Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/qPIbjSN2yzTtuHjuLt4WE39NKes.roa
File: qPIbjSN2yzTtuHjuLt4WE39NKes.roa (raw, json)
Hash identifier: tATEM+JFA1bxRwxg9JQmVMVUQWh9DxygoWoynUU65ks=
Subject key identifier: A8:F2:1B:8D:23:76:CB:34:ED:B8:78:EE:2E:DE:16:13:7F:4D:29:EB
Certificate issuer: /CN=a18164d9961a16d2eff773f5027821e9d2bd3740
Certificate serial: 019450C146B49F7F6500823F270153B3B4B1
Authority key identifier: A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/qPIbjSN2yzTtuHjuLt4WE39NKes.roa
Signing time: Fri 10 Jan 2025 15:07:11 +0000
ROA not before: Fri 10 Jan 2025 15:07:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8899
IP address blocks: 5.45.0.0/21 maxlen: 21
5.100.128.0/20 maxlen: 20
37.157.40.0/21 maxlen: 21
46.165.128.0/18 maxlen: 18
77.244.96.0/20 maxlen: 20
80.74.48.0/20 maxlen: 20
80.74.48.0/22 maxlen: 22
80.74.52.0/22 maxlen: 22
89.21.96.0/19 maxlen: 19
109.75.208.0/20 maxlen: 20
128.0.96.0/21 maxlen: 21
128.0.100.0/22 maxlen: 22
131.117.144.0/20 maxlen: 20
156.67.128.0/20 maxlen: 20
156.67.132.0/22 maxlen: 22
156.67.140.0/22 maxlen: 22
178.76.128.0/18 maxlen: 18
185.7.208.0/22 maxlen: 22
185.18.128.0/22 maxlen: 22
185.74.180.0/22 maxlen: 22
188.210.0.0/18 maxlen: 18
188.210.60.0/22 maxlen: 22
212.43.64.0/19 maxlen: 19
212.43.80.0/21 maxlen: 21
2a01:5c0::/32 maxlen: 32
2a02:6d40::/32 maxlen: 32
2a03:4920::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 20:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:50:c1:46:b4:9f:7f:65:00:82:3f:27:01:53:b3:b4:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a18164d9961a16d2eff773f5027821e9d2bd3740
Validity
Not Before: Jan 10 15:07:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8f21b8d2376cb34edb878ee2ede16137f4d29eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:93:28:d8:49:c2:3d:9f:72:17:dc:fd:e3:6a:
fc:b6:4c:31:1c:03:f3:f3:ec:02:1f:e2:fd:4f:1f:
17:a8:02:fe:dc:80:ef:b2:41:52:33:c8:be:32:f1:
c7:10:b3:75:41:8d:ef:e4:aa:1a:4c:99:3b:67:42:
b0:6b:15:6c:f4:d0:9b:14:6c:e2:30:c0:91:10:8e:
d3:ba:88:ff:95:ea:ef:0f:98:f6:d6:09:bc:30:69:
a0:93:b5:74:c0:7e:7d:16:d4:4f:e1:b0:b1:85:1e:
54:91:58:99:1f:05:25:aa:97:01:13:a1:69:e7:83:
e2:d9:f0:0c:47:ed:2d:f7:d4:72:ea:c1:ea:6f:2c:
c0:b5:3d:9d:0d:45:22:f9:7a:34:de:dd:ae:d3:0e:
a8:cf:ef:f4:06:07:20:26:f1:d8:32:67:eb:08:dc:
fa:ba:52:02:e5:33:8f:8b:8b:d9:e4:24:46:d5:41:
3a:9b:6d:c4:7f:ac:a4:4c:b7:1e:2b:c2:73:42:bc:
8e:36:dc:62:41:f3:36:a5:17:c1:26:b4:f2:19:f0:
8c:d0:72:06:47:e5:f5:57:76:eb:11:b1:34:87:05:
c6:28:1d:ae:31:3a:99:02:71:05:cf:6c:e1:66:6a:
28:3e:13:c2:5a:8e:bb:69:e8:7d:e9:15:ad:fd:8a:
d6:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:F2:1B:8D:23:76:CB:34:ED:B8:78:EE:2E:DE:16:13:7F:4D:29:EB
X509v3 Authority Key Identifier:
keyid:A1:81:64:D9:96:1A:16:D2:EF:F7:73:F5:02:78:21:E9:D2:BD:37:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oYFk2ZYaFtLv93P1Angh6dK9N0A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/qPIbjSN2yzTtuHjuLt4WE39NKes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b8ed2d-3545-4599-97e5-1523803fadaf/1/oYFk2ZYaFtLv93P1Angh6dK9N0A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.0.0/21
5.100.128.0/20
37.157.40.0/21
46.165.128.0/18
77.244.96.0/20
80.74.48.0/20
89.21.96.0/19
109.75.208.0/20
128.0.96.0/21
131.117.144.0/20
156.67.128.0/20
178.76.128.0/18
185.7.208.0/22
185.18.128.0/22
185.74.180.0/22
188.210.0.0/18
212.43.64.0/19
IPv6:
2a01:5c0::/32
2a02:6d40::/32
2a03:4920::/32
Signature Algorithm: sha256WithRSAEncryption
50:23:26:b7:f6:0c:33:6d:9c:f1:d6:a0:fc:4c:9c:4c:a8:c3:
21:64:ef:8c:d5:5e:c6:b2:81:6f:8a:5c:11:0d:13:46:94:8c:
af:ba:d6:8b:4f:a7:5e:26:f0:67:fa:c8:ee:4f:d7:7a:db:b8:
d8:81:b2:0c:d6:e9:44:78:60:50:be:98:fd:55:49:fd:ea:d5:
0a:e0:f2:2a:fe:72:15:06:91:f8:51:71:b2:bb:f9:d5:0e:b2:
98:eb:6f:7f:18:56:98:76:b6:2d:bb:f3:f0:78:b8:7c:ab:90:
12:2c:ba:d5:c9:fa:e4:06:5b:c1:7d:21:3b:70:0d:8d:ee:72:
2e:1d:e8:02:17:24:e4:c9:ad:fc:43:46:2d:77:5f:f5:63:92:
a0:a3:54:06:aa:f9:e4:4e:8c:54:73:0d:c4:31:a3:00:6c:5a:
9a:4f:63:94:b9:33:b0:03:29:ec:46:3e:3f:89:f9:34:ac:60:
12:0c:31:ea:69:d3:5d:73:83:ee:9c:42:7c:4d:07:b9:06:7b:
7e:80:6d:e3:72:4a:84:a6:64:f8:03:77:d9:2a:1b:27:17:aa:
d3:57:d2:d9:d0:2e:c6:27:bc:dc:b5:b3:39:2d:db:7a:9f:d0:
60:6e:19:63:97:a4:9d:e0:0a:53:31:46:64:70:17:2d:54:b3:
08:35:61:f6
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgISAZRQwUa0n39lAII/JwFTs7SxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExODE2NGQ5OTYxYTE2ZDJlZmY3NzNmNTAyNzgyMWU5ZDJi
ZDM3NDAwHhcNMjUwMTEwMTUwNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGYyMWI4ZDIzNzZjYjM0ZWRiODc4ZWUyZWRlMTYxMzdmNGQyOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZMo2EnCPZ9yF9z942r8tkwxHAPz
8+wCH+L9Tx8XqAL+3IDvskFSM8i+MvHHELN1QY3v5KoaTJk7Z0KwaxVs9NCbFGzi
MMCREI7Tuoj/lervD5j21gm8MGmgk7V0wH59FtRP4bCxhR5UkViZHwUlqpcBE6Fp
54Pi2fAMR+0t99Ry6sHqbyzAtT2dDUUi+Xo03t2u0w6oz+/0BgcgJvHYMmfrCNz6
ulIC5TOPi4vZ5CRG1UE6m23Ef6ykTLceK8JzQryONtxiQfM2pRfBJrTyGfCM0HIG
R+X1V3brEbE0hwXGKB2uMTqZAnEFz2zhZmooPhPCWo67aeh96RWt/YrWdQIDAQAB
o4ICiTCCAoUwHQYDVR0OBBYEFKjyG40jdss07bh47i7eFhN/TSnrMB8GA1UdIwQY
MBaAFKGBZNmWGhbS7/dz9QJ4IenSvTdAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUt
MTUyMzgwM2ZhZGFmLzEvcVBJYmpTTjJ5elR0dUhqdUx0NFdFMzlOS2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iOGVkMmQtMzU0NS00NTk5LTk3ZTUtMTUyMzgwM2ZhZGFm
LzEvb1lGazJaWWFGdEx2OTNQMUFuZ2g2ZEs5TjBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGeBggrBgEFBQcBBwEB/wSBjjCBizBsBAIAATBmAwQDBS0A
AwQEBWSAAwQDJZ0oAwQGLqWAAwQETfRgAwQEUEowAwQFWRVgAwQEbUvQAwQDgABg
AwQEg3WQAwQEnEOAAwQGskyAAwQCuQfQAwQCuRKAAwQCuUq0AwQGvNIAAwQF1CtA
MBsEAgACMBUDBQAqAQXAAwUAKgJtQAMFACoDSSAwDQYJKoZIhvcNAQELBQADggEB
AFAjJrf2DDNtnPHWoPxMnEyowyFk74zVXsaygW+KXBENE0aUjK+61otPp14m8Gf6
yO5P13rbuNiBsgzW6UR4YFC+mP1VSf3q1Qrg8ir+chUGkfhRcbK7+dUOspjrb38Y
Vph2ti278/B4uHyrkBIsutXJ+uQGW8F9ITtwDY3uci4d6AIXJOTJrfxDRi13X/Vj
kqCjVAaq+eROjFRzDcQxowBsWppPY5S5M7ADKexGPj+J+TSsYBIMMepp011zg+6c
QnxNB7kGe36AbeNySoSmZPgDd9kqGycXqtNX0tnQLsYnvNy1szkt23qf0GBuGWOX
pJ3gClMxRmRwFy1Uswg1YfY=
-----END CERTIFICATE-----
Generated at Sat Feb 22 05:55:16 2025 by rpki-client