Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/Q2ddpl6C3V4vYBl0I3228luG5oU.roa
File: Q2ddpl6C3V4vYBl0I3228luG5oU.roa (raw, json)
Hash identifier: gKtH3NhXGtSIchcMlB2GM3eSMYDb2zE1qytNooqyMO0=
Subject key identifier: 43:67:5D:A6:5E:82:DD:5E:2F:60:19:74:23:7D:B6:F2:5B:86:E6:85
Certificate issuer: /CN=b278ed8f9780f29dafa22f9fdf03374da4980e94
Certificate serial: 019421445C901E2C5F76741A2FBBA159D000
Authority key identifier: B2:78:ED:8F:97:80:F2:9D:AF:A2:2F:9F:DF:03:37:4D:A4:98:0E:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/snjtj5eA8p2voi-f3wM3TaSYDpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/Q2ddpl6C3V4vYBl0I3228luG5oU.roa
Signing time: Wed 01 Jan 2025 09:48:35 +0000
ROA not before: Wed 01 Jan 2025 09:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59852
IP address blocks: 185.253.10.0/24 maxlen: 24
2a10:b4c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/snjtj5eA8p2voi-f3wM3TaSYDpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/snjtj5eA8p2voi-f3wM3TaSYDpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/snjtj5eA8p2voi-f3wM3TaSYDpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 13:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:5c:90:1e:2c:5f:76:74:1a:2f:bb:a1:59:d0:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b278ed8f9780f29dafa22f9fdf03374da4980e94
Validity
Not Before: Jan 1 09:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=43675da65e82dd5e2f601974237db6f25b86e685
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:68:62:ad:11:ff:00:b5:fc:1b:11:e0:68:c4:
89:64:55:c6:67:37:89:58:6c:86:31:35:22:af:96:
9a:0a:8e:c8:88:d3:86:a2:2f:38:0d:7d:ea:66:60:
94:cb:16:a4:96:21:ce:86:c6:f5:b7:62:86:9c:18:
63:c4:f9:ed:12:7e:a7:03:7d:0f:ab:2e:c4:d4:3f:
1a:06:5d:22:94:e0:b3:c1:ab:61:06:fa:2f:3e:f5:
e1:c8:3e:c5:64:65:a1:6e:93:50:6f:28:45:53:1a:
42:01:2a:05:3b:08:f2:ce:eb:cf:2f:17:67:cb:67:
5f:ea:19:72:55:b4:33:1d:db:e2:a4:63:1a:ab:b6:
96:98:b0:30:56:5d:cb:a9:d3:05:fd:9f:0a:7d:3c:
e3:14:2a:43:e8:d2:f2:f3:85:aa:06:3b:80:e6:cf:
82:e5:df:82:73:32:a4:4e:8d:da:d4:0e:87:5c:c5:
e1:08:fe:61:5c:2b:59:77:28:28:e9:f7:5e:f9:f2:
a0:ef:bc:38:a5:31:bb:f9:f7:47:cc:7b:dc:67:6b:
67:14:3f:2f:86:dc:b8:c9:0c:4f:ec:d2:8c:7f:03:
eb:80:e3:85:e0:cd:43:2d:7f:ab:d3:0d:33:f6:2e:
46:99:cc:e9:32:6a:98:97:21:81:9b:3a:f8:3c:a4:
c5:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:67:5D:A6:5E:82:DD:5E:2F:60:19:74:23:7D:B6:F2:5B:86:E6:85
X509v3 Authority Key Identifier:
keyid:B2:78:ED:8F:97:80:F2:9D:AF:A2:2F:9F:DF:03:37:4D:A4:98:0E:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snjtj5eA8p2voi-f3wM3TaSYDpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/Q2ddpl6C3V4vYBl0I3228luG5oU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/snjtj5eA8p2voi-f3wM3TaSYDpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.253.10.0/24
IPv6:
2a10:b4c0::/29
Signature Algorithm: sha256WithRSAEncryption
a4:ab:dc:f3:02:41:f3:05:ea:aa:12:56:58:99:bf:f0:6b:f4:
38:50:da:40:de:ab:06:35:0b:32:d3:b1:32:6e:26:d7:ea:bd:
a5:36:2d:68:41:0d:b1:1b:e6:24:3b:a6:0c:34:1d:bc:e6:37:
70:b5:97:7a:05:ba:93:00:44:c8:01:86:45:95:47:6a:3f:a9:
dd:92:04:c0:60:c0:d5:61:f5:58:ce:c8:5f:65:86:9f:eb:b5:
f5:b9:39:c1:f2:0b:ed:20:b2:d9:bb:25:4a:77:1b:ff:28:63:
d9:2a:7d:c1:13:f5:d2:a1:36:ec:46:8d:87:c1:75:73:41:d5:
35:f7:61:d7:7f:3d:f4:3b:3b:14:5f:fc:e7:87:b5:ea:66:55:
2e:f2:2f:26:fc:bc:5d:25:82:5c:94:3e:52:74:62:7e:51:09:
14:1d:3e:e9:e8:bb:27:72:4b:b3:2c:79:2e:86:43:14:4a:47:
6b:81:45:12:c0:e4:15:ad:65:51:2f:a8:69:b5:49:ac:9a:bb:
63:b6:c2:a0:3d:27:c0:c2:a7:d9:27:fa:95:87:a6:ef:80:7e:
fd:98:09:09:e0:a6:28:97:6f:f9:6f:5d:ac:8e:12:ee:3c:36:
74:0b:c1:f0:c6:b0:37:0d:5e:4c:0a:76:e4:49:2d:8b:15:d4:
07:44:26:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRFyQHixfdnQaL7uhWdAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzhlZDhmOTc4MGYyOWRhZmEyMmY5ZmRmMDMzNzRkYTQ5
ODBlOTQwHhcNMjUwMTAxMDk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY3NWRhNjVlODJkZDVlMmY2MDE5NzQyMzdkYjZmMjViODZlNjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mhirRH/ALX8GxHgaMSJZFXGZzeJ
WGyGMTUir5aaCo7IiNOGoi84DX3qZmCUyxakliHOhsb1t2KGnBhjxPntEn6nA30P
qy7E1D8aBl0ilOCzwathBvovPvXhyD7FZGWhbpNQbyhFUxpCASoFOwjyzuvPLxdn
y2df6hlyVbQzHdvipGMaq7aWmLAwVl3LqdMF/Z8KfTzjFCpD6NLy84WqBjuA5s+C
5d+CczKkTo3a1A6HXMXhCP5hXCtZdygo6fde+fKg77w4pTG7+fdHzHvcZ2tnFD8v
hty4yQxP7NKMfwPrgOOF4M1DLX+r0w0z9i5GmczpMmqYlyGBmzr4PKTFkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFENnXaZegt1eL2AZdCN9tvJbhuaFMB8GA1UdIwQY
MBaAFLJ47Y+XgPKdr6Ivn98DN02kmA6UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25qdGo1ZUE4cDJ2b2ktZjN3TTNUYVNZRHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8xZTIzMTYtMWI1Yi00YmE1LTkzN2Qt
MDI4NjRjNTg1MTljLzEvUTJkZHBsNkMzVjR2WUJsMEkzMjI4bHVHNW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8xZTIzMTYtMWI1Yi00YmE1LTkzN2QtMDI4NjRjNTg1MTlj
LzEvc25qdGo1ZUE4cDJ2b2ktZjN3TTNUYVNZRHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf0KMA0E
AgACMAcDBQMqELTAMA0GCSqGSIb3DQEBCwUAA4IBAQCkq9zzAkHzBeqqElZYmb/w
a/Q4UNpA3qsGNQsy07EybibX6r2lNi1oQQ2xG+YkO6YMNB285jdwtZd6BbqTAETI
AYZFlUdqP6ndkgTAYMDVYfVYzshfZYaf67X1uTnB8gvtILLZuyVKdxv/KGPZKn3B
E/XSoTbsRo2HwXVzQdU192HXfz30OzsUX/znh7XqZlUu8i8m/LxdJYJclD5SdGJ+
UQkUHT7p6LsnckuzLHkuhkMUSkdrgUUSwOQVrWVRL6hptUmsmrtjtsKgPSfAwqfZ
J/qVh6bvgH79mAkJ4KYol2/5b12sjhLuPDZ0C8HwxrA3DV5MCnbkSS2LFdQHRCZi
-----END CERTIFICATE-----
Generated at Mon Apr 21 22:23:11 2025 by rpki-client