Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/QeIXKKypRp3pUKZsAXhEwiToOAw.roa
File: QeIXKKypRp3pUKZsAXhEwiToOAw.roa (raw, json)
Hash identifier: 4uaN2IkF9UjmjdQnaC+MinX3CAS8fZa9J2o5ym9jh2Y=
Subject key identifier: 41:E2:17:28:AC:A9:46:9D:E9:50:A6:6C:01:78:44:C2:24:E8:38:0C
Certificate issuer: /CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
Certificate serial: 019423D72BB4ABA73A06D55CCE546B6CB03E
Authority key identifier: C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/QeIXKKypRp3pUKZsAXhEwiToOAw.roa
Signing time: Wed 01 Jan 2025 21:48:11 +0000
ROA not before: Wed 01 Jan 2025 21:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36384
IP address blocks: 89.207.224.0/24 maxlen: 24
89.207.229.0/24 maxlen: 24
2a00:79e1::/32 maxlen: 32
2a00:79e1:800::/42 maxlen: 42
2a00:79e1:abc::/46 maxlen: 46
2a00:79e1:f00::/40 maxlen: 40
2a00:79e1:f000::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl
rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.mft
rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 15 Apr 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:2b:b4:ab:a7:3a:06:d5:5c:ce:54:6b:6c:b0:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
Validity
Not Before: Jan 1 21:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=41e21728aca9469de950a66c017844c224e8380c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:e2:2d:38:ff:52:2e:de:9e:b9:cb:f1:00:b3:
fa:c5:38:da:bb:95:3a:43:35:02:bb:69:8d:d9:e3:
02:09:c0:6a:bc:12:af:df:a6:28:8c:39:5a:2c:21:
e3:97:ec:33:0d:9f:d9:c1:99:f6:c7:16:ec:54:ad:
21:37:22:66:d6:37:b9:df:de:9d:92:69:cf:b2:26:
5a:51:12:ac:e2:1d:37:42:e1:cf:8a:de:d9:47:54:
1f:ab:3b:c6:c9:48:85:2e:9e:0b:c4:80:ec:a7:5d:
22:32:83:c2:ce:ca:20:6c:8d:5b:8a:4d:65:a6:3d:
59:3c:ab:2d:8c:f9:7a:48:af:69:25:26:4b:7b:73:
07:15:af:94:93:73:66:70:04:21:f7:3c:07:c5:9c:
7e:34:5f:cc:ff:03:84:dc:7a:88:88:c2:ba:c6:45:
4d:43:65:35:76:4e:56:fd:5a:d8:2d:a9:16:8d:77:
d5:cf:75:f6:db:32:c4:e4:23:d4:32:4a:f3:6d:23:
7a:17:f4:f2:f9:7b:a2:79:d0:d0:45:a7:2d:ab:71:
b3:bb:e9:4c:d7:2f:8d:48:af:4e:0f:68:78:64:dc:
59:41:0b:26:7a:7b:a7:c5:4c:ad:43:47:60:de:26:
f0:e1:4b:68:b2:4e:f6:d2:5d:d8:65:db:15:e7:03:
79:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:E2:17:28:AC:A9:46:9D:E9:50:A6:6C:01:78:44:C2:24:E8:38:0C
X509v3 Authority Key Identifier:
keyid:C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/QeIXKKypRp3pUKZsAXhEwiToOAw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.207.224.0/24
89.207.229.0/24
IPv6:
2a00:79e1::/32
Signature Algorithm: sha256WithRSAEncryption
a9:af:6c:08:aa:f0:f1:f0:fc:0c:40:e2:bd:0a:10:63:f2:db:
d8:e6:5e:74:03:5a:b1:5e:75:1b:95:a8:24:0f:a8:2d:5a:c2:
8f:50:f1:50:de:6f:55:3d:c8:14:fc:a8:34:1b:63:bf:b4:6d:
f0:69:38:84:4a:90:24:c1:df:ec:7b:59:79:ba:2b:53:4c:be:
89:04:7a:17:5e:fc:92:b4:63:d1:0b:f3:93:fe:e0:ff:29:63:
ff:9f:25:5d:2c:f7:0e:50:47:45:42:ad:ab:38:8f:04:9a:db:
d7:07:31:18:31:26:fc:04:f9:54:42:4e:27:f7:f8:24:83:17:
b4:4b:8e:21:e9:03:11:1e:49:fd:ff:bd:d9:57:85:da:4f:88:
62:36:e1:ae:f8:30:3b:e8:9a:4a:3d:9d:12:2d:6f:ac:00:2c:
57:25:fb:00:30:51:0b:75:e7:9d:61:ac:36:f0:28:06:4d:81:
5e:3d:d3:ad:de:4c:7f:46:16:ac:e3:26:77:a7:25:5a:68:f2:
24:8d:5a:4e:4e:b7:d9:92:a0:d1:99:ed:9c:cc:81:65:1b:fa:
d7:0f:49:ea:e7:3d:9b:19:7e:8d:39:fe:6f:a9:6b:14:3b:89:
9a:fd:cf:fc:e3:57:01:b5:4d:6f:0a:6b:ae:b8:fd:b6:a6:b6:
cc:51:ff:c8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1yu0q6c6BtVczlRrbLA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzQ3ZmJlMjZjOWNkZDc2MjhhZGZlZGI1N2I3OGJlOGRl
NzVlMjkwHhcNMjUwMTAxMjE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWUyMTcyOGFjYTk0NjlkZTk1MGE2NmMwMTc4NDRjMjI0ZTgzODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eItOP9SLt6eucvxALP6xTjau5U6
QzUCu2mN2eMCCcBqvBKv36YojDlaLCHjl+wzDZ/ZwZn2xxbsVK0hNyJm1je5396d
kmnPsiZaURKs4h03QuHPit7ZR1QfqzvGyUiFLp4LxIDsp10iMoPCzsogbI1bik1l
pj1ZPKstjPl6SK9pJSZLe3MHFa+Uk3NmcAQh9zwHxZx+NF/M/wOE3HqIiMK6xkVN
Q2U1dk5W/VrYLakWjXfVz3X22zLE5CPUMkrzbSN6F/Ty+XuiedDQRactq3Gzu+lM
1y+NSK9OD2h4ZNxZQQsmenunxUytQ0dg3ibw4Utosk720l3YZdsV5wN5FwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEHiFyisqUad6VCmbAF4RMIk6DgMMB8GA1UdIwQY
MBaAFMB0f74myc3XYorf7bV7eL6N514pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDIt
MzY4NjA4Mzg1ODgzLzEvUWVJWEtLeXBScDNwVUtac0FYaEV3aVRvT0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDItMzY4NjA4Mzg1ODgz
LzEvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAWc/gAwQA
Wc/lMA0EAgACMAcDBQAqAHnhMA0GCSqGSIb3DQEBCwUAA4IBAQCpr2wIqvDx8PwM
QOK9ChBj8tvY5l50A1qxXnUblagkD6gtWsKPUPFQ3m9VPcgU/Kg0G2O/tG3waTiE
SpAkwd/se1l5uitTTL6JBHoXXvyStGPRC/OT/uD/KWP/nyVdLPcOUEdFQq2rOI8E
mtvXBzEYMSb8BPlUQk4n9/gkgxe0S44h6QMRHkn9/73ZV4XaT4hiNuGu+DA76JpK
PZ0SLW+sACxXJfsAMFELdeedYaw28CgGTYFePdOt3kx/Rhas4yZ3pyVaaPIkjVpO
TrfZkqDRme2czIFlG/rXD0nq5z2bGX6NOf5vqWsUO4ma/c/841cBtU1vCmuuuP22
prbMUf/I
-----END CERTIFICATE-----
Generated at Tue Apr 15 03:58:32 2025 by rpki-client