Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/vqcl3DQ1E1K3lnM1bs8fqqNI4EQ.roa
File: vqcl3DQ1E1K3lnM1bs8fqqNI4EQ.roa (raw, json)
Hash identifier: S9QBaWkrI9BQviKt66y8uBb8+Y6dNwU4YKfcgaHW4SE=
Subject key identifier: BE:A7:25:DC:34:35:13:52:B7:96:73:35:6E:CF:1F:AA:A3:48:E0:44
Certificate issuer: /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial: 01942369046900D10CC69679C168D5591B2D
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/vqcl3DQ1E1K3lnM1bs8fqqNI4EQ.roa
Signing time: Wed 01 Jan 2025 19:47:52 +0000
ROA not before: Wed 01 Jan 2025 19:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1299
IP address blocks: 153.112.128.0/24 maxlen: 24
153.112.195.0/24 maxlen: 24
153.112.200.0/24 maxlen: 24
153.112.205.0/24 maxlen: 24
153.112.216.0/24 maxlen: 24
153.112.217.0/24 maxlen: 24
153.112.223.0/24 maxlen: 24
153.112.224.0/24 maxlen: 24
153.112.225.0/24 maxlen: 24
153.112.226.0/24 maxlen: 24
153.112.227.0/24 maxlen: 24
153.112.228.0/24 maxlen: 24
153.112.229.0/24 maxlen: 24
153.112.230.0/24 maxlen: 24
153.112.231.0/24 maxlen: 24
192.131.25.0/24 maxlen: 24
192.157.12.0/23 maxlen: 23
192.157.12.0/24 maxlen: 24
192.157.13.0/24 maxlen: 24
192.157.14.0/24 maxlen: 24
192.157.15.0/24 maxlen: 24
192.157.16.0/23 maxlen: 23
192.157.16.0/24 maxlen: 24
192.157.17.0/24 maxlen: 24
193.53.25.0/24 maxlen: 24
193.53.29.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 03:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:04:69:00:d1:0c:c6:96:79:c1:68:d5:59:1b:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Validity
Not Before: Jan 1 19:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bea725dc34351352b79673356ecf1faaa348e044
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:92:d9:48:51:10:b0:bd:de:f7:47:47:f7:cf:
f9:83:a1:15:01:a7:bd:fd:c2:3e:65:a4:86:ff:91:
36:2b:42:12:32:7b:c6:23:89:1f:ca:b0:8b:15:4a:
b2:d3:99:49:a6:fb:c8:8a:9c:ee:d7:49:53:34:d6:
df:57:b9:05:84:83:06:97:55:87:e6:1e:51:82:f8:
5d:41:ae:65:03:e0:6e:17:7f:21:86:d8:04:5b:33:
71:d8:8e:ff:fa:8f:e0:2b:77:0f:0d:d0:b4:75:0a:
8b:e3:81:1b:a5:7b:1c:af:5d:42:f9:37:c2:98:77:
32:59:67:af:2a:40:9e:e2:7d:16:7f:2c:9f:b7:4f:
9d:d0:e7:e6:3c:c1:33:a4:e3:06:e5:51:0e:56:de:
fa:68:b9:fd:fd:01:27:7a:6c:8c:c8:5e:c6:93:61:
98:f5:e5:f0:6b:ad:39:f6:89:09:49:94:19:30:bd:
27:56:5e:2f:d2:07:88:2f:ff:e4:b2:7d:be:97:42:
d9:19:90:e4:d3:99:d6:9d:20:11:4f:21:ae:1a:83:
8c:be:c4:40:de:31:9b:7d:05:f2:3e:96:de:e9:fd:
7c:bb:7c:1e:62:e6:b8:fe:be:7c:9b:6c:5a:4b:0d:
83:fd:2a:8e:6a:15:c9:f9:2d:45:48:8d:bd:42:17:
ba:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:A7:25:DC:34:35:13:52:B7:96:73:35:6E:CF:1F:AA:A3:48:E0:44
X509v3 Authority Key Identifier:
keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/vqcl3DQ1E1K3lnM1bs8fqqNI4EQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
153.112.128.0/24
153.112.195.0/24
153.112.200.0/24
153.112.205.0/24
153.112.216.0/23
153.112.223.0-153.112.231.255
192.131.25.0/24
192.157.12.0-192.157.17.255
193.53.25.0/24
193.53.29.0/24
Signature Algorithm: sha256WithRSAEncryption
2f:1e:7a:39:43:6f:3e:97:36:8b:d1:8e:5d:86:bf:c7:eb:f7:
e0:a1:16:5c:02:8a:30:cb:15:79:7e:c4:20:ea:88:9c:09:2b:
06:fe:f4:77:1e:da:e5:d7:c8:bc:64:bb:34:3d:54:d4:9e:60:
e9:5b:a7:94:5b:84:77:33:0d:db:90:18:84:83:78:89:82:13:
a2:0d:e8:3a:57:fc:f0:75:0e:1e:39:20:a1:ff:93:f9:85:84:
e2:3a:6a:46:52:49:2d:4f:b9:9d:f6:ef:32:7d:99:45:b7:a0:
d1:08:6b:23:a2:cf:10:e9:77:60:f5:b8:9a:70:09:55:bc:3f:
83:4a:d3:ef:91:e2:da:1e:5b:6b:d6:b3:7d:14:d4:8f:50:f7:
ae:b7:0f:bf:79:a7:a3:05:07:9b:ef:67:ba:6c:d8:d6:0a:74:
ac:77:c4:b6:1f:66:b3:d6:fd:b8:67:de:8c:33:cd:9a:27:05:
74:33:f0:d3:85:02:f5:ba:3f:83:d7:44:7a:a0:6c:a5:bb:a2:
23:7e:a2:1f:a6:1e:92:65:94:6c:e2:9d:fa:fc:38:13:d3:a6:
d3:f2:f7:76:53:d9:aa:01:2b:8e:ab:f8:48:7b:90:77:a1:05:
0a:1b:b2:58:b3:93:fd:1d:ce:9f:c0:6a:60:af:fa:f0:8e:13:
53:91:df:89
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQjaQRpANEMxpZ5wWjVWRstMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjUwMTAxMTk0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWE3MjVkYzM0MzUxMzUyYjc5NjczMzU2ZWNmMWZhYWEzNDhlMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpLZSFEQsL3e90dH98/5g6EVAae9
/cI+ZaSG/5E2K0ISMnvGI4kfyrCLFUqy05lJpvvIipzu10lTNNbfV7kFhIMGl1WH
5h5RgvhdQa5lA+BuF38hhtgEWzNx2I7/+o/gK3cPDdC0dQqL44EbpXscr11C+TfC
mHcyWWevKkCe4n0Wfyyft0+d0OfmPMEzpOMG5VEOVt76aLn9/QEnemyMyF7Gk2GY
9eXwa6059okJSZQZML0nVl4v0geIL//ksn2+l0LZGZDk05nWnSARTyGuGoOMvsRA
3jGbfQXyPpbe6f18u3weYua4/r58m2xaSw2D/SqOahXJ+S1FSI29Qhe6yQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFL6nJdw0NRNSt5ZzNW7PH6qjSOBEMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvdnFjbDNEUTFFMUszbG5NMWJzOGZxcU5JNEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAmXCAAwQA
mXDDAwQAmXDIAwQAmXDNAwQBmXDYMAwDBACZcN8DBAOZcOADBADAgxkwDAMEAsCd
DAMEAcCdEAMEAME1GQMEAME1HTANBgkqhkiG9w0BAQsFAAOCAQEALx56OUNvPpc2
i9GOXYa/x+v34KEWXAKKMMsVeX7EIOqInAkrBv70dx7a5dfIvGS7ND1U1J5g6Vun
lFuEdzMN25AYhIN4iYITog3oOlf88HUOHjkgof+T+YWE4jpqRlJJLU+5nfbvMn2Z
Rbeg0QhrI6LPEOl3YPW4mnAJVbw/g0rT75Hi2h5ba9azfRTUj1D3rrcPv3mnowUH
m+9numzY1gp0rHfEth9ms9b9uGfejDPNmicFdDPw04UC9bo/g9dEeqBspbuiI36i
H6YekmWUbOKd+vw4E9Om0/L3dlPZqgErjqv4SHuQd6EFChuyWLOT/R3On8BqYK/6
8I4TU5HfiQ==
-----END CERTIFICATE-----
Generated at Sun Apr 6 09:38:16 2025 by rpki-client