Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/HjZYRM1GY8NwIlqa0kEmRhdDg7o.roa
File: HjZYRM1GY8NwIlqa0kEmRhdDg7o.roa (raw, json)
Hash identifier: k83Jec9pog7vuk6fuX8SfpctGFX9GXrAU6iLBU2zk9g=
Subject key identifier: 1E:36:58:44:CD:46:63:C3:70:22:5A:9A:D2:41:26:46:17:43:83:BA
Certificate issuer: /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial: 0195A9E93CFF9001C51B5F3BA2F9747DF72D
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/HjZYRM1GY8NwIlqa0kEmRhdDg7o.roa
Signing time: Tue 18 Mar 2025 15:39:49 +0000
ROA not before: Tue 18 Mar 2025 15:39:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35614
IP address blocks: 31.128.170.0/24 maxlen: 24
94.124.166.0/24 maxlen: 24
193.105.7.0/24 maxlen: 24
2a0c:29c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.mft
rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a9:e9:3c:ff:90:01:c5:1b:5f:3b:a2:f9:74:7d:f7:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Validity
Not Before: Mar 18 15:39:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1e365844cd4663c370225a9ad2412646174383ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:95:ab:33:e6:c0:24:b7:a5:8c:72:5b:3f:17:
b9:c1:66:d7:f9:23:a1:b6:85:13:45:9b:7d:53:49:
74:09:fa:e9:2a:32:fe:aa:53:a1:de:c5:4e:56:5b:
25:35:f1:7b:b5:a7:98:74:36:a2:09:10:1f:5c:80:
b6:60:6f:5a:86:f6:16:22:99:bc:10:de:13:0d:cb:
d2:b1:30:b1:5e:2b:d9:e2:86:80:a0:de:bd:64:86:
98:6c:f7:07:3a:39:84:35:68:64:9c:d2:aa:2d:79:
01:94:fd:bf:ae:dd:9a:eb:d1:02:e0:af:aa:cd:c0:
a7:90:b8:a6:52:4f:c0:14:19:bf:d0:5f:2f:e8:d8:
05:98:54:60:25:6f:54:cf:e3:8e:93:e4:8e:c4:12:
79:36:02:e9:77:c1:ad:81:cc:e1:71:1f:d1:a2:e3:
8f:6d:a9:de:af:31:5d:27:d4:3b:0e:7f:e1:dc:17:
a9:d9:53:99:ec:25:ed:30:d8:8e:e8:31:66:63:78:
9b:80:66:41:90:be:a7:9d:0c:5d:6b:0a:cd:6f:09:
fe:45:ce:9c:61:f4:9b:c0:37:3e:b2:46:8d:b8:d9:
e2:c8:1f:99:a3:f0:20:a1:56:39:77:3c:fa:25:5e:
a1:a3:2e:c4:d7:fb:47:f6:73:b7:23:81:af:a5:8c:
f6:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:36:58:44:CD:46:63:C3:70:22:5A:9A:D2:41:26:46:17:43:83:BA
X509v3 Authority Key Identifier:
keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/HjZYRM1GY8NwIlqa0kEmRhdDg7o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.128.170.0/24
94.124.166.0/24
193.105.7.0/24
IPv6:
2a0c:29c0::/32
Signature Algorithm: sha256WithRSAEncryption
21:22:53:90:67:b9:f1:49:7d:80:fe:ab:03:eb:fd:fa:8f:e0:
d5:f4:2b:a2:6d:15:ed:51:6b:b3:42:98:1d:52:4d:96:5f:54:
de:51:d8:5f:5d:70:fb:30:74:1b:fc:0c:9d:23:d6:d4:03:fd:
72:91:b0:7f:08:b5:c7:80:54:93:ac:55:af:fc:99:58:89:43:
6e:53:c1:bc:cb:65:c7:58:a8:a2:d8:39:20:a9:09:47:d4:f9:
14:96:6a:76:91:b4:39:15:9f:01:47:68:7c:15:f1:5f:33:0f:
06:bf:f5:2d:c5:33:77:df:ed:58:36:94:b9:cb:d0:ae:58:6d:
f3:07:f6:1c:cf:5d:f5:e2:2f:d2:e3:fc:0e:f4:c0:8b:ae:34:
1c:52:29:21:76:fb:f4:f3:b6:dc:c7:ec:53:58:fc:df:88:83:
f1:1b:6c:e8:8f:c2:8d:6a:39:1a:52:03:d9:f5:8d:db:c1:88:
e3:b8:56:85:52:68:27:60:24:ea:ab:43:ad:bc:9e:a7:2e:42:
d4:1a:2e:e7:07:f8:c6:a9:cc:8c:a5:4b:07:26:6a:20:d8:da:
56:31:15:74:6b:3b:10:d1:c6:e8:1c:f6:c3:6a:2b:a0:83:1b:
ab:13:66:87:c5:ff:20:d8:b6:cd:d0:98:3b:28:52:7f:d9:92:
e8:c5:7f:8c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZWp6Tz/kAHFG187ovl0ffctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjUwMzE4MTUzOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTM2NTg0NGNkNDY2M2MzNzAyMjVhOWFkMjQxMjY0NjE3NDM4M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJWrM+bAJLeljHJbPxe5wWbX+SOh
toUTRZt9U0l0CfrpKjL+qlOh3sVOVlslNfF7taeYdDaiCRAfXIC2YG9ahvYWIpm8
EN4TDcvSsTCxXivZ4oaAoN69ZIaYbPcHOjmENWhknNKqLXkBlP2/rt2a69EC4K+q
zcCnkLimUk/AFBm/0F8v6NgFmFRgJW9Uz+OOk+SOxBJ5NgLpd8GtgczhcR/RouOP
banerzFdJ9Q7Dn/h3Bep2VOZ7CXtMNiO6DFmY3ibgGZBkL6nnQxdawrNbwn+Rc6c
YfSbwDc+skaNuNniyB+Zo/AgoVY5dzz6JV6hoy7E1/tH9nO3I4GvpYz2MQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFB42WETNRmPDcCJamtJBJkYXQ4O6MB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvSGpaWVJNMUdZOE53SWxxYTBrRW1SaGREZzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAH4CqAwQA
XnymAwQAwWkHMA0EAgACMAcDBQAqDCnAMA0GCSqGSIb3DQEBCwUAA4IBAQAhIlOQ
Z7nxSX2A/qsD6/36j+DV9CuibRXtUWuzQpgdUk2WX1TeUdhfXXD7MHQb/AydI9bU
A/1ykbB/CLXHgFSTrFWv/JlYiUNuU8G8y2XHWKii2DkgqQlH1PkUlmp2kbQ5FZ8B
R2h8FfFfMw8Gv/UtxTN33+1YNpS5y9CuWG3zB/Ycz1314i/S4/wO9MCLrjQcUikh
dvv087bcx+xTWPzfiIPxG2zoj8KNajkaUgPZ9Y3bwYjjuFaFUmgnYCTqq0OtvJ6n
LkLUGi7nB/jGqcyMpUsHJmog2NpWMRV0azsQ0cboHPbDaiuggxurE2aHxf8g2LbN
0Jg7KFJ/2ZLoxX+M
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:30:43 2025 by rpki-client