Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7b13fe-f62f-4e93-821e-e33ae106b54d/1/Qhw2m_H5wgy1bU1_w7tg_sEon00.roa
File: Qhw2m_H5wgy1bU1_w7tg_sEon00.roa (raw, json)
Hash identifier: OI2KiRz3XriFCi8yNAm0vl8e78xAWnDgkIja/W4YfWk=
Subject key identifier: 42:1C:36:9B:F1:F9:C2:0C:B5:6D:4D:7F:C3:BB:60:FE:C1:28:9F:4D
Certificate issuer: /CN=d3592aac489522d5db18fd6391e035a9778ea3b1
Certificate serial: 019422FB73532C45A955A7E4FD29FA555A46
Authority key identifier: D3:59:2A:AC:48:95:22:D5:DB:18:FD:63:91:E0:35:A9:77:8E:A3:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/01kqrEiVItXbGP1jkeA1qXeOo7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/7b13fe-f62f-4e93-821e-e33ae106b54d/1/Qhw2m_H5wgy1bU1_w7tg_sEon00.roa
Signing time: Wed 01 Jan 2025 17:48:11 +0000
ROA not before: Wed 01 Jan 2025 17:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33876
IP address blocks: 91.198.47.0/24 maxlen: 24
94.126.168.0/21 maxlen: 24
176.61.144.0/21 maxlen: 21
176.111.104.0/22 maxlen: 22
176.111.104.0/24 maxlen: 24
185.11.164.0/22 maxlen: 24
185.12.116.0/22 maxlen: 24
185.76.4.0/22 maxlen: 24
194.8.30.0/24 maxlen: 24
2a03:8bc0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/7b13fe-f62f-4e93-821e-e33ae106b54d/1/01kqrEiVItXbGP1jkeA1qXeOo7E.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/7b13fe-f62f-4e93-821e-e33ae106b54d/1/01kqrEiVItXbGP1jkeA1qXeOo7E.mft
rsync://rpki.ripe.net/repository/DEFAULT/01kqrEiVItXbGP1jkeA1qXeOo7E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:73:53:2c:45:a9:55:a7:e4:fd:29:fa:55:5a:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3592aac489522d5db18fd6391e035a9778ea3b1
Validity
Not Before: Jan 1 17:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=421c369bf1f9c20cb56d4d7fc3bb60fec1289f4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:dc:cf:5c:0d:29:9d:f0:35:d4:f2:64:fc:4e:
87:a4:cd:3b:23:36:a4:04:95:e3:35:fd:ca:18:b7:
45:19:51:32:cb:01:89:51:60:5a:78:bf:0f:63:e5:
ce:35:96:ee:3f:60:80:ee:c1:5e:fa:3c:3b:24:86:
13:55:c2:4c:35:8e:81:61:f0:12:c2:62:de:c5:ce:
f1:bc:31:df:07:43:46:96:a2:24:54:58:e8:af:cb:
37:5b:bc:6c:0f:18:54:8b:70:79:aa:77:51:9f:c3:
fb:77:f0:e9:5f:59:8c:0f:7a:58:dc:0f:98:a9:7c:
ff:d4:c3:20:86:a6:cd:0e:74:57:a3:aa:e5:c7:6c:
7b:c2:25:cd:ab:4c:3c:3b:3b:6b:5c:f5:8a:fb:f2:
82:a5:3f:7d:0e:59:d2:9a:b2:ff:24:5c:0d:d3:9d:
3b:21:c9:f6:79:84:d6:2f:4d:10:a6:99:b7:78:27:
2d:25:75:32:d0:0a:46:3b:43:79:5b:7f:d5:94:7b:
63:84:84:5b:5d:28:58:6b:1b:fa:2c:36:4d:25:95:
b9:04:af:23:27:6b:e3:d5:2d:75:18:ef:93:c7:6e:
1a:72:a5:bb:ae:c7:e0:ad:5e:92:96:be:8b:39:16:
7d:48:cc:43:f8:4c:c9:4c:b0:b0:db:4f:31:8b:fc:
90:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:1C:36:9B:F1:F9:C2:0C:B5:6D:4D:7F:C3:BB:60:FE:C1:28:9F:4D
X509v3 Authority Key Identifier:
keyid:D3:59:2A:AC:48:95:22:D5:DB:18:FD:63:91:E0:35:A9:77:8E:A3:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01kqrEiVItXbGP1jkeA1qXeOo7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7b13fe-f62f-4e93-821e-e33ae106b54d/1/Qhw2m_H5wgy1bU1_w7tg_sEon00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7b13fe-f62f-4e93-821e-e33ae106b54d/1/01kqrEiVItXbGP1jkeA1qXeOo7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.47.0/24
94.126.168.0/21
176.61.144.0/21
176.111.104.0/22
185.11.164.0/22
185.12.116.0/22
185.76.4.0/22
194.8.30.0/24
IPv6:
2a03:8bc0::/32
Signature Algorithm: sha256WithRSAEncryption
88:f4:56:43:2c:95:7b:b5:4f:7f:a3:3c:ce:de:d7:fa:21:65:
f6:fe:6f:a0:35:a8:81:26:f7:36:e0:7e:f7:72:0b:d8:03:41:
d2:b1:2a:33:06:79:32:f9:ce:bb:15:2f:3f:e0:98:1c:b0:82:
c5:48:c3:fc:8c:02:f8:e8:c3:5d:a9:eb:3e:61:f6:b3:d8:88:
db:d2:1c:eb:39:5a:81:7a:2f:49:cf:46:c0:c6:b5:62:35:cf:
f6:75:2f:50:8a:84:09:57:42:3e:6e:6f:27:28:bf:89:94:f0:
94:d2:5c:a8:c3:b0:bb:f3:44:71:4b:eb:d3:62:d9:66:f2:59:
37:df:d7:2a:cb:03:21:32:cd:22:c0:60:25:c2:05:ac:30:26:
9d:71:97:88:61:f8:b3:62:49:81:f1:b5:9d:ff:0b:b5:df:1e:
34:85:66:14:ce:a8:5c:c7:4d:00:7a:6d:2d:a8:db:a7:67:5f:
17:2d:bb:1d:49:93:38:c7:68:ca:e2:26:f1:25:1b:55:2c:94:
56:8d:61:8f:48:21:72:7d:b2:6e:80:5e:4e:1a:7f:39:fe:e1:
5a:22:c3:71:09:25:68:ff:7c:63:b2:ef:f4:e7:2c:9c:38:7d:
88:88:89:84:aa:08:9d:e3:f6:61:b7:14:df:d9:88:64:0c:b9:
13:90:7b:62
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQi+3NTLEWpVafk/Sn6VVpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTkyYWFjNDg5NTIyZDVkYjE4ZmQ2MzkxZTAzNWE5Nzc4
ZWEzYjEwHhcNMjUwMTAxMTc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjFjMzY5YmYxZjljMjBjYjU2ZDRkN2ZjM2JiNjBmZWMxMjg5ZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9zPXA0pnfA11PJk/E6HpM07Izak
BJXjNf3KGLdFGVEyywGJUWBaeL8PY+XONZbuP2CA7sFe+jw7JIYTVcJMNY6BYfAS
wmLexc7xvDHfB0NGlqIkVFjor8s3W7xsDxhUi3B5qndRn8P7d/DpX1mMD3pY3A+Y
qXz/1MMghqbNDnRXo6rlx2x7wiXNq0w8OztrXPWK+/KCpT99DlnSmrL/JFwN0507
Icn2eYTWL00Qppm3eCctJXUy0ApGO0N5W3/VlHtjhIRbXShYaxv6LDZNJZW5BK8j
J2vj1S11GO+Tx24acqW7rsfgrV6Slr6LORZ9SMxD+EzJTLCw208xi/yQCQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEIcNpvx+cIMtW1Nf8O7YP7BKJ9NMB8GA1UdIwQY
MBaAFNNZKqxIlSLV2xj9Y5HgNal3jqOxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFrcXJFaVZJdFhiR1AxamtlQTFxWGVPbzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YjEzZmUtZjYyZi00ZTkzLTgyMWUt
ZTMzYWUxMDZiNTRkLzEvUWh3Mm1fSDV3Z3kxYlUxX3c3dGdfc0VvbjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YjEzZmUtZjYyZi00ZTkzLTgyMWUtZTMzYWUxMDZiNTRk
LzEvMDFrcXJFaVZJdFhiR1AxamtlQTFxWGVPbzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQAW8YvAwQD
Xn6oAwQDsD2QAwQCsG9oAwQCuQukAwQCuQx0AwQCuUwEAwQAwggeMA0EAgACMAcD
BQAqA4vAMA0GCSqGSIb3DQEBCwUAA4IBAQCI9FZDLJV7tU9/ozzO3tf6IWX2/m+g
NaiBJvc24H73cgvYA0HSsSozBnky+c67FS8/4JgcsILFSMP8jAL46MNdqes+Yfaz
2Ijb0hzrOVqBei9Jz0bAxrViNc/2dS9QioQJV0I+bm8nKL+JlPCU0lyow7C780Rx
S+vTYtlm8lk339cqywMhMs0iwGAlwgWsMCadcZeIYfizYkmB8bWd/wu13x40hWYU
zqhcx00Aem0tqNunZ18XLbsdSZM4x2jK4ibxJRtVLJRWjWGPSCFyfbJugF5OGn85
/uFaIsNxCSVo/3xjsu/05yycOH2IiImEqgid4/ZhtxTf2YhkDLkTkHti
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:50:44 2025 by rpki-client