Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/0qa8r-MxNMLt6tCXa-K5V6QBkro.roa
File: 0qa8r-MxNMLt6tCXa-K5V6QBkro.roa (raw, json)
Hash identifier: oU+YFw1zeHKoa31/el8AmGzlkf3ldrnYHs0Qc542gzw=
Subject key identifier: D2:A6:BC:AF:E3:31:34:C2:ED:EA:D0:97:6B:E2:B9:57:A4:01:92:BA
Certificate issuer: /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial: 019421B190FA7E1FA19AC0899C6BC24FBBFD
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/0qa8r-MxNMLt6tCXa-K5V6QBkro.roa
Signing time: Wed 01 Jan 2025 11:47:52 +0000
ROA not before: Wed 01 Jan 2025 11:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199775
IP address blocks: 45.94.32.0/22 maxlen: 24
46.36.192.0/21 maxlen: 24
185.6.152.0/22 maxlen: 24
185.65.164.0/22 maxlen: 24
185.95.108.0/22 maxlen: 24
185.168.132.0/22 maxlen: 24
185.182.52.0/22 maxlen: 24
185.208.240.0/22 maxlen: 22
185.242.218.0/24 maxlen: 24
194.126.152.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 08:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:90:fa:7e:1f:a1:9a:c0:89:9c:6b:c2:4f:bb:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Validity
Not Before: Jan 1 11:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2a6bcafe33134c2edead0976be2b957a40192ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:bd:1c:97:cd:ce:e6:3d:1e:3b:4e:01:3f:dc:
71:ec:73:1a:ec:94:71:21:e2:65:11:3f:3b:bf:80:
9c:46:54:df:6d:3a:75:d7:e1:5b:e2:57:61:e5:96:
f0:22:cb:42:c5:b9:d6:f8:f2:89:13:cb:fd:9c:9e:
c4:d6:c5:59:5e:38:33:e9:55:ae:b5:19:60:4a:0b:
c2:ff:19:ce:05:5e:ac:c7:d8:82:d6:1b:75:c7:b7:
34:c6:a3:44:e4:a6:c1:a4:c1:cf:94:bb:e1:af:01:
9a:53:80:fe:1c:7c:f8:cc:8b:91:49:94:ce:d0:6f:
68:8e:a3:91:d7:f0:4b:fc:ff:b9:4b:a0:68:8b:0a:
36:3d:32:1d:83:06:90:c5:3b:4d:4d:96:e6:8b:9d:
3d:07:20:3f:10:28:1e:ed:ba:59:c8:01:fc:e7:62:
13:cf:ea:de:99:54:6d:21:8c:9a:57:8f:7e:8e:35:
8e:12:d8:df:64:12:97:4e:c6:34:7a:49:3a:ff:7b:
af:81:9e:ca:aa:e6:4a:6d:cc:e0:fa:60:e4:11:1d:
3e:49:94:9d:43:f1:ec:5b:9a:69:b5:5b:4f:57:93:
29:08:19:45:53:4b:88:0f:1e:b6:4c:a1:68:79:c6:
27:ca:dd:f9:11:e9:3c:67:4a:45:45:94:b2:b0:e1:
ba:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:A6:BC:AF:E3:31:34:C2:ED:EA:D0:97:6B:E2:B9:57:A4:01:92:BA
X509v3 Authority Key Identifier:
keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/0qa8r-MxNMLt6tCXa-K5V6QBkro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.94.32.0/22
46.36.192.0/21
185.6.152.0/22
185.65.164.0/22
185.95.108.0/22
185.168.132.0/22
185.182.52.0/22
185.208.240.0/22
185.242.218.0/24
194.126.152.0/22
Signature Algorithm: sha256WithRSAEncryption
09:85:cf:95:51:e3:5b:7e:37:8e:a7:1f:51:bf:c1:65:0a:43:
fd:fd:3e:5a:2b:67:2e:17:60:ad:8b:6f:5e:08:69:eb:d9:6f:
aa:47:e3:c3:ba:c3:54:3b:77:32:2d:dc:3b:8b:2c:33:d4:7e:
18:cd:87:12:45:39:ef:6e:01:78:d7:7c:28:e4:df:bd:2a:95:
d1:d8:7a:73:2b:e9:c8:ac:2d:04:57:77:2f:da:e0:1c:61:b8:
1b:d7:9f:05:8e:a6:ef:fc:43:a7:a7:13:a8:05:2f:37:c2:74:
bb:67:66:81:e7:5f:7e:3c:de:fb:1d:ab:d5:4e:0c:e6:32:90:
bc:eb:03:d1:c7:96:f6:4b:95:c6:4e:d5:eb:b0:ff:48:13:0f:
1d:43:18:19:b1:3c:9c:ca:b2:b5:c5:ca:69:bf:49:d9:38:9f:
a8:3c:8e:b7:e3:4f:ec:e2:bf:da:18:20:11:3f:12:e2:6a:fb:
a7:3d:5d:f5:0d:d7:0f:c1:09:c8:29:a9:0e:d3:42:c1:21:dc:
22:91:59:3d:f3:bc:44:07:1d:26:c4:ca:5b:d5:c2:7c:e1:d0:
25:1b:c5:60:40:ed:e4:37:09:e6:40:0e:56:ed:36:94:ed:43:
fe:ac:1a:8d:9e:66:b3:30:2c:0e:ad:72:f5:69:89:01:03:96:
c5:32:2d:6a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQhsZD6fh+hmsCJnGvCT7v9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjUwMTAxMTE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmE2YmNhZmUzMzEzNGMyZWRlYWQwOTc2YmUyYjk1N2E0MDE5MmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb0cl83O5j0eO04BP9xx7HMa7JRx
IeJlET87v4CcRlTfbTp11+Fb4ldh5ZbwIstCxbnW+PKJE8v9nJ7E1sVZXjgz6VWu
tRlgSgvC/xnOBV6sx9iC1ht1x7c0xqNE5KbBpMHPlLvhrwGaU4D+HHz4zIuRSZTO
0G9ojqOR1/BL/P+5S6Boiwo2PTIdgwaQxTtNTZbmi509ByA/ECge7bpZyAH852IT
z+remVRtIYyaV49+jjWOEtjfZBKXTsY0ekk6/3uvgZ7KquZKbczg+mDkER0+SZSd
Q/HsW5pptVtPV5MpCBlFU0uIDx62TKFoecYnyt35Eek8Z0pFRZSysOG6IwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNKmvK/jMTTC7erQl2viuVekAZK6MB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvMHFhOHItTXhOTUx0NnRDWGEtSzVWNlFCa3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCLV4gAwQD
LiTAAwQCuQaYAwQCuUGkAwQCuV9sAwQCuaiEAwQCubY0AwQCudDwAwQAufLaAwQC
wn6YMA0GCSqGSIb3DQEBCwUAA4IBAQAJhc+VUeNbfjeOpx9Rv8FlCkP9/T5aK2cu
F2Cti29eCGnr2W+qR+PDusNUO3cyLdw7iywz1H4YzYcSRTnvbgF413wo5N+9KpXR
2HpzK+nIrC0EV3cv2uAcYbgb158Fjqbv/EOnpxOoBS83wnS7Z2aB519+PN77HavV
TgzmMpC86wPRx5b2S5XGTtXrsP9IEw8dQxgZsTycyrK1xcppv0nZOJ+oPI6340/s
4r/aGCARPxLiavunPV31DdcPwQnIKakO00LBIdwikVk987xEBx0mxMpb1cJ84dAl
G8VgQO3kNwnmQA5W7TaU7UP+rBqNnmazMCwOrXL1aYkBA5bFMi1q
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:53:53 2025 by rpki-client