Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/3QQtgp_hLxG713VpJVDxkBcKrLQ.roa
File: 3QQtgp_hLxG713VpJVDxkBcKrLQ.roa (raw, json)
Hash identifier: zgs4StoBXNZwHgMUh0gcgmwGEv4iOGkdSV2RIbo/as0=
Subject key identifier: DD:04:2D:82:9F:E1:2F:11:BB:D7:75:69:25:50:F1:90:17:0A:AC:B4
Certificate issuer: /CN=582e2170a7bcbec310154f2bce99833fec2801fb
Certificate serial: 019423D73B2E5736C0D6AD0443597FD1257E
Authority key identifier: 58:2E:21:70:A7:BC:BE:C3:10:15:4F:2B:CE:99:83:3F:EC:28:01:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WC4hcKe8vsMQFU8rzpmDP-woAfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/3QQtgp_hLxG713VpJVDxkBcKrLQ.roa
Signing time: Wed 01 Jan 2025 21:48:15 +0000
ROA not before: Wed 01 Jan 2025 21:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200184
IP address blocks: 67.63.56.0/24 maxlen: 24
67.63.57.0/24 maxlen: 24
67.63.58.0/24 maxlen: 24
67.63.59.0/24 maxlen: 24
67.63.60.0/24 maxlen: 24
67.63.61.0/24 maxlen: 24
67.63.62.0/24 maxlen: 24
67.63.63.0/24 maxlen: 24
80.75.216.0/24 maxlen: 24
2a13:f800::/29 maxlen: 64
2a13:f800:1001::/48 maxlen: 48
2a13:f800:3101::/48 maxlen: 48
2a13:f800:3102::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/WC4hcKe8vsMQFU8rzpmDP-woAfs.crl
rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/WC4hcKe8vsMQFU8rzpmDP-woAfs.mft
rsync://rpki.ripe.net/repository/DEFAULT/WC4hcKe8vsMQFU8rzpmDP-woAfs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 10:07:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:3b:2e:57:36:c0:d6:ad:04:43:59:7f:d1:25:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=582e2170a7bcbec310154f2bce99833fec2801fb
Validity
Not Before: Jan 1 21:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd042d829fe12f11bbd775692550f190170aacb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:35:f2:3d:92:4a:44:4c:0c:9f:e8:8f:b7:77:
3f:0e:a1:2a:d4:03:52:3c:a2:0d:3d:ce:b5:40:98:
1a:a4:de:3d:2b:cb:0e:73:90:f7:c4:62:72:b5:2f:
60:58:bf:74:ea:2e:b8:4b:55:da:0c:d9:a7:76:0f:
7c:9e:88:23:70:5b:6e:db:86:e2:7c:e9:65:ba:3c:
4b:84:a3:b9:6f:80:fc:7b:4e:25:93:e0:05:91:51:
58:07:6a:35:2d:94:d3:81:0c:23:f3:62:51:76:4d:
62:54:26:7e:da:0f:42:dd:7e:30:db:0c:3c:a0:6a:
a0:82:b5:13:dd:a1:1d:8d:39:da:77:1f:ca:13:db:
34:8a:56:fe:d2:df:5b:99:1e:20:8f:10:e1:11:96:
ef:25:61:19:87:32:86:61:74:03:34:af:b6:34:72:
6a:0a:21:16:b5:f7:f1:8d:bc:6d:f2:9a:7a:8e:4e:
3a:64:47:62:d3:5e:62:0c:e7:64:15:1a:7b:2d:77:
7d:e5:e0:d0:41:74:28:9a:59:fb:6d:f8:ea:94:d6:
3d:b3:38:e9:32:8a:18:d4:0b:1e:fb:37:00:90:27:
bd:13:08:66:2b:03:1d:63:47:cc:b3:7c:09:1b:3a:
c3:6e:be:34:c4:78:aa:1d:64:0a:8e:67:47:6d:bf:
11:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:04:2D:82:9F:E1:2F:11:BB:D7:75:69:25:50:F1:90:17:0A:AC:B4
X509v3 Authority Key Identifier:
keyid:58:2E:21:70:A7:BC:BE:C3:10:15:4F:2B:CE:99:83:3F:EC:28:01:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WC4hcKe8vsMQFU8rzpmDP-woAfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/3QQtgp_hLxG713VpJVDxkBcKrLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/WC4hcKe8vsMQFU8rzpmDP-woAfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
67.63.56.0/21
80.75.216.0/24
IPv6:
2a13:f800::/29
Signature Algorithm: sha256WithRSAEncryption
8f:d8:35:9a:2a:21:1f:54:4e:2e:11:a8:74:30:d2:1a:7a:d8:
60:42:1d:df:2b:27:ba:9a:38:bd:83:51:c3:2c:5b:8b:99:71:
2c:28:43:7f:34:95:13:ed:0a:d0:ca:7d:31:8a:f2:c6:67:a1:
a8:a7:45:76:57:59:ac:8b:4c:1b:a4:36:dd:a3:d7:3a:b8:9a:
66:70:5b:31:9d:67:fa:c6:4d:27:74:03:a6:7e:a9:c6:5b:d9:
f7:ca:bc:f7:0f:89:05:f3:68:a5:dc:6d:6e:8a:7c:b4:93:d5:
8b:b0:1e:a5:d8:71:c2:e6:c6:16:71:8d:6f:38:b8:00:96:f9:
6d:7f:08:4f:1e:fe:81:87:7e:66:57:5b:07:6c:c9:ed:ae:8e:
fd:f3:7d:47:c0:4a:88:6a:67:ae:56:36:a5:9e:a4:3b:91:9b:
30:88:2a:ad:39:d9:fa:dc:1e:fb:0c:68:97:98:05:85:11:5d:
0b:d8:0e:46:e2:87:0a:cd:a2:7b:f8:e0:33:18:80:44:f9:29:
28:b9:c5:9b:9f:e0:07:91:22:87:4b:91:57:40:57:b2:47:7c:
52:5c:50:c2:7a:27:79:78:98:d5:01:a8:6b:89:4f:8e:b3:14:
32:a1:ed:54:a8:53:13:f7:f8:4f:aa:64:ee:dd:eb:ce:1e:6d:
85:74:cb:7d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1zsuVzbA1q0EQ1l/0SV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MmUyMTcwYTdiY2JlYzMxMDE1NGYyYmNlOTk4MzNmZWMy
ODAxZmIwHhcNMjUwMTAxMjE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDA0MmQ4MjlmZTEyZjExYmJkNzc1NjkyNTUwZjE5MDE3MGFhY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDXyPZJKREwMn+iPt3c/DqEq1ANS
PKINPc61QJgapN49K8sOc5D3xGJytS9gWL906i64S1XaDNmndg98nogjcFtu24bi
fOllujxLhKO5b4D8e04lk+AFkVFYB2o1LZTTgQwj82JRdk1iVCZ+2g9C3X4w2ww8
oGqggrUT3aEdjTnadx/KE9s0ilb+0t9bmR4gjxDhEZbvJWEZhzKGYXQDNK+2NHJq
CiEWtffxjbxt8pp6jk46ZEdi015iDOdkFRp7LXd95eDQQXQomln7bfjqlNY9szjp
MooY1Ase+zcAkCe9EwhmKwMdY0fMs3wJGzrDbr40xHiqHWQKjmdHbb8REwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN0ELYKf4S8Ru9d1aSVQ8ZAXCqy0MB8GA1UdIwQY
MBaAFFguIXCnvL7DEBVPK86Zgz/sKAH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0M0aGNLZTh2c01RRlU4cnpwbURQLXdvQWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi84MWVkNDEtZTM2Yi00NWY3LTkwZTct
YjJmZDliZjA5N2Y4LzEvM1FRdGdwX2hMeEc3MTNWcEpWRHhrQmNLckxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi84MWVkNDEtZTM2Yi00NWY3LTkwZTctYjJmZDliZjA5N2Y4
LzEvV0M0aGNLZTh2c01RRlU4cnpwbURQLXdvQWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDQz84AwQA
UEvYMA0EAgACMAcDBQMqE/gAMA0GCSqGSIb3DQEBCwUAA4IBAQCP2DWaKiEfVE4u
Eah0MNIaethgQh3fKye6mji9g1HDLFuLmXEsKEN/NJUT7QrQyn0xivLGZ6Gop0V2
V1msi0wbpDbdo9c6uJpmcFsxnWf6xk0ndAOmfqnGW9n3yrz3D4kF82il3G1uiny0
k9WLsB6l2HHC5sYWcY1vOLgAlvltfwhPHv6Bh35mV1sHbMntro79831HwEqIameu
VjalnqQ7kZswiCqtOdn63B77DGiXmAWFEV0L2A5G4ocKzaJ7+OAzGIBE+SkoucWb
n+AHkSKHS5FXQFeyR3xSXFDCeid5eJjVAahriU+OsxQyoe1UqFMT9/hPqmTu3evO
Hm2FdMt9
-----END CERTIFICATE-----
Generated at Sun Apr 6 19:26:54 2025 by rpki-client