Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/24c566-c74e-4232-a344-6072bb8b2bc0/1/ukNphFAe4cX3Zc-R26t80LykhN4.roa
File: ukNphFAe4cX3Zc-R26t80LykhN4.roa (raw, json)
Hash identifier: xXUTisVftHwOaoab4KLxi4q4wlsyXqJydXF1SwvOD0g=
Subject key identifier: BA:43:69:84:50:1E:E1:C5:F7:65:CF:91:DB:AB:7C:D0:BC:A4:84:DE
Certificate issuer: /CN=4103292068ea3fb85bc5895379e20edbd0bc6506
Certificate serial: 019422FB251A6D1EA1BE0C1BE2C7A0BE5CDC
Authority key identifier: 41:03:29:20:68:EA:3F:B8:5B:C5:89:53:79:E2:0E:DB:D0:BC:65:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QQMpIGjqP7hbxYlTeeIO29C8ZQY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/24c566-c74e-4232-a344-6072bb8b2bc0/1/ukNphFAe4cX3Zc-R26t80LykhN4.roa
Signing time: Wed 01 Jan 2025 17:47:51 +0000
ROA not before: Wed 01 Jan 2025 17:47:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58084
IP address blocks: 37.221.184.0/24 maxlen: 24
37.221.185.0/24 maxlen: 24
37.221.186.0/24 maxlen: 24
37.221.187.0/24 maxlen: 24
37.221.188.0/24 maxlen: 24
37.221.189.0/24 maxlen: 24
37.221.190.0/24 maxlen: 24
37.221.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/24c566-c74e-4232-a344-6072bb8b2bc0/1/QQMpIGjqP7hbxYlTeeIO29C8ZQY.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/24c566-c74e-4232-a344-6072bb8b2bc0/1/QQMpIGjqP7hbxYlTeeIO29C8ZQY.mft
rsync://rpki.ripe.net/repository/DEFAULT/QQMpIGjqP7hbxYlTeeIO29C8ZQY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:25:1a:6d:1e:a1:be:0c:1b:e2:c7:a0:be:5c:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4103292068ea3fb85bc5895379e20edbd0bc6506
Validity
Not Before: Jan 1 17:47:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ba436984501ee1c5f765cf91dbab7cd0bca484de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:ca:b2:8e:2c:43:dd:bb:f9:24:2a:69:64:26:
84:c1:1d:67:c2:e9:96:03:65:b9:47:cc:68:06:7b:
9b:18:78:4d:f4:c6:b2:9d:28:b7:df:76:8e:3e:c3:
2c:37:a8:35:ee:c8:72:ec:03:7b:9d:63:89:9f:f9:
f6:36:9f:03:5f:c7:3f:c9:6a:83:e4:59:79:56:9c:
6a:9d:f1:e3:b6:16:17:23:b7:e9:53:f6:e5:aa:c0:
61:e0:c4:15:8b:2f:cb:1a:d1:db:45:48:34:e4:33:
cd:c5:68:74:26:c3:d9:91:a2:5d:c9:d5:ae:1e:98:
b3:e4:c7:c4:ca:c7:04:6e:52:64:3a:51:16:82:f3:
2f:b0:40:56:69:de:5f:8f:77:d3:c5:ce:c1:f2:fe:
ad:66:a4:47:b5:a1:93:49:e9:fd:4a:20:38:ec:e3:
a8:60:ec:f2:09:76:38:ab:15:41:8f:8b:09:0c:25:
fb:64:3a:a4:f9:88:1e:b2:91:1a:1a:9a:da:a9:e3:
f8:61:f4:a1:fc:ce:b3:29:b7:ef:2b:d9:12:bb:00:
a3:37:77:1c:9e:ee:50:bf:1e:fc:fe:9b:88:a6:95:
27:a0:a4:e0:43:a8:29:c4:2c:20:c1:c4:49:27:50:
dd:a3:31:f2:f8:c9:f3:49:14:f5:37:64:7f:03:af:
13:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:43:69:84:50:1E:E1:C5:F7:65:CF:91:DB:AB:7C:D0:BC:A4:84:DE
X509v3 Authority Key Identifier:
keyid:41:03:29:20:68:EA:3F:B8:5B:C5:89:53:79:E2:0E:DB:D0:BC:65:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQMpIGjqP7hbxYlTeeIO29C8ZQY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/24c566-c74e-4232-a344-6072bb8b2bc0/1/ukNphFAe4cX3Zc-R26t80LykhN4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/24c566-c74e-4232-a344-6072bb8b2bc0/1/QQMpIGjqP7hbxYlTeeIO29C8ZQY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.184.0/21
Signature Algorithm: sha256WithRSAEncryption
83:9b:fc:97:1f:1e:e0:03:9c:d1:aa:20:7f:8d:85:73:91:2f:
95:12:60:19:77:83:8f:fa:f8:48:c5:a3:d6:42:82:4a:91:8a:
fb:9d:46:e3:d4:9a:5f:fb:f6:3e:52:3c:a7:75:1b:0a:ab:ab:
c1:53:1c:9e:b5:f3:c6:4b:db:14:93:61:f6:ab:ee:6d:6f:5d:
48:1f:10:69:cc:2a:49:e6:ac:e9:f7:7e:fd:87:0b:d5:52:fa:
1f:24:4f:d4:f7:84:11:64:10:3b:fa:3d:35:36:cf:c3:06:e7:
24:42:49:24:f8:23:9a:55:5b:44:d2:a2:0e:92:5a:f7:f4:4f:
88:41:2b:96:b9:33:d7:1a:81:58:7b:9a:4b:8b:06:99:09:74:
82:dd:f7:b8:43:b6:1c:b1:89:12:6a:92:5c:28:14:e4:44:20:
be:c5:7d:aa:e5:c1:93:61:e7:f0:3f:3f:4c:b5:3d:d6:97:63:
57:a3:0c:aa:7a:78:ee:b6:0e:70:3d:a7:c7:5c:aa:56:3e:a6:
4c:14:b5:85:6e:97:96:0c:a8:21:9d:04:84:71:92:31:0a:cd:
0c:45:c7:c4:fe:2e:af:80:75:fe:a1:63:0d:c7:12:e8:19:34:
22:fc:64:01:45:05:be:89:a2:50:d3:0c:72:ec:04:ee:aa:f2:
ea:c7:06:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+yUabR6hvgwb4segvlzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDMyOTIwNjhlYTNmYjg1YmM1ODk1Mzc5ZTIwZWRiZDBi
YzY1MDYwHhcNMjUwMTAxMTc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTQzNjk4NDUwMWVlMWM1Zjc2NWNmOTFkYmFiN2NkMGJjYTQ4NGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cqyjixD3bv5JCppZCaEwR1nwumW
A2W5R8xoBnubGHhN9MaynSi333aOPsMsN6g17shy7AN7nWOJn/n2Np8DX8c/yWqD
5Fl5VpxqnfHjthYXI7fpU/blqsBh4MQViy/LGtHbRUg05DPNxWh0JsPZkaJdydWu
Hpiz5MfEyscEblJkOlEWgvMvsEBWad5fj3fTxc7B8v6tZqRHtaGTSen9SiA47OOo
YOzyCXY4qxVBj4sJDCX7ZDqk+YgespEaGpraqeP4YfSh/M6zKbfvK9kSuwCjN3cc
nu5Qvx78/puIppUnoKTgQ6gpxCwgwcRJJ1DdozHy+MnzSRT1N2R/A68TCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpDaYRQHuHF92XPkdurfNC8pITeMB8GA1UdIwQY
MBaAFEEDKSBo6j+4W8WJU3niDtvQvGUGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFNcElHanFQN2hieFlsVGVlSU8yOUM4WlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8yNGM1NjYtYzc0ZS00MjMyLWEzNDQt
NjA3MmJiOGIyYmMwLzEvdWtOcGhGQWU0Y1gzWmMtUjI2dDgwTHlraE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8yNGM1NjYtYzc0ZS00MjMyLWEzNDQtNjA3MmJiOGIyYmMw
LzEvUVFNcElHanFQN2hieFlsVGVlSU8yOUM4WlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJd24MA0G
CSqGSIb3DQEBCwUAA4IBAQCDm/yXHx7gA5zRqiB/jYVzkS+VEmAZd4OP+vhIxaPW
QoJKkYr7nUbj1Jpf+/Y+UjyndRsKq6vBUxyetfPGS9sUk2H2q+5tb11IHxBpzCpJ
5qzp9379hwvVUvofJE/U94QRZBA7+j01Ns/DBuckQkkk+COaVVtE0qIOklr39E+I
QSuWuTPXGoFYe5pLiwaZCXSC3fe4Q7YcsYkSapJcKBTkRCC+xX2q5cGTYefwPz9M
tT3Wl2NXowyqenjutg5wPafHXKpWPqZMFLWFbpeWDKghnQSEcZIxCs0MRcfE/i6v
gHX+oWMNxxLoGTQi/GQBRQW+iaJQ0wxy7ATuqvLqxwZV
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:50:23 2025 by rpki-client