Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/qIt3yAvdRDhdEOuAq_oHtp0daD0.roa
File: qIt3yAvdRDhdEOuAq_oHtp0daD0.roa (raw, json)
Hash identifier: eeo1JYN4250oNykA6vfnL0vc003Ck3pcB2dM4s9ij4E=
Subject key identifier: A8:8B:77:C8:0B:DD:44:38:5D:10:EB:80:AB:FA:07:B6:9D:1D:68:3D
Certificate issuer: /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial: 01966AC7F0D29F6394DB32B24177F5AA2C51
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/qIt3yAvdRDhdEOuAq_oHtp0daD0.roa
Signing time: Fri 25 Apr 2025 02:30:10 +0000
ROA not before: Fri 25 Apr 2025 02:30:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 140.150.8.0/24 maxlen: 24
140.150.13.0/24 maxlen: 24
140.150.16.0/24 maxlen: 24
140.150.17.0/24 maxlen: 24
146.103.69.0/24 maxlen: 24
146.103.70.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 06 May 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6a:c7:f0:d2:9f:63:94:db:32:b2:41:77:f5:aa:2c:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Validity
Not Before: Apr 25 02:30:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a88b77c80bdd44385d10eb80abfa07b69d1d683d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:24:b5:11:be:76:d4:1e:5f:0f:99:54:2a:f9:
2b:17:81:4a:68:ba:38:5d:f8:56:b1:67:95:02:90:
44:ae:56:a2:bc:b0:a0:f7:9b:70:28:a0:aa:08:a6:
aa:66:57:6d:d1:5c:b7:ab:09:b9:e3:6c:77:51:c0:
04:75:6c:5c:de:92:04:b0:54:b2:3e:c3:72:68:ed:
21:67:51:53:c6:80:2c:10:84:8e:dc:82:3b:8c:e1:
5f:50:ef:b3:a2:3d:1f:1b:07:ef:b4:7e:e5:2e:b5:
13:79:aa:64:14:7f:1f:15:c9:1f:6e:96:16:b4:65:
0d:61:c4:b5:33:28:43:b1:71:7c:fe:85:8a:be:aa:
44:59:cf:6d:d3:f2:09:12:82:0f:6b:76:c8:dc:53:
18:62:db:7d:43:d4:c4:ca:9d:73:5a:50:76:28:cb:
ad:b7:74:41:ec:a6:58:9c:19:58:cb:f4:fa:61:8d:
6f:66:5f:85:55:c8:bf:fd:64:0f:64:8c:67:b7:e4:
af:89:8d:94:d5:f2:19:c0:4d:13:e7:63:f3:ab:9b:
ee:a6:a7:9c:e9:b7:7e:ef:05:b4:28:12:98:18:28:
79:65:0f:57:6b:a0:f5:cd:ed:d1:4d:c2:8b:0b:b9:
87:bc:e2:30:e7:08:c6:1f:ae:31:d9:dd:a0:6d:83:
f4:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:8B:77:C8:0B:DD:44:38:5D:10:EB:80:AB:FA:07:B6:9D:1D:68:3D
X509v3 Authority Key Identifier:
keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/qIt3yAvdRDhdEOuAq_oHtp0daD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.8.0/24
140.150.13.0/24
140.150.16.0/23
146.103.69.0-146.103.70.255
Signature Algorithm: sha256WithRSAEncryption
4e:2b:30:b0:f1:1d:85:77:a2:5c:76:f8:f0:bf:2f:23:fc:71:
a1:49:35:30:89:5a:90:13:69:7f:ca:d5:f2:e8:4d:cd:83:ed:
23:27:94:a1:35:d3:b2:34:d3:f0:eb:24:a8:dd:86:79:5c:a5:
f7:b2:78:f3:8d:f9:6e:96:d3:bb:96:2e:1e:15:4a:0f:0c:16:
02:85:be:0f:ad:09:5a:a0:ed:2a:14:66:7a:d9:9b:0a:35:2b:
99:f4:69:30:f8:d5:a8:60:e4:a9:2c:47:44:05:d4:c0:87:95:
26:18:7d:5d:98:dc:c2:d1:8d:84:fa:2a:09:d0:74:da:91:da:
1a:20:53:7b:7b:5a:66:1b:33:ab:a2:49:99:d9:9d:c4:77:30:
6c:db:8b:b2:74:b0:5e:dd:61:be:32:e5:ca:80:20:5c:c6:5b:
d2:19:1d:e2:99:91:12:f4:ed:2d:eb:2c:c0:c6:44:67:0c:1f:
ef:2a:04:44:0b:11:8b:7d:39:93:ee:1f:af:98:c3:4e:3c:88:
4a:46:2d:2a:4c:8e:c9:6d:65:03:1b:8d:2e:28:8c:01:db:74:
f3:3b:9d:a0:3a:cb:68:93:72:2d:20:1c:b1:4a:cb:ec:1f:ab:
43:95:a8:f5:d5:94:4f:e2:8e:2f:03:24:75:34:91:d7:90:c5:
d6:02:02:a8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZZqx/DSn2OU2zKyQXf1qixRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwNDI1MDIzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODhiNzdjODBiZGQ0NDM4NWQxMGViODBhYmZhMDdiNjlkMWQ2ODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SS1Eb521B5fD5lUKvkrF4FKaLo4
XfhWsWeVApBErlaivLCg95twKKCqCKaqZldt0Vy3qwm542x3UcAEdWxc3pIEsFSy
PsNyaO0hZ1FTxoAsEISO3II7jOFfUO+zoj0fGwfvtH7lLrUTeapkFH8fFckfbpYW
tGUNYcS1MyhDsXF8/oWKvqpEWc9t0/IJEoIPa3bI3FMYYtt9Q9TEyp1zWlB2KMut
t3RB7KZYnBlYy/T6YY1vZl+FVci//WQPZIxnt+SviY2U1fIZwE0T52Pzq5vupqec
6bd+7wW0KBKYGCh5ZQ9Xa6D1ze3RTcKLC7mHvOIw5wjGH64x2d2gbYP0/QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKiLd8gL3UQ4XRDrgKv6B7adHWg9MB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvcUl0M3lBdmRSRGhkRU91QXFfb0h0cDBkYUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAjJYIAwQA
jJYNAwQBjJYQMAwDBACSZ0UDBACSZ0YwDQYJKoZIhvcNAQELBQADggEBAE4rMLDx
HYV3olx2+PC/LyP8caFJNTCJWpATaX/K1fLoTc2D7SMnlKE107I00/DrJKjdhnlc
pfeyePON+W6W07uWLh4VSg8MFgKFvg+tCVqg7SoUZnrZmwo1K5n0aTD41ahg5Kks
R0QF1MCHlSYYfV2Y3MLRjYT6KgnQdNqR2hogU3t7WmYbM6uiSZnZncR3MGzbi7J0
sF7dYb4y5cqAIFzGW9IZHeKZkRL07S3rLMDGRGcMH+8qBEQLEYt9OZPuH6+Yw048
iEpGLSpMjsltZQMbjS4ojAHbdPM7naA6y2iTci0gHLFKy+wfq0OVqPXVlE/iji8D
JHU0kdeQxdYCAqg=
-----END CERTIFICATE-----
Generated at Mon May 5 16:12:37 2025 by rpki-client