Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/q1XmSfqgz0BDM0q4f2spq_jdCg0.roa
File: q1XmSfqgz0BDM0q4f2spq_jdCg0.roa (raw, json)
Hash identifier: fpnPa9yVDPdi4yceTCQ/XZAd07SDBkUsxhJx7S4XwNY=
Subject key identifier: AB:55:E6:49:FA:A0:CF:40:43:33:4A:B8:7F:6B:29:AB:F8:DD:0A:0D
Certificate issuer: /CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Certificate serial: 01942BE24EAC340E8ED3A719F31505DBC9F4
Authority key identifier: 7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/q1XmSfqgz0BDM0q4f2spq_jdCg0.roa
Signing time: Fri 03 Jan 2025 11:17:18 +0000
ROA not before: Fri 03 Jan 2025 11:17:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29119
IP address blocks: 92.246.82.0/24 maxlen: 24
92.246.83.0/24 maxlen: 24
103.226.192.0/24 maxlen: 24
103.229.170.0/24 maxlen: 24
185.145.68.0/24 maxlen: 24
185.145.69.0/24 maxlen: 24
185.167.181.0/24 maxlen: 24
185.201.4.0/24 maxlen: 24
185.204.203.0/24 maxlen: 24
185.237.212.0/24 maxlen: 24
185.237.213.0/24 maxlen: 24
185.237.214.0/24 maxlen: 24
2a07:4640::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.mft
rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:2b:e2:4e:ac:34:0e:8e:d3:a7:19:f3:15:05:db:c9:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Validity
Not Before: Jan 3 11:17:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab55e649faa0cf4043334ab87f6b29abf8dd0a0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:19:af:d1:1d:3b:62:1c:0e:ea:08:e2:53:e2:
0e:69:b7:2c:0d:3f:45:fa:8c:1c:f2:e9:82:fe:1d:
07:44:85:94:7e:1e:f6:a3:76:81:78:67:36:96:64:
c8:1b:4b:6e:28:73:65:99:13:95:ae:0f:31:a8:93:
d5:eb:08:c1:b4:c0:c3:29:30:18:1f:0c:e6:e5:e9:
1c:d2:22:5c:0b:3f:07:79:ba:52:8b:73:ec:e4:1a:
e0:f6:b4:4e:c0:04:03:f4:14:79:ae:37:b6:4e:9b:
93:d2:51:02:c2:1c:02:22:23:05:10:fa:5d:f3:24:
d0:1d:e4:eb:0e:b3:b3:a7:da:2e:6a:76:51:09:82:
2a:6c:79:e0:96:ea:8a:fc:5b:51:40:fd:14:93:fc:
a4:d0:6d:ef:4d:aa:f9:25:db:fc:40:34:1e:77:8c:
6c:1f:9c:69:e9:6f:a3:4c:06:6e:2b:90:95:7d:5f:
38:82:fa:6d:4c:3d:01:7f:fd:5b:f5:81:64:1e:f2:
18:95:08:93:9f:ca:2c:68:de:bc:05:24:1b:61:77:
82:83:e6:67:e2:ca:17:7e:e2:81:0c:3d:d7:90:cf:
72:53:13:98:5e:95:db:67:04:0e:d1:34:83:ad:dd:
cf:03:b6:c8:80:43:61:9f:af:f2:01:3f:45:d8:13:
37:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:55:E6:49:FA:A0:CF:40:43:33:4A:B8:7F:6B:29:AB:F8:DD:0A:0D
X509v3 Authority Key Identifier:
keyid:7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/q1XmSfqgz0BDM0q4f2spq_jdCg0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.246.82.0/23
103.226.192.0/24
103.229.170.0/24
185.145.68.0/23
185.167.181.0/24
185.201.4.0/24
185.204.203.0/24
185.237.212.0-185.237.214.255
IPv6:
2a07:4640::/29
Signature Algorithm: sha256WithRSAEncryption
c7:6e:56:52:75:28:c7:b2:b4:d4:f0:90:24:66:3b:fe:37:1c:
e7:10:b3:c8:ef:7f:a4:7b:89:42:0d:e4:39:d9:08:40:09:2d:
2e:5f:f7:7b:e9:31:c9:43:43:ca:92:10:f4:66:fe:3b:af:37:
90:78:bc:eb:f8:b7:70:9b:0f:a1:b9:cc:e6:70:39:c5:8f:74:
cc:b3:5f:38:6d:17:e7:59:64:34:b6:15:13:be:b7:65:59:1b:
50:5b:86:2a:61:36:5b:ac:10:17:82:76:21:4b:ae:dc:75:2c:
12:68:9a:e5:90:26:ea:86:73:8d:cd:af:aa:77:70:26:ce:eb:
18:51:b8:ea:6f:81:54:2b:9e:15:eb:cd:56:fb:3d:67:ed:4d:
0b:00:1c:5a:66:3c:c6:16:db:0b:c0:c9:d9:80:12:72:ae:34:
5e:ee:19:38:46:8a:22:c8:31:f9:a8:e2:eb:bd:7b:73:41:ed:
dc:52:67:d3:f7:3c:f2:02:20:6f:e7:4a:1e:c6:90:23:56:18:
77:d0:83:1a:30:d2:e0:60:22:bf:e9:38:d3:33:0b:b1:6b:03:
27:01:df:4c:49:88:b4:f8:50:09:31:a5:07:27:a1:3c:38:b9:
03:e2:cd:a0:2b:91:ac:7a:2f:78:4e:fc:67:9c:9a:24:9e:c0:
bc:c2:71:1f
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZQr4k6sNA6O06cZ8xUF28n0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjU3ZGQ1MmM3NWZjZTM5ZmZlMjkxNTQ2OWQ5ZTY1NmRi
Y2I4NzMwHhcNMjUwMTAzMTExNzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjU1ZTY0OWZhYTBjZjQwNDMzMzRhYjg3ZjZiMjlhYmY4ZGQwYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxmv0R07YhwO6gjiU+IOabcsDT9F
+owc8umC/h0HRIWUfh72o3aBeGc2lmTIG0tuKHNlmROVrg8xqJPV6wjBtMDDKTAY
Hwzm5ekc0iJcCz8HebpSi3Ps5Brg9rROwAQD9BR5rje2TpuT0lECwhwCIiMFEPpd
8yTQHeTrDrOzp9ouanZRCYIqbHngluqK/FtRQP0Uk/yk0G3vTar5Jdv8QDQed4xs
H5xp6W+jTAZuK5CVfV84gvptTD0Bf/1b9YFkHvIYlQiTn8osaN68BSQbYXeCg+Zn
4soXfuKBDD3XkM9yUxOYXpXbZwQO0TSDrd3PA7bIgENhn6/yAT9F2BM3QwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKtV5kn6oM9AQzNKuH9rKav43QoNMB8GA1UdIwQY
MBaAFHr1fdUsdfzjn/4pFUadnmVtvLhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYt
YzI1MzQwOTZjNjBkLzEvcTFYbVNmcWd6MEJETTBxNGYyc3BxX2pkQ2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYtYzI1MzQwOTZjNjBk
LzEvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQBXPZSAwQA
Z+LAAwQAZ+WqAwQBuZFEAwQAuae1AwQAuckEAwQAuczLMAwDBAK57dQDBAC57dYw
DQQCAAIwBwMFAyoHRkAwDQYJKoZIhvcNAQELBQADggEBAMduVlJ1KMeytNTwkCRm
O/43HOcQs8jvf6R7iUIN5DnZCEAJLS5f93vpMclDQ8qSEPRm/juvN5B4vOv4t3Cb
D6G5zOZwOcWPdMyzXzhtF+dZZDS2FRO+t2VZG1BbhiphNlusEBeCdiFLrtx1LBJo
muWQJuqGc43Nr6p3cCbO6xhRuOpvgVQrnhXrzVb7PWftTQsAHFpmPMYW2wvAydmA
EnKuNF7uGThGiiLIMfmo4uu9e3NB7dxSZ9P3PPICIG/nSh7GkCNWGHfQgxow0uBg
Ir/pONMzC7FrAycB30xJiLT4UAkxpQcnoTw4uQPizaArkax6L3hO/GecmiSewLzC
cR8=
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:45:13 2025 by rpki-client