Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/944hLyq4lZEVAFInZE509HNE3dY.roa
File: 944hLyq4lZEVAFInZE509HNE3dY.roa (raw, json)
Hash identifier: u1nybjv+YghCeLuvRCrpHUYvYfZKGq/DNrzwKmuq+cA=
Subject key identifier: F7:8E:21:2F:2A:B8:95:91:15:00:52:27:64:4E:74:F4:73:44:DD:D6
Certificate issuer: /CN=40a249eadeb2a928fe0c2e75c918248b5a1a28b9
Certificate serial: 01941FFA07F38B7E3CD50D7CB39DFD67911B
Authority key identifier: 40:A2:49:EA:DE:B2:A9:28:FE:0C:2E:75:C9:18:24:8B:5A:1A:28:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/944hLyq4lZEVAFInZE509HNE3dY.roa
Signing time: Wed 01 Jan 2025 03:47:47 +0000
ROA not before: Wed 01 Jan 2025 03:47:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29259
IP address blocks: 83.170.0.0/18 maxlen: 18
84.11.0.0/16 maxlen: 16
84.11.255.0/24 maxlen: 24
195.158.212.0/22 maxlen: 24
2001:1b10::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.mft
rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 14:13:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:07:f3:8b:7e:3c:d5:0d:7c:b3:9d:fd:67:91:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=40a249eadeb2a928fe0c2e75c918248b5a1a28b9
Validity
Not Before: Jan 1 03:47:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f78e212f2ab8959115005227644e74f47344ddd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:a3:07:0b:0c:a2:4d:a0:99:74:6e:63:01:a3:
0c:58:61:7f:ec:b6:33:91:79:d6:2b:ad:a2:b7:26:
7c:ed:2c:4d:75:08:6b:ba:6e:5c:37:c1:87:9f:e9:
49:8c:a1:ec:39:94:b6:e1:6b:e8:d3:9e:40:75:ee:
fd:2d:0b:f8:6b:96:f9:b5:c1:62:b1:bb:08:5b:b2:
3b:ad:b7:3b:93:4a:37:24:15:ee:7c:9e:7a:bd:8f:
2d:e1:05:3e:86:02:4d:14:95:fb:b8:58:2a:4a:fa:
2d:05:d6:f1:9c:2c:90:ab:75:16:e4:39:eb:56:a8:
e2:b6:5f:23:1b:97:da:e7:cf:27:64:9c:c9:8c:b9:
92:41:9b:f6:e3:8d:2a:45:c4:8b:5f:9a:55:77:88:
5c:91:58:a6:90:2f:c8:ab:99:21:47:7d:95:59:23:
c9:ed:45:83:ee:1f:4c:19:cc:97:9e:63:20:87:0d:
89:61:3f:4d:4e:b8:c2:fc:e1:5f:1f:c3:98:64:58:
27:84:c5:7c:87:54:42:12:b7:ac:a3:ef:ae:f7:03:
77:2f:2f:77:fb:ff:e6:63:01:99:79:57:22:e6:d1:
57:e4:1b:80:94:7a:23:dd:94:15:c9:2a:3d:24:ab:
06:25:92:2c:31:71:bf:d4:96:d2:36:00:f3:19:cf:
db:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:8E:21:2F:2A:B8:95:91:15:00:52:27:64:4E:74:F4:73:44:DD:D6
X509v3 Authority Key Identifier:
keyid:40:A2:49:EA:DE:B2:A9:28:FE:0C:2E:75:C9:18:24:8B:5A:1A:28:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/944hLyq4lZEVAFInZE509HNE3dY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.170.0.0/18
84.11.0.0/16
195.158.212.0/22
IPv6:
2001:1b10::/32
Signature Algorithm: sha256WithRSAEncryption
14:b5:31:b3:53:2d:69:60:6e:af:f2:b5:9d:f9:93:7a:cf:f4:
44:cc:5e:ce:9a:eb:e2:66:0b:ec:de:cb:a1:4f:76:9a:73:42:
20:60:ef:11:cf:5b:5c:33:92:e5:44:e0:dc:22:cb:55:44:2b:
ec:b6:d8:39:2f:c4:48:fe:68:e1:28:70:ff:de:5b:79:b3:29:
53:37:0f:26:9a:82:3e:6b:24:13:1f:0a:4b:7a:e3:eb:0b:f2:
03:5a:38:94:69:9d:72:a4:d3:5c:15:1c:37:58:04:a5:1c:cf:
8e:df:31:bb:8c:aa:80:76:a8:ef:43:79:64:c5:0c:31:a1:63:
73:c4:17:f1:28:8b:0c:9a:75:78:7d:1d:15:64:e0:7d:ac:5c:
52:56:0d:07:f4:7a:6c:ee:13:52:93:88:de:a5:24:9a:68:84:
23:7f:8a:07:f4:e7:56:4b:6c:fa:07:62:82:31:9b:91:0a:0c:
26:5d:90:cb:0a:f0:ce:ad:8d:86:48:d2:7b:88:76:8c:68:14:
19:4e:c1:49:08:4c:30:d2:0b:3b:45:57:5f:f7:ca:78:b5:8b:
5e:84:9b:5a:38:aa:68:61:d8:a0:5b:e6:26:0f:df:8c:1c:d3:
95:29:83:0c:bd:17:8f:2c:11:dd:4e:06:5a:71:2e:78:ff:84:
ca:a4:a8:95
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQf+gfzi3481Q18s539Z5EbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYTI0OWVhZGViMmE5MjhmZTBjMmU3NWM5MTgyNDhiNWEx
YTI4YjkwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzhlMjEyZjJhYjg5NTkxMTUwMDUyMjc2NDRlNzRmNDczNDRkZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6MHCwyiTaCZdG5jAaMMWGF/7LYz
kXnWK62ityZ87SxNdQhrum5cN8GHn+lJjKHsOZS24Wvo055Ade79LQv4a5b5tcFi
sbsIW7I7rbc7k0o3JBXufJ56vY8t4QU+hgJNFJX7uFgqSvotBdbxnCyQq3UW5Dnr
Vqjitl8jG5fa588nZJzJjLmSQZv2440qRcSLX5pVd4hckVimkC/Iq5khR32VWSPJ
7UWD7h9MGcyXnmMghw2JYT9NTrjC/OFfH8OYZFgnhMV8h1RCEreso++u9wN3Ly93
+//mYwGZeVci5tFX5BuAlHoj3ZQVySo9JKsGJZIsMXG/1JbSNgDzGc/bRQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPeOIS8quJWRFQBSJ2ROdPRzRN3WMB8GA1UdIwQY
MBaAFECiSeresqko/gwudckYJItaGii5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUtKSjZ0NnlxU2otREM1MXlSZ2tpMW9hS0xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hZTU0ODgtMTE5ZC00MGFhLWFlNDAt
ODMzMGU3ZTMyZTE5LzEvOTQ0aEx5cTRsWkVWQUZJblpFNTA5SE5FM2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hZTU0ODgtMTE5ZC00MGFhLWFlNDAtODMzMGU3ZTMyZTE5
LzEvUUtKSjZ0NnlxU2otREM1MXlSZ2tpMW9hS0xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQGU6oAAwMA
VAsDBALDntQwDQQCAAIwBwMFACABGxAwDQYJKoZIhvcNAQELBQADggEBABS1MbNT
LWlgbq/ytZ35k3rP9ETMXs6a6+JmC+zey6FPdppzQiBg7xHPW1wzkuVE4Nwiy1VE
K+y22DkvxEj+aOEocP/eW3mzKVM3Dyaagj5rJBMfCkt64+sL8gNaOJRpnXKk01wV
HDdYBKUcz47fMbuMqoB2qO9DeWTFDDGhY3PEF/EoiwyadXh9HRVk4H2sXFJWDQf0
emzuE1KTiN6lJJpohCN/igf051ZLbPoHYoIxm5EKDCZdkMsK8M6tjYZI0nuIdoxo
FBlOwUkITDDSCztFV1/3yni1i16Em1o4qmhh2KBb5iYP34wc05Upgwy9F48sEd1O
BlpxLnj/hMqkqJU=
-----END CERTIFICATE-----
Generated at Wed Apr 9 22:03:56 2025 by rpki-client