Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/QH5h9kNEtNvkMnKSihJPtcTs0HE.roa
File: QH5h9kNEtNvkMnKSihJPtcTs0HE.roa (raw, json)
Hash identifier: AsA1najb9bXe/1fdz6nmzffABId2n/zsPH7Cbk4Xzqs=
Subject key identifier: 40:7E:61:F6:43:44:B4:DB:E4:32:72:92:8A:12:4F:B5:C4:EC:D0:71
Certificate issuer: /CN=44566c1a283d553ef3f656f57223984dda7c355f
Certificate serial: 0196E94BA30C07DFBFBC595A8E93140C2C17
Authority key identifier: 44:56:6C:1A:28:3D:55:3E:F3:F6:56:F5:72:23:98:4D:DA:7C:35:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFZsGig9VT7z9lb1ciOYTdp8NV8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/QH5h9kNEtNvkMnKSihJPtcTs0HE.roa
Signing time: Mon 19 May 2025 16:06:10 +0000
ROA not before: Mon 19 May 2025 16:06:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29399
IP address blocks: 170.84.252.0/23 maxlen: 27
178.250.88.0/21 maxlen: 27
185.49.128.0/22 maxlen: 27
185.212.216.0/22 maxlen: 27
195.137.222.0/23 maxlen: 27
195.149.85.0/24 maxlen: 27
212.85.224.0/24 maxlen: 24
212.85.225.0/24 maxlen: 24
212.85.226.0/24 maxlen: 24
212.85.227.0/24 maxlen: 24
2a03:5d00::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/RFZsGig9VT7z9lb1ciOYTdp8NV8.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/RFZsGig9VT7z9lb1ciOYTdp8NV8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFZsGig9VT7z9lb1ciOYTdp8NV8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Jun 2025 07:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:e9:4b:a3:0c:07:df:bf:bc:59:5a:8e:93:14:0c:2c:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=44566c1a283d553ef3f656f57223984dda7c355f
Validity
Not Before: May 19 16:06:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=407e61f64344b4dbe43272928a124fb5c4ecd071
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:dc:3b:4d:03:62:85:68:bd:6c:db:8a:e9:45:
d4:06:dc:f4:85:06:ab:bc:1d:e0:88:ed:ad:a9:f4:
92:05:e5:d9:2f:fc:63:2a:81:62:3a:3b:02:81:87:
01:72:d4:c8:ff:07:2b:42:45:d5:c2:dc:f4:18:45:
c6:27:36:ec:de:d2:1a:ef:61:ac:fc:84:82:84:22:
58:07:84:e6:dc:7c:22:18:aa:ed:f7:a1:86:04:5e:
cd:64:d9:d7:78:52:8a:d4:a7:be:8b:61:f5:6f:02:
a5:e8:bb:46:10:c1:9c:51:ce:df:70:82:ff:68:1c:
36:4b:68:43:a3:b3:5c:78:3a:6b:ef:a1:e2:39:70:
db:2a:87:7d:b7:48:30:fd:94:91:c7:fe:3a:d1:b0:
3a:1a:01:e7:07:eb:c2:85:c4:23:cb:76:cb:59:47:
d9:99:75:c4:76:97:4f:98:9c:6c:27:45:5e:33:b0:
68:60:6a:5c:d8:2c:94:40:ed:76:dd:84:bb:7b:e7:
a1:a5:72:3f:49:c3:8c:f8:65:e4:d0:fc:ef:c2:f7:
06:97:5f:8a:aa:29:79:49:c6:e8:cc:20:e6:ad:7d:
94:13:2f:a5:d6:52:04:37:19:2d:10:fc:31:65:c6:
9e:e7:b5:2c:7b:75:e3:18:4b:29:89:1e:eb:c6:b6:
a1:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:7E:61:F6:43:44:B4:DB:E4:32:72:92:8A:12:4F:B5:C4:EC:D0:71
X509v3 Authority Key Identifier:
keyid:44:56:6C:1A:28:3D:55:3E:F3:F6:56:F5:72:23:98:4D:DA:7C:35:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFZsGig9VT7z9lb1ciOYTdp8NV8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/QH5h9kNEtNvkMnKSihJPtcTs0HE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/RFZsGig9VT7z9lb1ciOYTdp8NV8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.84.252.0/23
178.250.88.0/21
185.49.128.0/22
185.212.216.0/22
195.137.222.0/23
195.149.85.0/24
212.85.224.0/22
IPv6:
2a03:5d00::/29
Signature Algorithm: sha256WithRSAEncryption
26:78:42:16:53:e6:26:39:db:68:63:64:58:a8:57:6e:48:70:
d4:8d:20:98:4b:fb:ba:42:07:9a:5b:bc:aa:df:03:5a:8a:76:
b5:ef:14:08:e9:17:ef:d6:43:26:8a:8f:71:80:13:98:8c:1d:
85:7d:c1:4e:c1:c3:5e:9b:e4:b6:4d:67:2d:d9:3e:8d:fe:0b:
61:97:32:7c:a7:68:5e:29:cd:db:64:ea:75:f0:72:f5:92:ab:
fc:ce:c3:d2:d6:7c:f7:0c:14:ee:d4:13:ab:9b:52:12:c9:a9:
28:ca:3f:67:25:ae:04:3a:41:7e:98:c9:3c:84:00:b6:f8:44:
2d:d9:80:e5:51:60:ac:2a:86:42:0f:e5:5b:aa:09:ef:da:6b:
85:5b:cc:07:58:a0:c5:9f:e0:0a:b2:a5:07:f2:34:2b:66:fd:
6e:03:e0:9a:f4:fc:90:49:dd:41:c6:f3:24:4b:41:3a:05:e7:
36:85:73:bc:14:59:b3:ac:1b:93:8c:de:22:25:88:44:71:96:
dc:a2:b3:62:a7:ae:3c:f4:64:f0:33:b7:bf:ee:3c:0f:18:29:
72:3f:6b:c7:3e:aa:90:6c:53:bc:33:32:ab:cc:7f:27:a5:a7:
9a:b4:75:b7:6d:3d:74:0b:0b:99:3d:ee:e9:ee:7a:1d:26:73:
a1:ce:c2:3f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZbpS6MMB9+/vFlajpMUDCwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTY2YzFhMjgzZDU1M2VmM2Y2NTZmNTcyMjM5ODRkZGE3
YzM1NWYwHhcNMjUwNTE5MTYwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdlNjFmNjQzNDRiNGRiZTQzMjcyOTI4YTEyNGZiNWM0ZWNkMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNw7TQNihWi9bNuK6UXUBtz0hQar
vB3giO2tqfSSBeXZL/xjKoFiOjsCgYcBctTI/wcrQkXVwtz0GEXGJzbs3tIa72Gs
/ISChCJYB4Tm3HwiGKrt96GGBF7NZNnXeFKK1Ke+i2H1bwKl6LtGEMGcUc7fcIL/
aBw2S2hDo7NceDpr76HiOXDbKod9t0gw/ZSRx/460bA6GgHnB+vChcQjy3bLWUfZ
mXXEdpdPmJxsJ0VeM7BoYGpc2CyUQO123YS7e+ehpXI/ScOM+GXk0PzvwvcGl1+K
qil5ScbozCDmrX2UEy+l1lIENxktEPwxZcae57Use3XjGEspiR7rxrahHwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFEB+YfZDRLTb5DJykooST7XE7NBxMB8GA1UdIwQY
MBaAFERWbBooPVU+8/ZW9XIjmE3afDVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZac0dpZzlWVDd6OWxiMWNpT1lUZHA4TlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lZWI4MTMtZjI0Yy00MTc1LTgyOGIt
OWQ1OGNlMjIxODQzLzEvUUg1aDlrTkV0TnZrTW5LU2loSlB0Y1RzMEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lZWI4MTMtZjI0Yy00MTc1LTgyOGItOWQ1OGNlMjIxODQz
LzEvUkZac0dpZzlWVDd6OWxiMWNpT1lUZHA4TlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQBqlT8AwQD
svpYAwQCuTGAAwQCudTYAwQBw4neAwQAw5VVAwQC1FXgMA0EAgACMAcDBQMqA10A
MA0GCSqGSIb3DQEBCwUAA4IBAQAmeEIWU+YmOdtoY2RYqFduSHDUjSCYS/u6Qgea
W7yq3wNaina17xQI6Rfv1kMmio9xgBOYjB2FfcFOwcNem+S2TWct2T6N/gthlzJ8
p2heKc3bZOp18HL1kqv8zsPS1nz3DBTu1BOrm1ISyakoyj9nJa4EOkF+mMk8hAC2
+EQt2YDlUWCsKoZCD+Vbqgnv2muFW8wHWKDFn+AKsqUH8jQrZv1uA+Ca9PyQSd1B
xvMkS0E6Bec2hXO8FFmzrBuTjN4iJYhEcZbcorNip6489GTwM7e/7jwPGClyP2vH
PqqQbFO8MzKrzH8npaeatHW3bT10CwuZPe7p7nodJnOhzsI/
-----END CERTIFICATE-----
Generated at Fri Jun 13 17:05:52 2025 by rpki-client