Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/qkEX-Kg40A3qQ2kkYyX2gfh1PGs.roa
File: qkEX-Kg40A3qQ2kkYyX2gfh1PGs.roa (raw, json)
Hash identifier: og5sz8ZyyZWxCY26JVGs9nTzuHebJDo/OXt0OqQcO4I=
Subject key identifier: AA:41:17:F8:A8:38:D0:0D:EA:43:69:24:63:25:F6:81:F8:75:3C:6B
Certificate issuer: /CN=f8e826de1070d9d79daa9e415fc432613cc57e57
Certificate serial: 019421445C59E2273484D209B15E4DBE341A
Authority key identifier: F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/qkEX-Kg40A3qQ2kkYyX2gfh1PGs.roa
Signing time: Wed 01 Jan 2025 09:48:35 +0000
ROA not before: Wed 01 Jan 2025 09:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20769
IP address blocks: 91.208.87.0/24 maxlen: 32
2a04:a500::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl
rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:28:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:5c:59:e2:27:34:84:d2:09:b1:5e:4d:be:34:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e826de1070d9d79daa9e415fc432613cc57e57
Validity
Not Before: Jan 1 09:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa4117f8a838d00dea4369246325f681f8753c6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:11:b1:61:31:bd:7e:6b:9a:01:b1:bb:4e:ab:
ac:68:9c:0f:ab:52:d6:f6:67:41:1b:7b:77:97:9f:
da:0d:3a:84:d6:89:94:74:9f:f5:d4:a4:11:21:50:
b0:b4:96:df:65:54:13:f8:d7:39:02:fa:ab:8c:22:
77:96:ca:95:ca:d9:25:f9:a7:fe:9e:eb:f8:e2:e1:
68:95:be:bb:52:59:99:d9:89:02:df:5f:06:21:90:
d3:95:95:88:bf:47:52:c9:6d:1c:29:8e:1f:36:40:
c8:29:a0:57:23:5b:43:f2:14:52:cc:5e:5d:2a:6f:
2f:82:c1:10:e6:b5:e0:43:da:83:f9:60:db:30:b2:
dd:dd:fc:07:69:fc:6e:a8:f9:86:2a:49:2b:13:6a:
f5:b5:26:15:1a:7d:28:7c:0a:f0:ca:46:92:7a:06:
5b:b7:7d:00:86:71:1b:15:a8:ab:76:0c:84:de:e6:
2a:74:2c:2f:81:d4:b6:dc:ed:2b:11:14:59:c6:47:
71:53:0a:e7:5d:c3:c1:f2:ee:ea:bd:6c:b8:07:8c:
8b:fe:5d:70:6a:4f:d1:22:cc:b2:1a:c4:d3:ec:91:
73:e5:0e:00:7c:d1:b1:37:e3:2c:0b:3b:73:e2:8a:
b4:ec:b7:65:3c:cb:41:1b:7a:e9:fa:3f:64:93:52:
8a:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:41:17:F8:A8:38:D0:0D:EA:43:69:24:63:25:F6:81:F8:75:3C:6B
X509v3 Authority Key Identifier:
keyid:F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/qkEX-Kg40A3qQ2kkYyX2gfh1PGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.87.0/24
IPv6:
2a04:a500::/29
Signature Algorithm: sha256WithRSAEncryption
67:cc:cb:1d:f8:87:de:38:6e:cf:80:29:58:31:70:c3:39:b1:
90:f3:cc:73:34:83:71:e7:db:87:71:b7:e5:a1:c8:66:e9:94:
51:af:5f:5d:cb:4c:cb:89:11:51:7f:3b:56:b1:b1:6f:ef:14:
e5:8a:3e:6d:44:b9:01:ae:62:f3:7f:42:7d:98:f1:7f:8f:e8:
d6:c1:da:cb:48:2e:a6:59:2c:f1:05:e3:73:93:3c:f8:6d:68:
62:ee:4b:52:71:7a:fd:2b:7f:4d:ea:38:b7:35:b7:74:f8:fd:
af:5c:43:3a:ec:58:86:7d:06:6f:d5:dc:d3:e0:08:cb:d8:22:
91:2a:42:20:20:1d:47:9a:ea:68:52:2e:0f:44:0d:24:89:0d:
6b:5f:35:82:8f:aa:31:7c:dc:3e:dc:8f:81:7d:31:b9:6a:06:
6e:9c:62:1b:37:4f:45:aa:e2:29:5d:0f:fa:94:62:de:47:ef:
fe:33:d4:a8:33:da:24:43:2e:34:82:21:74:2e:be:02:fb:94:
bc:f4:5a:d3:23:fd:7c:5a:99:09:87:07:74:78:16:1c:a4:f3:
e4:72:50:c0:93:0d:7a:4c:d9:6d:92:80:f1:b1:b0:ff:e9:76:
29:7a:0d:05:46:1b:f8:1f:96:28:07:a1:7e:79:e8:4f:67:d6:
56:86:98:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRFxZ4ic0hNIJsV5NvjQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTgyNmRlMTA3MGQ5ZDc5ZGFhOWU0MTVmYzQzMjYxM2Nj
NTdlNTcwHhcNMjUwMTAxMDk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQxMTdmOGE4MzhkMDBkZWE0MzY5MjQ2MzI1ZjY4MWY4NzUzYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRGxYTG9fmuaAbG7TqusaJwPq1LW
9mdBG3t3l5/aDTqE1omUdJ/11KQRIVCwtJbfZVQT+Nc5AvqrjCJ3lsqVytkl+af+
nuv44uFolb67UlmZ2YkC318GIZDTlZWIv0dSyW0cKY4fNkDIKaBXI1tD8hRSzF5d
Km8vgsEQ5rXgQ9qD+WDbMLLd3fwHafxuqPmGKkkrE2r1tSYVGn0ofArwykaSegZb
t30AhnEbFairdgyE3uYqdCwvgdS23O0rERRZxkdxUwrnXcPB8u7qvWy4B4yL/l1w
ak/RIsyyGsTT7JFz5Q4AfNGxN+MsCztz4oq07LdlPMtBG3rp+j9kk1KKYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKpBF/ioONAN6kNpJGMl9oH4dTxrMB8GA1UdIwQY
MBaAFPjoJt4QcNnXnaqeQV/EMmE8xX5XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PZ20zaEJ3MmRlZHFwNUJYOFF5WVR6RmZsYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4
LWVhZWRiNzA5ZWZiZi8xL3FrRVgtS2c0MEEzcVEya2tZeVgyZ2ZoMVBHcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4LWVhZWRiNzA5ZWZi
Zi8xLzEtT2dtM2hCdzJkZWRxcDVCWDhReVlUekZmbGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBABb0Fcw
DQQCAAIwBwMFAyoEpQAwDQYJKoZIhvcNAQELBQADggEBAGfMyx34h944bs+AKVgx
cMM5sZDzzHM0g3Hn24dxt+WhyGbplFGvX13LTMuJEVF/O1axsW/vFOWKPm1EuQGu
YvN/Qn2Y8X+P6NbB2stILqZZLPEF43OTPPhtaGLuS1Jxev0rf03qOLc1t3T4/a9c
QzrsWIZ9Bm/V3NPgCMvYIpEqQiAgHUea6mhSLg9EDSSJDWtfNYKPqjF83D7cj4F9
MblqBm6cYhs3T0Wq4ildD/qUYt5H7/4z1Kgz2iRDLjSCIXQuvgL7lLz0WtMj/Xxa
mQmHB3R4Fhyk8+RyUMCTDXpM2W2SgPGxsP/pdil6DQVGG/gfligHoX556E9n1laG
mIw=
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:13:13 2025 by rpki-client