Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/d4fc4c-4815-4e56-bf73-4a6ace26b972/1/QU8GopeOlHwkTprCT-S3aTgX93c.roa
File: QU8GopeOlHwkTprCT-S3aTgX93c.roa (raw, json)
Hash identifier: wdEn+nBxYgSylw1Zt9va3XXWns8S/pGLaLLxEZ/5irY=
Subject key identifier: 41:4F:06:A2:97:8E:94:7C:24:4E:9A:C2:4F:E4:B7:69:38:17:F7:77
Certificate issuer: /CN=a0d922e2fe24bd2cda793a2aadc13362500cd9b1
Certificate serial: 019425FC364E757D4B3F4DFB9F11CC1CCB7B
Authority key identifier: A0:D9:22:E2:FE:24:BD:2C:DA:79:3A:2A:AD:C1:33:62:50:0C:D9:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oNki4v4kvSzaeToqrcEzYlAM2bE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/d4fc4c-4815-4e56-bf73-4a6ace26b972/1/QU8GopeOlHwkTprCT-S3aTgX93c.roa
Signing time: Thu 02 Jan 2025 07:47:53 +0000
ROA not before: Thu 02 Jan 2025 07:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207878
IP address blocks: 95.215.172.0/24 maxlen: 24
160.20.229.0/24 maxlen: 24
160.238.21.0/24 maxlen: 24
176.110.101.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/d4fc4c-4815-4e56-bf73-4a6ace26b972/1/oNki4v4kvSzaeToqrcEzYlAM2bE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/d4fc4c-4815-4e56-bf73-4a6ace26b972/1/oNki4v4kvSzaeToqrcEzYlAM2bE.mft
rsync://rpki.ripe.net/repository/DEFAULT/oNki4v4kvSzaeToqrcEzYlAM2bE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 01:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:36:4e:75:7d:4b:3f:4d:fb:9f:11:cc:1c:cb:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0d922e2fe24bd2cda793a2aadc13362500cd9b1
Validity
Not Before: Jan 2 07:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=414f06a2978e947c244e9ac24fe4b7693817f777
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:46:67:13:3d:1c:4c:10:f1:85:a2:53:04:11:
a1:54:c3:f4:cb:8a:13:51:45:6b:69:1e:63:72:45:
61:1d:6f:47:f9:6f:ce:a1:30:b0:72:a3:e6:ab:fd:
e3:57:38:c3:54:13:c9:c6:89:0d:31:c5:44:28:63:
ab:e1:dd:29:9d:67:47:af:43:73:90:9b:dc:77:d6:
96:78:9c:d0:a0:eb:f1:40:5d:32:60:b5:68:4d:0d:
1b:10:ca:55:30:72:24:0c:d6:e1:ed:4e:a5:a1:3a:
c3:a5:cf:f4:ef:c7:0e:fd:d5:37:a9:2a:0a:b5:e3:
36:18:ae:5f:7a:56:20:17:6d:d2:90:1d:bc:a7:3c:
be:92:9b:f1:d4:8d:68:eb:e9:b4:49:e0:e5:f1:86:
2c:57:97:04:d1:9d:5a:d3:84:46:3c:48:f6:74:9f:
ee:08:63:d9:7e:d7:eb:1f:84:61:f7:b9:d1:a2:ab:
fe:de:ea:b7:b3:3f:5e:89:83:3d:53:88:f7:89:99:
10:a4:8e:cb:c2:61:3e:fc:3a:03:dc:7e:fb:88:db:
70:01:c3:25:25:25:97:34:0c:d0:bc:9b:20:94:4d:
91:2a:f8:75:73:cc:5a:dc:b5:d9:70:f1:f0:d5:f2:
5e:0c:f5:db:57:50:59:53:41:61:46:93:89:04:9e:
2b:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:4F:06:A2:97:8E:94:7C:24:4E:9A:C2:4F:E4:B7:69:38:17:F7:77
X509v3 Authority Key Identifier:
keyid:A0:D9:22:E2:FE:24:BD:2C:DA:79:3A:2A:AD:C1:33:62:50:0C:D9:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNki4v4kvSzaeToqrcEzYlAM2bE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/d4fc4c-4815-4e56-bf73-4a6ace26b972/1/QU8GopeOlHwkTprCT-S3aTgX93c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/d4fc4c-4815-4e56-bf73-4a6ace26b972/1/oNki4v4kvSzaeToqrcEzYlAM2bE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.215.172.0/24
160.20.229.0/24
160.238.21.0/24
176.110.101.0/24
Signature Algorithm: sha256WithRSAEncryption
90:85:49:f5:c3:74:47:e2:f8:82:29:80:6b:de:36:f2:da:d1:
e9:83:c0:54:d6:27:95:27:c5:0c:27:d6:25:bc:3d:b6:ae:2c:
74:25:08:1b:28:30:69:61:97:34:9d:3d:2b:ed:96:70:34:a3:
f0:c5:f8:d2:d7:96:54:62:1f:86:1d:82:24:27:fc:f4:30:85:
92:74:c2:b5:37:65:dc:8d:61:91:fd:5d:c4:43:f6:c9:32:cb:
d2:21:ff:72:bf:4f:83:16:bc:63:6b:92:db:51:d9:69:73:5a:
c8:6a:af:6c:b6:74:7f:7b:2d:32:d3:03:fb:7e:2c:66:e2:e0:
79:ec:b5:a2:e3:70:69:79:a5:53:44:23:93:74:b3:f4:e4:1b:
a6:87:42:f7:a0:b3:a7:e9:6e:1c:11:b0:ad:9c:e4:2e:f8:c6:
5c:fa:ce:4e:18:7a:b9:43:1b:ba:b0:c5:08:72:01:88:4d:1d:
4f:f6:bd:d8:01:09:9e:f1:fd:76:a2:ad:b9:62:b5:3e:a5:a1:
48:fa:04:cc:6e:76:5c:c3:c3:0f:1e:83:a9:e4:45:1e:d5:8a:
c8:7b:bb:23:43:8e:9e:0c:3d:41:27:d5:2e:03:38:32:89:47:
4a:ef:3d:a5:0d:ab:d7:ce:05:37:50:01:fb:ae:27:9a:aa:e4:
18:6b:2c:9d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQl/DZOdX1LP037nxHMHMt7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZDkyMmUyZmUyNGJkMmNkYTc5M2EyYWFkYzEzMzYyNTAw
Y2Q5YjEwHhcNMjUwMTAyMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTRmMDZhMjk3OGU5NDdjMjQ0ZTlhYzI0ZmU0Yjc2OTM4MTdmNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EZnEz0cTBDxhaJTBBGhVMP0y4oT
UUVraR5jckVhHW9H+W/OoTCwcqPmq/3jVzjDVBPJxokNMcVEKGOr4d0pnWdHr0Nz
kJvcd9aWeJzQoOvxQF0yYLVoTQ0bEMpVMHIkDNbh7U6loTrDpc/078cO/dU3qSoK
teM2GK5felYgF23SkB28pzy+kpvx1I1o6+m0SeDl8YYsV5cE0Z1a04RGPEj2dJ/u
CGPZftfrH4Rh97nRoqv+3uq3sz9eiYM9U4j3iZkQpI7LwmE+/DoD3H77iNtwAcMl
JSWXNAzQvJsglE2RKvh1c8xa3LXZcPHw1fJeDPXbV1BZU0FhRpOJBJ4rIwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEFPBqKXjpR8JE6awk/kt2k4F/d3MB8GA1UdIwQY
MBaAFKDZIuL+JL0s2nk6Kq3BM2JQDNmxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb05raTR2NGt2U3phZVRvcXJjRXpZbEFNMmJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9kNGZjNGMtNDgxNS00ZTU2LWJmNzMt
NGE2YWNlMjZiOTcyLzEvUVU4R29wZU9sSHdrVHByQ1QtUzNhVGdYOTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9kNGZjNGMtNDgxNS00ZTU2LWJmNzMtNGE2YWNlMjZiOTcy
LzEvb05raTR2NGt2U3phZVRvcXJjRXpZbEFNMmJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX9esAwQA
oBTlAwQAoO4VAwQAsG5lMA0GCSqGSIb3DQEBCwUAA4IBAQCQhUn1w3RH4viCKYBr
3jby2tHpg8BU1ieVJ8UMJ9YlvD22rix0JQgbKDBpYZc0nT0r7ZZwNKPwxfjS15ZU
Yh+GHYIkJ/z0MIWSdMK1N2XcjWGR/V3EQ/bJMsvSIf9yv0+DFrxja5LbUdlpc1rI
aq9stnR/ey0y0wP7fixm4uB57LWi43BpeaVTRCOTdLP05Bumh0L3oLOn6W4cEbCt
nOQu+MZc+s5OGHq5Qxu6sMUIcgGITR1P9r3YAQme8f12oq25YrU+paFI+gTMbnZc
w8MPHoOp5EUe1YrIe7sjQ46eDD1BJ9UuAzgyiUdK7z2lDavXzgU3UAH7rieaquQY
ayyd
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:43:58 2025 by rpki-client