Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/QNOJOIm1SKvhgHP8ibivnBfVSQA.roa
File: QNOJOIm1SKvhgHP8ibivnBfVSQA.roa (raw, json)
Hash identifier: pi8uHE5UurLC5GTyPY+S33YCsYwTr9zqOvpf//OyfMo=
Subject key identifier: 40:D3:89:38:89:B5:48:AB:E1:80:73:FC:89:B8:AF:9C:17:D5:49:00
Certificate issuer: /CN=9efd8a0e6e6dd56a6ef8289e4b184f0ca00c33dd
Certificate serial: 019423D7044BAB2475759F05DA92E782EEDC
Authority key identifier: 9E:FD:8A:0E:6E:6D:D5:6A:6E:F8:28:9E:4B:18:4F:0C:A0:0C:33:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nv2KDm5t1Wpu-CieSxhPDKAMM90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/QNOJOIm1SKvhgHP8ibivnBfVSQA.roa
Signing time: Wed 01 Jan 2025 21:48:01 +0000
ROA not before: Wed 01 Jan 2025 21:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15525
IP address blocks: 62.28.0.0/16 maxlen: 24
62.48.128.0/17 maxlen: 24
83.240.128.0/17 maxlen: 24
185.17.228.0/22 maxlen: 24
192.88.123.0/24 maxlen: 24
192.91.177.0/24 maxlen: 24
192.133.15.0/24 maxlen: 24
212.55.160.0/20 maxlen: 24
212.55.176.0/21 maxlen: 24
2a02:818::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/nv2KDm5t1Wpu-CieSxhPDKAMM90.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/nv2KDm5t1Wpu-CieSxhPDKAMM90.mft
rsync://rpki.ripe.net/repository/DEFAULT/nv2KDm5t1Wpu-CieSxhPDKAMM90.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 16:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:04:4b:ab:24:75:75:9f:05:da:92:e7:82:ee:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9efd8a0e6e6dd56a6ef8289e4b184f0ca00c33dd
Validity
Not Before: Jan 1 21:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40d3893889b548abe18073fc89b8af9c17d54900
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:7f:c7:77:b5:ef:86:92:e8:37:73:dc:1e:3f:
61:76:78:a7:65:8f:42:bb:5c:6d:cc:96:26:40:89:
1e:24:5d:1e:ef:59:c2:ee:75:a8:70:32:d1:c5:8e:
bf:e4:68:36:86:7b:13:2d:9f:a9:d4:e7:66:31:29:
35:5c:1c:c2:2a:39:5c:61:4b:89:11:1f:d3:5a:37:
e3:9f:dc:b1:e8:b7:2a:0b:ab:ef:ec:40:c2:70:0c:
6a:50:ca:e4:5e:21:dd:20:28:95:62:06:98:04:d6:
e1:cb:69:cd:df:3f:83:33:48:8c:1c:e7:c1:59:76:
4c:19:48:54:0e:14:58:68:a4:ed:60:10:03:a6:38:
41:99:ef:15:74:7b:2f:9d:f5:df:01:da:8b:92:d3:
01:b3:b9:f2:27:81:c1:ff:96:b7:83:3f:91:ef:57:
6c:d6:e2:ea:c3:7f:75:e9:a3:1a:1e:0d:3f:88:01:
57:40:eb:81:74:54:04:7b:41:9f:a4:b3:78:f3:bb:
21:21:b4:b6:56:92:86:d3:eb:df:6d:28:34:5b:2f:
c2:41:64:24:ed:14:13:a0:23:b0:ee:cb:11:48:48:
51:00:9a:36:04:d6:6a:c6:82:ff:52:ce:77:30:38:
2d:1e:66:ff:6a:1d:9a:c5:32:c9:60:37:e4:a0:38:
20:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:D3:89:38:89:B5:48:AB:E1:80:73:FC:89:B8:AF:9C:17:D5:49:00
X509v3 Authority Key Identifier:
keyid:9E:FD:8A:0E:6E:6D:D5:6A:6E:F8:28:9E:4B:18:4F:0C:A0:0C:33:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nv2KDm5t1Wpu-CieSxhPDKAMM90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/QNOJOIm1SKvhgHP8ibivnBfVSQA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d53d7c-a832-47b3-9f94-59c23054442d/1/nv2KDm5t1Wpu-CieSxhPDKAMM90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.28.0.0/16
62.48.128.0/17
83.240.128.0/17
185.17.228.0/22
192.88.123.0/24
192.91.177.0/24
192.133.15.0/24
212.55.160.0-212.55.183.255
IPv6:
2a02:818::/32
Signature Algorithm: sha256WithRSAEncryption
54:49:49:ef:bc:8e:ae:98:89:27:83:66:be:f4:12:f4:f2:fd:
73:f9:09:67:8a:e6:8e:b4:4b:a1:1e:71:48:10:9b:26:b5:cc:
41:5c:ac:35:e8:3c:63:d4:01:b7:49:e9:84:f7:16:b9:98:3b:
20:21:8b:d3:94:7a:b1:b8:f2:cd:a7:b6:5a:e8:87:f3:70:6e:
5a:06:22:99:2a:32:fb:22:d0:24:3c:ac:50:f4:10:a4:42:f2:
eb:fc:e0:12:b0:0f:69:8e:f0:ee:4c:77:f9:df:90:3d:19:25:
f3:54:b7:4e:7a:dc:c2:a0:6c:a3:e2:ba:f8:42:cb:bb:57:c0:
99:ce:77:7e:85:aa:9d:67:16:54:90:45:d0:68:86:fc:68:4f:
71:da:0f:c7:9f:6e:27:59:c6:c5:03:7c:13:3e:aa:5b:45:dc:
fb:32:04:6f:24:53:c8:07:79:81:93:fa:50:13:90:a1:2d:9e:
ba:7d:78:74:40:b0:80:25:62:db:8d:d5:19:03:0d:14:a7:e2:
1f:e5:d6:21:19:7a:2d:19:d6:38:df:04:ce:c4:e0:81:22:37:
d2:bd:5f:f5:a6:ed:9e:de:c5:1e:9e:85:88:8f:c6:62:e5:86:
e2:11:ca:88:61:ed:fa:c2:9f:36:66:dc:81:f3:50:84:7f:dd:
fc:b9:84:54
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQj1wRLqyR1dZ8F2pLngu7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZmQ4YTBlNmU2ZGQ1NmE2ZWY4Mjg5ZTRiMTg0ZjBjYTAw
YzMzZGQwHhcNMjUwMTAxMjE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQzODkzODg5YjU0OGFiZTE4MDczZmM4OWI4YWY5YzE3ZDU0OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn/Hd7XvhpLoN3PcHj9hdninZY9C
u1xtzJYmQIkeJF0e71nC7nWocDLRxY6/5Gg2hnsTLZ+p1OdmMSk1XBzCKjlcYUuJ
ER/TWjfjn9yx6LcqC6vv7EDCcAxqUMrkXiHdICiVYgaYBNbhy2nN3z+DM0iMHOfB
WXZMGUhUDhRYaKTtYBADpjhBme8VdHsvnfXfAdqLktMBs7nyJ4HB/5a3gz+R71ds
1uLqw3916aMaHg0/iAFXQOuBdFQEe0GfpLN487shIbS2VpKG0+vfbSg0Wy/CQWQk
7RQToCOw7ssRSEhRAJo2BNZqxoL/Us53MDgtHmb/ah2axTLJYDfkoDggAQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEDTiTiJtUir4YBz/Im4r5wX1UkAMB8GA1UdIwQY
MBaAFJ79ig5ubdVqbvgonksYTwygDDPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnYyS0RtNXQxV3B1LUNpZVN4aFBES0FNTTkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNTNkN2MtYTgzMi00N2IzLTlmOTQt
NTljMjMwNTQ0NDJkLzEvUU5PSk9JbTFTS3ZoZ0hQOGliaXZuQmZWU1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNTNkN2MtYTgzMi00N2IzLTlmOTQtNTljMjMwNTQ0NDJk
LzEvbnYyS0RtNXQxV3B1LUNpZVN4aFBES0FNTTkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwMAPhwDBAc+
MIADBAdT8IADBAK5EeQDBADAWHsDBADAW7EDBADAhQ8wDAMEBdQ3oAMEA9Q3sDAN
BAIAAjAHAwUAKgIIGDANBgkqhkiG9w0BAQsFAAOCAQEAVElJ77yOrpiJJ4NmvvQS
9PL9c/kJZ4rmjrRLoR5xSBCbJrXMQVysNeg8Y9QBt0nphPcWuZg7ICGL05R6sbjy
zae2WuiH83BuWgYimSoy+yLQJDysUPQQpELy6/zgErAPaY7w7kx3+d+QPRkl81S3
TnrcwqBso+K6+ELLu1fAmc53foWqnWcWVJBF0GiG/GhPcdoPx59uJ1nGxQN8Ez6q
W0Xc+zIEbyRTyAd5gZP6UBOQoS2eun14dECwgCVi243VGQMNFKfiH+XWIRl6LRnW
ON8EzsTggSI30r1f9abtnt7FHp6FiI/GYuWG4hHKiGHt+sKfNmbcgfNQhH/d/LmE
VA==
-----END CERTIFICATE-----
Generated at Mon Apr 7 01:08:08 2025 by rpki-client