Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/IQwej1LnyY7ETYPMzr0MBaKMJYU.roa
File: IQwej1LnyY7ETYPMzr0MBaKMJYU.roa (raw, json)
Hash identifier: m2Od1UXry84TfojxLTlOoi+R13MMd4A7opflyOM6uR0=
Subject key identifier: 21:0C:1E:8F:52:E7:C9:8E:C4:4D:83:CC:CE:BD:0C:05:A2:8C:25:85
Certificate issuer: /CN=23a3482e1d66d87f5b9a5eeb9c8afd6b5ec23224
Certificate serial: 019427B4007AC44524BCC0743D502A7C5B44
Authority key identifier: 23:A3:48:2E:1D:66:D8:7F:5B:9A:5E:EB:9C:8A:FD:6B:5E:C2:32:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I6NILh1m2H9bml7rnIr9a17CMiQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/IQwej1LnyY7ETYPMzr0MBaKMJYU.roa
Signing time: Thu 02 Jan 2025 15:48:15 +0000
ROA not before: Thu 02 Jan 2025 15:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201411
IP address blocks: 185.70.140.0/22 maxlen: 23
185.70.142.0/24 maxlen: 24
185.70.143.0/24 maxlen: 24
2a05:2a40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/I6NILh1m2H9bml7rnIr9a17CMiQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/I6NILh1m2H9bml7rnIr9a17CMiQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/I6NILh1m2H9bml7rnIr9a17CMiQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 22:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b4:00:7a:c4:45:24:bc:c0:74:3d:50:2a:7c:5b:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23a3482e1d66d87f5b9a5eeb9c8afd6b5ec23224
Validity
Not Before: Jan 2 15:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=210c1e8f52e7c98ec44d83cccebd0c05a28c2585
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:97:62:48:fc:7f:f3:67:47:c8:57:83:13:62:
53:4b:32:fd:dd:b8:bf:6f:58:c0:03:84:bb:d5:3b:
53:3a:f2:ae:f4:c2:fb:ff:53:e3:42:90:f8:59:1f:
98:1a:67:a0:22:9b:13:82:14:fe:37:e8:78:05:62:
48:c2:21:1c:65:be:bd:38:95:91:06:d0:96:3c:61:
b5:a8:c4:15:fe:67:29:70:32:7f:b3:f9:32:a0:f4:
10:c1:f2:80:dc:1a:d8:ac:9d:43:46:45:fb:a6:a2:
ea:fd:6d:f7:ab:98:6e:cd:f0:ce:78:70:38:ee:27:
f0:38:93:06:e7:9c:1e:a1:ee:3f:7f:5c:9b:ed:df:
ad:cb:21:57:e9:f6:76:7c:11:7e:5b:3b:ba:9b:74:
eb:2e:33:e8:8c:d4:09:66:a4:9f:ad:0c:c7:a0:f9:
5f:73:fc:b6:6d:76:3a:51:db:6f:77:27:30:86:b5:
02:41:fa:44:cd:fc:bc:2b:3a:5a:58:39:59:2c:00:
b2:11:62:6f:b0:66:b8:df:23:de:f0:c6:94:72:b3:
fc:19:95:82:a4:d2:a6:0a:bd:7a:2f:cb:20:01:b9:
cb:f3:fb:a9:83:a7:57:6b:1c:29:f9:2c:6c:9d:79:
53:07:d2:43:a1:eb:3d:94:cc:0a:15:ba:d1:e1:79:
85:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:0C:1E:8F:52:E7:C9:8E:C4:4D:83:CC:CE:BD:0C:05:A2:8C:25:85
X509v3 Authority Key Identifier:
keyid:23:A3:48:2E:1D:66:D8:7F:5B:9A:5E:EB:9C:8A:FD:6B:5E:C2:32:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I6NILh1m2H9bml7rnIr9a17CMiQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/IQwej1LnyY7ETYPMzr0MBaKMJYU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/502ecd-e6fe-4298-8054-1385871a909d/1/I6NILh1m2H9bml7rnIr9a17CMiQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.70.140.0/22
IPv6:
2a05:2a40::/29
Signature Algorithm: sha256WithRSAEncryption
7a:17:c0:a5:66:4c:7b:f7:bd:fd:31:46:52:cd:b5:e3:a9:e0:
9e:b8:33:7b:da:63:c0:a9:c8:0b:da:19:a7:89:36:05:e6:0d:
24:b3:db:69:86:d7:f3:0b:a8:2e:ba:6f:09:e0:66:d8:b6:9a:
9c:5d:cf:e1:b1:04:86:a2:82:8b:9e:b9:5c:06:53:ab:87:33:
f0:97:62:18:b4:da:47:00:73:66:fe:6a:d8:da:eb:70:16:96:
3e:d7:25:2f:fb:32:11:a0:e0:ff:61:e6:54:83:43:a7:ce:9b:
7b:8f:63:65:09:05:bd:81:06:24:6a:b6:da:ae:a6:7a:bf:54:
19:88:c5:0c:55:50:e6:5c:07:35:69:d9:0a:05:3e:27:3c:ce:
c1:4e:44:78:2a:96:7c:cb:c1:95:1d:41:fe:23:63:83:78:5f:
3c:89:c8:ba:f4:10:12:39:02:a5:0d:9c:c8:22:79:69:d5:95:
57:ae:f3:86:32:13:e5:b9:95:cf:f2:96:88:bc:6d:5d:19:28:
64:ef:6b:18:fc:4d:83:d2:5e:08:f7:28:ce:06:4f:35:4d:8f:
9d:94:a3:c4:35:6e:05:79:dc:54:8f:7c:28:1c:6f:c8:e5:1d:
32:7f:f7:c5:25:cf:69:86:0d:af:39:21:8c:4c:99:64:dd:f1:
d0:e5:98:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntAB6xEUkvMB0PVAqfFtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYTM0ODJlMWQ2NmQ4N2Y1YjlhNWVlYjljOGFmZDZiNWVj
MjMyMjQwHhcNMjUwMTAyMTU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBjMWU4ZjUyZTdjOThlYzQ0ZDgzY2NjZWJkMGMwNWEyOGMyNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpdiSPx/82dHyFeDE2JTSzL93bi/
b1jAA4S71TtTOvKu9ML7/1PjQpD4WR+YGmegIpsTghT+N+h4BWJIwiEcZb69OJWR
BtCWPGG1qMQV/mcpcDJ/s/kyoPQQwfKA3BrYrJ1DRkX7pqLq/W33q5huzfDOeHA4
7ifwOJMG55weoe4/f1yb7d+tyyFX6fZ2fBF+Wzu6m3TrLjPojNQJZqSfrQzHoPlf
c/y2bXY6UdtvdycwhrUCQfpEzfy8KzpaWDlZLACyEWJvsGa43yPe8MaUcrP8GZWC
pNKmCr16L8sgAbnL8/upg6dXaxwp+SxsnXlTB9JDoes9lMwKFbrR4XmFXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCEMHo9S58mOxE2DzM69DAWijCWFMB8GA1UdIwQY
MBaAFCOjSC4dZth/W5pe65yK/WtewjIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTZOSUxoMW0ySDlibWw3cm5JcjlhMTdDTWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC81MDJlY2QtZTZmZS00Mjk4LTgwNTQt
MTM4NTg3MWE5MDlkLzEvSVF3ZWoxTG55WTdFVFlQTXpyME1CYUtNSllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC81MDJlY2QtZTZmZS00Mjk4LTgwNTQtMTM4NTg3MWE5MDlk
LzEvSTZOSUxoMW0ySDlibWw3cm5JcjlhMTdDTWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUaMMA0E
AgACMAcDBQMqBSpAMA0GCSqGSIb3DQEBCwUAA4IBAQB6F8ClZkx79739MUZSzbXj
qeCeuDN72mPAqcgL2hmniTYF5g0ks9tphtfzC6guum8J4GbYtpqcXc/hsQSGooKL
nrlcBlOrhzPwl2IYtNpHAHNm/mrY2utwFpY+1yUv+zIRoOD/YeZUg0Onzpt7j2Nl
CQW9gQYkarbarqZ6v1QZiMUMVVDmXAc1adkKBT4nPM7BTkR4KpZ8y8GVHUH+I2OD
eF88ici69BASOQKlDZzIInlp1ZVXrvOGMhPluZXP8paIvG1dGShk72sY/E2D0l4I
9yjOBk81TY+dlKPENW4FedxUj3woHG/I5R0yf/fFJc9phg2vOSGMTJlk3fHQ5Zje
-----END CERTIFICATE-----
Generated at Sun Apr 6 02:57:13 2025 by rpki-client