Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/QnKLXYadCEK7EFhDz6MF7GYNjvI.roa
File: QnKLXYadCEK7EFhDz6MF7GYNjvI.roa (raw, json)
Hash identifier: rOJkJ3eVk06xoaQ0gvNi9t1WIsPI6NQJ4lEou7caFDk=
Subject key identifier: 42:72:8B:5D:86:9D:08:42:BB:10:58:43:CF:A3:05:EC:66:0D:8E:F2
Certificate issuer: /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial: 019424B297C81244EB390FFF30D2DB3370F3
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/QnKLXYadCEK7EFhDz6MF7GYNjvI.roa
Signing time: Thu 02 Jan 2025 01:47:51 +0000
ROA not before: Thu 02 Jan 2025 01:47:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397221
IP address blocks: 37.209.192.0/24 maxlen: 24
37.209.194.0/24 maxlen: 24
37.209.196.0/24 maxlen: 24
37.209.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 23:34:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:97:c8:12:44:eb:39:0f:ff:30:d2:db:33:70:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Validity
Not Before: Jan 2 01:47:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=42728b5d869d0842bb105843cfa305ec660d8ef2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:5c:dd:b6:10:3c:34:0c:2c:8a:38:37:71:ab:
fe:a0:f7:94:72:f0:b4:aa:db:c3:f5:9f:e6:b4:0d:
e9:95:11:fa:77:19:e8:ef:c4:58:c7:90:39:81:de:
ad:f9:98:e2:40:8f:eb:9e:8d:ae:ce:28:bb:c3:da:
86:6f:72:6a:93:c5:f5:68:3d:85:37:18:e5:22:71:
25:8b:4a:9e:84:8c:d6:d1:b6:79:7a:b3:a0:f8:ef:
0d:0d:e2:29:fc:1a:4f:46:85:15:df:5e:fe:03:0b:
a4:9f:38:37:4f:4e:57:f5:db:b3:bc:97:0b:92:9a:
22:51:98:3d:0e:f0:10:19:0d:8c:29:29:10:2e:45:
70:be:18:b8:0e:dd:01:0b:53:d5:1a:9f:77:66:74:
e1:04:52:13:26:98:23:3d:6e:d6:a8:16:96:38:6c:
3d:ef:28:5e:9e:ad:db:6c:3c:40:ec:e1:72:51:03:
70:c5:f8:ae:5b:3e:3f:d5:3c:43:55:35:8d:6b:0f:
6d:4a:59:93:69:da:2c:ef:e0:04:54:29:47:52:7d:
f9:50:21:ed:f0:03:d2:23:65:67:78:1b:ca:02:b9:
6c:0c:86:0d:87:4b:02:73:51:9a:99:ec:e3:ee:70:
86:e5:a8:b7:26:90:e4:c9:c6:86:26:8d:e1:1f:da:
a6:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:72:8B:5D:86:9D:08:42:BB:10:58:43:CF:A3:05:EC:66:0D:8E:F2
X509v3 Authority Key Identifier:
keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/QnKLXYadCEK7EFhDz6MF7GYNjvI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.192.0/24
37.209.194.0/24
37.209.196.0/24
37.209.198.0/24
Signature Algorithm: sha256WithRSAEncryption
25:36:4b:f7:8b:da:7b:38:16:f0:f9:91:b8:5c:24:ac:5a:29:
f2:13:0e:35:9e:75:76:aa:08:e5:e4:6f:19:04:a7:17:2c:4f:
b0:4f:40:33:a8:ea:57:da:c6:d2:37:95:21:50:45:17:f4:2b:
99:54:93:9a:c8:36:07:ad:12:d3:fb:80:94:ec:ae:5e:35:73:
89:5c:37:99:27:9b:54:0d:fc:38:94:51:6f:73:53:ae:4b:ba:
ec:fc:57:e7:11:08:05:40:e0:64:11:22:a9:05:45:37:45:6d:
f5:15:c6:16:7a:71:f3:3e:af:6b:e7:2f:93:d8:0e:56:a3:0b:
a3:74:b3:05:3e:e8:4b:25:6e:b2:27:da:fe:a7:69:93:1a:b9:
49:fc:e6:4d:53:62:12:bf:b3:e3:60:93:a2:c5:5f:24:59:75:
3e:08:f5:c5:84:be:0a:8b:0b:8e:8b:11:4a:5e:58:55:4d:47:
04:a2:18:e2:e5:3a:5d:d6:91:89:14:60:86:3e:95:54:1a:18:
f2:9c:9c:c7:78:47:1a:d5:31:ca:9e:f2:55:47:56:ba:ac:37:
78:e5:5d:bd:aa:66:44:1e:38:6d:71:9d:db:50:db:7c:a3:5b:
d4:95:33:69:ca:a5:7b:fb:95:9f:7f:d9:73:60:7b:a5:f9:54:
80:14:f1:11
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQkspfIEkTrOQ//MNLbM3DzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjUwMTAyMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjcyOGI1ZDg2OWQwODQyYmIxMDU4NDNjZmEzMDVlYzY2MGQ4ZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVzdthA8NAwsijg3cav+oPeUcvC0
qtvD9Z/mtA3plRH6dxno78RYx5A5gd6t+ZjiQI/rno2uzii7w9qGb3Jqk8X1aD2F
NxjlInEli0qehIzW0bZ5erOg+O8NDeIp/BpPRoUV317+Awuknzg3T05X9duzvJcL
kpoiUZg9DvAQGQ2MKSkQLkVwvhi4Dt0BC1PVGp93ZnThBFITJpgjPW7WqBaWOGw9
7yhenq3bbDxA7OFyUQNwxfiuWz4/1TxDVTWNaw9tSlmTados7+AEVClHUn35UCHt
8APSI2VneBvKArlsDIYNh0sCc1Gamezj7nCG5ai3JpDkycaGJo3hH9qm3QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEJyi12GnQhCuxBYQ8+jBexmDY7yMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvUW5LTFhZYWRDRUs3RUZoRHo2TUY3R1lOanZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQAlNkv3i9p7OBbw+ZG4
XCSsWinyEw41nnV2qgjl5G8ZBKcXLE+wT0AzqOpX2sbSN5UhUEUX9CuZVJOayDYH
rRLT+4CU7K5eNXOJXDeZJ5tUDfw4lFFvc1OuS7rs/FfnEQgFQOBkESKpBUU3RW31
FcYWenHzPq9r5y+T2A5WowujdLMFPuhLJW6yJ9r+p2mTGrlJ/OZNU2ISv7PjYJOi
xV8kWXU+CPXFhL4KiwuOixFKXlhVTUcEohji5Tpd1pGJFGCGPpVUGhjynJzHeEca
1THKnvJVR1a6rDd45V29qmZEHjhtcZ3bUNt8o1vUlTNpyqV7+5Wff9lzYHul+VSA
FPER
-----END CERTIFICATE-----
Generated at Sun Apr 6 08:32:49 2025 by rpki-client