Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/QBb9KaF0cIXBem__XFHTxdHk0-g.roa
File: QBb9KaF0cIXBem__XFHTxdHk0-g.roa (raw, json)
Hash identifier: /YyDhbAPnvtDPEPid9fWMtl8pnQeWOykKx8WROxiL+M=
Subject key identifier: 40:16:FD:29:A1:74:70:85:C1:7A:6F:FF:5C:51:D3:C5:D1:E4:D3:E8
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 019424448CED010F7DC64298A864AD3C90FD
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/QBb9KaF0cIXBem__XFHTxdHk0-g.roa
Signing time: Wed 01 Jan 2025 23:47:39 +0000
ROA not before: Wed 01 Jan 2025 23:47:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47223
IP address blocks: 91.106.24.0/23 maxlen: 23
91.106.26.0/23 maxlen: 23
91.106.30.0/23 maxlen: 23
94.240.0.0/24 maxlen: 24
94.240.1.0/24 maxlen: 24
94.240.2.0/24 maxlen: 24
94.240.3.0/24 maxlen: 24
94.240.7.0/24 maxlen: 24
94.240.23.0/24 maxlen: 24
94.240.32.0/21 maxlen: 21
94.240.34.0/24 maxlen: 24
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.50.0/24 maxlen: 24
94.240.62.0/23 maxlen: 23
94.240.63.0/24 maxlen: 24
185.139.16.0/22 maxlen: 22
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 17:00:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:8c:ed:01:0f:7d:c6:42:98:a8:64:ad:3c:90:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Jan 1 23:47:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4016fd29a1747085c17a6fff5c51d3c5d1e4d3e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:36:16:d1:e6:6d:35:ac:32:21:d3:ab:2c:80:
ed:b7:bd:d7:df:85:22:ca:40:04:e4:a5:d6:d5:d2:
40:2f:83:c7:e2:84:09:33:25:fb:12:f0:7d:0e:1d:
94:b2:d9:f4:97:7f:72:15:3c:49:c0:dd:97:be:64:
4e:d8:b7:ec:02:d3:1f:1e:d3:5e:ca:63:d2:e6:14:
9a:89:48:18:e4:d9:20:45:61:43:58:26:f9:54:7d:
52:ee:b5:3e:80:f4:b8:4d:dd:6b:64:0b:f4:9d:4a:
f8:1c:ef:0e:89:89:0d:9e:e6:0b:3a:e0:ba:13:e4:
ab:1b:3c:cb:8c:b2:03:64:96:17:f3:e2:67:4c:10:
30:33:37:63:b2:9e:8c:fc:e6:e4:20:06:f0:4d:8a:
ef:8d:e2:3d:79:f2:ee:8d:80:72:09:fc:66:91:bf:
88:70:96:80:66:90:31:6e:f2:dc:1d:e6:4b:5b:7d:
35:9b:f8:d3:29:de:7b:b8:b6:27:f0:60:d4:da:2b:
31:ca:e6:f9:46:84:db:8c:78:f9:6c:c3:3a:f6:57:
2a:47:ea:13:33:9e:d1:4e:c1:87:b7:c8:21:57:66:
0a:7f:8b:4a:f4:4a:fe:11:92:24:35:16:92:cb:22:
00:e4:48:34:ed:6c:c7:7b:19:04:90:52:8a:6b:ed:
95:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:16:FD:29:A1:74:70:85:C1:7A:6F:FF:5C:51:D3:C5:D1:E4:D3:E8
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/QBb9KaF0cIXBem__XFHTxdHk0-g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0/22
94.240.7.0/24
94.240.23.0/24
94.240.32.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.51.255
94.240.62.0/23
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
3b:3c:31:1a:97:20:19:c3:d1:cb:b5:63:22:98:2b:8a:89:2f:
d9:52:87:18:5f:8c:50:22:95:14:6d:41:aa:19:63:7f:7d:5a:
a9:d6:39:43:0f:7b:8f:42:98:f4:83:9f:3a:16:c2:05:fa:05:
20:e6:4e:29:d6:20:4c:57:80:63:a7:f3:94:ed:b4:03:44:fd:
2a:de:6e:6c:04:04:07:a9:79:d8:cd:7e:a6:9d:41:5a:34:2e:
ea:5c:09:d8:9c:cb:49:ad:77:1e:53:e9:91:0c:48:af:f9:fa:
d4:4d:e9:e2:3a:55:21:30:0c:7c:d5:2b:ed:5b:d1:61:d3:e9:
8f:85:ee:a7:8b:b1:56:c3:13:2f:35:dd:10:89:8d:3f:78:09:
ef:ef:00:ac:b0:97:8e:ed:df:ce:53:23:71:58:3f:e8:77:62:
99:04:7a:68:09:b7:b7:b8:8e:8f:f0:e5:06:80:f8:57:dd:13:
24:cf:17:e6:47:3e:90:61:3e:4e:88:2b:4c:0e:d8:a0:e1:23:
54:62:32:04:bf:94:7e:2d:c8:63:89:e1:ad:8b:77:27:96:f1:
c3:cb:f7:d8:d7:9f:3a:6e:71:ce:2f:28:50:5e:a5:03:95:1a:
4c:01:a1:4d:39:80:69:70:98:c5:b0:b0:30:91:84:6d:5c:7b:
21:9f:de:3e
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAZQkRIztAQ99xkKYqGStPJD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjUwMTAxMjM0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE2ZmQyOWExNzQ3MDg1YzE3YTZmZmY1YzUxZDNjNWQxZTRkM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDYW0eZtNawyIdOrLIDtt73X34Ui
ykAE5KXW1dJAL4PH4oQJMyX7EvB9Dh2Ustn0l39yFTxJwN2XvmRO2LfsAtMfHtNe
ymPS5hSaiUgY5NkgRWFDWCb5VH1S7rU+gPS4Td1rZAv0nUr4HO8OiYkNnuYLOuC6
E+SrGzzLjLIDZJYX8+JnTBAwMzdjsp6M/ObkIAbwTYrvjeI9efLujYByCfxmkb+I
cJaAZpAxbvLcHeZLW301m/jTKd57uLYn8GDU2isxyub5RoTbjHj5bMM69lcqR+oT
M57RTsGHt8ghV2YKf4tK9Er+EZIkNRaSyyIA5Eg07WzHexkEkFKKa+2VPQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFEAW/SmhdHCFwXpv/1xR08XR5NPoMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvUUJiOUthRjBjSVhCZW1fX1hGSFR4ZEhrMC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQCW2oYAwQB
W2oeAwQCXvAAAwQAXvAHAwQAXvAXMAwDBAVe8CADBABe8CgDBABe8CowDAMEAl7w
LAMEAl7wMAMEAV7wPgMEArmLEAMEAcKYLjANBAIAAjAHAwUAKgFugDANBgkqhkiG
9w0BAQsFAAOCAQEAOzwxGpcgGcPRy7VjIpgriokv2VKHGF+MUCKVFG1Bqhljf31a
qdY5Qw97j0KY9IOfOhbCBfoFIOZOKdYgTFeAY6fzlO20A0T9Kt5ubAQEB6l52M1+
pp1BWjQu6lwJ2JzLSa13HlPpkQxIr/n61E3p4jpVITAMfNUr7VvRYdPpj4Xup4ux
VsMTLzXdEImNP3gJ7+8ArLCXju3fzlMjcVg/6HdimQR6aAm3t7iOj/DlBoD4V90T
JM8X5kc+kGE+TogrTA7YoOEjVGIyBL+Ufi3IY4nhrYt3J5bxw8v32NefOm5xzi8o
UF6lA5UaTAGhTTmAaXCYxbCwMJGEbVx7IZ/ePg==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:38:58 2025 by rpki-client