Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/qxMRxMCrmQOoVkRDhyFhx6WNPlE.roa
File: qxMRxMCrmQOoVkRDhyFhx6WNPlE.roa (raw, json)
Hash identifier: GUf7mxRGDwH0M54PJLxjC9YtjA83HK/8/PDKwV+hnGA=
Subject key identifier: AB:13:11:C4:C0:AB:99:03:A8:56:44:43:87:21:61:C7:A5:8D:3E:51
Certificate issuer: /CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Certificate serial: 01942BE33865B5C18837F5E0DAB2C7D22DA7
Authority key identifier: 7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/qxMRxMCrmQOoVkRDhyFhx6WNPlE.roa
Signing time: Fri 03 Jan 2025 11:18:18 +0000
ROA not before: Fri 03 Jan 2025 11:18:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211261
IP address blocks: 103.226.194.0/23 maxlen: 23
103.229.168.0/24 maxlen: 24
185.145.71.0/24 maxlen: 24
185.204.200.0/24 maxlen: 24
185.204.201.0/24 maxlen: 24
185.223.176.0/24 maxlen: 24
185.223.177.0/24 maxlen: 24
185.223.179.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.mft
rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:2b:e3:38:65:b5:c1:88:37:f5:e0:da:b2:c7:d2:2d:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Validity
Not Before: Jan 3 11:18:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab1311c4c0ab9903a8564443872161c7a58d3e51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:85:75:42:71:d0:80:16:7e:dc:5b:05:72:be:
09:5e:72:df:bd:9c:67:8c:91:82:92:df:c0:ff:0e:
93:f5:f8:4b:52:bc:fe:58:08:3d:c5:29:eb:a8:2b:
01:a1:f4:35:99:0e:73:23:ec:f3:05:ad:b5:58:33:
1b:fb:ed:43:95:32:5d:16:60:75:4e:eb:da:8a:1d:
68:40:9f:06:7b:ea:d1:39:a6:90:97:30:2a:5c:5e:
17:e5:c5:6f:69:79:c5:08:88:1a:3e:88:35:d4:0c:
c9:83:a5:ed:0a:42:d8:9a:2a:20:78:95:46:6a:a2:
a8:da:65:51:40:0a:a7:30:1a:7f:d2:77:3b:ee:41:
d1:9d:a6:fd:77:aa:e5:f3:46:8b:b8:1a:ef:c5:06:
92:e9:a5:11:ed:bf:a6:30:80:e5:b6:e4:ca:c7:8d:
63:a0:80:23:70:48:cd:ae:68:19:9e:79:65:f5:25:
a8:49:63:16:67:1a:f3:e1:3b:ce:30:84:ff:68:d9:
f4:f6:a8:50:f6:82:0f:1f:b0:1b:a7:70:d9:b6:67:
41:f5:75:dc:f0:23:b7:2a:16:c9:c8:8d:e0:33:de:
66:77:99:1d:ee:c8:32:b5:4c:35:75:42:a9:4f:e5:
2e:e0:75:f8:33:fc:c7:22:af:35:f2:4c:48:b7:93:
83:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:13:11:C4:C0:AB:99:03:A8:56:44:43:87:21:61:C7:A5:8D:3E:51
X509v3 Authority Key Identifier:
keyid:7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/qxMRxMCrmQOoVkRDhyFhx6WNPlE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.226.194.0/23
103.229.168.0/24
185.145.71.0/24
185.204.200.0/23
185.223.176.0/23
185.223.179.0/24
Signature Algorithm: sha256WithRSAEncryption
f1:05:b3:38:cc:86:53:17:85:62:68:8b:16:8b:69:53:cc:a7:
e8:9f:cb:f1:ab:78:3d:6a:89:2f:80:78:a3:72:bc:53:50:4a:
80:e9:65:7f:a0:35:52:f2:f7:21:5d:02:0d:f1:91:48:71:7b:
fa:f8:d5:42:9a:49:ac:ee:9b:0d:d7:1a:74:74:1a:9a:6e:49:
c8:53:9a:ae:02:c4:bd:27:ed:98:ee:3b:8f:d9:2b:ad:20:34:
5e:3b:30:f9:d2:54:ef:32:12:a6:25:aa:d3:fa:82:4a:77:8f:
6b:db:96:70:08:a4:cd:8f:b2:bf:46:42:ea:6b:7b:da:8c:24:
1b:c9:9f:4f:67:3b:bd:c2:65:81:a2:33:c8:08:a7:1f:c0:eb:
e3:fa:09:c2:ab:87:17:2e:c2:e5:e2:6a:01:6a:e0:7e:1b:6c:
f6:a8:a9:7d:f3:ac:29:1f:60:c9:4b:ea:d4:3f:a9:0b:36:f3:
8e:c8:de:19:a9:97:75:eb:d5:d3:a0:26:73:d2:a2:fe:2f:2f:
ed:39:1b:ea:bf:75:af:4f:d9:33:e3:3a:b0:06:45:8d:2f:1f:
ef:62:52:48:72:17:ef:76:fc:e3:b5:de:77:5c:39:0b:24:db:
64:02:62:62:dc:4c:91:ef:74:3d:71:d9:cc:00:c2:18:8c:30:
b5:e1:8a:8b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQr4zhltcGIN/Xg2rLH0i2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjU3ZGQ1MmM3NWZjZTM5ZmZlMjkxNTQ2OWQ5ZTY1NmRi
Y2I4NzMwHhcNMjUwMTAzMTExODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjEzMTFjNGMwYWI5OTAzYTg1NjQ0NDM4NzIxNjFjN2E1OGQzZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IV1QnHQgBZ+3FsFcr4JXnLfvZxn
jJGCkt/A/w6T9fhLUrz+WAg9xSnrqCsBofQ1mQ5zI+zzBa21WDMb++1DlTJdFmB1
Tuvaih1oQJ8Ge+rROaaQlzAqXF4X5cVvaXnFCIgaPog11AzJg6XtCkLYmiogeJVG
aqKo2mVRQAqnMBp/0nc77kHRnab9d6rl80aLuBrvxQaS6aUR7b+mMIDltuTKx41j
oIAjcEjNrmgZnnll9SWoSWMWZxrz4TvOMIT/aNn09qhQ9oIPH7Abp3DZtmdB9XXc
8CO3KhbJyI3gM95md5kd7sgytUw1dUKpT+Uu4HX4M/zHIq818kxIt5ODfQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKsTEcTAq5kDqFZEQ4chYceljT5RMB8GA1UdIwQY
MBaAFHr1fdUsdfzjn/4pFUadnmVtvLhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYt
YzI1MzQwOTZjNjBkLzEvcXhNUnhNQ3JtUU9vVmtSRGh5Rmh4NldOUGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYtYzI1MzQwOTZjNjBk
LzEvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBZ+LCAwQA
Z+WoAwQAuZFHAwQBuczIAwQBud+wAwQAud+zMA0GCSqGSIb3DQEBCwUAA4IBAQDx
BbM4zIZTF4ViaIsWi2lTzKfon8vxq3g9aokvgHijcrxTUEqA6WV/oDVS8vchXQIN
8ZFIcXv6+NVCmkms7psN1xp0dBqabknIU5quAsS9J+2Y7juP2SutIDReOzD50lTv
MhKmJarT+oJKd49r25ZwCKTNj7K/RkLqa3vajCQbyZ9PZzu9wmWBojPICKcfwOvj
+gnCq4cXLsLl4moBauB+G2z2qKl986wpH2DJS+rUP6kLNvOOyN4ZqZd169XToCZz
0qL+Ly/tORvqv3WvT9kz4zqwBkWNLx/vYlJIchfvdvzjtd53XDkLJNtkAmJi3EyR
73Q9cdnMAMIYjDC14YqL
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:48:56 2025 by rpki-client