Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/XnHSd3VergE-5i8djUYaPVthHRw.roa
File: XnHSd3VergE-5i8djUYaPVthHRw.roa (raw, json)
Hash identifier: uQ/MzKJnXoMvhw4GTUaONVGqEgrAqEMlJbP8etG5Lic=
Subject key identifier: 5E:71:D2:77:75:5E:AE:01:3E:E6:2F:1D:8D:46:1A:3D:5B:61:1D:1C
Certificate issuer: /CN=aa9e86a76bddc1203a029d31475d3ebc57d90a41
Certificate serial: 0194266B6F9EB44AD0A7E711DCF03F3B7CF2
Authority key identifier: AA:9E:86:A7:6B:DD:C1:20:3A:02:9D:31:47:5D:3E:BC:57:D9:0A:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/XnHSd3VergE-5i8djUYaPVthHRw.roa
Signing time: Thu 02 Jan 2025 09:49:22 +0000
ROA not before: Thu 02 Jan 2025 09:49:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58075
IP address blocks: 91.210.125.0/24 maxlen: 24
185.40.8.0/22 maxlen: 24
185.114.236.0/22 maxlen: 24
194.29.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.mft
rsync://rpki.ripe.net/repository/DEFAULT/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:6f:9e:b4:4a:d0:a7:e7:11:dc:f0:3f:3b:7c:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa9e86a76bddc1203a029d31475d3ebc57d90a41
Validity
Not Before: Jan 2 09:49:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e71d277755eae013ee62f1d8d461a3d5b611d1c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:de:09:07:72:2d:59:27:d0:4c:e6:f6:ed:de:
19:62:51:8f:6f:8b:45:29:86:15:ee:81:c5:f5:a0:
51:0b:a7:17:ec:26:31:67:dd:e2:45:01:54:d0:96:
13:fb:10:f8:bf:d5:f7:7f:54:fe:ee:ef:72:af:58:
18:a3:3d:e8:14:43:3c:d4:88:68:a0:39:2e:ba:c2:
b1:e6:32:c9:eb:18:2b:50:bc:ca:5c:a2:f2:49:a0:
ea:5e:d2:75:08:b9:9c:47:f3:b9:00:69:05:c5:82:
17:94:9c:32:27:89:0c:09:00:dc:b5:ea:31:09:a9:
1d:a0:7f:b7:d7:41:0c:da:d2:4c:7a:a1:10:2f:af:
07:65:94:65:8f:4e:62:d0:d2:85:8d:df:94:59:12:
b2:f3:76:bd:63:d1:53:e7:20:43:ab:00:39:7d:44:
32:cf:af:5c:24:1a:8b:91:2c:7c:f0:65:1d:66:86:
bb:4f:29:9e:9e:c6:21:81:27:c0:99:fc:af:6c:7e:
d0:f4:4d:1a:52:db:49:4b:b8:26:a0:a7:de:0f:23:
b1:8f:0e:67:85:58:ad:d0:2b:de:15:08:ff:11:54:
73:2c:68:4d:eb:b9:21:49:be:3f:02:88:87:2a:58:
1e:f8:b8:09:85:f7:4f:e7:18:0e:af:a1:6b:05:0a:
29:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:71:D2:77:75:5E:AE:01:3E:E6:2F:1D:8D:46:1A:3D:5B:61:1D:1C
X509v3 Authority Key Identifier:
keyid:AA:9E:86:A7:6B:DD:C1:20:3A:02:9D:31:47:5D:3E:BC:57:D9:0A:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/XnHSd3VergE-5i8djUYaPVthHRw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b94831-65bb-406b-84c4-03b0eec7ff29/1/qp6Gp2vdwSA6Ap0xR10-vFfZCkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.125.0/24
185.40.8.0/22
185.114.236.0/22
194.29.52.0/24
Signature Algorithm: sha256WithRSAEncryption
94:91:4f:3f:7f:75:e9:b2:b2:86:fc:85:60:6a:a9:d8:e4:76:
d2:30:f6:e4:f5:af:57:fb:54:8d:b9:70:64:31:11:73:f7:ea:
54:1a:cd:84:55:2a:15:4f:5a:b6:14:f9:ca:58:52:0f:b7:0c:
c0:2d:e9:c2:bd:cd:e2:d5:4c:8f:4f:37:dd:fc:e3:d3:51:cb:
0b:c9:c0:46:b2:6d:40:bd:77:9d:e4:12:37:4d:68:8e:22:ce:
32:78:12:09:cc:61:92:75:62:6a:83:23:97:12:d1:27:b6:9a:
07:5d:0b:19:a7:6c:fc:16:13:d0:bf:d7:96:25:74:78:9f:f8:
12:f3:70:a1:0f:37:b2:dc:95:df:2c:75:9c:91:78:77:f2:b9:
e6:e8:f2:3e:96:52:9a:8e:b2:0f:7a:ca:ef:c3:48:82:ba:1f:
a6:8e:66:e2:20:b8:0d:4a:3a:6c:9f:4f:e4:c9:12:71:6b:91:
89:df:88:ab:b0:20:01:de:dc:0a:dc:75:f2:a6:a9:3e:0c:0e:
61:0d:6c:a0:aa:81:5e:1f:07:5a:80:c3:2d:c0:35:bd:da:c5:
43:45:9d:63:02:84:7c:97:04:cf:19:dc:8a:dd:31:51:7d:30:
57:36:9f:bd:84:e1:5c:3b:fe:85:8b:f8:f9:29:26:48:28:fb:
ef:26:9f:f3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQma2+etErQp+cR3PA/O3zyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOWU4NmE3NmJkZGMxMjAzYTAyOWQzMTQ3NWQzZWJjNTdk
OTBhNDEwHhcNMjUwMTAyMDk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTcxZDI3Nzc1NWVhZTAxM2VlNjJmMWQ4ZDQ2MWEzZDViNjExZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk94JB3ItWSfQTOb27d4ZYlGPb4tF
KYYV7oHF9aBRC6cX7CYxZ93iRQFU0JYT+xD4v9X3f1T+7u9yr1gYoz3oFEM81Iho
oDkuusKx5jLJ6xgrULzKXKLySaDqXtJ1CLmcR/O5AGkFxYIXlJwyJ4kMCQDcteox
CakdoH+310EM2tJMeqEQL68HZZRlj05i0NKFjd+UWRKy83a9Y9FT5yBDqwA5fUQy
z69cJBqLkSx88GUdZoa7TymensYhgSfAmfyvbH7Q9E0aUttJS7gmoKfeDyOxjw5n
hVit0CveFQj/EVRzLGhN67khSb4/AoiHKlge+LgJhfdP5xgOr6FrBQopDwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF5x0nd1Xq4BPuYvHY1GGj1bYR0cMB8GA1UdIwQY
MBaAFKqehqdr3cEgOgKdMUddPrxX2QpBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXA2R3AydmR3U0E2QXAweFIxMC12RmZaQ2tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iOTQ4MzEtNjViYi00MDZiLTg0YzQt
MDNiMGVlYzdmZjI5LzEvWG5IU2QzVmVyZ0UtNWk4ZGpVWWFQVnRoSFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iOTQ4MzEtNjViYi00MDZiLTg0YzQtMDNiMGVlYzdmZjI5
LzEvcXA2R3AydmR3U0E2QXAweFIxMC12RmZaQ2tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9J9AwQC
uSgIAwQCuXLsAwQAwh00MA0GCSqGSIb3DQEBCwUAA4IBAQCUkU8/f3XpsrKG/IVg
aqnY5HbSMPbk9a9X+1SNuXBkMRFz9+pUGs2EVSoVT1q2FPnKWFIPtwzALenCvc3i
1UyPTzfd/OPTUcsLycBGsm1AvXed5BI3TWiOIs4yeBIJzGGSdWJqgyOXEtEntpoH
XQsZp2z8FhPQv9eWJXR4n/gS83ChDzey3JXfLHWckXh38rnm6PI+llKajrIPesrv
w0iCuh+mjmbiILgNSjpsn0/kyRJxa5GJ34irsCAB3twK3HXypqk+DA5hDWygqoFe
HwdagMMtwDW92sVDRZ1jAoR8lwTPGdyK3TFRfTBXNp+9hOFcO/6Fi/j5KSZIKPvv
Jp/z
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:23:45 2025 by rpki-client