9f:e0:
0d:81:32:64:7d:57:ed:0f:b4:47:96:cf:6a:4f:38:cb:e8:d4:
b0:78:23:14:71:50:8d:b3:fd:d1:e8:8d:de:40:5b:f7:ca:21:
b7:17:26:4d:12:00:57:b2:59:10:29:64:3c:2e:8f:0d:0a:c4:
19:26:02:8b:0b:46:3f:a2:47:ea:91:98:cd:34:53:02:6b:bd:
bb:8f:f6:31:61:61:57:36:46:17:3d:a3:5d:af:40:11:b3:95:
49:01:98:3a:71:7f:7e:81:b8:3b:92:39:f5:a3:7d:1c:6b:f5:
eb:44:a5:37:62:0f:79:fc:2d:95:c9:23:b0:10:89:75:a7:88:
10:e9:3e:b0:8e:06:10:d6:4a:e5:8a:b8:19:28:c2:43:0c:5b:
91:e0:ee:5b:bd:83:da:4d:83:4c:33:ea:62:53:9c:5c:f1:d2:
14:55:29:10:8a:73:e2:39:00:ef:f1:9f:54:89:36:d6:e2:63:
31:67:93:40:b1:54:1c:90:f4:3e:58:11:68:0c:c3:d5:9f:fb:
cf:4d:59:29
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZZwcE+9epMID0f/8GUOBwZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI2MDQ1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk0MjcxZDY4YjA2NTAzZjY0MjgwNWY0YTI2MTczMDUzMmYxNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8TWfQ+Rr1oU5QOzsvrnfbqYv2+xF
bZs3XDoR/dcQjhXk0msgQFKIvGVKaP3ouZeGQUh+pWDM2/5S6A3g5dlIoBLp/o87
m5mWqRbNEHscHW2R8SKqwD2PijbPpSY8NyGp7LjRoYL+huDz903YtFNPv3vUL/Lr
2wJ8TPGK2KI8fwWiid6O5XmtHtYsfOPp58Q8n5OHKHg1tpb+88I5Gr8NqMX5eVBs
EorprywhjjFDgit0KG+6gEbyggJogzgZaM71ezqLeY/JZuo+i6A8kJBNxBLrAg/o
vZw0QQZCwV3Z9j++9pIoExzCLRM1LoH3OXMfcyoD9aOtaQkg0EqeI/u3uQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKyUJx1osGUD9kKAX0omFzBTLxSCMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvckpRbkhXaXdaUVAyUW9CZlNpWVhNRk12RklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAJcreAwQA
l/ADAwQAl/BPAwQAl/BuAwQAl/IhAwQAl/JXAwQBl/KuAwQBl/LAAwQAl/NlMA0G
CSqGSIb3DQEBCwUAA4IBAQAOhKv1ObDjSqhZKr/6t6nIIyVGR4Bn90gkzrZPwfBu
gmwHVaBSkTJcycb3DSbwg1+PsoNyn+ANgTJkfVftD7RHls9qTzjL6NSweCMUcVCN
s/3R6I3eQFv3yiG3FyZNEgBXslkQKWQ8Lo8NCsQZJgKLC0Y/okfqkZjNNFMCa727
j/YxYWFXNkYXPaNdr0ARs5VJAZg6cX9+gbg7kjn1o30ca/XrRKU3Yg95/C2VySOw
EIl1p4gQ6T6wjgYQ1krlirgZKMJDDFuR4O5bvYPaTYNMM+piU5xc8dIUVSkQinPi
OQDv8Z9UiTbW4mMxZ5NAsVQckPQ+WBFoDMPVn/vPTVkp
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:20:14 2025 by rpki-client