Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/4yhrEPquDWqMWiUEurgxgpe4Z64.roa
File: 4yhrEPquDWqMWiUEurgxgpe4Z64.roa (raw, json)
Hash identifier: GAPEp0iDkhSK0QKol83Ga2o50iNkeUXCz5jUqWOb9Ow=
Subject key identifier: E3:28:6B:10:FA:AE:0D:6A:8C:5A:25:04:BA:B8:31:82:97:B8:67:AE
Certificate issuer: /CN=53f3590809d187f7b361fb24cd43f93f664b20b3
Certificate serial: 01975A27F61987E8F45D4045B74BA95CDA89
Authority key identifier: 53:F3:59:08:09:D1:87:F7:B3:61:FB:24:CD:43:F9:3F:66:4B:20:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/4yhrEPquDWqMWiUEurgxgpe4Z64.roa
Signing time: Tue 10 Jun 2025 14:04:17 +0000
ROA not before: Tue 10 Jun 2025 14:04:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60349
IP address blocks: 194.38.36.0/22 maxlen: 23
194.38.36.0/24 maxlen: 24
194.38.38.0/24 maxlen: 24
194.38.39.0/24 maxlen: 24
2a09:6d40::/31 maxlen: 31
2a09:6d40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.mft
rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 16 Jun 2025 02:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5a:27:f6:19:87:e8:f4:5d:40:45:b7:4b:a9:5c:da:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53f3590809d187f7b361fb24cd43f93f664b20b3
Validity
Not Before: Jun 10 14:04:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e3286b10faae0d6a8c5a2504bab8318297b867ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:25:77:9e:9c:b0:2a:94:c8:d6:ee:bc:8d:09:
99:5d:e1:89:4a:05:87:3d:e9:c9:fa:39:89:1f:42:
34:31:2b:46:39:4b:37:c7:c5:54:13:15:7e:04:ac:
be:48:77:fc:95:72:5c:46:48:5e:84:38:c9:90:d0:
89:c1:69:f3:c5:bb:29:50:c6:37:ce:08:f7:14:1b:
f3:b3:04:57:ab:af:ef:c1:f6:54:13:eb:9a:07:7b:
13:6f:4a:33:33:42:6b:a8:ec:c6:5f:a0:5b:46:19:
15:8a:a2:1b:a1:e3:6a:9a:f3:f2:db:79:a2:1e:5e:
e9:ee:61:0c:43:b4:8b:0e:6c:56:58:4d:c7:63:60:
4b:ee:03:61:8b:9d:0b:57:33:fd:56:51:ed:f5:48:
0c:6e:51:44:5a:4f:85:ce:1e:a0:c0:83:3c:e7:c4:
26:a5:82:cf:4e:9e:08:94:9b:7a:77:b9:3f:45:2e:
d8:97:83:88:e8:73:1d:0a:1f:c6:92:7c:17:45:e4:
3d:9f:4c:15:89:5c:d4:4d:eb:9e:8a:dc:f6:79:24:
72:4c:9e:bf:c6:c1:55:57:8f:b6:21:bd:7b:cd:bf:
7b:7e:86:31:20:4e:59:fb:ec:0f:45:4e:4b:24:2b:
b8:61:9e:15:44:ab:9a:7a:3e:d0:a0:94:7a:28:3f:
75:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:28:6B:10:FA:AE:0D:6A:8C:5A:25:04:BA:B8:31:82:97:B8:67:AE
X509v3 Authority Key Identifier:
keyid:53:F3:59:08:09:D1:87:F7:B3:61:FB:24:CD:43:F9:3F:66:4B:20:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/4yhrEPquDWqMWiUEurgxgpe4Z64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.38.36.0/22
IPv6:
2a09:6d40::/31
Signature Algorithm: sha256WithRSAEncryption
7a:78:57:40:4d:b5:da:78:67:97:08:66:14:1f:a0:9c:d1:a5:
05:30:93:99:34:aa:2c:33:2d:c2:07:66:b6:6e:8e:1c:27:06:
db:64:6f:8d:2e:d9:b1:9f:ad:7f:a3:7f:2f:5a:c7:06:8f:bf:
81:0d:8d:86:9b:a8:b5:72:2d:63:1c:41:b2:87:b2:83:77:30:
0d:c7:e5:4e:60:ad:17:8d:a3:ac:ed:6f:d0:8c:d7:67:bc:b6:
53:1d:d7:63:d3:d7:7b:18:08:c3:57:7d:ec:1d:e2:0b:f5:ba:
f1:12:85:54:e0:37:6f:32:39:74:b2:03:28:46:8b:08:21:e1:
e1:55:40:49:4f:78:15:44:4c:52:d4:bc:ed:5f:b7:ba:3c:31:
37:fb:27:9b:a1:26:92:41:14:3c:d0:ba:fd:fd:1e:ca:d6:96:
16:29:a7:c4:ee:04:2e:34:1f:fc:ae:25:50:83:35:0a:85:2e:
9a:7a:b4:23:da:61:93:70:bd:55:99:01:9d:18:7b:33:73:67:
b0:07:9d:fb:74:c0:cd:01:4a:67:bc:9b:8b:96:4a:98:48:53:
44:a2:e9:fd:21:9c:8e:96:e5:0f:80:f2:a9:41:45:42:d5:64:
5d:72:d7:d9:4c:cd:61:5a:3c:f6:52:c1:68:3c:97:28:12:c0:
35:24:90:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdaJ/YZh+j0XUBFt0upXNqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjM1OTA4MDlkMTg3ZjdiMzYxZmIyNGNkNDNmOTNmNjY0
YjIwYjMwHhcNMjUwNjEwMTQwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzI4NmIxMGZhYWUwZDZhOGM1YTI1MDRiYWI4MzE4Mjk3Yjg2N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCV3npywKpTI1u68jQmZXeGJSgWH
PenJ+jmJH0I0MStGOUs3x8VUExV+BKy+SHf8lXJcRkhehDjJkNCJwWnzxbspUMY3
zgj3FBvzswRXq6/vwfZUE+uaB3sTb0ozM0JrqOzGX6BbRhkViqIboeNqmvPy23mi
Hl7p7mEMQ7SLDmxWWE3HY2BL7gNhi50LVzP9VlHt9UgMblFEWk+Fzh6gwIM858Qm
pYLPTp4IlJt6d7k/RS7Yl4OI6HMdCh/GknwXReQ9n0wViVzUTeueitz2eSRyTJ6/
xsFVV4+2Ib17zb97foYxIE5Z++wPRU5LJCu4YZ4VRKuaej7QoJR6KD91owIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOMoaxD6rg1qjFolBLq4MYKXuGeuMB8GA1UdIwQY
MBaAFFPzWQgJ0Yf3s2H7JM1D+T9mSyCzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9OWkNBblJoX2V6WWZza3pVUDVQMlpMSUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9kZTYzODMtNGFkNS00NTdiLTk1M2Mt
YTc3NmZlZGU5OTA1LzEvNHlockVQcXVEV3FNV2lVRXVyZ3hncGU0WjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9kZTYzODMtNGFkNS00NTdiLTk1M2MtYTc3NmZlZGU5OTA1
LzEvVV9OWkNBblJoX2V6WWZza3pVUDVQMlpMSUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwiYkMA0E
AgACMAcDBQEqCW1AMA0GCSqGSIb3DQEBCwUAA4IBAQB6eFdATbXaeGeXCGYUH6Cc
0aUFMJOZNKosMy3CB2a2bo4cJwbbZG+NLtmxn61/o38vWscGj7+BDY2Gm6i1ci1j
HEGyh7KDdzANx+VOYK0XjaOs7W/QjNdnvLZTHddj09d7GAjDV33sHeIL9brxEoVU
4DdvMjl0sgMoRosIIeHhVUBJT3gVRExS1LztX7e6PDE3+yeboSaSQRQ80Lr9/R7K
1pYWKafE7gQuNB/8riVQgzUKhS6aerQj2mGTcL1VmQGdGHszc2ewB537dMDNAUpn
vJuLlkqYSFNEoun9IZyOluUPgPKpQUVC1WRdctfZTM1hWjz2UsFoPJcoEsA1JJDm
-----END CERTIFICATE-----
Generated at Sun Jun 15 13:00:10 2025 by rpki-client