Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/qLkvJ0dRmfL0QBHRb9r1vRVUITA.roa
File: qLkvJ0dRmfL0QBHRb9r1vRVUITA.roa (raw, json)
Hash identifier: uVLCZ/Z/jxamtxU6+Njb90gPAMuKb8Jw/Ec8/lYETUg=
Subject key identifier: A8:B9:2F:27:47:51:99:F2:F4:40:11:D1:6F:DA:F5:BD:15:54:21:30
Certificate issuer: /CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
Certificate serial: 019427B5E021CC924CD8C44F6CBAD942D9A7
Authority key identifier: 1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/qLkvJ0dRmfL0QBHRb9r1vRVUITA.roa
Signing time: Thu 02 Jan 2025 15:50:18 +0000
ROA not before: Thu 02 Jan 2025 15:50:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205394
IP address blocks: 46.226.72.0/21 maxlen: 24
139.28.100.0/22 maxlen: 22
139.28.100.0/24 maxlen: 24
139.28.101.0/24 maxlen: 24
185.176.124.0/22 maxlen: 24
185.180.172.0/23 maxlen: 24
185.201.164.0/22 maxlen: 24
2a00:5a00::/32 maxlen: 48
2a0a:c840::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl
rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.mft
rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:e0:21:cc:92:4c:d8:c4:4f:6c:ba:d9:42:d9:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ee5efbf65897160d55a52dc3a22c017876cd06c
Validity
Not Before: Jan 2 15:50:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8b92f27475199f2f44011d16fdaf5bd15542130
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:1d:78:62:14:1c:e2:79:98:59:5c:2c:e8:51:
c4:a1:39:c6:cb:d5:3f:6d:4e:4e:6a:95:eb:05:8c:
3f:09:46:62:8f:f4:70:f2:f3:a2:c2:c3:ce:d2:55:
65:41:f7:a2:ca:b3:45:b3:7c:37:c1:28:2d:c3:ef:
37:9f:10:65:d0:d7:1e:58:3a:f2:6e:e1:fd:92:66:
bf:29:96:f2:d5:18:76:ac:c6:ec:45:34:f7:0c:d1:
aa:7f:62:fb:5c:e7:8f:79:8c:0b:33:ec:84:71:f8:
ae:60:4a:88:41:18:14:0f:6d:09:af:7d:2e:90:0d:
2f:f3:0a:c0:17:ba:2f:34:0b:31:f4:f4:e7:ee:90:
b7:3a:5c:3f:bc:2f:77:b4:49:2a:a0:1f:6b:51:35:
68:65:e9:16:b1:84:3f:8b:f6:c8:f2:52:67:1d:01:
3f:95:ac:7c:10:f2:8d:e2:62:e2:ca:f5:ee:08:3c:
d1:a7:a5:3d:d2:d1:fc:70:5f:30:c4:b3:9e:33:10:
a2:4b:18:c2:b2:3c:2e:6e:3f:ad:fa:24:89:9c:74:
38:c3:75:52:24:71:87:11:42:64:68:3e:2b:09:b0:
03:39:c6:96:b6:6a:54:e0:0b:14:15:4f:ab:a2:91:
fb:21:f3:05:f7:5c:af:9a:d7:bf:dc:74:3d:d0:ce:
ff:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:B9:2F:27:47:51:99:F2:F4:40:11:D1:6F:DA:F5:BD:15:54:21:30
X509v3 Authority Key Identifier:
keyid:1E:E5:EF:BF:65:89:71:60:D5:5A:52:DC:3A:22:C0:17:87:6C:D0:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/qLkvJ0dRmfL0QBHRb9r1vRVUITA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/332477-c83c-4f80-b1be-7c0db7bae135/1/HuXvv2WJcWDVWlLcOiLAF4ds0Gw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.72.0/21
139.28.100.0/22
185.176.124.0/22
185.180.172.0/23
185.201.164.0/22
IPv6:
2a00:5a00::/32
2a0a:c840::/29
Signature Algorithm: sha256WithRSAEncryption
14:b1:dc:af:a2:11:38:ac:bd:99:6a:f9:b1:f0:e6:84:d0:f2:
e9:5f:70:33:0a:3b:a4:74:9f:13:a7:c2:36:43:6b:aa:7f:20:
62:10:fe:31:be:f7:9d:05:a8:e5:6a:c1:9e:ab:87:ea:3b:27:
9f:b5:e9:06:e3:ea:03:7f:7d:8f:42:94:ae:ba:52:44:8f:de:
6d:e8:d5:7e:72:4d:77:bd:0b:5c:24:ba:ff:79:d2:3c:86:d5:
56:73:b0:19:ec:5a:03:ed:eb:a2:87:14:80:c0:a0:a9:11:8f:
60:44:a2:35:c0:8e:89:10:80:79:dd:33:a2:c3:88:7e:10:ed:
4d:d7:e5:10:35:60:00:4d:b4:f1:f9:79:b1:2a:92:5f:dd:bd:
78:6a:ab:a6:58:18:45:4a:2e:ef:ee:25:2e:b4:03:a5:22:17:
53:b9:c7:ce:c8:0c:d9:81:54:2d:0a:13:54:cc:83:82:bc:51:
92:0e:88:33:41:03:9d:56:9e:8a:6b:a1:22:d2:18:ee:d2:cc:
26:0b:85:af:a4:7d:fe:88:17:f9:f7:a6:cd:de:ae:e1:f3:f7:
be:ce:44:81:dd:fb:15:46:8f:8b:7b:9e:30:23:d6:a0:53:b2:
3d:55:a5:ed:34:31:e5:14:10:40:2c:6f:3c:8f:2d:cc:74:0c:
d4:4a:23:f4
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQnteAhzJJM2MRPbLrZQtmnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZTVlZmJmNjU4OTcxNjBkNTVhNTJkYzNhMjJjMDE3ODc2
Y2QwNmMwHhcNMjUwMTAyMTU1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGI5MmYyNzQ3NTE5OWYyZjQ0MDExZDE2ZmRhZjViZDE1NTQyMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x14YhQc4nmYWVws6FHEoTnGy9U/
bU5OapXrBYw/CUZij/Rw8vOiwsPO0lVlQfeiyrNFs3w3wSgtw+83nxBl0NceWDry
buH9kma/KZby1Rh2rMbsRTT3DNGqf2L7XOePeYwLM+yEcfiuYEqIQRgUD20Jr30u
kA0v8wrAF7ovNAsx9PTn7pC3Olw/vC93tEkqoB9rUTVoZekWsYQ/i/bI8lJnHQE/
lax8EPKN4mLiyvXuCDzRp6U90tH8cF8wxLOeMxCiSxjCsjwubj+t+iSJnHQ4w3VS
JHGHEUJkaD4rCbADOcaWtmpU4AsUFU+ropH7IfMF91yvmte/3HQ90M7/qwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKi5LydHUZny9EAR0W/a9b0VVCEwMB8GA1UdIwQY
MBaAFB7l779liXFg1VpS3DoiwBeHbNBsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUt
N2MwZGI3YmFlMTM1LzEvcUxrdkowZFJtZkwwUUJIUmI5cjF2UlZVSVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zMzI0NzctYzgzYy00ZjgwLWIxYmUtN2MwZGI3YmFlMTM1
LzEvSHVYdnYyV0pjV0RWV2xMY09pTEFGNGRzMEd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDLuJIAwQC
ixxkAwQCubB8AwQBubSsAwQCucmkMBQEAgACMA4DBQAqAFoAAwUDKgrIQDANBgkq
hkiG9w0BAQsFAAOCAQEAFLHcr6IROKy9mWr5sfDmhNDy6V9wMwo7pHSfE6fCNkNr
qn8gYhD+Mb73nQWo5WrBnquH6jsnn7XpBuPqA399j0KUrrpSRI/ebejVfnJNd70L
XCS6/3nSPIbVVnOwGexaA+3roocUgMCgqRGPYESiNcCOiRCAed0zosOIfhDtTdfl
EDVgAE208fl5sSqSX929eGqrplgYRUou7+4lLrQDpSIXU7nHzsgM2YFULQoTVMyD
grxRkg6IM0EDnVaeimuhItIY7tLMJguFr6R9/ogX+femzd6u4fP3vs5Egd37FUaP
i3ueMCPWoFOyPVWl7TQx5RQQQCxvPI8tzHQM1Eoj9A==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:52:36 2025 by rpki-client