Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/ba3b69-65e5-498e-ba08-dab9b483c123/1/QNvbTipJFPvz-I-sjTVYQeYfp7Q.roa
File: QNvbTipJFPvz-I-sjTVYQeYfp7Q.roa (raw, json)
Hash identifier: CNrmRGqFkubNK7Ta61SWFfjTHb+dZY3gHKbFjlpFnjg=
Subject key identifier: 40:DB:DB:4E:2A:49:14:FB:F3:F8:8F:AC:8D:35:58:41:E6:1F:A7:B4
Certificate issuer: /CN=190ec7aab20fc4c801c67963e59e4f93600e401d
Certificate serial: 018CC64B58618BD86D1B0BC5A5590B9825ED
Authority key identifier: 19:0E:C7:AA:B2:0F:C4:C8:01:C6:79:63:E5:9E:4F:93:60:0E:40:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GQ7HqrIPxMgBxnlj5Z5Pk2AOQB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/ba3b69-65e5-498e-ba08-dab9b483c123/1/QNvbTipJFPvz-I-sjTVYQeYfp7Q.roa
Signing time: Mon 01 Jan 2024 18:31:15 +0000
ROA not before: Mon 01 Jan 2024 18:31:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20847
IP address blocks: 31.7.4.0/22 maxlen: 24
31.7.0.0/22 maxlen: 24
185.144.224.0/23 maxlen: 24
2a03:9700:8000::/33 maxlen: 33
2a03:9700::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/ba3b69-65e5-498e-ba08-dab9b483c123/1/GQ7HqrIPxMgBxnlj5Z5Pk2AOQB0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/ba3b69-65e5-498e-ba08-dab9b483c123/1/GQ7HqrIPxMgBxnlj5Z5Pk2AOQB0.mft
rsync://rpki.ripe.net/repository/DEFAULT/GQ7HqrIPxMgBxnlj5Z5Pk2AOQB0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:58:61:8b:d8:6d:1b:0b:c5:a5:59:0b:98:25:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=190ec7aab20fc4c801c67963e59e4f93600e401d
Validity
Not Before: Jan 1 18:31:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=40dbdb4e2a4914fbf3f88fac8d355841e61fa7b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b0:c4:0f:37:83:2e:be:78:e8:aa:44:e0:c4:
5d:8c:3e:0a:39:a7:25:90:2f:f9:60:be:4a:07:56:
30:1d:87:1b:45:23:f0:70:bd:39:0e:7b:c2:a2:38:
79:b7:c9:ce:cf:17:af:61:3d:82:b4:66:c3:17:b8:
de:7c:bf:09:5e:bf:e5:e4:3f:06:76:fa:2e:07:bd:
56:5d:9b:e5:44:7c:f9:a6:63:74:4d:ef:67:70:24:
13:68:f9:5a:ea:17:80:41:b3:7f:e1:4a:8b:a8:ef:
88:15:7a:c0:d2:2e:c3:ea:c2:bf:dd:21:03:6f:40:
33:f2:de:78:0b:7c:d7:c6:e7:6e:77:73:3f:67:3e:
fb:0f:a9:84:4b:a8:49:3e:ae:3c:ae:a4:64:b1:1e:
28:7e:e0:94:98:93:2e:4c:82:0c:93:ae:e2:0f:e6:
00:a2:04:57:76:36:bd:52:d3:52:91:b0:8a:b0:e2:
18:53:2d:8e:59:39:b5:d6:9d:4b:cb:fe:61:03:92:
35:97:2f:bb:69:ae:5a:11:46:01:b1:65:85:df:57:
9c:4b:43:48:10:b2:21:2d:6a:3e:9d:a5:72:4a:bb:
5c:09:20:ad:6b:32:00:ed:a8:93:ff:ed:ec:74:ce:
ad:b0:f4:8b:2c:db:02:e6:01:2c:9d:94:f5:1b:5c:
6d:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:DB:DB:4E:2A:49:14:FB:F3:F8:8F:AC:8D:35:58:41:E6:1F:A7:B4
X509v3 Authority Key Identifier:
keyid:19:0E:C7:AA:B2:0F:C4:C8:01:C6:79:63:E5:9E:4F:93:60:0E:40:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GQ7HqrIPxMgBxnlj5Z5Pk2AOQB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/ba3b69-65e5-498e-ba08-dab9b483c123/1/QNvbTipJFPvz-I-sjTVYQeYfp7Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/ba3b69-65e5-498e-ba08-dab9b483c123/1/GQ7HqrIPxMgBxnlj5Z5Pk2AOQB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.7.0.0/21
185.144.224.0/23
IPv6:
2a03:9700::/32
Signature Algorithm: sha256WithRSAEncryption
5e:6f:e6:08:f9:42:05:38:b4:23:25:62:27:81:51:f7:b0:ee:
33:ec:dc:3f:3b:1b:d2:f7:7d:cd:ea:35:3c:63:64:c7:95:07:
14:e9:b8:62:eb:6a:fe:8a:3e:15:fd:e4:9c:03:9f:ca:3f:09:
52:7c:f3:eb:71:10:42:be:7e:84:10:f4:f9:b8:ae:5a:ab:af:
b8:13:27:e5:db:db:32:99:38:8b:33:44:2b:4e:ba:5e:2c:4c:
43:8e:5e:30:db:71:54:3a:11:bc:9e:ec:b9:cb:ca:ac:68:df:
d4:dc:f7:c5:d8:8a:6b:d5:31:8c:d5:46:b3:c3:a1:dc:e1:e3:
14:f3:69:21:35:f2:b8:43:38:0c:bf:78:8c:f3:97:5c:06:dd:
a7:ed:b3:d8:28:0a:6a:d3:4e:7a:ef:f7:fc:8a:1d:01:99:d4:
ea:65:d5:85:dd:d7:42:8d:b5:19:a5:a1:96:2f:57:92:1c:32:
30:9b:cb:5a:75:a8:4a:ce:cc:19:bb:fb:47:34:9b:55:82:90:
53:b6:a8:3f:4b:8b:e5:b3:41:02:0d:7c:4f:a1:5c:df:1b:8e:
f5:85:8d:b8:38:00:b1:47:2e:0b:f0:75:14:fb:f8:26:27:e9:
e6:95:05:b7:ad:a2:26:21:26:0f:b6:2f:54:3e:63:a8:70:d1:
47:9d:1a:e2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGS1hhi9htGwvFpVkLmCXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MGVjN2FhYjIwZmM0YzgwMWM2Nzk2M2U1OWU0ZjkzNjAw
ZTQwMWQwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRiZGI0ZTJhNDkxNGZiZjNmODhmYWM4ZDM1NTg0MWU2MWZhN2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbDEDzeDLr546KpE4MRdjD4KOacl
kC/5YL5KB1YwHYcbRSPwcL05DnvCojh5t8nOzxevYT2CtGbDF7jefL8JXr/l5D8G
dvouB71WXZvlRHz5pmN0Te9ncCQTaPla6heAQbN/4UqLqO+IFXrA0i7D6sK/3SED
b0Az8t54C3zXxudud3M/Zz77D6mES6hJPq48rqRksR4ofuCUmJMuTIIMk67iD+YA
ogRXdja9UtNSkbCKsOIYUy2OWTm11p1Ly/5hA5I1ly+7aa5aEUYBsWWF31ecS0NI
ELIhLWo+naVySrtcCSCtazIA7aiT/+3sdM6tsPSLLNsC5gEsnZT1G1xtMQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEDb204qSRT78/iPrI01WEHmH6e0MB8GA1UdIwQY
MBaAFBkOx6qyD8TIAcZ5Y+WeT5NgDkAdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1E3SHFySVB4TWdCeG5sajVaNVBrMkFPUUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9iYTNiNjktNjVlNS00OThlLWJhMDgt
ZGFiOWI0ODNjMTIzLzEvUU52YlRpcEpGUHZ6LUktc2pUVllRZVlmcDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9iYTNiNjktNjVlNS00OThlLWJhMDgtZGFiOWI0ODNjMTIz
LzEvR1E3SHFySVB4TWdCeG5sajVaNVBrMkFPUUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHwcAAwQB
uZDgMA0EAgACMAcDBQAqA5cAMA0GCSqGSIb3DQEBCwUAA4IBAQBeb+YI+UIFOLQj
JWIngVH3sO4z7Nw/OxvS933N6jU8Y2THlQcU6bhi62r+ij4V/eScA5/KPwlSfPPr
cRBCvn6EEPT5uK5aq6+4Eyfl29symTiLM0QrTrpeLExDjl4w23FUOhG8nuy5y8qs
aN/U3PfF2Ipr1TGM1Uazw6Hc4eMU82khNfK4QzgMv3iM85dcBt2n7bPYKApq0056
7/f8ih0BmdTqZdWF3ddCjbUZpaGWL1eSHDIwm8tadahKzswZu/tHNJtVgpBTtqg/
S4vls0ECDXxPoVzfG471hY24OACxRy4L8HUU+/gmJ+nmlQW3raImISYPti9UPmOo
cNFHnRri
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:35:34 2024 by rpki-client on console-fra.rpki-client.org