Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QFHxGoH5FKhdFmHHIh3Y5swZYco.roa
File: QFHxGoH5FKhdFmHHIh3Y5swZYco.roa (raw, json)
Hash identifier: RSO+Fx49ehMTZXkJTexiYP0mhEKjzmGPIc0BWPVj/cY=
Subject key identifier: 40:51:F1:1A:81:F9:14:A8:5D:16:61:C7:22:1D:D8:E6:CC:19:61:CA
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0194222011575E2DAD754CF7DAB81610DB56
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QFHxGoH5FKhdFmHHIh3Y5swZYco.roa
Signing time: Wed 01 Jan 2025 13:48:34 +0000
ROA not before: Wed 01 Jan 2025 13:48:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 45.83.28.0/24 maxlen: 24
84.54.33.0/24 maxlen: 24
193.218.34.0/24 maxlen: 24
2a0b:64c4::/32 maxlen: 48
2a0b:64c5::/32 maxlen: 48
2a0b:64c7::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:11:57:5e:2d:ad:75:4c:f7:da:b8:16:10:db:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4051f11a81f914a85d1661c7221dd8e6cc1961ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ce:e7:36:90:a1:fd:8d:f6:ae:cd:42:57:52:
67:a8:ab:32:78:da:bb:0f:12:e5:7e:63:c8:35:80:
9c:03:6d:b6:35:0f:ab:f3:69:fd:c7:be:71:93:c4:
f8:eb:f4:86:69:65:0a:16:cc:74:d0:76:07:90:b8:
31:5a:b4:a6:7f:18:dd:21:94:0c:e2:a6:dd:db:46:
64:68:8a:2f:56:9c:98:31:fd:1c:9e:c7:bc:14:6e:
70:df:a6:f4:d7:38:8d:5c:5a:aa:f6:4e:cd:23:11:
92:40:9d:70:13:58:b9:09:54:cd:a3:e9:70:cb:92:
40:f0:ed:0a:6b:87:0a:9a:63:d3:bd:64:0d:16:b5:
43:06:d4:0b:74:e0:cc:77:b2:bf:5b:9b:5b:55:99:
53:3d:6a:5e:80:c3:92:82:5b:55:12:c7:29:d8:e0:
75:12:73:fe:0e:d1:fb:27:c6:e0:7c:4a:f0:30:2e:
9b:ec:bb:70:d4:b8:e9:37:75:9e:73:3e:eb:bc:e1:
4f:ad:1f:a3:c6:21:a2:21:9b:12:72:9f:a7:83:fd:
7d:84:66:01:17:b6:1d:cc:41:39:5b:ea:64:0c:d0:
b1:f4:30:30:18:64:44:c4:38:4f:17:29:d5:ac:ee:
4f:0c:30:37:54:e5:90:d0:b1:94:ed:5f:76:d4:43:
11:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:51:F1:1A:81:F9:14:A8:5D:16:61:C7:22:1D:D8:E6:CC:19:61:CA
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QFHxGoH5FKhdFmHHIh3Y5swZYco.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.28.0/24
84.54.33.0/24
193.218.34.0/24
IPv6:
2a0b:64c4::/31
2a0b:64c7::/32
Signature Algorithm: sha256WithRSAEncryption
19:f5:02:c7:ee:eb:ba:80:b3:b5:da:16:32:29:37:ad:b8:f7:
c2:5b:bc:3a:ef:6c:4f:d8:5f:e8:df:a1:97:1b:77:3e:9a:11:
8a:46:33:01:0f:af:c7:6f:b0:b9:3d:f1:16:23:ef:e0:14:3f:
08:f8:8a:5c:8a:f6:ec:2e:a3:78:0c:fe:84:16:9b:6f:a8:c0:
ea:f0:46:32:17:b5:e5:46:33:3b:3e:0d:6a:f2:a3:aa:39:d6:
e6:59:35:d2:3d:ca:51:31:e7:fe:0e:f6:b4:66:01:df:01:e9:
75:ce:04:b2:ae:a3:32:8e:fa:68:30:f3:b1:6f:f9:82:7c:8c:
b7:da:43:7c:29:a4:f7:3c:ca:9f:e4:ea:0b:3d:2d:02:18:3c:
6c:b8:28:9f:dc:53:74:d5:dc:35:29:8b:ce:55:8d:a0:e4:d2:
22:01:6e:20:7e:ea:88:4f:d4:54:df:be:d2:5d:0d:e8:e7:a7:
e6:ab:db:4a:f5:24:27:58:b2:8c:98:61:9b:a2:71:92:40:0b:
0c:fc:26:e8:12:cb:d2:3f:dc:9f:ba:6b:19:af:63:42:cd:ef:
53:12:c7:1e:76:f5:e0:35:3c:9e:bb:06:80:46:bb:14:8d:ce:
68:5d:23:0c:4d:73:eb:ea:6c:26:c6:2a:7d:c0:5f:a5:ec:32:
c1:c6:83:56
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQiIBFXXi2tdUz32rgWENtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUxZjExYTgxZjkxNGE4NWQxNjYxYzcyMjFkZDhlNmNjMTk2MWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq87nNpCh/Y32rs1CV1JnqKsyeNq7
DxLlfmPINYCcA222NQ+r82n9x75xk8T46/SGaWUKFsx00HYHkLgxWrSmfxjdIZQM
4qbd20ZkaIovVpyYMf0cnse8FG5w36b01ziNXFqq9k7NIxGSQJ1wE1i5CVTNo+lw
y5JA8O0Ka4cKmmPTvWQNFrVDBtQLdODMd7K/W5tbVZlTPWpegMOSgltVEscp2OB1
EnP+DtH7J8bgfErwMC6b7Ltw1LjpN3Wecz7rvOFPrR+jxiGiIZsScp+ng/19hGYB
F7YdzEE5W+pkDNCx9DAwGGRExDhPFynVrO5PDDA3VOWQ0LGU7V921EMR6QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEBR8RqB+RSoXRZhxyId2ObMGWHKMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUUZIeEdvSDVGS2hkRm1ISEloM1k1c3daWWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQALVMcAwQA
VDYhAwQAwdoiMBQEAgACMA4DBQEqC2TEAwUAKgtkxzANBgkqhkiG9w0BAQsFAAOC
AQEAGfUCx+7ruoCztdoWMik3rbj3wlu8Ou9sT9hf6N+hlxt3PpoRikYzAQ+vx2+w
uT3xFiPv4BQ/CPiKXIr27C6jeAz+hBabb6jA6vBGMhe15UYzOz4NavKjqjnW5lk1
0j3KUTHn/g72tGYB3wHpdc4Esq6jMo76aDDzsW/5gnyMt9pDfCmk9zzKn+TqCz0t
Ahg8bLgon9xTdNXcNSmLzlWNoOTSIgFuIH7qiE/UVN++0l0N6Oen5qvbSvUkJ1iy
jJhhm6JxkkALDPwm6BLL0j/cn7prGa9jQs3vUxLHHnb14DU8nrsGgEa7FI3OaF0j
DE1z6+psJsYqfcBfpewywcaDVg==
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:45:28 2025 by rpki-client