Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/d-qbaMTmjmh4iD3R9hdV1XjgLNU.roa
File: d-qbaMTmjmh4iD3R9hdV1XjgLNU.roa (raw, json)
Hash identifier: hbQD/FXZiapXvOA1P9vcBFCW6IVZTR+HRJ6Ebhj49lM=
Subject key identifier: 77:EA:9B:68:C4:E6:8E:68:78:88:3D:D1:F6:17:55:D5:78:E0:2C:D5
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 018CC348AF85981C10E3740A2E6788766FF8
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/d-qbaMTmjmh4iD3R9hdV1XjgLNU.roa
Signing time: Mon 01 Jan 2024 04:29:29 +0000
ROA not before: Mon 01 Jan 2024 04:29:29 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203985
IP address blocks: 94.240.29.0/24 maxlen: 24
94.240.30.0/24 maxlen: 24
94.240.31.0/24 maxlen: 24
94.240.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 05:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:af:85:98:1c:10:e3:74:0a:2e:67:88:76:6f:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Jan 1 04:29:29 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=77ea9b68c4e68e6878883dd1f61755d578e02cd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:18:05:b5:ec:d4:27:9c:97:97:c0:f3:41:68:
36:65:7a:4c:40:dd:2b:fb:e8:68:e8:d0:cd:a3:36:
af:41:6b:89:56:eb:f8:69:7e:2c:85:8b:21:5f:ec:
17:7a:84:8e:ca:b6:01:d5:32:af:96:8b:81:96:ec:
0a:d5:59:bd:91:22:fc:76:bd:b7:9a:06:a1:bb:18:
a5:25:4e:d5:8a:64:4b:5d:9a:80:e8:8b:31:21:ea:
86:6e:dc:ef:37:fa:f2:9c:a3:cf:31:fe:aa:a0:11:
17:24:af:e6:61:3f:cf:50:9d:b0:d5:a0:ad:5f:73:
49:b7:ab:43:b2:7a:46:d5:b6:17:07:81:a6:63:6a:
cd:f5:26:0d:f5:0b:c2:48:21:56:6d:c1:5c:60:d4:
f4:c6:32:76:0a:32:31:ed:22:16:77:3a:c5:fc:46:
84:ef:9b:e5:c5:40:99:ec:d6:60:b9:d9:57:a6:fd:
e5:c2:87:e2:9a:ee:be:e1:67:4f:8b:e2:6b:e4:0c:
9e:c4:df:33:64:8e:94:d5:3f:4a:22:0e:43:51:32:
d0:01:40:73:c8:18:6f:77:4d:8f:13:1d:ef:22:66:
de:b5:e0:52:57:8a:18:28:5f:3f:c3:be:3f:89:f4:
60:af:a2:5f:73:c8:18:95:5a:c3:e5:a0:44:23:63:
2f:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:EA:9B:68:C4:E6:8E:68:78:88:3D:D1:F6:17:55:D5:78:E0:2C:D5
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/d-qbaMTmjmh4iD3R9hdV1XjgLNU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.240.28.0/22
Signature Algorithm: sha256WithRSAEncryption
41:0f:e5:7e:f4:2b:bc:65:47:50:f5:2e:eb:e0:30:7d:7f:11:
5e:b2:4d:60:8e:d7:ae:67:47:39:87:0c:42:c1:80:37:5f:e2:
fc:71:89:23:38:fa:e8:99:f8:14:b7:24:53:61:17:11:2f:f6:
6d:9d:b4:17:07:0d:30:c9:85:c9:a9:9b:85:bf:af:cd:19:3e:
a0:38:b7:f0:9b:c6:43:6b:a4:f4:f8:e9:fc:85:27:72:c8:65:
93:de:7d:d6:4b:c2:ad:b4:65:88:91:1c:42:91:af:41:ea:53:
ef:01:3c:4e:f7:24:00:21:25:26:7d:f1:c5:99:d9:84:b8:47:
ef:5d:1d:e4:e9:7d:28:8a:94:e4:af:fb:6a:41:65:65:69:ac:
93:f0:33:08:80:3c:c6:5b:1a:8b:89:15:e0:42:44:d2:34:34:
72:5e:3a:6a:40:4c:85:c6:eb:03:00:c4:2d:13:db:2a:a5:48:
2a:49:2c:e4:35:63:d2:92:7c:cb:23:25:5f:76:89:04:4b:0b:
7b:11:1c:2c:8c:90:3c:85:fc:6d:7c:68:9e:06:29:ce:5f:69:
1d:56:22:f8:db:73:02:9d:79:1a:44:d6:9b:c6:5c:de:3f:01:
0d:17:50:05:27:63:18:2b:e1:01:44:da:39:22:2a:eb:e8:2f:
75:5a:ec:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSK+FmBwQ43QKLmeIdm/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VhOWI2OGM0ZTY4ZTY4Nzg4ODNkZDFmNjE3NTVkNTc4ZTAyY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixgFtezUJ5yXl8DzQWg2ZXpMQN0r
++ho6NDNozavQWuJVuv4aX4shYshX+wXeoSOyrYB1TKvlouBluwK1Vm9kSL8dr23
mgahuxilJU7VimRLXZqA6IsxIeqGbtzvN/rynKPPMf6qoBEXJK/mYT/PUJ2w1aCt
X3NJt6tDsnpG1bYXB4GmY2rN9SYN9QvCSCFWbcFcYNT0xjJ2CjIx7SIWdzrF/EaE
75vlxUCZ7NZgudlXpv3lwofimu6+4WdPi+Jr5AyexN8zZI6U1T9KIg5DUTLQAUBz
yBhvd02PEx3vImbeteBSV4oYKF8/w74/ifRgr6Jfc8gYlVrD5aBEI2MvjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfqm2jE5o5oeIg90fYXVdV44CzVMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvZC1xYmFNVG1qbWg0aUQzUjloZFYxWGpnTE5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXvAcMA0G
CSqGSIb3DQEBCwUAA4IBAQBBD+V+9Cu8ZUdQ9S7r4DB9fxFesk1gjteuZ0c5hwxC
wYA3X+L8cYkjOPromfgUtyRTYRcRL/ZtnbQXBw0wyYXJqZuFv6/NGT6gOLfwm8ZD
a6T0+On8hSdyyGWT3n3WS8KttGWIkRxCka9B6lPvATxO9yQAISUmffHFmdmEuEfv
XR3k6X0oipTkr/tqQWVlaayT8DMIgDzGWxqLiRXgQkTSNDRyXjpqQEyFxusDAMQt
E9sqpUgqSSzkNWPSknzLIyVfdokESwt7ERwsjJA8hfxtfGieBinOX2kdViL423MC
nXkaRNabxlzePwENF1AFJ2MYK+EBRNo5Iirr6C91WuyB
-----END CERTIFICATE-----
Generated at Fri Jun 7 14:08:10 2024 by rpki-client on console-ams.rpki-client.org