Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/4-3sIadXxw8jhxtnKxKVgNL5HSk.roa
File: 4-3sIadXxw8jhxtnKxKVgNL5HSk.roa (raw, json)
Hash identifier: XG49j70z1M01uEIsgRHGQd7zn7Dinsd8zw03u121Tz8=
Subject key identifier: E3:ED:EC:21:A7:57:C7:0F:23:87:1B:67:2B:12:95:80:D2:F9:1D:29
Certificate issuer: /CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Certificate serial: 0196342AC2B52E979649CAF5195B9E0DEC2C
Authority key identifier: 41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/4-3sIadXxw8jhxtnKxKVgNL5HSk.roa
Signing time: Mon 14 Apr 2025 11:58:59 +0000
ROA not before: Mon 14 Apr 2025 11:58:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205516
IP address blocks: 5.35.80.0/24 maxlen: 24
5.35.81.0/24 maxlen: 24
37.233.81.0/24 maxlen: 24
77.73.232.0/24 maxlen: 24
83.222.22.0/23 maxlen: 24
89.169.36.0/23 maxlen: 24
90.156.252.0/23 maxlen: 24
91.218.140.0/24 maxlen: 24
91.218.141.0/24 maxlen: 24
178.236.16.0/24 maxlen: 24
178.236.17.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.mft
rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 01 May 2025 13:16:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:34:2a:c2:b5:2e:97:96:49:ca:f5:19:5b:9e:0d:ec:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Validity
Not Before: Apr 14 11:58:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e3edec21a757c70f23871b672b129580d2f91d29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:76:33:e2:76:7b:c5:a7:df:4d:c3:50:59:04:
8b:62:00:15:ad:3b:3b:04:79:24:37:19:89:6a:2a:
1d:93:66:dc:76:66:dc:b9:5d:8a:e2:f9:c1:f7:e5:
02:19:32:fa:37:a3:43:d6:f5:11:3b:e0:f5:1d:9c:
39:75:c9:e2:1f:e2:61:95:d0:ea:fa:f1:34:72:98:
90:62:1c:38:54:c6:2c:c7:e3:48:41:f3:04:49:e3:
92:8a:3f:6b:45:9f:f1:8e:25:ed:e3:cb:3c:62:47:
ae:18:34:2b:cf:e1:6b:9d:5f:22:af:b3:26:55:95:
d3:55:dd:a8:6b:51:99:39:40:7f:e6:72:2d:87:1f:
f4:bd:01:3b:2d:69:17:e8:71:a1:9d:8b:b8:96:6e:
da:f1:74:5f:35:da:28:3c:73:54:69:eb:ff:a1:74:
ba:43:52:aa:88:98:14:f0:c0:b2:8f:fc:b6:0e:12:
7f:56:2b:6f:bb:ce:db:bd:51:e8:a4:1b:32:f0:c1:
e1:ab:b7:1b:ac:79:25:93:bb:ad:eb:93:a7:99:80:
d4:12:28:48:fb:b3:98:25:2e:77:f8:8c:6a:dc:08:
c7:83:03:74:c7:33:65:63:76:4e:06:93:b0:c9:18:
03:7a:7d:b6:26:67:b8:53:25:53:e7:b3:6a:c0:61:
b2:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:ED:EC:21:A7:57:C7:0F:23:87:1B:67:2B:12:95:80:D2:F9:1D:29
X509v3 Authority Key Identifier:
keyid:41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/4-3sIadXxw8jhxtnKxKVgNL5HSk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.80.0/23
37.233.81.0/24
77.73.232.0/24
83.222.22.0/23
89.169.36.0/23
90.156.252.0/23
91.218.140.0/23
178.236.16.0/23
Signature Algorithm: sha256WithRSAEncryption
7b:00:87:e3:3c:2b:c5:22:c7:63:db:34:85:f3:ee:90:da:c7:
92:ac:2d:48:ba:94:03:ae:0a:3f:9b:79:64:5d:68:ea:b7:a0:
fe:d6:18:3e:df:ea:24:5d:c2:d9:4b:25:47:60:03:ee:d4:d2:
05:f0:24:e4:c3:66:3a:d4:76:99:f3:78:8c:94:33:60:b1:b9:
28:65:cd:66:34:f7:cb:70:7a:09:9a:b9:c1:1d:14:79:89:79:
84:b8:04:fa:99:91:d3:cd:81:a0:4b:15:b5:4a:11:39:e6:a1:
8c:35:35:00:31:bc:f9:a7:f3:e9:ea:c6:47:f7:6c:cb:cf:8a:
d1:6e:a6:df:2c:57:c3:0c:49:c6:2b:bf:dd:53:dc:12:d0:42:
8c:5f:6f:0e:2c:4a:92:ea:7f:16:8a:2c:2a:a9:6a:c9:d5:c4:
6c:64:ab:d4:7f:58:49:94:ff:7a:6a:8c:7d:81:cd:dc:94:a4:
5e:a0:4c:8b:69:f4:e0:e6:13:bf:22:cd:08:bf:9f:82:d2:bb:
a6:58:7f:72:ce:e8:f6:9b:34:6f:f2:12:c2:34:59:1d:d2:fc:
bd:9e:80:6b:de:a4:35:fc:a3:c5:89:e9:ba:b1:26:86:62:d3:
ce:e5:70:c8:2e:cd:cf:8c:f0:d7:94:54:5e:38:1c:f3:9e:e9:
6f:53:51:0b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZY0KsK1LpeWScr1GVueDewsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzNlZWI4ZDAyZjVmNjQ3ODhiM2ZkYzc4ZDZiYWI4YTU1
ZmQxNmEwHhcNMjUwNDE0MTE1ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2VkZWMyMWE3NTdjNzBmMjM4NzFiNjcyYjEyOTU4MGQyZjkxZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3Yz4nZ7xaffTcNQWQSLYgAVrTs7
BHkkNxmJaiodk2bcdmbcuV2K4vnB9+UCGTL6N6ND1vURO+D1HZw5dcniH+JhldDq
+vE0cpiQYhw4VMYsx+NIQfMESeOSij9rRZ/xjiXt48s8YkeuGDQrz+FrnV8ir7Mm
VZXTVd2oa1GZOUB/5nIthx/0vQE7LWkX6HGhnYu4lm7a8XRfNdooPHNUaev/oXS6
Q1KqiJgU8MCyj/y2DhJ/Vitvu87bvVHopBsy8MHhq7cbrHklk7ut65OnmYDUEihI
+7OYJS53+Ixq3AjHgwN0xzNlY3ZOBpOwyRgDen22Jme4UyVT57NqwGGyNwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOPt7CGnV8cPI4cbZysSlYDS+R0pMB8GA1UdIwQY
MBaAFEFz7rjQL19keIs/3HjWurilX9FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmIt
ZDgzZWQxNDBkMjhkLzEvNC0zc0lhZFh4dzhqaHh0bkt4S1ZnTkw1SFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmItZDgzZWQxNDBkMjhk
LzEvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBBSNQAwQA
JelRAwQATUnoAwQBU94WAwQBWakkAwQBWpz8AwQBW9qMAwQBsuwQMA0GCSqGSIb3
DQEBCwUAA4IBAQB7AIfjPCvFIsdj2zSF8+6Q2seSrC1IupQDrgo/m3lkXWjqt6D+
1hg+3+okXcLZSyVHYAPu1NIF8CTkw2Y61HaZ83iMlDNgsbkoZc1mNPfLcHoJmrnB
HRR5iXmEuAT6mZHTzYGgSxW1ShE55qGMNTUAMbz5p/Pp6sZH92zLz4rRbqbfLFfD
DEnGK7/dU9wS0EKMX28OLEqS6n8WiiwqqWrJ1cRsZKvUf1hJlP96aox9gc3clKRe
oEyLafTg5hO/Is0Iv5+C0rumWH9yzuj2mzRv8hLCNFkd0vy9noBr3qQ1/KPFiem6
sSaGYtPO5XDILs3PjPDXlFReOBzznulvU1EL
-----END CERTIFICATE-----
Generated at Wed Apr 30 22:58:01 2025 by rpki-client