Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a07342-1742-41a1-8bc7-01a28a76ccf4/1/NQNN2zI--5W9phAw1FPsrLGEYwA.roa
File: NQNN2zI--5W9phAw1FPsrLGEYwA.roa (raw, json)
Hash identifier: vTr80Rx2MWq5UoQZbNWzT5PuHgBwID0hr0ao7hRy9dI=
Subject key identifier: 35:03:4D:DB:32:3E:FB:95:BD:A6:10:30:D4:53:EC:AC:B1:84:63:00
Certificate issuer: /CN=07090fba663b072bb54cc7d49e88a0380374cb6e
Certificate serial: 019425221295B8F64FE1495CD20D27132FE6
Authority key identifier: 07:09:0F:BA:66:3B:07:2B:B5:4C:C7:D4:9E:88:A0:38:03:74:CB:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BwkPumY7Byu1TMfUnoigOAN0y24.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/a07342-1742-41a1-8bc7-01a28a76ccf4/1/NQNN2zI--5W9phAw1FPsrLGEYwA.roa
Signing time: Thu 02 Jan 2025 03:49:37 +0000
ROA not before: Thu 02 Jan 2025 03:49:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197161
IP address blocks: 94.154.14.0/24 maxlen: 24
185.65.80.0/22 maxlen: 24
195.42.148.0/23 maxlen: 23
195.42.148.0/24 maxlen: 24
195.42.149.0/24 maxlen: 24
2a03:1a60::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e4/a07342-1742-41a1-8bc7-01a28a76ccf4/1/BwkPumY7Byu1TMfUnoigOAN0y24.crl
rsync://rpki.ripe.net/repository/DEFAULT/e4/a07342-1742-41a1-8bc7-01a28a76ccf4/1/BwkPumY7Byu1TMfUnoigOAN0y24.mft
rsync://rpki.ripe.net/repository/DEFAULT/BwkPumY7Byu1TMfUnoigOAN0y24.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:22:12:95:b8:f6:4f:e1:49:5c:d2:0d:27:13:2f:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07090fba663b072bb54cc7d49e88a0380374cb6e
Validity
Not Before: Jan 2 03:49:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35034ddb323efb95bda61030d453ecacb1846300
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:c8:34:47:f5:0f:5a:90:1d:21:02:af:2a:34:
af:de:68:88:c7:9d:46:90:e7:f3:0f:aa:99:16:f2:
a1:14:0a:c1:62:2e:39:06:37:6b:95:1f:04:6b:ac:
72:6a:0d:dc:00:c3:16:76:09:f6:b4:e9:96:fc:21:
97:95:e0:96:21:1b:9d:0b:55:f0:7c:59:d1:e8:dc:
d7:a5:2d:7b:e8:d5:68:4b:dc:68:db:67:f5:34:68:
38:16:1b:94:2e:31:6c:a5:c5:71:f7:f5:d2:ec:25:
b6:cf:79:c9:c6:78:1c:68:72:3d:93:69:ee:88:7a:
43:39:51:aa:07:e8:6c:98:86:da:10:52:fb:93:59:
6c:0d:46:10:6f:49:04:62:6c:c0:e1:bb:88:c2:12:
cd:9b:d0:22:39:b8:84:04:99:b4:4b:53:a6:2f:d9:
76:83:a4:e6:80:23:aa:79:dc:68:c6:6b:fa:88:7e:
88:c5:30:f7:67:af:93:5c:ac:2c:65:fe:02:15:15:
aa:f8:54:46:40:25:e1:97:ce:f7:96:9e:f0:65:a0:
3f:02:4a:85:2b:37:07:1a:04:9c:5f:b0:65:13:b3:
c8:f1:12:35:47:3b:5c:c2:06:27:99:d5:eb:22:1e:
38:06:00:14:43:7e:9b:e1:22:d3:bd:b8:28:a6:3f:
bd:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:03:4D:DB:32:3E:FB:95:BD:A6:10:30:D4:53:EC:AC:B1:84:63:00
X509v3 Authority Key Identifier:
keyid:07:09:0F:BA:66:3B:07:2B:B5:4C:C7:D4:9E:88:A0:38:03:74:CB:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwkPumY7Byu1TMfUnoigOAN0y24.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a07342-1742-41a1-8bc7-01a28a76ccf4/1/NQNN2zI--5W9phAw1FPsrLGEYwA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a07342-1742-41a1-8bc7-01a28a76ccf4/1/BwkPumY7Byu1TMfUnoigOAN0y24.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.154.14.0/24
185.65.80.0/22
195.42.148.0/23
IPv6:
2a03:1a60::/32
Signature Algorithm: sha256WithRSAEncryption
62:35:71:fa:9a:5a:1d:33:67:c1:20:ae:64:e5:ea:89:58:10:
a4:60:89:e5:a1:bb:29:1c:55:a9:24:4c:76:60:4f:99:a5:75:
fa:ba:0a:8d:ac:a9:3b:fe:b8:ce:cb:86:da:4f:a7:9e:15:a3:
05:27:bf:fa:61:f7:d2:d6:cd:b1:83:c0:5e:84:2f:b3:5b:d2:
c2:dc:43:9e:cc:89:71:df:b1:99:97:fe:f0:96:43:2a:27:aa:
a0:7c:28:d6:e3:b6:87:e4:b5:42:4a:ae:4a:d1:27:42:58:ef:
88:f3:92:4c:a2:1b:2d:5f:53:af:d1:49:bd:e7:f9:1f:5f:c3:
ab:49:25:0e:4d:41:6e:65:0d:35:cf:04:71:62:c0:8c:3d:f0:
51:15:26:87:29:fd:a8:96:87:41:2b:86:e8:ae:53:bb:97:d1:
82:ad:dd:3d:bc:03:43:1c:81:26:9a:e3:2d:6a:1d:3e:7b:01:
b0:e5:79:65:ad:8f:1e:94:af:9a:3c:35:c3:c6:be:19:eb:97:
d6:84:d7:2e:de:d9:51:10:2d:99:cf:54:b7:3a:29:49:c1:16:
a1:5e:9d:57:c8:c9:e9:09:49:ca:40:05:4d:96:03:0d:6d:2f:
ae:ab:04:95:78:e7:59:e6:d3:1c:5f:0a:f5:d9:20:66:5f:72:
63:68:49:74
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQlIhKVuPZP4Ulc0g0nEy/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDkwZmJhNjYzYjA3MmJiNTRjYzdkNDllODhhMDM4MDM3
NGNiNmUwHhcNMjUwMTAyMDM0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTAzNGRkYjMyM2VmYjk1YmRhNjEwMzBkNDUzZWNhY2IxODQ2MzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssg0R/UPWpAdIQKvKjSv3miIx51G
kOfzD6qZFvKhFArBYi45BjdrlR8Ea6xyag3cAMMWdgn2tOmW/CGXleCWIRudC1Xw
fFnR6NzXpS176NVoS9xo22f1NGg4FhuULjFspcVx9/XS7CW2z3nJxngcaHI9k2nu
iHpDOVGqB+hsmIbaEFL7k1lsDUYQb0kEYmzA4buIwhLNm9AiObiEBJm0S1OmL9l2
g6TmgCOqedxoxmv6iH6IxTD3Z6+TXKwsZf4CFRWq+FRGQCXhl873lp7wZaA/AkqF
KzcHGgScX7BlE7PI8RI1RztcwgYnmdXrIh44BgAUQ36b4SLTvbgopj+9swIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDUDTdsyPvuVvaYQMNRT7KyxhGMAMB8GA1UdIwQY
MBaAFAcJD7pmOwcrtUzH1J6IoDgDdMtuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndrUHVtWTdCeXUxVE1mVW5vaWdPQU4weTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hMDczNDItMTc0Mi00MWExLThiYzct
MDFhMjhhNzZjY2Y0LzEvTlFOTjJ6SS0tNVc5cGhBdzFGUHNyTEdFWXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hMDczNDItMTc0Mi00MWExLThiYzctMDFhMjhhNzZjY2Y0
LzEvQndrUHVtWTdCeXUxVE1mVW5vaWdPQU4weTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAXpoOAwQC
uUFQAwQBwyqUMA0EAgACMAcDBQAqAxpgMA0GCSqGSIb3DQEBCwUAA4IBAQBiNXH6
mlodM2fBIK5k5eqJWBCkYInlobspHFWpJEx2YE+ZpXX6ugqNrKk7/rjOy4baT6ee
FaMFJ7/6YffS1s2xg8BehC+zW9LC3EOezIlx37GZl/7wlkMqJ6qgfCjW47aH5LVC
Sq5K0SdCWO+I85JMohstX1Ov0Um95/kfX8OrSSUOTUFuZQ01zwRxYsCMPfBRFSaH
Kf2olodBK4borlO7l9GCrd09vANDHIEmmuMtah0+ewGw5XllrY8elK+aPDXDxr4Z
65fWhNcu3tlREC2Zz1S3OilJwRahXp1XyMnpCUnKQAVNlgMNbS+uqwSVeOdZ5tMc
Xwr12SBmX3JjaEl0
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:41:02 2025 by rpki-client