Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/q3J9TtOoI-IBP0Qit4nrBm2KIQ8.roa
File: q3J9TtOoI-IBP0Qit4nrBm2KIQ8.roa (raw, json)
Hash identifier: 6P7QPyce2/pI9ok7uG9x267locOdLMrJCvEmCKSQLwA=
Subject key identifier: AB:72:7D:4E:D3:A8:23:E2:01:3F:44:22:B7:89:EB:06:6D:8A:21:0F
Certificate issuer: /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial: 019421B179079A2DCEB4E028B202654FE792
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/q3J9TtOoI-IBP0Qit4nrBm2KIQ8.roa
Signing time: Wed 01 Jan 2025 11:47:46 +0000
ROA not before: Wed 01 Jan 2025 11:47:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6698
IP address blocks: 45.11.57.0/24 maxlen: 24
45.12.0.0/24 maxlen: 24
45.12.1.0/24 maxlen: 24
45.12.3.0/24 maxlen: 24
91.208.115.0/24 maxlen: 24
91.218.48.0/22 maxlen: 24
128.0.104.0/24 maxlen: 24
176.97.112.0/23 maxlen: 24
176.97.114.0/24 maxlen: 24
176.97.115.0/24 maxlen: 24
176.97.122.0/23 maxlen: 23
176.97.124.0/24 maxlen: 24
176.119.31.0/24 maxlen: 24
185.254.199.0/24 maxlen: 24
194.42.204.0/24 maxlen: 24
195.66.210.0/24 maxlen: 24
195.128.248.0/23 maxlen: 24
2a09:2dc2::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.mft
rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:79:07:9a:2d:ce:b4:e0:28:b2:02:65:4f:e7:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Validity
Not Before: Jan 1 11:47:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab727d4ed3a823e2013f4422b789eb066d8a210f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:97:72:92:1f:6f:31:7d:05:19:9d:43:9a:a4:
a1:27:d0:ca:a2:b6:75:a8:ad:95:a2:0d:9c:db:4f:
86:ea:9e:53:f2:cc:3b:69:3e:e3:2c:ee:57:78:c4:
1d:57:c9:5f:af:b5:75:4f:44:4b:74:c9:25:14:0d:
de:01:54:58:37:66:40:e5:14:c4:54:35:20:4c:d2:
88:25:2a:a1:74:9f:56:74:71:7b:51:ce:56:ce:3b:
7e:c8:de:b8:73:98:e4:f8:1b:6e:62:0e:0a:4d:97:
13:24:c2:36:5e:4a:37:bb:2f:8a:8e:c9:23:65:04:
7d:e0:87:82:d7:3a:3f:bd:b3:f9:77:11:5b:88:78:
78:2a:85:bb:93:fd:0c:a0:3e:f7:ba:79:19:64:77:
56:1a:d3:93:16:e1:0a:3e:61:23:f9:3e:ed:44:40:
b6:93:09:77:94:b3:57:42:71:58:86:e6:42:2c:7c:
62:c2:26:56:c0:84:41:f2:c5:20:60:b6:0e:60:0a:
4a:8c:02:1e:22:08:bb:73:63:d4:31:5c:c4:be:97:
42:b8:08:e0:15:c1:af:dd:29:01:53:10:cf:25:fd:
a9:60:1a:c4:52:a9:85:e2:ee:3f:d5:06:74:89:98:
1f:76:5a:c0:3e:78:ac:a5:b8:95:9a:e8:e0:e8:26:
e6:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:72:7D:4E:D3:A8:23:E2:01:3F:44:22:B7:89:EB:06:6D:8A:21:0F
X509v3 Authority Key Identifier:
keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/q3J9TtOoI-IBP0Qit4nrBm2KIQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.57.0/24
45.12.0.0/23
45.12.3.0/24
91.208.115.0/24
91.218.48.0/22
128.0.104.0/24
176.97.112.0/22
176.97.122.0-176.97.124.255
176.119.31.0/24
185.254.199.0/24
194.42.204.0/24
195.66.210.0/24
195.128.248.0/23
IPv6:
2a09:2dc2::/32
Signature Algorithm: sha256WithRSAEncryption
03:14:f3:24:87:78:c8:37:0e:06:e6:c0:dd:78:5f:56:c2:7f:
da:80:1b:26:2c:e6:f3:cc:a6:2d:fa:6b:b9:e2:6e:69:4c:5c:
24:5e:10:8c:93:d9:b8:30:74:af:35:e9:e9:31:2c:ab:0e:70:
0c:35:84:7d:39:2e:29:e3:2d:30:2b:27:84:2e:1d:7a:0c:cc:
34:89:46:af:4c:6e:0f:eb:fe:71:05:89:6d:37:d7:a7:34:db:
28:00:aa:81:bc:79:57:41:8e:87:9a:4d:fe:9d:3b:c6:2a:fa:
ed:8d:a9:60:b6:9d:ce:c7:32:94:59:8b:08:4d:d9:8f:5c:fd:
5c:27:e9:1f:59:f7:80:e4:90:da:9d:73:69:bf:11:af:dc:c1:
b8:bd:37:7b:70:75:70:17:89:6c:07:d0:27:a3:30:c2:98:2f:
fa:d0:fa:ac:3f:af:c9:59:ea:86:93:91:e2:0e:a7:80:a5:28:
8d:30:6f:4b:70:62:92:a6:3b:b4:7c:f9:61:d3:6d:bb:96:cc:
07:4e:b4:ed:db:af:57:1a:02:af:4b:d3:88:7e:18:86:da:45:
b8:37:20:75:0a:3a:1e:e1:71:d9:f2:7b:70:15:41:c3:20:ce:
96:3a:e0:d5:cd:ef:9c:95:33:f1:2d:38:39:2c:cf:d0:62:d0:
75:5f:44:ea
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZQhsXkHmi3OtOAosgJlT+eSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjUwMTAxMTE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjcyN2Q0ZWQzYTgyM2UyMDEzZjQ0MjJiNzg5ZWIwNjZkOGEyMTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpdykh9vMX0FGZ1DmqShJ9DKorZ1
qK2Vog2c20+G6p5T8sw7aT7jLO5XeMQdV8lfr7V1T0RLdMklFA3eAVRYN2ZA5RTE
VDUgTNKIJSqhdJ9WdHF7Uc5Wzjt+yN64c5jk+BtuYg4KTZcTJMI2Xko3uy+Kjskj
ZQR94IeC1zo/vbP5dxFbiHh4KoW7k/0MoD73unkZZHdWGtOTFuEKPmEj+T7tREC2
kwl3lLNXQnFYhuZCLHxiwiZWwIRB8sUgYLYOYApKjAIeIgi7c2PUMVzEvpdCuAjg
FcGv3SkBUxDPJf2pYBrEUqmF4u4/1QZ0iZgfdlrAPnispbiVmujg6Cbm6wIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFKtyfU7TqCPiAT9EIreJ6wZtiiEPMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvcTNKOVR0T29JLUlCUDBRaXQ0bnJCbTJLSVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWAwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzAwQCW9owAwQAgABoAwQCsGFwMAwDBAGwYXoDBACwYXwD
BACwdx8DBAC5/scDBADCKswDBADDQtIDBAHDgPgwDQQCAAIwBwMFACoJLcIwDQYJ
KoZIhvcNAQELBQADggEBAAMU8ySHeMg3DgbmwN14X1bCf9qAGyYs5vPMpi36a7ni
bmlMXCReEIyT2bgwdK816ekxLKsOcAw1hH05LinjLTArJ4QuHXoMzDSJRq9Mbg/r
/nEFiW0316c02ygAqoG8eVdBjoeaTf6dO8Yq+u2NqWC2nc7HMpRZiwhN2Y9c/Vwn
6R9Z94DkkNqdc2m/Ea/cwbi9N3twdXAXiWwH0CejMMKYL/rQ+qw/r8lZ6oaTkeIO
p4ClKI0wb0twYpKmO7R8+WHTbbuWzAdOtO3br1caAq9L04h+GIbaRbg3IHUKOh7h
cdnye3AVQcMgzpY64NXN75yVM/EtODksz9Bi0HVfROo=
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:51:12 2025 by rpki-client