Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/554988-d1a9-4b54-93ee-2ceea5caf3a0/1/QKuSiZFk1wVsULwYb8XPnEDMMuM.roa
File: QKuSiZFk1wVsULwYb8XPnEDMMuM.roa (raw, json)
Hash identifier: KAQooRb0Ywlt3epgyVY+X2EZbQ9cRsRyjFwggfxa9E0=
Subject key identifier: 40:AB:92:89:91:64:D7:05:6C:50:BC:18:6F:C5:CF:9C:40:CC:32:E3
Certificate issuer: /CN=10e8da8407f9f748e81fe9da9eb06b3b17d067dd
Certificate serial: 01942521B1966C0C3AA57FF997737F523109
Authority key identifier: 10:E8:DA:84:07:F9:F7:48:E8:1F:E9:DA:9E:B0:6B:3B:17:D0:67:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EOjahAf590joH-nanrBrOxfQZ90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/554988-d1a9-4b54-93ee-2ceea5caf3a0/1/QKuSiZFk1wVsULwYb8XPnEDMMuM.roa
Signing time: Thu 02 Jan 2025 03:49:12 +0000
ROA not before: Thu 02 Jan 2025 03:49:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57468
IP address blocks: 45.15.220.0/22 maxlen: 22
185.6.208.0/22 maxlen: 22
185.6.209.0/24 maxlen: 24
185.6.210.0/24 maxlen: 24
185.6.211.0/24 maxlen: 24
185.144.32.0/22 maxlen: 22
194.60.240.0/23 maxlen: 23
194.60.240.0/24 maxlen: 24
194.60.241.0/24 maxlen: 24
2a03:1040::/32 maxlen: 32
2a07:3a80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/554988-d1a9-4b54-93ee-2ceea5caf3a0/1/EOjahAf590joH-nanrBrOxfQZ90.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/554988-d1a9-4b54-93ee-2ceea5caf3a0/1/EOjahAf590joH-nanrBrOxfQZ90.mft
rsync://rpki.ripe.net/repository/DEFAULT/EOjahAf590joH-nanrBrOxfQZ90.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 08:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:b1:96:6c:0c:3a:a5:7f:f9:97:73:7f:52:31:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=10e8da8407f9f748e81fe9da9eb06b3b17d067dd
Validity
Not Before: Jan 2 03:49:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40ab92899164d7056c50bc186fc5cf9c40cc32e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:b9:53:f8:f8:32:af:b9:3e:48:f4:ae:38:ed:
2d:47:6d:82:57:b4:10:04:98:e4:56:0b:0d:7c:f3:
a1:8c:53:f8:4e:d5:60:dc:bd:6f:2f:ae:c5:dc:09:
17:e2:9b:0d:85:c9:bd:f4:bd:2f:b4:33:ba:05:28:
3d:c2:8f:78:cd:d4:1c:b5:93:5b:8d:8a:f9:40:93:
52:3c:75:f5:ec:32:a1:1c:f6:80:56:66:ef:62:6f:
4d:8d:d8:88:4b:67:46:ed:2f:50:fe:91:d0:12:77:
01:d7:4a:ca:27:34:4c:59:59:a2:75:df:44:40:d9:
44:0d:8c:61:f8:86:b0:e6:21:4b:fb:b7:ae:32:bb:
a1:a0:fe:50:5f:48:ab:52:ff:a5:27:eb:91:a3:ab:
0c:9d:ba:81:c0:c8:90:f9:5f:7d:4f:90:0a:29:e7:
6c:0e:99:61:ea:ba:57:fb:09:1a:1c:c4:df:f2:a1:
35:0d:fd:a6:30:b1:60:5e:dc:a2:21:77:2b:4a:dc:
88:f9:9a:46:ee:cf:31:f5:42:39:10:6a:c3:18:fa:
6c:d2:5e:59:6e:39:da:11:ce:5e:08:99:71:24:e1:
bd:6c:8c:fd:47:f5:b8:aa:66:78:a5:11:d5:58:70:
71:65:91:26:1d:a5:80:db:17:e0:c2:d2:f8:c9:81:
2f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:AB:92:89:91:64:D7:05:6C:50:BC:18:6F:C5:CF:9C:40:CC:32:E3
X509v3 Authority Key Identifier:
keyid:10:E8:DA:84:07:F9:F7:48:E8:1F:E9:DA:9E:B0:6B:3B:17:D0:67:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EOjahAf590joH-nanrBrOxfQZ90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/554988-d1a9-4b54-93ee-2ceea5caf3a0/1/QKuSiZFk1wVsULwYb8XPnEDMMuM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/554988-d1a9-4b54-93ee-2ceea5caf3a0/1/EOjahAf590joH-nanrBrOxfQZ90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.220.0/22
185.6.208.0/22
185.144.32.0/22
194.60.240.0/23
IPv6:
2a03:1040::/32
2a07:3a80::/29
Signature Algorithm: sha256WithRSAEncryption
6d:0d:6d:34:42:c7:bd:3b:50:ba:8f:d0:fd:c4:2f:a6:b3:a7:
d1:91:b6:e1:15:d4:34:91:40:db:f4:db:b8:92:8e:6e:f9:fa:
00:67:4f:a1:8b:8e:ea:48:92:6d:3e:85:31:73:c2:4f:1c:5b:
d6:17:05:9f:b3:44:1d:c9:6c:51:2b:bc:cb:3d:07:df:43:e2:
e3:33:d4:9c:be:4b:50:d4:ec:8e:ea:22:ca:f9:c0:bf:ea:38:
55:25:c5:1d:3d:ad:b7:d3:2b:67:54:2b:fa:db:67:3c:3a:df:
c4:94:fe:ba:b8:61:5d:a8:b0:aa:b2:08:71:9b:5a:bc:94:db:
67:1f:35:a3:08:78:ae:6e:08:c3:e4:b5:e3:22:18:28:f5:0a:
1f:11:5b:0c:50:f5:4c:dd:dc:bd:c2:2b:3b:f8:f9:ae:42:1d:
57:56:a7:ed:d5:17:bc:15:6c:63:52:e4:e0:97:6f:23:c6:1b:
b8:c5:c4:00:a1:5a:35:a0:0c:d5:80:1f:82:cd:4a:92:05:6b:
1d:3f:c9:4c:a3:4d:00:07:86:b1:ef:0b:cf:ce:e2:77:ac:45:
2f:c4:65:fb:11:16:7d:56:2e:a7:d4:59:2a:2b:74:b3:b3:9f:
d4:dc:ea:a3:f5:e9:a5:94:c5:0f:e7:95:fc:1b:b0:d1:42:8c:
9b:41:a8:65
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQlIbGWbAw6pX/5l3N/UjEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZThkYTg0MDdmOWY3NDhlODFmZTlkYTllYjA2YjNiMTdk
MDY3ZGQwHhcNMjUwMTAyMDM0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGFiOTI4OTkxNjRkNzA1NmM1MGJjMTg2ZmM1Y2Y5YzQwY2MzMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLlT+Pgyr7k+SPSuOO0tR22CV7QQ
BJjkVgsNfPOhjFP4TtVg3L1vL67F3AkX4psNhcm99L0vtDO6BSg9wo94zdQctZNb
jYr5QJNSPHX17DKhHPaAVmbvYm9NjdiIS2dG7S9Q/pHQEncB10rKJzRMWVmidd9E
QNlEDYxh+Iaw5iFL+7euMruhoP5QX0irUv+lJ+uRo6sMnbqBwMiQ+V99T5AKKeds
Dplh6rpX+wkaHMTf8qE1Df2mMLFgXtyiIXcrStyI+ZpG7s8x9UI5EGrDGPps0l5Z
bjnaEc5eCJlxJOG9bIz9R/W4qmZ4pRHVWHBxZZEmHaWA2xfgwtL4yYEvCwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFECrkomRZNcFbFC8GG/Fz5xAzDLjMB8GA1UdIwQY
MBaAFBDo2oQH+fdI6B/p2p6wazsX0GfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU9qYWhBZjU5MGpvSC1uYW5yQnJPeGZRWjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS81NTQ5ODgtZDFhOS00YjU0LTkzZWUt
MmNlZWE1Y2FmM2EwLzEvUUt1U2laRmsxd1ZzVUx3WWI4WFBuRURNTXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS81NTQ5ODgtZDFhOS00YjU0LTkzZWUtMmNlZWE1Y2FmM2Ew
LzEvRU9qYWhBZjU5MGpvSC1uYW5yQnJPeGZRWjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCLQ/cAwQC
uQbQAwQCuZAgAwQBwjzwMBQEAgACMA4DBQAqAxBAAwUDKgc6gDANBgkqhkiG9w0B
AQsFAAOCAQEAbQ1tNELHvTtQuo/Q/cQvprOn0ZG24RXUNJFA2/TbuJKObvn6AGdP
oYuO6kiSbT6FMXPCTxxb1hcFn7NEHclsUSu8yz0H30Pi4zPUnL5LUNTsjuoiyvnA
v+o4VSXFHT2tt9MrZ1Qr+ttnPDrfxJT+urhhXaiwqrIIcZtavJTbZx81owh4rm4I
w+S14yIYKPUKHxFbDFD1TN3cvcIrO/j5rkIdV1an7dUXvBVsY1Lk4JdvI8YbuMXE
AKFaNaAM1YAfgs1KkgVrHT/JTKNNAAeGse8Lz87id6xFL8Rl+xEWfVYup9RZKit0
s7Of1Nzqo/XppZTFD+eV/Buw0UKMm0GoZQ==
-----END CERTIFICATE-----
Generated at Tue Apr 15 16:16:29 2025 by rpki-client