Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/QhX-bY8Pyu0IVpXlU-objdMMYgU.roa
File: QhX-bY8Pyu0IVpXlU-objdMMYgU.roa (raw, json)
Hash identifier: AtV/TPeQmqPYNR6TwwiivnQLG1K0ZguaxSrJsKzoymM=
Subject key identifier: 42:15:FE:6D:8F:0F:CA:ED:08:56:95:E5:53:EA:1B:8D:D3:0C:62:05
Certificate issuer: /CN=eab476f677cd0c3298d2811e60f48e1b29b3afef
Certificate serial: 019421B188C3D193A8F88C36C1DAE747702B
Authority key identifier: EA:B4:76:F6:77:CD:0C:32:98:D2:81:1E:60:F4:8E:1B:29:B3:AF:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/QhX-bY8Pyu0IVpXlU-objdMMYgU.roa
Signing time: Wed 01 Jan 2025 11:47:50 +0000
ROA not before: Wed 01 Jan 2025 11:47:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47176
IP address blocks: 93.190.72.0/21 maxlen: 21
93.190.75.0/24 maxlen: 24
185.70.48.0/22 maxlen: 22
185.70.48.0/24 maxlen: 24
2a05:2740::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.mft
rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 20 Apr 2025 20:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:88:c3:d1:93:a8:f8:8c:36:c1:da:e7:47:70:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eab476f677cd0c3298d2811e60f48e1b29b3afef
Validity
Not Before: Jan 1 11:47:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4215fe6d8f0fcaed085695e553ea1b8dd30c6205
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:43:11:48:e4:3c:fb:5b:14:22:bf:eb:cd:dd:
04:d5:dc:08:67:c1:e4:ab:fd:cb:1f:ae:31:3c:5f:
d7:a4:4f:2a:90:5a:6c:ab:26:4f:b3:fb:7b:d5:e5:
ba:0f:c0:10:9e:88:38:59:7d:3a:05:20:ac:6b:66:
9f:33:77:95:ae:00:ba:ce:7b:2e:fd:0d:e6:b9:f4:
62:55:22:86:00:29:0c:6b:95:c7:82:47:cf:e8:16:
a9:6e:17:8b:9b:3a:e1:1d:9c:7a:5c:19:3f:0b:3d:
10:46:62:b9:35:01:e6:52:cf:02:92:81:aa:01:b1:
5b:ec:bd:d4:a6:2c:07:e8:84:b0:e1:8b:0e:dd:83:
2b:1e:b5:de:0a:96:7a:41:fd:8b:b9:cd:d5:f3:86:
41:9b:89:e6:e8:f7:66:24:61:46:a6:f4:ce:fb:51:
e6:85:36:55:07:3f:55:54:28:fe:79:34:89:9a:e2:
89:1c:01:4b:4f:78:46:58:a6:32:45:f5:86:4e:e3:
2b:11:7f:98:33:23:df:31:2c:06:53:c3:8c:12:54:
bb:5e:ec:ac:77:b6:70:25:f6:5a:67:e3:37:f1:e4:
e5:38:26:ef:46:42:18:1d:91:c2:4b:25:17:14:88:
9c:0d:ab:d8:d7:3c:fa:3b:16:6d:e6:25:9e:88:67:
34:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:15:FE:6D:8F:0F:CA:ED:08:56:95:E5:53:EA:1B:8D:D3:0C:62:05
X509v3 Authority Key Identifier:
keyid:EA:B4:76:F6:77:CD:0C:32:98:D2:81:1E:60:F4:8E:1B:29:B3:AF:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/QhX-bY8Pyu0IVpXlU-objdMMYgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.190.72.0/21
185.70.48.0/22
IPv6:
2a05:2740::/29
Signature Algorithm: sha256WithRSAEncryption
80:e9:be:f6:b9:be:5d:29:59:36:fd:93:30:2b:a0:23:f7:91:
bd:2a:be:84:4c:24:ba:25:bb:19:b0:f4:02:85:a0:b4:f9:f1:
15:dc:53:27:c5:45:bd:0f:6a:d2:4f:af:9c:3d:da:0b:af:0a:
7b:ea:e2:ee:26:0c:1e:09:48:12:00:91:ab:6c:72:cc:52:36:
ab:5e:2e:bb:f9:13:d3:ab:08:4b:74:99:2d:8d:ad:98:85:f2:
f3:49:98:54:e2:8c:25:34:d8:37:95:fe:cf:cf:ee:83:fd:1b:
92:fc:be:c1:bd:52:70:1f:70:49:ff:3a:1d:03:e5:04:b1:28:
c2:bd:24:87:be:d5:af:02:d3:88:e6:c6:3a:af:6a:84:69:29:
39:3e:b2:31:ad:89:f0:11:6e:19:01:16:79:6e:0c:20:2f:ec:
5a:18:7a:0f:15:38:67:3b:98:8a:8b:9d:cc:f3:7a:82:8e:db:
22:3b:60:8b:7d:ce:5d:97:ac:28:1c:f2:2c:b3:ed:30:35:0b:
c9:2a:1e:be:ec:45:5b:fa:43:25:9c:ec:58:23:2f:5c:9f:60:
2f:e9:c0:4a:e2:b7:e0:3c:43:d6:88:64:74:8f:e5:0b:91:6b:
52:84:62:98:ca:f8:c0:3f:b1:51:59:99:dc:37:2d:7d:43:9b:
59:23:d9:ad
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsYjD0ZOo+Iw2wdrnR3ArMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjQ3NmY2NzdjZDBjMzI5OGQyODExZTYwZjQ4ZTFiMjli
M2FmZWYwHhcNMjUwMTAxMTE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE1ZmU2ZDhmMGZjYWVkMDg1Njk1ZTU1M2VhMWI4ZGQzMGM2MjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0MRSOQ8+1sUIr/rzd0E1dwIZ8Hk
q/3LH64xPF/XpE8qkFpsqyZPs/t71eW6D8AQnog4WX06BSCsa2afM3eVrgC6znsu
/Q3mufRiVSKGACkMa5XHgkfP6BapbheLmzrhHZx6XBk/Cz0QRmK5NQHmUs8CkoGq
AbFb7L3UpiwH6ISw4YsO3YMrHrXeCpZ6Qf2Luc3V84ZBm4nm6PdmJGFGpvTO+1Hm
hTZVBz9VVCj+eTSJmuKJHAFLT3hGWKYyRfWGTuMrEX+YMyPfMSwGU8OMElS7Xuys
d7ZwJfZaZ+M38eTlOCbvRkIYHZHCSyUXFIicDavY1zz6OxZt5iWeiGc0ZQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEIV/m2PD8rtCFaV5VPqG43TDGIFMB8GA1UdIwQY
MBaAFOq0dvZ3zQwymNKBHmD0jhsps6/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJSMjluZk5EREtZMG9FZVlQU09HeW16ci04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82NTdhOTItNjIyMC00NDI1LTg4OTkt
MDdmMTk1MGQ4ODk0LzEvUWhYLWJZOFB5dTBJVnBYbFUtb2JqZE1NWWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82NTdhOTItNjIyMC00NDI1LTg4OTktMDdmMTk1MGQ4ODk0
LzEvNnJSMjluZk5EREtZMG9FZVlQU09HeW16ci04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXb5IAwQC
uUYwMA0EAgACMAcDBQMqBSdAMA0GCSqGSIb3DQEBCwUAA4IBAQCA6b72ub5dKVk2
/ZMwK6Aj95G9Kr6ETCS6JbsZsPQChaC0+fEV3FMnxUW9D2rST6+cPdoLrwp76uLu
JgweCUgSAJGrbHLMUjarXi67+RPTqwhLdJktja2YhfLzSZhU4owlNNg3lf7Pz+6D
/RuS/L7BvVJwH3BJ/zodA+UEsSjCvSSHvtWvAtOI5sY6r2qEaSk5PrIxrYnwEW4Z
ARZ5bgwgL+xaGHoPFThnO5iKi53M83qCjtsiO2CLfc5dl6woHPIss+0wNQvJKh6+
7EVb+kMlnOxYIy9cn2Av6cBK4rfgPEPWiGR0j+ULkWtShGKYyvjAP7FRWZncNy19
Q5tZI9mt
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:12:30 2025 by rpki-client