Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/QHR1bAK5h9E4LYiLLSujtDagdGI.roa
File: QHR1bAK5h9E4LYiLLSujtDagdGI.roa (raw, json)
Hash identifier: 4ngMruvRXucyycg828+iNEOcvUMQZ52/zEdYoW0jztU=
Subject key identifier: 40:74:75:6C:02:B9:87:D1:38:2D:88:8B:2D:2B:A3:B4:36:A0:74:62
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 0194B29CC78C3D50E4FD93704181138463B3
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/QHR1bAK5h9E4LYiLLSujtDagdGI.roa
Signing time: Wed 29 Jan 2025 15:10:06 +0000
ROA not before: Wed 29 Jan 2025 15:10:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60949
IP address blocks: 89.34.26.0/24 maxlen: 24
89.42.84.0/24 maxlen: 24
89.42.94.0/24 maxlen: 24
89.47.112.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 22:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b2:9c:c7:8c:3d:50:e4:fd:93:70:41:81:13:84:63:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Jan 29 15:10:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4074756c02b987d1382d888b2d2ba3b436a07462
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:9e:ec:ac:01:4c:18:c5:32:db:35:a4:40:31:
00:a3:59:fb:64:b2:86:7a:2d:f0:ff:48:06:90:4c:
9e:95:c5:dd:74:ef:83:b2:3d:eb:b7:a7:7e:3a:34:
58:4c:1b:08:2b:d8:96:c5:d2:35:27:f4:00:0b:77:
89:3d:98:aa:8f:85:28:b2:d5:02:09:6e:65:5b:59:
df:8e:a3:d2:7e:71:43:c4:61:1f:fe:67:89:9e:6c:
63:21:d8:70:b7:96:c2:93:06:d8:b6:fe:49:fc:dd:
aa:c0:0d:cb:c5:0b:bd:dc:7d:50:02:95:bb:93:15:
4b:dd:6c:f7:48:22:2f:60:3f:9e:54:2f:8a:ff:0b:
80:cd:e8:df:40:ed:51:01:55:80:64:f3:32:c3:84:
a2:9e:88:73:e5:72:5f:a3:1a:56:fb:ef:4c:5a:4e:
78:5a:69:03:7d:a6:11:19:ae:03:90:0c:bb:21:3d:
c1:76:12:29:a7:15:20:df:af:8c:81:08:f3:5f:b4:
e3:21:de:57:ac:5a:fd:a7:d6:8e:43:84:0e:34:ea:
73:17:9e:65:57:46:b1:a0:37:6a:61:42:15:25:ef:
4a:e6:f1:b9:1e:76:b7:8e:45:6d:c0:56:f1:a4:19:
18:f9:38:bf:93:2e:96:46:c7:d6:d1:fb:54:5b:0c:
15:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:74:75:6C:02:B9:87:D1:38:2D:88:8B:2D:2B:A3:B4:36:A0:74:62
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/QHR1bAK5h9E4LYiLLSujtDagdGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.26.0/24
89.42.84.0/24
89.42.94.0/24
89.47.112.0/24
Signature Algorithm: sha256WithRSAEncryption
36:46:54:77:ed:30:65:39:f9:f5:a1:8b:73:49:02:e6:5d:0b:
8d:7a:b1:92:c7:67:5c:27:08:6c:fc:58:47:29:7c:42:b2:a7:
86:fc:65:4b:74:92:2d:21:ba:32:60:10:72:ad:03:23:54:68:
f3:7d:b9:7f:25:0e:0d:20:61:cc:1f:4c:ee:7b:e2:cb:7e:9c:
70:bc:7a:39:fb:ce:59:f2:f7:18:19:66:53:1a:e0:2e:a8:ee:
f4:6c:5b:f7:fe:c7:0b:86:01:c7:87:da:ec:8d:b4:9e:f6:2f:
e6:28:e5:a2:9c:b6:65:e3:df:7d:69:12:98:05:ad:4f:7c:7d:
c3:cc:f4:13:5e:6b:e7:13:cf:f1:da:e1:7a:e5:88:7b:e3:0d:
39:0c:20:9e:e2:8a:6b:2b:61:46:da:17:67:c9:79:87:77:a5:
45:d1:cb:41:3d:0e:54:dd:12:2e:0e:31:01:e6:0b:be:67:34:
06:06:36:db:9a:8e:4c:54:f2:ba:75:31:b9:52:cb:cf:2a:2a:
84:fa:47:2f:17:37:33:88:57:f2:3d:d2:90:ee:e6:a2:de:07:
7c:71:c7:20:fa:8d:97:11:d1:b1:74:04:15:ad:51:bd:02:63:
be:62:83:0e:d8:7c:9f:4d:ff:36:49:f4:36:f3:61:56:fc:0d:
fc:da:a4:17
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZSynMeMPVDk/ZNwQYEThGOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTI5MTUxMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDc0NzU2YzAyYjk4N2QxMzgyZDg4OGIyZDJiYTNiNDM2YTA3NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp57srAFMGMUy2zWkQDEAo1n7ZLKG
ei3w/0gGkEyelcXddO+Dsj3rt6d+OjRYTBsIK9iWxdI1J/QAC3eJPZiqj4UostUC
CW5lW1nfjqPSfnFDxGEf/meJnmxjIdhwt5bCkwbYtv5J/N2qwA3LxQu93H1QApW7
kxVL3Wz3SCIvYD+eVC+K/wuAzejfQO1RAVWAZPMyw4Sinohz5XJfoxpW++9MWk54
WmkDfaYRGa4DkAy7IT3BdhIppxUg36+MgQjzX7TjId5XrFr9p9aOQ4QONOpzF55l
V0axoDdqYUIVJe9K5vG5Hna3jkVtwFbxpBkY+Ti/ky6WRsfW0ftUWwwVKQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEB0dWwCuYfROC2Iiy0ro7Q2oHRiMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUUhSMWJBSzVoOUU0TFlpTExTdWp0RGFnZEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSIaAwQA
WSpUAwQAWSpeAwQAWS9wMA0GCSqGSIb3DQEBCwUAA4IBAQA2RlR37TBlOfn1oYtz
SQLmXQuNerGSx2dcJwhs/FhHKXxCsqeG/GVLdJItIboyYBByrQMjVGjzfbl/JQ4N
IGHMH0zue+LLfpxwvHo5+85Z8vcYGWZTGuAuqO70bFv3/scLhgHHh9rsjbSe9i/m
KOWinLZl4999aRKYBa1PfH3DzPQTXmvnE8/x2uF65Yh74w05DCCe4oprK2FG2hdn
yXmHd6VF0ctBPQ5U3RIuDjEB5gu+ZzQGBjbbmo5MVPK6dTG5UsvPKiqE+kcvFzcz
iFfyPdKQ7uai3gd8cccg+o2XEdGxdAQVrVG9AmO+YoMO2HyfTf82SfQ282FW/A38
2qQX
-----END CERTIFICATE-----
Generated at Wed Apr 9 08:27:27 2025 by rpki-client