Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/YGqpN3K7qoku4d1ucurJlG9A28g.roa
File: YGqpN3K7qoku4d1ucurJlG9A28g.roa (raw, json)
Hash identifier: vV+QkChEXM7aBJKALX0tUZfW7qPTcVJsY+rKECbz5Kk=
Subject key identifier: 60:6A:A9:37:72:BB:AA:89:2E:E1:DD:6E:72:EA:C9:94:6F:40:DB:C8
Certificate issuer: /CN=71f5e9ea88305f7d316a12a1d49db0e9fb896ce1
Certificate serial: 0194702B31720CD4DD7BF26B77CA12496611
Authority key identifier: 71:F5:E9:EA:88:30:5F:7D:31:6A:12:A1:D4:9D:B0:E9:FB:89:6C:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cfXp6ogwX30xahKh1J2w6fuJbOE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/YGqpN3K7qoku4d1ucurJlG9A28g.roa
Signing time: Thu 16 Jan 2025 17:31:06 +0000
ROA not before: Thu 16 Jan 2025 17:31:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201647
IP address blocks: 91.198.191.0/24 maxlen: 24
193.57.66.0/24 maxlen: 24
193.57.67.0/24 maxlen: 24
193.57.70.0/24 maxlen: 24
193.57.71.0/24 maxlen: 24
193.57.156.0/24 maxlen: 24
193.57.157.0/24 maxlen: 24
193.57.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/cfXp6ogwX30xahKh1J2w6fuJbOE.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/cfXp6ogwX30xahKh1J2w6fuJbOE.mft
rsync://rpki.ripe.net/repository/DEFAULT/cfXp6ogwX30xahKh1J2w6fuJbOE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Mar 2025 14:41:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:70:2b:31:72:0c:d4:dd:7b:f2:6b:77:ca:12:49:66:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=71f5e9ea88305f7d316a12a1d49db0e9fb896ce1
Validity
Not Before: Jan 16 17:31:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=606aa93772bbaa892ee1dd6e72eac9946f40dbc8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:8e:56:35:3c:9d:aa:52:c6:e1:32:41:4d:31:
87:71:85:bb:aa:e5:b6:77:ce:cd:a3:50:d4:99:6b:
c1:02:e8:8d:df:b6:94:10:42:20:c1:c7:a7:1a:9e:
9e:50:e0:cb:29:d1:bb:35:dc:ff:9a:82:76:7c:00:
96:0c:aa:e4:67:9f:90:d1:75:7f:14:c6:df:fc:b1:
b7:a8:c5:7f:b7:bb:58:d4:e0:53:84:e3:1a:3a:3c:
8f:70:97:4a:a8:3c:29:d1:65:cc:0e:fb:11:3c:9e:
19:ec:fc:6d:52:b2:71:32:60:4b:be:62:d6:6f:1c:
ee:89:c2:51:4f:da:28:69:82:02:d6:77:b5:90:ac:
13:bf:a3:e8:3c:8e:ab:aa:91:96:87:a4:72:f4:ce:
6c:00:eb:eb:97:d2:8a:aa:93:75:23:d1:72:41:ff:
b8:54:ba:86:19:3b:13:81:6c:15:1f:24:8b:46:89:
7a:7d:8b:e7:98:fa:0c:e5:86:15:80:44:0b:1c:b9:
82:ae:a0:49:49:f7:92:6f:62:61:1b:5d:8e:57:da:
69:7f:14:35:df:61:cd:9c:c3:8b:6f:1d:88:6e:16:
66:5b:3b:3d:69:3f:6f:7a:fa:0f:4d:8a:89:9f:ad:
e5:7f:d2:02:7e:76:ae:7e:c2:87:2b:a3:54:fa:26:
bb:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:6A:A9:37:72:BB:AA:89:2E:E1:DD:6E:72:EA:C9:94:6F:40:DB:C8
X509v3 Authority Key Identifier:
keyid:71:F5:E9:EA:88:30:5F:7D:31:6A:12:A1:D4:9D:B0:E9:FB:89:6C:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cfXp6ogwX30xahKh1J2w6fuJbOE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/YGqpN3K7qoku4d1ucurJlG9A28g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/cfXp6ogwX30xahKh1J2w6fuJbOE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.191.0/24
193.57.66.0/23
193.57.70.0/23
193.57.156.0-193.57.158.255
Signature Algorithm: sha256WithRSAEncryption
7d:f8:32:f6:8a:ae:85:1b:0d:55:3d:a3:db:3e:c6:34:b0:ef:
c3:62:d3:e5:75:c6:2b:2a:92:22:e9:44:7e:42:49:df:ac:33:
cb:0a:a1:5d:67:5f:88:12:0c:40:0d:db:ef:06:48:3d:af:02:
a2:57:49:df:92:d0:5d:88:00:01:16:e0:13:12:89:1c:20:6d:
e2:cb:f6:52:73:e8:90:e4:a7:b0:2c:98:bc:63:41:70:c5:3e:
10:3d:07:7d:6f:cc:2d:d9:ab:f6:d4:fc:ea:34:50:7d:a7:b1:
ae:12:dc:11:f7:59:0f:d6:2f:20:31:28:29:5b:6b:cd:2f:78:
0b:99:f8:0c:a1:3d:4d:6d:91:79:4c:4e:b2:5d:9f:5f:8c:17:
f2:08:e7:bb:26:8a:87:4d:c6:0c:4b:96:9a:72:35:c2:fb:4c:
52:9e:d4:66:7b:e2:38:fa:f4:e2:75:04:8e:a5:8e:0a:aa:ac:
dd:ea:a3:f3:5c:79:61:80:7b:a4:2f:20:78:05:3b:52:5a:b0:
fa:5e:ad:2d:45:33:5f:78:b2:c3:75:ff:dc:00:16:5a:26:91:
87:5a:39:86:d0:22:0d:69:6e:8f:be:88:4e:e2:ee:20:73:53:
ed:61:5e:af:b1:8d:58:f7:07:f7:03:b2:a3:c3:fe:10:67:41:
03:29:87:83
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZRwKzFyDNTde/Jrd8oSSWYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZjVlOWVhODgzMDVmN2QzMTZhMTJhMWQ0OWRiMGU5ZmI4
OTZjZTEwHhcNMjUwMTE2MTczMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDZhYTkzNzcyYmJhYTg5MmVlMWRkNmU3MmVhYzk5NDZmNDBkYmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsY5WNTydqlLG4TJBTTGHcYW7quW2
d87No1DUmWvBAuiN37aUEEIgwcenGp6eUODLKdG7Ndz/moJ2fACWDKrkZ5+Q0XV/
FMbf/LG3qMV/t7tY1OBThOMaOjyPcJdKqDwp0WXMDvsRPJ4Z7PxtUrJxMmBLvmLW
bxzuicJRT9ooaYIC1ne1kKwTv6PoPI6rqpGWh6Ry9M5sAOvrl9KKqpN1I9FyQf+4
VLqGGTsTgWwVHySLRol6fYvnmPoM5YYVgEQLHLmCrqBJSfeSb2JhG12OV9ppfxQ1
32HNnMOLbx2IbhZmWzs9aT9vevoPTYqJn63lf9ICfnaufsKHK6NU+ia7fwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGBqqTdyu6qJLuHdbnLqyZRvQNvIMB8GA1UdIwQY
MBaAFHH16eqIMF99MWoSodSdsOn7iWzhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2ZYcDZvZ3dYMzB4YWhLaDFKMnc2ZnVKYk9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83NDkzNDYtYjA4Zi00OTMxLThkNGEt
MDUzOGEzYTE0ZGZkLzEvWUdxcE4zSzdxb2t1NGQxdWN1ckpsRzlBMjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83NDkzNDYtYjA4Zi00OTMxLThkNGEtMDUzOGEzYTE0ZGZk
LzEvY2ZYcDZvZ3dYMzB4YWhLaDFKMnc2ZnVKYk9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAW8a/AwQB
wTlCAwQBwTlGMAwDBALBOZwDBADBOZ4wDQYJKoZIhvcNAQELBQADggEBAH34MvaK
roUbDVU9o9s+xjSw78Ni0+V1xisqkiLpRH5CSd+sM8sKoV1nX4gSDEAN2+8GSD2v
AqJXSd+S0F2IAAEW4BMSiRwgbeLL9lJz6JDkp7AsmLxjQXDFPhA9B31vzC3Zq/bU
/Oo0UH2nsa4S3BH3WQ/WLyAxKClba80veAuZ+AyhPU1tkXlMTrJdn1+MF/II57sm
iodNxgxLlppyNcL7TFKe1GZ74jj69OJ1BI6ljgqqrN3qo/NceWGAe6QvIHgFO1Ja
sPperS1FM194ssN1/9wAFlomkYdaOYbQIg1pbo++iE7i7iBzU+1hXq+xjVj3B/cD
sqPD/hBnQQMph4M=
-----END CERTIFICATE-----
Generated at Tue Mar 11 19:19:31 2025 by rpki-client