Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/wVZ7Q_yh7vY87ipQHKXps_Y5QUU.roa
File: wVZ7Q_yh7vY87ipQHKXps_Y5QUU.roa (raw, json)
Hash identifier: F0pmi/wk6PrJmlY3U42fDKf/ChECXrlPOqHq8mmS3J0=
Subject key identifier: C1:56:7B:43:FC:A1:EE:F6:3C:EE:2A:50:1C:A5:E9:B3:F6:39:41:45
Certificate issuer: /CN=439137befe8bc55903690c7c46af197cc91a703c
Certificate serial: 019497DBF07A8D7A66FBDA18FEDBD3BDE8BD
Authority key identifier: 43:91:37:BE:FE:8B:C5:59:03:69:0C:7C:46:AF:19:7C:C9:1A:70:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/wVZ7Q_yh7vY87ipQHKXps_Y5QUU.roa
Signing time: Fri 24 Jan 2025 10:29:20 +0000
ROA not before: Fri 24 Jan 2025 10:29:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206487
IP address blocks: 185.99.40.0/24 maxlen: 24
185.99.42.0/24 maxlen: 24
185.99.43.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:97:db:f0:7a:8d:7a:66:fb:da:18:fe:db:d3:bd:e8:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=439137befe8bc55903690c7c46af197cc91a703c
Validity
Not Before: Jan 24 10:29:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c1567b43fca1eef63cee2a501ca5e9b3f6394145
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d8:e9:c8:7e:cc:ea:a8:8e:fb:cc:f3:f8:9f:
24:8a:22:e8:ab:ca:aa:0b:9b:f2:cd:e0:6d:20:8a:
dd:ff:e6:a8:7b:ab:dd:ef:5f:0a:24:bc:99:e9:37:
bf:a4:76:3b:fe:cf:20:56:af:f7:78:97:81:1f:03:
4f:9b:e7:19:2b:a8:38:86:7c:ad:48:c1:70:b8:fd:
bc:89:56:e5:00:46:95:97:da:5b:28:0d:1b:bc:c3:
64:d8:34:10:a5:b3:3a:0a:ab:cb:56:67:5c:4a:bd:
a1:08:95:7e:5d:7a:7f:29:d4:03:9b:da:de:a0:24:
d1:3f:7d:d3:4a:51:d7:0b:41:32:9f:67:58:bb:fa:
dd:d4:4e:65:ba:26:06:f7:46:10:15:5f:f4:40:4b:
8c:fa:e7:d3:1d:a2:c1:14:a3:38:65:73:2d:10:05:
3c:18:ed:e1:30:23:c3:2a:5f:2d:81:d6:a0:45:c5:
17:f7:15:95:ce:89:3b:99:b9:c8:23:c7:3f:d6:f2:
0a:fb:12:9c:b2:fc:0a:1b:b6:c8:76:d4:5e:32:b4:
c7:5f:91:23:a7:73:03:b0:ca:64:d7:6b:b6:7d:ff:
14:75:10:f1:a8:77:b5:fb:3e:57:52:6e:8f:11:d0:
49:4a:8d:c2:30:1e:16:c6:a9:09:79:53:da:78:91:
a3:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:56:7B:43:FC:A1:EE:F6:3C:EE:2A:50:1C:A5:E9:B3:F6:39:41:45
X509v3 Authority Key Identifier:
keyid:43:91:37:BE:FE:8B:C5:59:03:69:0C:7C:46:AF:19:7C:C9:1A:70:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/wVZ7Q_yh7vY87ipQHKXps_Y5QUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5ac22d-9e8f-449d-8304-0f52d828fd4f/1/Q5E3vv6LxVkDaQx8Rq8ZfMkacDw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.99.40.0/24
185.99.42.0/23
Signature Algorithm: sha256WithRSAEncryption
90:e4:c6:8f:68:70:c0:76:ed:26:38:99:20:60:45:6d:d9:59:
3d:bc:c3:7f:90:d8:c9:9a:2d:53:f2:01:2c:dc:e1:71:a6:ad:
b8:71:7d:50:29:7f:8b:15:34:48:f8:9d:ae:4d:0d:cc:0d:65:
b6:78:f2:85:e8:fb:dc:d8:69:75:75:ff:a4:9a:ce:cc:ed:1b:
51:7f:b1:ad:64:70:0c:4b:36:59:b3:c6:b0:83:7a:d7:96:70:
0c:08:22:c6:5d:ef:c8:26:c2:4e:c6:aa:c4:65:ad:a9:3b:a9:
03:3c:b8:02:18:88:7a:00:78:d1:aa:b9:80:99:00:79:0c:3f:
c4:ec:2e:f1:07:a6:46:62:3e:15:e8:a6:86:ee:5c:5b:df:cb:
3d:26:21:93:e7:05:03:70:a9:d6:85:96:35:05:2c:6d:f8:74:
10:c4:db:fe:5c:38:3c:55:2d:b4:60:ba:5e:dd:c2:59:a4:ad:
fb:a9:0e:89:94:b0:fd:24:b1:b5:18:96:14:aa:19:2b:e3:73:
22:bf:72:38:6d:71:8f:a0:ce:62:4c:7f:d6:f0:00:1a:0e:bc:
f6:ca:e8:03:fd:ab:39:52:1a:05:0f:e6:04:c6:da:ce:01:0f:
d8:de:41:fb:ff:c4:5c:c1:c4:6b:7a:b2:a5:6b:01:4f:43:87:
64:cb:9e:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSX2/B6jXpm+9oY/tvTvei9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOTEzN2JlZmU4YmM1NTkwMzY5MGM3YzQ2YWYxOTdjYzkx
YTcwM2MwHhcNMjUwMTI0MTAyOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTU2N2I0M2ZjYTFlZWY2M2NlZTJhNTAxY2E1ZTliM2Y2Mzk0MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdjpyH7M6qiO+8zz+J8kiiLoq8qq
C5vyzeBtIIrd/+aoe6vd718KJLyZ6Te/pHY7/s8gVq/3eJeBHwNPm+cZK6g4hnyt
SMFwuP28iVblAEaVl9pbKA0bvMNk2DQQpbM6CqvLVmdcSr2hCJV+XXp/KdQDm9re
oCTRP33TSlHXC0Eyn2dYu/rd1E5luiYG90YQFV/0QEuM+ufTHaLBFKM4ZXMtEAU8
GO3hMCPDKl8tgdagRcUX9xWVzok7mbnII8c/1vIK+xKcsvwKG7bIdtReMrTHX5Ej
p3MDsMpk12u2ff8UdRDxqHe1+z5XUm6PEdBJSo3CMB4WxqkJeVPaeJGjkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMFWe0P8oe72PO4qUByl6bP2OUFFMB8GA1UdIwQY
MBaAFEORN77+i8VZA2kMfEavGXzJGnA8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTVFM3Z2Nkx4VmtEYVF4OFJxOFpmTWthY0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy81YWMyMmQtOWU4Zi00NDlkLTgzMDQt
MGY1MmQ4MjhmZDRmLzEvd1ZaN1FfeWg3dlk4N2lwUUhLWHBzX1k1UVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy81YWMyMmQtOWU4Zi00NDlkLTgzMDQtMGY1MmQ4MjhmZDRm
LzEvUTVFM3Z2Nkx4VmtEYVF4OFJxOFpmTWthY0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWMoAwQB
uWMqMA0GCSqGSIb3DQEBCwUAA4IBAQCQ5MaPaHDAdu0mOJkgYEVt2Vk9vMN/kNjJ
mi1T8gEs3OFxpq24cX1QKX+LFTRI+J2uTQ3MDWW2ePKF6Pvc2Gl1df+kms7M7RtR
f7GtZHAMSzZZs8awg3rXlnAMCCLGXe/IJsJOxqrEZa2pO6kDPLgCGIh6AHjRqrmA
mQB5DD/E7C7xB6ZGYj4V6KaG7lxb38s9JiGT5wUDcKnWhZY1BSxt+HQQxNv+XDg8
VS20YLpe3cJZpK37qQ6JlLD9JLG1GJYUqhkr43Miv3I4bXGPoM5iTH/W8AAaDrz2
yugD/as5UhoFD+YExtrOAQ/Y3kH7/8RcwcRrerKlawFPQ4dky578
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:06:07 2025 by rpki-client