Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oGkcRb2EyQxvMQoonDs87dYgmiM.roa
File: oGkcRb2EyQxvMQoonDs87dYgmiM.roa (raw, json)
Hash identifier: MfyN2V9sqLw2lJ8rtokA4J8KvtUiIrXwL8p1zhVYSEw=
Subject key identifier: A0:69:1C:45:BD:84:C9:0C:6F:31:0A:28:9C:3B:3C:ED:D6:20:9A:23
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0196641E50935AC89A8A04D6DEF7D2685C39
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oGkcRb2EyQxvMQoonDs87dYgmiM.roa
Signing time: Wed 23 Apr 2025 19:27:10 +0000
ROA not before: Wed 23 Apr 2025 19:27:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
193.23.209.0/24 maxlen: 24
193.23.210.0/24 maxlen: 24
193.23.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 03:00:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:64:1e:50:93:5a:c8:9a:8a:04:d6:de:f7:d2:68:5c:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 23 19:27:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0691c45bd84c90c6f310a289c3b3cedd6209a23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:5a:e6:f7:65:56:02:04:c7:31:d3:f5:56:54:
28:e9:5d:f4:58:22:95:5b:47:4c:07:c2:08:6e:0a:
a5:c1:73:c8:07:c2:66:27:11:e4:50:df:94:cd:a6:
52:3a:af:26:11:81:4d:a6:2f:b3:b7:c0:83:f6:e7:
2d:81:c8:c3:7a:f7:00:a8:96:14:7e:9b:cc:91:68:
dd:90:5e:0b:c1:01:91:54:64:fc:56:5f:c9:92:36:
85:78:b6:0d:23:93:17:51:ad:77:05:b2:66:d7:95:
1c:de:fa:0a:2b:14:09:25:01:2e:d6:89:07:06:98:
2b:3c:65:48:74:28:af:88:00:52:bd:3a:6d:07:9b:
40:58:7c:3e:c1:ea:11:a0:ab:a0:0e:4c:72:f6:86:
5b:65:b3:49:04:3b:8d:69:51:51:86:a4:6f:36:51:
0b:25:d3:4f:7f:92:d1:3a:91:0e:24:90:dc:8e:ad:
8b:d8:02:ca:d3:5c:f1:02:73:a2:27:31:3f:94:4b:
f9:c0:86:9a:46:1d:af:77:7f:be:40:7a:17:bc:00:
64:3b:cc:32:36:43:00:09:ad:27:b1:9c:99:21:fe:
b9:be:e1:07:25:a5:f4:0b:02:6a:83:ef:a5:60:0b:
b9:1d:72:72:35:04:84:c1:0c:b9:e0:05:a9:5b:70:
03:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:69:1C:45:BD:84:C9:0C:6F:31:0A:28:9C:3B:3C:ED:D6:20:9A:23
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oGkcRb2EyQxvMQoonDs87dYgmiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.124.0/22
185.216.104.0/22
193.23.209.0-193.23.211.255
Signature Algorithm: sha256WithRSAEncryption
48:c1:83:9f:92:73:78:2d:48:ac:e3:ed:7a:87:7a:c3:5a:83:
70:00:54:b8:3e:e4:5a:f9:05:98:1d:6c:c8:0d:e8:64:17:71:
0e:1b:0f:20:27:42:90:3e:be:ec:d2:77:e9:23:a5:42:fa:64:
90:e1:bf:ff:5d:ca:52:bc:35:14:92:d6:73:87:95:9b:a4:3c:
75:ea:7d:24:2d:66:72:72:fd:da:eb:96:f8:80:fd:07:66:a0:
40:da:e0:33:97:65:6b:f3:28:be:d4:26:b7:8d:5d:63:e5:b8:
84:1b:a5:fb:29:ec:64:71:be:3a:0a:d1:c7:0a:9b:2f:5e:42:
ce:80:4f:b1:dc:1e:dd:60:97:b3:49:78:09:61:05:87:c9:af:
15:19:7f:b6:38:70:3c:1b:94:c7:11:5c:17:ca:d1:37:d2:a6:
1f:ae:10:48:8a:8c:ee:5e:bc:15:ea:c3:1b:c6:32:a7:75:f7:
0f:5f:1f:d1:c8:99:2b:fa:68:b6:62:2f:8f:df:9e:21:b4:f8:
34:af:b7:b1:6d:13:a9:13:7b:ac:12:ee:34:4a:f7:3c:c6:2e:
dc:7f:24:08:40:58:8b:64:75:fc:d1:3a:28:f8:01:4e:7d:45:
08:fc:01:15:bf:f8:f0:47:b8:73:e7:d6:eb:c3:bc:a4:98:5c:
db:37:82:5f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZZkHlCTWsiaigTW3vfSaFw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDIzMTkyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDY5MWM0NWJkODRjOTBjNmYzMTBhMjg5YzNiM2NlZGQ2MjA5YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Frm92VWAgTHMdP1VlQo6V30WCKV
W0dMB8IIbgqlwXPIB8JmJxHkUN+UzaZSOq8mEYFNpi+zt8CD9uctgcjDevcAqJYU
fpvMkWjdkF4LwQGRVGT8Vl/JkjaFeLYNI5MXUa13BbJm15Uc3voKKxQJJQEu1okH
BpgrPGVIdCiviABSvTptB5tAWHw+weoRoKugDkxy9oZbZbNJBDuNaVFRhqRvNlEL
JdNPf5LROpEOJJDcjq2L2ALK01zxAnOiJzE/lEv5wIaaRh2vd3++QHoXvABkO8wy
NkMACa0nsZyZIf65vuEHJaX0CwJqg++lYAu5HXJyNQSEwQy54AWpW3AD7wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKBpHEW9hMkMbzEKKJw7PO3WIJojMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb0drY1JiMkV5UXh2TVFvb25Eczg3ZFlnbWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCQLx8AwQC
udhoMAwDBADBF9EDBALBF9AwDQYJKoZIhvcNAQELBQADggEBAEjBg5+Sc3gtSKzj
7XqHesNag3AAVLg+5Fr5BZgdbMgN6GQXcQ4bDyAnQpA+vuzSd+kjpUL6ZJDhv/9d
ylK8NRSS1nOHlZukPHXqfSQtZnJy/drrlviA/QdmoEDa4DOXZWvzKL7UJreNXWPl
uIQbpfsp7GRxvjoK0ccKmy9eQs6AT7HcHt1gl7NJeAlhBYfJrxUZf7Y4cDwblMcR
XBfK0TfSph+uEEiKjO5evBXqwxvGMqd19w9fH9HImSv6aLZiL4/fniG0+DSvt7Ft
E6kTe6wS7jRK9zzGLtx/JAhAWItkdfzROij4AU59RQj8ARW/+PBHuHPn1uvDvKSY
XNs3gl8=
-----END CERTIFICATE-----
Generated at Sun Apr 27 10:29:54 2025 by rpki-client