Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/PqFEkIRxroVK0rIcDgA38IZYDpY.roa
File: PqFEkIRxroVK0rIcDgA38IZYDpY.roa (raw, json)
Hash identifier: EP9P6VKvWJ315BqV3JFwalgcht3HqmoKjcaK/4An5Xo=
Subject key identifier: 3E:A1:44:90:84:71:AE:85:4A:D2:B2:1C:0E:00:37:F0:86:58:0E:96
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0195FB0F789CED6D868FD391CFA2093C36B6
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/PqFEkIRxroVK0rIcDgA38IZYDpY.roa
Signing time: Thu 03 Apr 2025 09:50:49 +0000
ROA not before: Thu 03 Apr 2025 09:50:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19399
IP address blocks: 192.36.201.0/24 maxlen: 24
192.36.202.0/24 maxlen: 24
192.36.203.0/24 maxlen: 24
192.71.123.0/24 maxlen: 24
192.121.69.0/24 maxlen: 24
193.182.239.0/24 maxlen: 24
193.182.247.0/24 maxlen: 24
194.14.182.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 11 Apr 2025 08:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:fb:0f:78:9c:ed:6d:86:8f:d3:91:cf:a2:09:3c:36:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Apr 3 09:50:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ea144908471ae854ad2b21c0e0037f086580e96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:6c:dc:4a:3e:80:ee:0c:06:ff:22:e8:b6:c9:
96:73:71:ac:bf:1f:6c:42:86:4c:22:3b:23:4f:09:
ad:73:09:fe:ad:03:61:a4:61:89:68:eb:7b:05:1c:
27:e2:2e:18:41:f4:b3:0e:7e:1d:12:01:f5:2b:33:
b8:c1:54:3b:b7:e8:ff:3e:10:77:84:cd:5a:55:1c:
94:b9:70:ac:40:ae:61:ec:83:d5:79:39:17:4b:02:
50:54:d3:ac:70:b6:59:17:87:b1:3d:70:01:e1:ed:
71:25:eb:63:a9:8c:69:86:89:06:43:0e:05:26:34:
07:df:d3:62:41:16:af:0e:48:d8:0a:97:c4:a7:d3:
9c:ec:ec:e3:4a:0f:ee:57:45:dd:c8:ba:f7:7b:72:
7e:44:2f:9b:57:2b:91:da:69:7f:7f:bb:60:91:e1:
f3:0e:2d:20:30:58:bc:04:cf:9c:6c:13:7b:52:f4:
4c:d0:3d:16:bd:24:8d:df:58:ff:f8:8c:da:8b:ab:
4d:15:53:b1:cc:8b:39:f9:79:e0:0a:57:96:87:3b:
95:0a:03:0c:35:09:6a:fa:4b:75:d4:91:85:a8:ff:
e2:4a:51:2a:29:ed:52:51:32:68:33:0d:e0:d5:88:
36:e4:ee:07:19:b9:4c:38:6f:e8:50:29:b6:5d:1d:
74:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:A1:44:90:84:71:AE:85:4A:D2:B2:1C:0E:00:37:F0:86:58:0E:96
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/PqFEkIRxroVK0rIcDgA38IZYDpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.201.0-192.36.203.255
192.71.123.0/24
192.121.69.0/24
193.182.239.0/24
193.182.247.0/24
194.14.182.0/23
Signature Algorithm: sha256WithRSAEncryption
49:57:c3:20:2a:e0:01:12:29:26:9a:03:b0:d7:6c:65:dd:0e:
42:3f:57:c0:2a:52:da:83:90:d9:41:34:7f:73:77:e0:cb:9c:
b4:e4:a3:ed:c4:fe:bd:92:3e:88:75:ae:7a:33:61:30:e2:30:
78:9b:c2:18:d6:0f:8e:7c:74:63:e2:8e:3d:7e:dc:e8:f5:25:
a4:43:7d:3a:09:0d:80:f8:4b:a2:fc:20:3d:a1:d3:a5:cf:3e:
a5:49:16:1a:0e:c0:55:69:25:a2:73:ea:4a:40:c9:4a:b4:2a:
4e:c9:18:df:2a:f2:59:30:d4:e3:76:f3:3b:01:04:ba:7e:57:
70:f4:59:96:54:fd:e5:9f:94:28:fa:f2:47:44:7c:cb:a6:40:
a5:d2:74:33:37:84:4d:f1:b0:8d:a1:c8:95:de:1d:0f:0b:fb:
ea:61:05:ac:30:6e:b1:6e:5c:7d:d8:49:60:f6:33:54:5c:9f:
8a:b2:51:33:9c:87:64:24:a3:e9:23:ac:92:f0:63:af:3e:37:
92:22:ce:ec:62:01:75:6e:c1:15:fa:d4:1d:d7:ad:0a:7a:8f:
aa:f4:ac:ca:15:c0:10:ed:5e:a0:34:dd:ed:5f:c1:10:40:44:
7d:71:86:8d:cb:ce:d5:80:86:49:08:b5:4d:27:0c:20:5d:0e:
f7:5a:be:c7
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZX7D3ic7W2Gj9ORz6IJPDa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNDAzMDk1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWExNDQ5MDg0NzFhZTg1NGFkMmIyMWMwZTAwMzdmMDg2NTgwZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2zcSj6A7gwG/yLotsmWc3Gsvx9s
QoZMIjsjTwmtcwn+rQNhpGGJaOt7BRwn4i4YQfSzDn4dEgH1KzO4wVQ7t+j/PhB3
hM1aVRyUuXCsQK5h7IPVeTkXSwJQVNOscLZZF4exPXAB4e1xJetjqYxphokGQw4F
JjQH39NiQRavDkjYCpfEp9Oc7OzjSg/uV0XdyLr3e3J+RC+bVyuR2ml/f7tgkeHz
Di0gMFi8BM+cbBN7UvRM0D0WvSSN31j/+Izai6tNFVOxzIs5+XngCleWhzuVCgMM
NQlq+kt11JGFqP/iSlEqKe1SUTJoMw3g1Yg25O4HGblMOG/oUCm2XR10yQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFD6hRJCEca6FStKyHA4AN/CGWA6WMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvUHFGRWtJUnhyb1ZLMHJJY0RnQTM4SVpZRHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBADAJMkD
BALAJMgDBADAR3sDBADAeUUDBADBtu8DBADBtvcDBAHCDrYwDQYJKoZIhvcNAQEL
BQADggEBAElXwyAq4AESKSaaA7DXbGXdDkI/V8AqUtqDkNlBNH9zd+DLnLTko+3E
/r2SPoh1rnozYTDiMHibwhjWD458dGPijj1+3Oj1JaRDfToJDYD4S6L8ID2h06XP
PqVJFhoOwFVpJaJz6kpAyUq0Kk7JGN8q8lkw1ON28zsBBLp+V3D0WZZU/eWflCj6
8kdEfMumQKXSdDM3hE3xsI2hyJXeHQ8L++phBawwbrFuXH3YSWD2M1Rcn4qyUTOc
h2Qko+kjrJLwY68+N5IizuxiAXVuwRX61B3XrQp6j6r0rMoVwBDtXqA03e1fwRBA
RH1xho3LztWAhkkItU0nDCBdDvdavsc=
-----END CERTIFICATE-----
Generated at Thu Apr 10 15:17:46 2025 by rpki-client