Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/4441b4-f981-4c26-9b99-1010473f4fe8/1/KNQf97WzItrOYioPwLu-Tdh4fNc.roa
File: KNQf97WzItrOYioPwLu-Tdh4fNc.roa (raw, json)
Hash identifier: RIjtWc8dl547OecCvbWgp63AohvHeAGZkMZVo9/tFEw=
Subject key identifier: 28:D4:1F:F7:B5:B3:22:DA:CE:62:2A:0F:C0:BB:BE:4D:D8:78:7C:D7
Certificate issuer: /CN=f57bc7f2eaf0cafa69bee5fabe67122b4363fe72
Certificate serial: 0194258F63F45FA291D4F029A490B07CAD03
Authority key identifier: F5:7B:C7:F2:EA:F0:CA:FA:69:BE:E5:FA:BE:67:12:2B:43:63:FE:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9XvH8urwyvppvuX6vmcSK0Nj_nI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/4441b4-f981-4c26-9b99-1010473f4fe8/1/KNQf97WzItrOYioPwLu-Tdh4fNc.roa
Signing time: Thu 02 Jan 2025 05:49:01 +0000
ROA not before: Thu 02 Jan 2025 05:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200567
IP address blocks: 45.146.132.0/22 maxlen: 23
46.16.216.0/22 maxlen: 22
46.16.216.0/23 maxlen: 23
46.16.218.0/23 maxlen: 23
46.16.220.0/22 maxlen: 22
46.16.220.0/23 maxlen: 23
46.16.222.0/23 maxlen: 23
185.39.176.0/23 maxlen: 24
185.39.178.0/23 maxlen: 23
185.70.144.0/23 maxlen: 23
185.70.146.0/23 maxlen: 23
185.109.32.0/23 maxlen: 23
185.109.34.0/23 maxlen: 23
192.109.223.0/24 maxlen: 24
192.109.231.0/24 maxlen: 24
192.109.235.0/24 maxlen: 24
192.109.239.0/24 maxlen: 24
2a02:4500::/32 maxlen: 32
2a05:2a80::/29 maxlen: 29
2a05:2a80::/32 maxlen: 32
2a05:2a80:1::/48 maxlen: 48
2a06:4e40::/29 maxlen: 29
2a0f:1000::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e3/4441b4-f981-4c26-9b99-1010473f4fe8/1/9XvH8urwyvppvuX6vmcSK0Nj_nI.crl
rsync://rpki.ripe.net/repository/DEFAULT/e3/4441b4-f981-4c26-9b99-1010473f4fe8/1/9XvH8urwyvppvuX6vmcSK0Nj_nI.mft
rsync://rpki.ripe.net/repository/DEFAULT/9XvH8urwyvppvuX6vmcSK0Nj_nI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:63:f4:5f:a2:91:d4:f0:29:a4:90:b0:7c:ad:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f57bc7f2eaf0cafa69bee5fabe67122b4363fe72
Validity
Not Before: Jan 2 05:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28d41ff7b5b322dace622a0fc0bbbe4dd8787cd7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:cb:aa:51:ab:5b:fd:ef:93:c7:02:fb:2d:36:
2a:20:05:7f:cc:f0:0d:fa:14:46:f4:40:e3:59:e3:
ca:58:6f:39:38:3a:05:12:21:87:73:0b:97:01:95:
cd:ff:30:76:00:16:0e:93:db:c9:e2:11:2e:a6:c3:
42:bb:a8:07:ed:4b:a6:95:b8:e3:3c:cc:5e:d5:ef:
1e:7c:29:71:de:05:ed:ed:9c:e4:9f:e5:44:2e:6a:
e0:4b:af:7d:ae:43:25:9b:04:65:00:97:a8:cf:7f:
3f:06:88:9f:26:3a:da:b1:ec:4f:86:cb:f1:b4:33:
ea:02:50:3d:cb:4d:a3:92:46:bc:23:87:b6:f6:0d:
96:fc:ca:b5:98:05:33:c5:2b:61:03:cb:15:18:9f:
eb:e1:7c:cc:d6:a1:91:4f:e8:6e:55:bb:8b:34:c4:
9f:fb:b2:f2:b1:0e:e8:69:d3:7b:76:93:28:30:33:
5c:ac:33:15:48:60:ab:61:b7:8e:5f:fd:23:10:3c:
19:8c:43:4c:20:02:6a:a2:d1:6d:9c:73:93:dc:a1:
75:86:a0:08:20:b1:82:18:bd:77:05:55:6d:87:13:
69:95:49:b4:73:63:5f:2d:90:f9:9e:0b:ff:11:2f:
d9:5b:e1:4d:d9:35:e5:ee:da:65:75:fe:77:66:ed:
3a:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D4:1F:F7:B5:B3:22:DA:CE:62:2A:0F:C0:BB:BE:4D:D8:78:7C:D7
X509v3 Authority Key Identifier:
keyid:F5:7B:C7:F2:EA:F0:CA:FA:69:BE:E5:FA:BE:67:12:2B:43:63:FE:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XvH8urwyvppvuX6vmcSK0Nj_nI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4441b4-f981-4c26-9b99-1010473f4fe8/1/KNQf97WzItrOYioPwLu-Tdh4fNc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4441b4-f981-4c26-9b99-1010473f4fe8/1/9XvH8urwyvppvuX6vmcSK0Nj_nI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.132.0/22
46.16.216.0/21
185.39.176.0/22
185.70.144.0/22
185.109.32.0/22
192.109.223.0/24
192.109.231.0/24
192.109.235.0/24
192.109.239.0/24
IPv6:
2a02:4500::/32
2a05:2a80::/29
2a06:4e40::/29
2a0f:1000::/29
Signature Algorithm: sha256WithRSAEncryption
89:55:d9:97:13:cd:d9:fa:2d:b2:a9:81:5b:e4:d8:75:c4:34:
bc:5a:e6:e1:05:99:4c:75:a6:e4:15:87:b3:4e:0e:ef:a3:ef:
ad:dd:4f:07:d5:55:fa:7f:c4:4c:1d:9c:fc:0f:91:ca:26:6d:
c4:f6:ae:43:e3:84:f7:c9:7d:49:55:ae:11:62:a9:43:f1:a6:
6e:96:5b:82:66:2f:4c:7d:4b:10:d4:db:05:5e:40:9d:9d:4f:
74:94:db:b4:97:72:a3:5c:0c:66:d2:7e:25:8f:c7:c2:e8:48:
ad:b0:9f:95:02:71:90:cf:3c:12:13:5d:c1:7c:f4:c1:9e:3a:
58:60:e7:71:f4:33:0d:25:70:a9:af:90:b6:22:51:82:8e:fb:
2e:2e:62:ab:35:d6:3c:3b:f5:60:26:f6:6f:0b:97:e0:87:9d:
e7:a4:25:a7:8e:24:c8:bc:13:a5:b9:a1:32:e3:6b:18:2a:c3:
93:89:28:f5:9b:8e:46:7a:64:36:8a:ba:92:f5:16:21:f0:12:
33:a0:2a:ed:07:c0:6b:6e:16:36:1d:a0:fc:fd:0f:9f:77:cf:
a9:eb:31:ca:32:9c:62:9f:b7:98:54:44:02:af:ca:de:d7:33:
9b:b3:e1:2b:99:fc:83:3b:ef:47:eb:99:c7:ae:12:b8:a8:57:
3a:fe:08:de
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZQlj2P0X6KR1PAppJCwfK0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1N2JjN2YyZWFmMGNhZmE2OWJlZTVmYWJlNjcxMjJiNDM2
M2ZlNzIwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ0MWZmN2I1YjMyMmRhY2U2MjJhMGZjMGJiYmU0ZGQ4Nzg3Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MuqUatb/e+TxwL7LTYqIAV/zPAN
+hRG9EDjWePKWG85ODoFEiGHcwuXAZXN/zB2ABYOk9vJ4hEupsNCu6gH7Uumlbjj
PMxe1e8efClx3gXt7Zzkn+VELmrgS699rkMlmwRlAJeoz38/BoifJjrasexPhsvx
tDPqAlA9y02jkka8I4e29g2W/Mq1mAUzxSthA8sVGJ/r4XzM1qGRT+huVbuLNMSf
+7LysQ7oadN7dpMoMDNcrDMVSGCrYbeOX/0jEDwZjENMIAJqotFtnHOT3KF1hqAI
ILGCGL13BVVthxNplUm0c2NfLZD5ngv/ES/ZW+FN2TXl7tpldf53Zu06zwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFCjUH/e1syLazmIqD8C7vk3YeHzXMB8GA1UdIwQY
MBaAFPV7x/Lq8Mr6ab7l+r5nEitDY/5yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVh2SDh1cnd5dnBwdnVYNnZtY1NLME5qX25JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80NDQxYjQtZjk4MS00YzI2LTliOTkt
MTAxMDQ3M2Y0ZmU4LzEvS05RZjk3V3pJdHJPWWlvUHdMdS1UZGg0Zk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80NDQxYjQtZjk4MS00YzI2LTliOTktMTAxMDQ3M2Y0ZmU4
LzEvOVh2SDh1cnd5dnBwdnVYNnZtY1NLME5qX25JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA8BAIAATA2AwQCLZKEAwQD
LhDYAwQCuSewAwQCuUaQAwQCuW0gAwQAwG3fAwQAwG3nAwQAwG3rAwQAwG3vMCIE
AgACMBwDBQAqAkUAAwUDKgUqgAMFAyoGTkADBQMqDxAAMA0GCSqGSIb3DQEBCwUA
A4IBAQCJVdmXE83Z+i2yqYFb5Nh1xDS8WubhBZlMdabkFYezTg7vo++t3U8H1VX6
f8RMHZz8D5HKJm3E9q5D44T3yX1JVa4RYqlD8aZulluCZi9MfUsQ1NsFXkCdnU90
lNu0l3KjXAxm0n4lj8fC6EitsJ+VAnGQzzwSE13BfPTBnjpYYOdx9DMNJXCpr5C2
IlGCjvsuLmKrNdY8O/VgJvZvC5fgh53npCWnjiTIvBOluaEy42sYKsOTiSj1m45G
emQ2irqS9RYh8BIzoCrtB8BrbhY2HaD8/Q+fd8+p6zHKMpxin7eYVEQCr8re1zOb
s+ErmfyDO+9H65nHrhK4qFc6/gje
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:13:33 2025 by rpki-client