Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/TqGaZ21iO7PpNxKcdbTDvHNWI5w.roa
File: TqGaZ21iO7PpNxKcdbTDvHNWI5w.roa (raw, json)
Hash identifier: TA9bnT0BdnbGAPvTvVqQo9iBMjThLUbF7MsSEuMnyLI=
Subject key identifier: 4E:A1:9A:67:6D:62:3B:B3:E9:37:12:9C:75:B4:C3:BC:73:56:23:9C
Certificate issuer: /CN=7b48945b9d716cd47fbde2860d8100fcda987496
Certificate serial: 019424B3934BF5BA95E0033086DD1C792FCB
Authority key identifier: 7B:48:94:5B:9D:71:6C:D4:7F:BD:E2:86:0D:81:00:FC:DA:98:74:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/TqGaZ21iO7PpNxKcdbTDvHNWI5w.roa
Signing time: Thu 02 Jan 2025 01:48:55 +0000
ROA not before: Thu 02 Jan 2025 01:48:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13246
IP address blocks: 95.130.16.0/21 maxlen: 24
95.130.16.0/24 maxlen: 24
95.130.17.0/24 maxlen: 24
95.130.20.0/24 maxlen: 24
95.130.22.0/24 maxlen: 24
185.181.192.0/22 maxlen: 22
185.181.195.0/24 maxlen: 24
2a02:2940::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.mft
rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 10:01:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:93:4b:f5:ba:95:e0:03:30:86:dd:1c:79:2f:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b48945b9d716cd47fbde2860d8100fcda987496
Validity
Not Before: Jan 2 01:48:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4ea19a676d623bb3e937129c75b4c3bc7356239c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:a9:82:aa:b8:6d:61:db:36:b7:fd:b2:f2:93:
9b:e6:b1:ea:69:ca:82:c5:d6:cc:11:d9:09:64:1d:
5c:2f:a4:1e:b2:39:3e:34:1e:6a:3b:13:0f:6a:1b:
e1:0a:c2:0e:96:04:ce:65:10:16:33:64:d6:4c:7c:
b9:6e:ec:94:15:f1:1c:2a:c7:e7:d7:6d:16:a5:b4:
56:4a:63:34:cd:b5:39:cb:ae:83:b6:ba:87:ee:1e:
1c:c3:d5:47:68:78:9e:ce:9e:17:1f:0e:2a:47:c9:
74:6d:80:3e:df:ca:d6:ac:24:ff:b7:3c:68:a1:38:
df:0a:8a:93:2b:d1:57:e8:d5:ad:32:7f:41:14:64:
be:f1:d5:54:80:89:1e:a8:c5:fd:23:da:15:45:62:
1c:6d:74:6e:42:31:6c:db:02:20:1e:64:30:e3:2e:
15:2d:a1:1e:3f:78:0e:04:7f:cc:27:5a:5d:4e:05:
0c:d6:d4:aa:2d:de:b4:cb:20:4e:db:12:3b:26:6c:
7b:c5:aa:6d:36:1e:d1:9a:ca:7f:af:15:0e:51:91:
0f:15:1e:33:6b:98:0d:ce:a4:a5:56:0f:ca:0d:56:
c2:fe:64:c7:5b:4d:42:1f:90:4d:2d:2a:d3:f7:3f:
55:fd:5e:fd:27:b6:fe:34:e7:09:a4:1f:7c:a9:cc:
96:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:A1:9A:67:6D:62:3B:B3:E9:37:12:9C:75:B4:C3:BC:73:56:23:9C
X509v3 Authority Key Identifier:
keyid:7B:48:94:5B:9D:71:6C:D4:7F:BD:E2:86:0D:81:00:FC:DA:98:74:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/TqGaZ21iO7PpNxKcdbTDvHNWI5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.130.16.0/21
185.181.192.0/22
IPv6:
2a02:2940::/32
Signature Algorithm: sha256WithRSAEncryption
89:be:d2:e2:86:e6:3b:bb:83:d7:f9:2e:27:96:6c:e5:8e:b0:
c0:6c:2c:59:75:3c:0d:4a:29:67:38:62:c5:e3:2f:f8:ab:fa:
59:78:54:78:1e:d3:9a:3a:95:5a:d5:e0:11:bf:04:9c:41:9b:
a7:ed:d8:74:6b:e6:bd:d5:15:ec:48:e7:06:96:b8:ab:06:86:
60:f4:6a:1e:83:5b:5b:37:c6:da:27:31:93:7a:32:24:b4:f6:
7a:c9:70:03:05:7a:82:4b:57:0d:74:e0:59:64:d3:a4:15:83:
97:96:62:71:2b:58:08:0f:6c:2c:af:0d:fd:58:83:ba:2e:89:
91:0a:3a:27:33:a1:e1:04:51:84:8b:5a:95:e5:07:b7:df:f2:
92:0d:9a:7a:b3:27:c3:2f:7c:d3:d7:84:78:0e:01:c0:24:f2:
50:89:82:ca:52:a9:02:88:2a:2a:c2:4d:2f:91:8a:06:38:c0:
83:29:03:71:7d:3d:80:25:32:15:d1:02:41:ee:cf:58:67:e8:
aa:5a:fd:41:ea:71:61:d7:8d:7c:d2:1c:57:05:04:e3:4a:c0:
2b:ac:0d:a3:33:63:d2:6d:8e:b1:1e:e7:d1:f6:b1:7f:d0:dc:
e4:93:8e:87:e4:da:bf:f2:44:c6:ce:32:99:ad:bc:05:ab:c2:
5c:86:c7:1e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks5NL9bqV4AMwht0ceS/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNDg5NDViOWQ3MTZjZDQ3ZmJkZTI4NjBkODEwMGZjZGE5
ODc0OTYwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWExOWE2NzZkNjIzYmIzZTkzNzEyOWM3NWI0YzNiYzczNTYyMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qmCqrhtYds2t/2y8pOb5rHqacqC
xdbMEdkJZB1cL6Qesjk+NB5qOxMPahvhCsIOlgTOZRAWM2TWTHy5buyUFfEcKsfn
120WpbRWSmM0zbU5y66DtrqH7h4cw9VHaHiezp4XHw4qR8l0bYA+38rWrCT/tzxo
oTjfCoqTK9FX6NWtMn9BFGS+8dVUgIkeqMX9I9oVRWIcbXRuQjFs2wIgHmQw4y4V
LaEeP3gOBH/MJ1pdTgUM1tSqLd60yyBO2xI7Jmx7xaptNh7Rmsp/rxUOUZEPFR4z
a5gNzqSlVg/KDVbC/mTHW01CH5BNLSrT9z9V/V79J7b+NOcJpB98qcyWswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE6hmmdtYjuz6TcSnHW0w7xzViOcMB8GA1UdIwQY
MBaAFHtIlFudcWzUf73ihg2BAPzamHSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTBpVVc1MXhiTlJfdmVLR0RZRUFfTnFZZEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS81YjZiMDYtOWFmNi00MDI2LWI0N2Mt
NGU4NTg5N2YzMDljLzEvVHFHYVoyMWlPN1BwTnhLY2RiVER2SE5XSTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS81YjZiMDYtOWFmNi00MDI2LWI0N2MtNGU4NTg5N2YzMDlj
LzEvZTBpVVc1MXhiTlJfdmVLR0RZRUFfTnFZZEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4IQAwQC
ubXAMA0EAgACMAcDBQAqAilAMA0GCSqGSIb3DQEBCwUAA4IBAQCJvtLihuY7u4PX
+S4nlmzljrDAbCxZdTwNSilnOGLF4y/4q/pZeFR4HtOaOpVa1eARvwScQZun7dh0
a+a91RXsSOcGlrirBoZg9Goeg1tbN8baJzGTejIktPZ6yXADBXqCS1cNdOBZZNOk
FYOXlmJxK1gID2wsrw39WIO6LomRCjonM6HhBFGEi1qV5Qe33/KSDZp6syfDL3zT
14R4DgHAJPJQiYLKUqkCiCoqwk0vkYoGOMCDKQNxfT2AJTIV0QJB7s9YZ+iqWv1B
6nFh14180hxXBQTjSsArrA2jM2PSbY6xHufR9rF/0Nzkk46H5Nq/8kTGzjKZrbwF
q8Jchsce
-----END CERTIFICATE-----
Generated at Sat Apr 5 15:55:59 2025 by rpki-client