Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4daf6-448d-4f3e-944a-573ca5a609c0/1/SQhydS1Vyld3IgwAh8s8p2RiQDs.roa
File: SQhydS1Vyld3IgwAh8s8p2RiQDs.roa (raw, json)
Hash identifier: kTe34yKWId3G306BKOLdnp9X7okjGmRInSEoph+3YmU=
Subject key identifier: 49:08:72:75:2D:55:CA:57:77:22:0C:00:87:CB:3C:A7:64:62:40:3B
Certificate issuer: /CN=72098efaae8063cacecc4f1c1a0b64483bb69503
Certificate serial: 019420680CE41B6D8275AAA4A28E84A63C10
Authority key identifier: 72:09:8E:FA:AE:80:63:CA:CE:CC:4F:1C:1A:0B:64:48:3B:B6:95:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgmO-q6AY8rOzE8cGgtkSDu2lQM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/b4daf6-448d-4f3e-944a-573ca5a609c0/1/SQhydS1Vyld3IgwAh8s8p2RiQDs.roa
Signing time: Wed 01 Jan 2025 05:47:57 +0000
ROA not before: Wed 01 Jan 2025 05:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2593
IP address blocks: 95.140.128.0/21 maxlen: 21
185.213.112.0/24 maxlen: 24
185.213.113.0/24 maxlen: 24
2a09:8d00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bb/b4daf6-448d-4f3e-944a-573ca5a609c0/1/cgmO-q6AY8rOzE8cGgtkSDu2lQM.crl
rsync://rpki.ripe.net/repository/DEFAULT/bb/b4daf6-448d-4f3e-944a-573ca5a609c0/1/cgmO-q6AY8rOzE8cGgtkSDu2lQM.mft
rsync://rpki.ripe.net/repository/DEFAULT/cgmO-q6AY8rOzE8cGgtkSDu2lQM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:0c:e4:1b:6d:82:75:aa:a4:a2:8e:84:a6:3c:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72098efaae8063cacecc4f1c1a0b64483bb69503
Validity
Not Before: Jan 1 05:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=490872752d55ca5777220c0087cb3ca76462403b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:9d:6a:ef:ea:4b:f5:ee:43:02:34:49:a8:e7:
22:ec:b0:0c:89:f2:02:23:0e:90:4c:93:90:c0:ea:
eb:be:c7:30:02:44:4a:3a:1b:2d:d6:94:e3:5a:9c:
6c:f6:9d:65:b5:c7:63:32:cc:e8:4d:d2:52:09:17:
f8:69:cb:f6:c2:05:64:dd:51:97:10:b3:bc:6d:28:
28:4d:f1:43:7d:68:dc:63:58:55:77:5d:cd:8c:c3:
bf:c8:40:26:88:44:c2:97:92:6b:a0:15:41:9a:8a:
2e:e8:8b:b9:cd:48:a1:aa:42:24:c6:39:71:d9:22:
94:1d:16:35:b2:a9:76:df:75:6d:9a:cf:9a:4b:12:
8f:9c:3f:38:28:c2:fe:c2:17:10:73:c7:91:ef:b5:
6a:c6:28:12:b0:c8:3c:20:16:d3:cc:c1:de:84:22:
1c:8e:2e:aa:04:d5:c8:a0:4f:1e:cd:b2:cc:db:f4:
64:ca:3c:67:2f:3d:2e:7f:6c:c1:e4:dc:58:e9:74:
0c:01:7d:45:a3:b2:33:e1:aa:15:65:c3:d3:b7:cc:
52:04:83:c9:c3:13:ea:17:85:f5:21:99:db:b8:ce:
ce:6b:de:0a:fb:a4:c4:84:3d:e5:57:10:5c:1f:a6:
4b:1c:3b:6f:c0:ef:eb:f6:20:a1:11:5c:fb:8a:d8:
2f:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:08:72:75:2D:55:CA:57:77:22:0C:00:87:CB:3C:A7:64:62:40:3B
X509v3 Authority Key Identifier:
keyid:72:09:8E:FA:AE:80:63:CA:CE:CC:4F:1C:1A:0B:64:48:3B:B6:95:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgmO-q6AY8rOzE8cGgtkSDu2lQM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4daf6-448d-4f3e-944a-573ca5a609c0/1/SQhydS1Vyld3IgwAh8s8p2RiQDs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4daf6-448d-4f3e-944a-573ca5a609c0/1/cgmO-q6AY8rOzE8cGgtkSDu2lQM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.140.128.0/21
185.213.112.0/23
IPv6:
2a09:8d00::/29
Signature Algorithm: sha256WithRSAEncryption
42:be:8d:6a:fe:ee:89:39:c4:a5:3c:4f:e2:44:d3:42:ad:dd:
03:3d:4c:38:96:a9:de:be:cc:a3:19:9e:84:f1:80:76:33:35:
e0:2e:3a:90:6f:9b:33:0b:6b:fd:aa:cc:7e:5e:3c:82:a9:66:
86:d4:45:2f:5c:80:de:3d:11:d8:68:10:d0:ec:0c:05:6f:56:
58:3a:98:54:7c:da:62:bd:8a:06:ef:92:e0:c4:47:41:65:0a:
ad:cf:84:dc:d1:90:fe:d2:ca:37:ac:d3:83:36:ab:61:51:13:
20:19:a2:a4:c2:6c:c7:3f:0c:94:36:63:38:cd:d4:cb:46:5b:
ca:03:95:05:3a:6e:7b:a1:b6:93:00:38:6f:22:96:a1:9f:c3:
1d:9a:7e:60:19:52:7b:da:a3:f4:e2:68:c3:62:8b:80:b7:ca:
bd:c9:ac:83:35:e7:43:79:95:b9:58:3e:de:90:62:90:d1:01:
ea:ea:7f:65:ca:28:d4:75:3d:04:52:4b:e9:5d:06:05:48:e1:
95:e1:c2:69:be:75:b7:3a:5a:c4:a1:ae:18:58:4b:46:30:26:
2e:63:d3:cb:27:65:b8:cc:be:f4:a2:df:64:7c:7b:8a:c7:90:
9b:d5:fe:7a:45:ac:c9:b6:3c:54:9d:3f:70:12:3c:a6:cf:f0:
14:cb:4f:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQgaAzkG22Cdaqkoo6EpjwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDk4ZWZhYWU4MDYzY2FjZWNjNGYxYzFhMGI2NDQ4M2Ji
Njk1MDMwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTA4NzI3NTJkNTVjYTU3NzcyMjBjMDA4N2NiM2NhNzY0NjI0MDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJ1q7+pL9e5DAjRJqOci7LAMifIC
Iw6QTJOQwOrrvscwAkRKOhst1pTjWpxs9p1ltcdjMszoTdJSCRf4acv2wgVk3VGX
ELO8bSgoTfFDfWjcY1hVd13NjMO/yEAmiETCl5JroBVBmoou6Iu5zUihqkIkxjlx
2SKUHRY1sql233Vtms+aSxKPnD84KML+whcQc8eR77VqxigSsMg8IBbTzMHehCIc
ji6qBNXIoE8ezbLM2/RkyjxnLz0uf2zB5NxY6XQMAX1Fo7Iz4aoVZcPTt8xSBIPJ
wxPqF4X1IZnbuM7Oa94K+6TEhD3lVxBcH6ZLHDtvwO/r9iChEVz7itgvSwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEkIcnUtVcpXdyIMAIfLPKdkYkA7MB8GA1UdIwQY
MBaAFHIJjvqugGPKzsxPHBoLZEg7tpUDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dtTy1xNkFZOHJPekU4Y0dndGtTRHUybFFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGRhZjYtNDQ4ZC00ZjNlLTk0NGEt
NTczY2E1YTYwOWMwLzEvU1FoeWRTMVZ5bGQzSWd3QWg4czhwMlJpUURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGRhZjYtNDQ4ZC00ZjNlLTk0NGEtNTczY2E1YTYwOWMw
LzEvY2dtTy1xNkFZOHJPekU4Y0dndGtTRHUybFFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4yAAwQB
udVwMA0EAgACMAcDBQMqCY0AMA0GCSqGSIb3DQEBCwUAA4IBAQBCvo1q/u6JOcSl
PE/iRNNCrd0DPUw4lqnevsyjGZ6E8YB2MzXgLjqQb5szC2v9qsx+XjyCqWaG1EUv
XIDePRHYaBDQ7AwFb1ZYOphUfNpivYoG75LgxEdBZQqtz4Tc0ZD+0so3rNODNqth
URMgGaKkwmzHPwyUNmM4zdTLRlvKA5UFOm57obaTADhvIpahn8Mdmn5gGVJ72qP0
4mjDYouAt8q9yayDNedDeZW5WD7ekGKQ0QHq6n9lyijUdT0EUkvpXQYFSOGV4cJp
vnW3OlrEoa4YWEtGMCYuY9PLJ2W4zL70ot9kfHuKx5Cb1f56RazJtjxUnT9wEjym
z/AUy0+d
-----END CERTIFICATE-----
Generated at Mon Apr 7 19:45:20 2025 by rpki-client