Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/36db54-c043-4554-8492-752c95c9cf79/1/fTfqf3RzH3ibTJ1sVk6qwuCUTso.roa
File: fTfqf3RzH3ibTJ1sVk6qwuCUTso.roa (raw, json)
Hash identifier: zZbWW91JqjxpGk5DcSBhXzXRcrXTOVjIQL0IYt57KX0=
Subject key identifier: 7D:37:EA:7F:74:73:1F:78:9B:4C:9D:6C:56:4E:AA:C2:E0:94:4E:CA
Certificate issuer: /CN=27441605fdeb5d9c3deabee2f5d7c667d96fd8e0
Certificate serial: 019513927EC176CEB61AF0716D9A2AF185F6
Authority key identifier: 27:44:16:05:FD:EB:5D:9C:3D:EA:BE:E2:F5:D7:C6:67:D9:6F:D8:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J0QWBf3rXZw96r7i9dfGZ9lv2OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/36db54-c043-4554-8492-752c95c9cf79/1/fTfqf3RzH3ibTJ1sVk6qwuCUTso.roa
Signing time: Mon 17 Feb 2025 11:02:02 +0000
ROA not before: Mon 17 Feb 2025 11:02:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207026
IP address blocks: 185.168.104.0/22 maxlen: 22
185.168.104.0/23 maxlen: 23
185.168.104.0/24 maxlen: 24
185.168.105.0/24 maxlen: 24
185.168.106.0/23 maxlen: 23
185.168.106.0/24 maxlen: 24
185.168.107.0/24 maxlen: 24
2a0b:fe00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/36db54-c043-4554-8492-752c95c9cf79/1/J0QWBf3rXZw96r7i9dfGZ9lv2OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/36db54-c043-4554-8492-752c95c9cf79/1/J0QWBf3rXZw96r7i9dfGZ9lv2OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/J0QWBf3rXZw96r7i9dfGZ9lv2OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:13:92:7e:c1:76:ce:b6:1a:f0:71:6d:9a:2a:f1:85:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27441605fdeb5d9c3deabee2f5d7c667d96fd8e0
Validity
Not Before: Feb 17 11:02:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d37ea7f74731f789b4c9d6c564eaac2e0944eca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:84:1a:5d:e6:c9:e8:14:dc:78:71:84:00:51:
e3:15:72:3f:ca:ac:29:29:b6:a4:f1:45:82:7b:15:
7f:91:bf:ee:98:75:7d:70:b5:9b:dd:24:b2:7e:ef:
24:a1:68:9e:f0:08:a8:82:75:84:6d:a8:2b:86:df:
55:0d:02:9c:45:66:c5:16:43:12:8f:d5:7a:2b:2f:
05:ea:21:a3:52:7f:37:6e:88:0a:da:93:56:1f:90:
5c:07:29:b9:f0:6f:28:27:de:fe:db:82:0d:28:52:
35:05:0c:cd:a9:8c:d6:50:57:6c:40:2d:e5:ed:a1:
97:19:fb:49:5c:8d:e9:84:de:2e:b4:1b:74:b6:18:
d2:e7:21:15:52:22:ca:b6:a3:a7:7c:16:77:c8:c3:
90:0a:9a:5b:7d:d0:ba:7e:30:a1:3d:4b:f3:84:55:
75:2f:33:72:5a:81:6c:10:a5:8b:16:a9:cb:49:1b:
da:88:56:6c:42:82:79:2c:ed:18:9d:30:42:a6:bd:
6c:db:34:2d:82:c4:fc:b6:1e:fa:a2:22:3b:60:d8:
de:56:73:4b:73:80:c2:8c:58:a4:da:14:0c:99:54:
36:fa:6f:fa:54:2d:5c:fa:25:d5:a6:f2:c9:6b:83:
38:d6:42:ab:8c:d6:77:cb:8d:bd:1e:3e:c3:5e:9c:
f4:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:37:EA:7F:74:73:1F:78:9B:4C:9D:6C:56:4E:AA:C2:E0:94:4E:CA
X509v3 Authority Key Identifier:
keyid:27:44:16:05:FD:EB:5D:9C:3D:EA:BE:E2:F5:D7:C6:67:D9:6F:D8:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J0QWBf3rXZw96r7i9dfGZ9lv2OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36db54-c043-4554-8492-752c95c9cf79/1/fTfqf3RzH3ibTJ1sVk6qwuCUTso.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/36db54-c043-4554-8492-752c95c9cf79/1/J0QWBf3rXZw96r7i9dfGZ9lv2OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.168.104.0/22
IPv6:
2a0b:fe00::/29
Signature Algorithm: sha256WithRSAEncryption
71:71:a2:82:1a:a2:32:dc:1f:e9:51:53:f3:df:b8:42:45:de:
f8:4f:ba:3c:36:8e:b0:62:f8:0f:94:e8:ad:dc:21:23:c2:b4:
3c:cf:07:23:55:81:7b:61:33:d5:ff:b6:0f:6b:7f:a3:7d:91:
67:2b:c4:06:4b:c8:84:15:c3:6a:8a:44:ef:0d:1b:e1:10:6e:
51:5a:67:48:c5:7a:e5:b3:72:78:ea:36:24:b1:6d:62:a3:e7:
09:7a:67:49:e5:27:31:f1:01:8b:d9:41:f9:26:1d:89:6e:13:
7d:1b:cc:70:69:10:b5:95:0a:f5:aa:a2:aa:18:9e:1a:24:c0:
9e:f0:44:dd:f9:ed:09:66:c3:34:1a:ea:c5:dd:9a:ef:88:69:
9b:b5:42:b8:65:9e:01:ad:8f:10:18:70:d6:91:e6:ec:d3:a3:
f3:cd:e8:b8:5e:ba:df:f2:38:03:18:5b:62:0d:11:52:b5:47:
fc:3a:98:d4:50:f2:8e:04:02:f6:d8:6d:7c:63:b1:19:4c:f7:
4f:86:05:45:df:19:51:ce:f3:6b:be:96:e7:3f:1d:be:e7:74:
23:c3:81:ae:43:3f:7b:fc:6d:80:7e:e9:e3:e1:de:ca:6e:17:
97:00:43:71:8e:c3:31:5c:6b:01:64:90:d6:16:45:0d:06:dd:
d3:e2:07:d0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZUTkn7Bds62GvBxbZoq8YX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NDQxNjA1ZmRlYjVkOWMzZGVhYmVlMmY1ZDdjNjY3ZDk2
ZmQ4ZTAwHhcNMjUwMjE3MTEwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDM3ZWE3Zjc0NzMxZjc4OWI0YzlkNmM1NjRlYWFjMmUwOTQ0ZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IQaXebJ6BTceHGEAFHjFXI/yqwp
Kbak8UWCexV/kb/umHV9cLWb3SSyfu8koWie8AiognWEbagrht9VDQKcRWbFFkMS
j9V6Ky8F6iGjUn83bogK2pNWH5BcBym58G8oJ97+24INKFI1BQzNqYzWUFdsQC3l
7aGXGftJXI3phN4utBt0thjS5yEVUiLKtqOnfBZ3yMOQCppbfdC6fjChPUvzhFV1
LzNyWoFsEKWLFqnLSRvaiFZsQoJ5LO0YnTBCpr1s2zQtgsT8th76oiI7YNjeVnNL
c4DCjFik2hQMmVQ2+m/6VC1c+iXVpvLJa4M41kKrjNZ3y429Hj7DXpz0BwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH036n90cx94m0ydbFZOqsLglE7KMB8GA1UdIwQY
MBaAFCdEFgX9612cPeq+4vXXxmfZb9jgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjBRV0JmM3JYWnc5NnI3aTlkZkdaOWx2Mk9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zNmRiNTQtYzA0My00NTU0LTg0OTIt
NzUyYzk1YzljZjc5LzEvZlRmcWYzUnpIM2liVEoxc1ZrNnF3dUNVVHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zNmRiNTQtYzA0My00NTU0LTg0OTItNzUyYzk1YzljZjc5
LzEvSjBRV0JmM3JYWnc5NnI3aTlkZkdaOWx2Mk9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuahoMA0E
AgACMAcDBQMqC/4AMA0GCSqGSIb3DQEBCwUAA4IBAQBxcaKCGqIy3B/pUVPz37hC
Rd74T7o8No6wYvgPlOit3CEjwrQ8zwcjVYF7YTPV/7YPa3+jfZFnK8QGS8iEFcNq
ikTvDRvhEG5RWmdIxXrls3J46jYksW1io+cJemdJ5Scx8QGL2UH5Jh2JbhN9G8xw
aRC1lQr1qqKqGJ4aJMCe8ETd+e0JZsM0GurF3ZrviGmbtUK4ZZ4BrY8QGHDWkebs
06Pzzei4Xrrf8jgDGFtiDRFStUf8OpjUUPKOBAL22G18Y7EZTPdPhgVF3xlRzvNr
vpbnPx2+53Qjw4GuQz97/G2Afunj4d7KbheXAENxjsMxXGsBZJDWFkUNBt3T4gfQ
-----END CERTIFICATE-----
Generated at Sat Apr 19 08:00:06 2025 by rpki-client