Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/WqjB7EtZkSL-ePfOxy2nv62eOkA.roa
File: WqjB7EtZkSL-ePfOxy2nv62eOkA.roa (raw, json)
Hash identifier: PG/xFOwvIaW9rUlAX7rZLKuzOPksgvVi2XmtGvzJW70=
Subject key identifier: 5A:A8:C1:EC:4B:59:91:22:FE:78:F7:CE:C7:2D:A7:BF:AD:9E:3A:40
Certificate issuer: /CN=7d3b2c333b729557ac0be02740b22296d802bf81
Certificate serial: 0194221F5E9531D40ADB1FF74C0B1BD8A878
Authority key identifier: 7D:3B:2C:33:3B:72:95:57:AC:0B:E0:27:40:B2:22:96:D8:02:BF:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fTssMztylVesC-AnQLIiltgCv4E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/WqjB7EtZkSL-ePfOxy2nv62eOkA.roa
Signing time: Wed 01 Jan 2025 13:47:48 +0000
ROA not before: Wed 01 Jan 2025 13:47:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207242
IP address blocks: 185.162.24.0/22 maxlen: 22
185.194.44.0/22 maxlen: 22
185.195.84.0/22 maxlen: 22
185.195.224.0/22 maxlen: 22
185.242.72.0/22 maxlen: 22
2a07:ca40::/29 maxlen: 29
2a0a:4440::/32 maxlen: 32
2a0a:5640::/32 maxlen: 32
2a0a:5f40::/32 maxlen: 32
2a0c:c380::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/fTssMztylVesC-AnQLIiltgCv4E.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/fTssMztylVesC-AnQLIiltgCv4E.mft
rsync://rpki.ripe.net/repository/DEFAULT/fTssMztylVesC-AnQLIiltgCv4E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:5e:95:31:d4:0a:db:1f:f7:4c:0b:1b:d8:a8:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d3b2c333b729557ac0be02740b22296d802bf81
Validity
Not Before: Jan 1 13:47:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5aa8c1ec4b599122fe78f7cec72da7bfad9e3a40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:49:53:4b:1e:8e:ce:f8:9b:36:3b:53:2e:ec:
87:87:14:8f:07:13:cb:c9:38:fb:7e:66:19:f4:c7:
d5:c8:cc:d7:1c:d8:45:48:a3:32:48:90:29:db:29:
3e:1f:1f:52:14:af:07:17:09:76:e3:25:a4:6d:60:
78:6d:b2:91:74:2c:59:f6:ea:d2:27:5d:03:4e:8a:
e8:4e:ca:fb:d6:45:05:36:1a:82:4e:db:02:b4:ec:
01:48:70:02:22:1d:fd:3f:16:02:7f:a9:83:14:5d:
f1:6a:fd:0f:c4:e4:e9:a4:bb:93:2b:9c:93:59:71:
b7:f4:e4:c9:f9:b9:81:48:ad:42:b6:78:dc:b0:04:
2d:64:80:b9:0f:ad:e3:87:87:8b:1a:f5:53:da:8f:
d6:76:b4:7d:a5:56:bb:1b:6b:13:e7:db:24:fa:60:
53:22:b8:b6:ce:9b:e3:b3:c8:12:fa:73:21:3e:ce:
5a:5d:03:be:5f:c2:2a:2b:f6:86:30:92:ec:b9:60:
09:29:74:44:f9:4d:9c:e2:25:54:6f:ff:c7:19:76:
bf:32:57:98:5b:44:7d:84:5c:aa:ee:13:a7:81:41:
69:a1:4a:68:f0:bf:09:6e:66:9c:a0:9f:5a:31:69:
54:fe:81:f7:a1:02:2b:ca:32:9d:7f:b1:2d:fd:46:
52:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:A8:C1:EC:4B:59:91:22:FE:78:F7:CE:C7:2D:A7:BF:AD:9E:3A:40
X509v3 Authority Key Identifier:
keyid:7D:3B:2C:33:3B:72:95:57:AC:0B:E0:27:40:B2:22:96:D8:02:BF:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTssMztylVesC-AnQLIiltgCv4E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/WqjB7EtZkSL-ePfOxy2nv62eOkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/fTssMztylVesC-AnQLIiltgCv4E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.162.24.0/22
185.194.44.0/22
185.195.84.0/22
185.195.224.0/22
185.242.72.0/22
IPv6:
2a07:ca40::/29
2a0a:4440::/32
2a0a:5640::/32
2a0a:5f40::/32
2a0c:c380::/32
Signature Algorithm: sha256WithRSAEncryption
2c:2f:f8:c4:17:27:e4:5a:24:c8:cf:78:43:5d:56:fb:7c:6c:
0c:70:95:20:37:70:3e:2a:14:0d:3c:b3:fa:71:cc:3e:e2:bc:
dd:e6:59:cb:f7:e8:f8:49:9f:32:37:2b:a3:a2:26:82:d7:fb:
7c:85:f6:5c:5f:08:12:ad:d9:2f:dc:22:28:b1:fc:31:0b:01:
45:74:14:2c:03:04:b2:ea:59:c0:31:7f:2f:f9:b1:f9:c0:24:
db:cb:8b:cb:62:a6:2f:cb:ff:23:0e:94:c3:8c:b6:3e:45:26:
c1:a8:a1:b9:45:92:f6:35:73:cd:e4:62:fe:a3:5c:0d:11:33:
2d:a6:33:8b:1e:99:83:b8:42:f8:b4:c6:b0:3f:4d:c1:2c:d4:
db:65:53:6f:bd:3b:bd:25:70:1a:f0:e5:6e:7b:15:de:61:fd:
d8:13:b5:38:34:6a:e6:b7:80:11:f4:90:b3:01:88:d1:41:22:
d5:ae:3a:78:80:af:14:74:92:db:a1:70:a0:80:6e:0f:1a:50:
c4:2b:62:19:73:01:25:c2:37:f3:32:29:da:6f:31:50:93:41:
47:41:84:c3:f6:03:a4:0b:a5:5e:e0:58:42:60:4c:55:ab:c9:
59:3d:63:05:3a:ee:15:c0:4c:70:33:90:3c:c1:36:b6:22:3c:
ed:df:f2:c4
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAZQiH16VMdQK2x/3TAsb2Kh4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkM2IyYzMzM2I3Mjk1NTdhYzBiZTAyNzQwYjIyMjk2ZDgw
MmJmODEwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWE4YzFlYzRiNTk5MTIyZmU3OGY3Y2VjNzJkYTdiZmFkOWUzYTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArElTSx6OzvibNjtTLuyHhxSPBxPL
yTj7fmYZ9MfVyMzXHNhFSKMySJAp2yk+Hx9SFK8HFwl24yWkbWB4bbKRdCxZ9urS
J10DToroTsr71kUFNhqCTtsCtOwBSHACIh39PxYCf6mDFF3xav0PxOTppLuTK5yT
WXG39OTJ+bmBSK1CtnjcsAQtZIC5D63jh4eLGvVT2o/WdrR9pVa7G2sT59sk+mBT
Iri2zpvjs8gS+nMhPs5aXQO+X8IqK/aGMJLsuWAJKXRE+U2c4iVUb//HGXa/MleY
W0R9hFyq7hOngUFpoUpo8L8JbmacoJ9aMWlU/oH3oQIryjKdf7Et/UZSTQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFFqowexLWZEi/nj3zsctp7+tnjpAMB8GA1UdIwQY
MBaAFH07LDM7cpVXrAvgJ0CyIpbYAr+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRzc016dHlsVmVzQy1BblFMSWlsdGdDdjRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS82YjFiNjQtMjU2NC00N2E3LWIxYzEt
NTI4MzVkYjY1MTJjLzEvV3FqQjdFdFprU0wtZVBmT3h5Mm52NjJlT2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS82YjFiNjQtMjU2NC00N2E3LWIxYzEtNTI4MzVkYjY1MTJj
LzEvZlRzc016dHlsVmVzQy1BblFMSWlsdGdDdjRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAkBAIAATAeAwQCuaIYAwQC
ucIsAwQCucNUAwQCucPgAwQCufJIMCkEAgACMCMDBQMqB8pAAwUAKgpEQAMFACoK
VkADBQAqCl9AAwUAKgzDgDANBgkqhkiG9w0BAQsFAAOCAQEALC/4xBcn5FokyM94
Q11W+3xsDHCVIDdwPioUDTyz+nHMPuK83eZZy/fo+EmfMjcro6Imgtf7fIX2XF8I
Eq3ZL9wiKLH8MQsBRXQULAMEsupZwDF/L/mx+cAk28uLy2KmL8v/Iw6Uw4y2PkUm
waihuUWS9jVzzeRi/qNcDREzLaYzix6Zg7hC+LTGsD9NwSzU22VTb707vSVwGvDl
bnsV3mH92BO1ODRq5reAEfSQswGI0UEi1a46eICvFHSS26FwoIBuDxpQxCtiGXMB
JcI38zIp2m8xUJNBR0GEw/YDpAulXuBYQmBMVavJWT1jBTruFcBMcDOQPME2tiI8
7d/yxA==
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:11:27 2025 by rpki-client