Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/BQLlzRf92AV-wOpCiU3Uf7zFDTE.roa
File: BQLlzRf92AV-wOpCiU3Uf7zFDTE.roa (raw, json)
Hash identifier: ojPLMpm1/7UXMtqHbqCurY3+N3TkMNGJ/j/f6zcsUls=
Subject key identifier: 05:02:E5:CD:17:FD:D8:05:7E:C0:EA:42:89:4D:D4:7F:BC:C5:0D:31
Certificate issuer: /CN=c17cc37f1ed81ac37b20faf0f42c41ab808f13c1
Certificate serial: 01941FFA79603EDCC3D890E10AF9C415B7B5
Authority key identifier: C1:7C:C3:7F:1E:D8:1A:C3:7B:20:FA:F0:F4:2C:41:AB:80:8F:13:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/BQLlzRf92AV-wOpCiU3Uf7zFDTE.roa
Signing time: Wed 01 Jan 2025 03:48:16 +0000
ROA not before: Wed 01 Jan 2025 03:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24634
IP address blocks: 185.7.128.0/22 maxlen: 24
193.188.135.0/24 maxlen: 24
193.188.136.0/24 maxlen: 24
194.126.0.0/19 maxlen: 24
194.126.136.0/21 maxlen: 24
212.36.192.0/19 maxlen: 24
2a00:1590::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/wXzDfx7YGsN7IPrw9CxBq4CPE8E.crl
rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/wXzDfx7YGsN7IPrw9CxBq4CPE8E.mft
rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:28:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:79:60:3e:dc:c3:d8:90:e1:0a:f9:c4:15:b7:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c17cc37f1ed81ac37b20faf0f42c41ab808f13c1
Validity
Not Before: Jan 1 03:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0502e5cd17fdd8057ec0ea42894dd47fbcc50d31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:ba:a2:dd:e7:30:99:60:5f:8c:91:6b:f0:83:
91:59:9e:01:96:fa:89:b5:c5:0c:27:90:37:62:56:
f0:3e:1c:49:0e:b5:c6:f1:5b:cb:58:4b:fb:01:6d:
c8:94:04:51:1b:e3:b2:d4:a4:f9:f0:b5:2f:b0:b7:
7a:17:4e:dd:ee:42:e8:f9:f2:e7:cb:6f:f2:7a:7d:
02:75:34:06:bd:0a:88:bf:43:9e:22:b9:d9:3c:44:
ee:a4:0f:04:60:78:9a:d3:f3:42:0f:0d:a4:1a:07:
75:0a:76:eb:3d:2e:6a:81:45:92:99:3d:f5:5c:1a:
cc:c8:fa:68:32:3a:95:0e:3e:f9:75:82:dd:33:5a:
ed:9d:c9:0f:f8:93:49:2b:28:6d:ad:cf:4d:cf:52:
51:cc:bd:7a:dc:4e:05:c7:6e:68:8c:df:28:c7:db:
cf:a7:0b:ff:f4:4f:14:84:7d:d3:33:84:24:22:f9:
52:c8:32:4c:01:5b:6c:cc:fe:f1:6d:60:e4:1a:c5:
fd:58:0f:8e:37:f6:2d:ae:23:96:b8:bd:88:f9:cd:
ae:0e:f0:c8:56:fb:1b:c9:59:ce:a3:4f:73:e4:ee:
f3:77:80:9a:ab:f4:11:7a:81:c6:51:1b:4b:c8:d6:
0c:b0:76:52:da:e4:95:1f:e3:e9:1c:c2:25:a4:dd:
8b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:02:E5:CD:17:FD:D8:05:7E:C0:EA:42:89:4D:D4:7F:BC:C5:0D:31
X509v3 Authority Key Identifier:
keyid:C1:7C:C3:7F:1E:D8:1A:C3:7B:20:FA:F0:F4:2C:41:AB:80:8F:13:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/BQLlzRf92AV-wOpCiU3Uf7zFDTE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/wXzDfx7YGsN7IPrw9CxBq4CPE8E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.7.128.0/22
193.188.135.0-193.188.136.255
194.126.0.0/19
194.126.136.0/21
212.36.192.0/19
IPv6:
2a00:1590::/32
Signature Algorithm: sha256WithRSAEncryption
98:39:7e:bc:92:18:67:53:7a:fe:ed:50:32:65:be:42:65:b3:
ce:f7:8c:0d:92:d0:03:29:31:b7:22:88:9f:0b:23:fa:f9:6c:
e3:04:a7:23:d3:38:4a:dd:6b:12:1c:68:e9:4d:f4:33:d6:36:
7a:47:ed:0d:f7:c9:21:47:26:bb:be:cb:52:d6:75:fd:3b:96:
07:a7:ed:ee:1b:02:b8:8b:0d:e5:7a:f1:92:c5:b0:dc:24:8d:
ad:ba:30:3a:ba:41:44:dc:cf:6f:6a:d3:2c:ce:2d:73:f1:73:
fd:fa:0b:23:ef:92:e8:b3:1e:f4:48:f1:0e:2f:55:01:87:28:
c7:17:59:43:9c:70:c7:5c:68:62:cf:53:dd:71:cc:0d:a0:fb:
12:2b:7a:c9:44:0a:11:8b:be:cc:df:5b:8c:18:1b:67:f7:9c:
1e:88:71:ce:0c:28:9c:91:0b:c2:69:7e:49:fe:90:4a:86:e2:
ad:5a:79:4e:21:53:df:8a:80:9d:32:e2:bd:f1:99:6d:4a:0e:
6c:1a:b4:1d:d5:bc:0e:6c:ca:dc:e1:ab:3f:f4:92:be:10:ce:
8d:e0:85:7e:ce:33:06:6f:e7:44:32:92:44:2d:96:3b:39:04:
b4:bf:ca:b9:3b:5c:96:b5:5c:de:9b:6b:29:32:ff:eb:ec:f0:
7b:4d:fd:71
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZQf+nlgPtzD2JDhCvnEFbe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxN2NjMzdmMWVkODFhYzM3YjIwZmFmMGY0MmM0MWFiODA4
ZjEzYzEwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAyZTVjZDE3ZmRkODA1N2VjMGVhNDI4OTRkZDQ3ZmJjYzUwZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rqi3ecwmWBfjJFr8IORWZ4BlvqJ
tcUMJ5A3YlbwPhxJDrXG8VvLWEv7AW3IlARRG+Oy1KT58LUvsLd6F07d7kLo+fLn
y2/yen0CdTQGvQqIv0OeIrnZPETupA8EYHia0/NCDw2kGgd1CnbrPS5qgUWSmT31
XBrMyPpoMjqVDj75dYLdM1rtnckP+JNJKyhtrc9Nz1JRzL163E4Fx25ojN8ox9vP
pwv/9E8UhH3TM4QkIvlSyDJMAVtszP7xbWDkGsX9WA+ON/YtriOWuL2I+c2uDvDI
VvsbyVnOo09z5O7zd4Caq/QReoHGURtLyNYMsHZS2uSVH+PpHMIlpN2LHQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFAUC5c0X/dgFfsDqQolN1H+8xQ0xMB8GA1UdIwQY
MBaAFMF8w38e2BrDeyD68PQsQauAjxPBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1h6RGZ4N1lHc043SVBydzlDeEJxNENQRThFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iMTBlMDYtMjU3Yy00OTk1LTg3OWQt
NmQwN2Q3ZjFhNzAxLzEvQlFMbHpSZjkyQVYtd09wQ2lVM1VmN3pGRFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iMTBlMDYtMjU3Yy00OTk1LTg3OWQtNmQwN2Q3ZjFhNzAx
LzEvd1h6RGZ4N1lHc043SVBydzlDeEJxNENQRThFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQCuQeAMAwD
BADBvIcDBADBvIgDBAXCfgADBAPCfogDBAXUJMAwDQQCAAIwBwMFACoAFZAwDQYJ
KoZIhvcNAQELBQADggEBAJg5frySGGdTev7tUDJlvkJls873jA2S0AMpMbciiJ8L
I/r5bOMEpyPTOErdaxIcaOlN9DPWNnpH7Q33ySFHJru+y1LWdf07lgen7e4bAriL
DeV68ZLFsNwkja26MDq6QUTcz29q0yzOLXPxc/36CyPvkuizHvRI8Q4vVQGHKMcX
WUOccMdcaGLPU91xzA2g+xIreslEChGLvszfW4wYG2f3nB6Icc4MKJyRC8Jpfkn+
kEqG4q1aeU4hU9+KgJ0y4r3xmW1KDmwatB3VvA5sytzhqz/0kr4Qzo3ghX7OMwZv
50QykkQtljs5BLS/yrk7XJa1XN6bayky/+vs8HtN/XE=
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:29:44 2025 by rpki-client