Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/633af2-5b4e-4a4c-b139-39607821a09a/1/pqmNhDLFsuAjShv8eRBv7LCZdeQ.roa
File: pqmNhDLFsuAjShv8eRBv7LCZdeQ.roa (raw, json)
Hash identifier: 4AnCNNfJuD5TKIhBZEkiGv9arhdI3blGLXSnAtGto3U=
Subject key identifier: A6:A9:8D:84:32:C5:B2:E0:23:4A:1B:FC:79:10:6F:EC:B0:99:75:E4
Certificate issuer: /CN=9d69b6b2a0a72818d1fa9a46ef2ad7812b95bcc0
Certificate serial: 01967DEBD8737C9C4F2364E5A3A2E3BCDCAE
Authority key identifier: 9D:69:B6:B2:A0:A7:28:18:D1:FA:9A:46:EF:2A:D7:81:2B:95:BC:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nWm2sqCnKBjR-ppG7yrXgSuVvMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/633af2-5b4e-4a4c-b139-39607821a09a/1/pqmNhDLFsuAjShv8eRBv7LCZdeQ.roa
Signing time: Mon 28 Apr 2025 19:42:10 +0000
ROA not before: Mon 28 Apr 2025 19:42:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48847
IP address blocks: 185.176.208.0/22 maxlen: 22
185.176.208.0/24 maxlen: 24
185.176.208.0/27 maxlen: 27
185.176.209.0/24 maxlen: 24
185.176.210.0/24 maxlen: 24
185.176.210.48/29 maxlen: 29
185.176.210.104/29 maxlen: 29
185.176.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/633af2-5b4e-4a4c-b139-39607821a09a/1/nWm2sqCnKBjR-ppG7yrXgSuVvMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/633af2-5b4e-4a4c-b139-39607821a09a/1/nWm2sqCnKBjR-ppG7yrXgSuVvMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/nWm2sqCnKBjR-ppG7yrXgSuVvMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 04:01:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7d:eb:d8:73:7c:9c:4f:23:64:e5:a3:a2:e3:bc:dc:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d69b6b2a0a72818d1fa9a46ef2ad7812b95bcc0
Validity
Not Before: Apr 28 19:42:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6a98d8432c5b2e0234a1bfc79106fecb09975e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:c5:bf:87:fc:ae:fd:d2:75:57:70:e9:db:a8:
ea:b7:e5:dc:95:e8:1b:3c:aa:20:d5:1c:2a:2d:88:
ec:eb:af:e3:0d:7e:42:14:b4:cb:7f:c6:08:6b:5a:
21:a7:0e:f2:e4:78:28:5d:cb:f5:3e:9c:85:72:23:
b4:d1:bd:51:e1:81:6f:cd:74:10:55:0d:ea:be:38:
0e:d6:a1:c6:ce:49:ec:ec:3f:e0:1f:7c:ad:34:bc:
4f:5b:75:4b:f5:ae:75:e2:2e:79:c4:9f:34:25:67:
ce:d8:6f:96:99:ff:9b:8a:eb:36:8e:3e:d8:85:ce:
88:ca:c8:60:19:81:a8:5e:de:fe:a8:37:6b:ca:ae:
b5:a7:df:c8:b7:a2:02:d1:94:b5:18:62:e9:59:1e:
c1:62:87:a7:fd:cb:03:f1:38:79:67:b3:c0:9f:8e:
de:4a:97:1b:21:57:2e:18:d5:2e:2c:9a:fe:74:77:
9b:ae:af:b8:ed:5b:03:33:15:db:b5:38:03:72:48:
a2:12:a2:4c:4c:39:3d:88:8f:0b:e9:b0:0e:c2:1f:
04:13:77:02:5f:51:c4:de:28:b9:a7:54:7b:74:f6:
25:29:9c:49:42:5a:a6:b2:27:45:fb:23:86:d1:d0:
5a:08:1d:2a:e7:ef:d9:d7:3d:a6:85:64:b0:ee:98:
74:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:A9:8D:84:32:C5:B2:E0:23:4A:1B:FC:79:10:6F:EC:B0:99:75:E4
X509v3 Authority Key Identifier:
keyid:9D:69:B6:B2:A0:A7:28:18:D1:FA:9A:46:EF:2A:D7:81:2B:95:BC:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nWm2sqCnKBjR-ppG7yrXgSuVvMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/633af2-5b4e-4a4c-b139-39607821a09a/1/pqmNhDLFsuAjShv8eRBv7LCZdeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/633af2-5b4e-4a4c-b139-39607821a09a/1/nWm2sqCnKBjR-ppG7yrXgSuVvMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.176.208.0/22
Signature Algorithm: sha256WithRSAEncryption
8f:73:0a:51:1f:ce:92:77:17:ee:bb:57:8a:06:1c:b8:6f:b3:
6f:b5:16:51:cb:33:af:97:98:3d:4c:8b:90:a3:2a:73:1a:72:
fe:84:8f:83:ba:b1:03:55:27:43:20:70:61:5a:4e:e1:f5:d9:
04:a9:74:f2:9a:d8:4f:f8:1b:da:f9:a0:76:c4:e7:1d:37:79:
95:1a:a0:68:02:66:a5:5e:26:19:f5:28:2a:2e:db:6e:77:5a:
41:10:59:c0:2a:e8:a9:53:73:be:2d:52:bf:c9:a4:01:a1:53:
43:90:ac:c9:08:4c:1d:2e:5a:10:a7:1c:0a:60:5c:c2:94:cb:
65:ce:bf:7b:3b:98:2c:05:7e:d4:a1:95:01:44:88:9a:68:06:
49:57:69:c8:d5:35:61:0d:d4:c4:22:9c:87:8c:cf:33:c2:7f:
2c:3c:e4:47:dc:56:7f:78:52:dd:b3:9d:78:e4:33:c8:a9:8a:
09:ad:b6:0f:88:86:24:c9:77:0a:5a:d3:05:22:64:5f:bb:45:
45:32:79:b5:23:03:0c:a4:36:b8:99:24:7f:9a:f8:99:f2:be:
f6:08:23:aa:55:a8:f3:2f:c3:46:c0:02:0d:01:f5:04:e5:25:
f8:54:88:91:c0:ab:82:77:37:43:76:12:15:de:24:c4:69:e6:
3d:a0:03:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ969hzfJxPI2Tlo6LjvNyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNjliNmIyYTBhNzI4MThkMWZhOWE0NmVmMmFkNzgxMmI5
NWJjYzAwHhcNMjUwNDI4MTk0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmE5OGQ4NDMyYzViMmUwMjM0YTFiZmM3OTEwNmZlY2IwOTk3NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8W/h/yu/dJ1V3Dp26jqt+Xclegb
PKog1RwqLYjs66/jDX5CFLTLf8YIa1ohpw7y5HgoXcv1PpyFciO00b1R4YFvzXQQ
VQ3qvjgO1qHGzkns7D/gH3ytNLxPW3VL9a514i55xJ80JWfO2G+Wmf+bius2jj7Y
hc6IyshgGYGoXt7+qDdryq61p9/It6IC0ZS1GGLpWR7BYoen/csD8Th5Z7PAn47e
SpcbIVcuGNUuLJr+dHebrq+47VsDMxXbtTgDckiiEqJMTDk9iI8L6bAOwh8EE3cC
X1HE3ii5p1R7dPYlKZxJQlqmsidF+yOG0dBaCB0q5+/Z1z2mhWSw7ph0rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKapjYQyxbLgI0ob/HkQb+ywmXXkMB8GA1UdIwQY
MBaAFJ1ptrKgpygY0fqaRu8q14ErlbzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbldtMnNxQ25LQmpSLXBwRzd5clhnU3VWdk1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS82MzNhZjItNWI0ZS00YTRjLWIxMzkt
Mzk2MDc4MjFhMDlhLzEvcHFtTmhETEZzdUFqU2h2OGVSQnY3TENaZGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS82MzNhZjItNWI0ZS00YTRjLWIxMzktMzk2MDc4MjFhMDlh
LzEvbldtMnNxQ25LQmpSLXBwRzd5clhnU3VWdk1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubDQMA0G
CSqGSIb3DQEBCwUAA4IBAQCPcwpRH86Sdxfuu1eKBhy4b7NvtRZRyzOvl5g9TIuQ
oypzGnL+hI+DurEDVSdDIHBhWk7h9dkEqXTymthP+Bva+aB2xOcdN3mVGqBoAmal
XiYZ9SgqLttud1pBEFnAKuipU3O+LVK/yaQBoVNDkKzJCEwdLloQpxwKYFzClMtl
zr97O5gsBX7UoZUBRIiaaAZJV2nI1TVhDdTEIpyHjM8zwn8sPORH3FZ/eFLds514
5DPIqYoJrbYPiIYkyXcKWtMFImRfu0VFMnm1IwMMpDa4mSR/mviZ8r72CCOqVajz
L8NGwAINAfUE5SX4VIiRwKuCdzdDdhIV3iTEaeY9oANH
-----END CERTIFICATE-----
Generated at Sun May 11 11:21:42 2025 by rpki-client