Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/bKr8UWW3-RF_D0B7S4TpF3ssvtc.roa
File: bKr8UWW3-RF_D0B7S4TpF3ssvtc.roa (raw, json)
Hash identifier: kYFW2by3SyFaWc3VlVXDw0SIgIp3P05RN26zndjXy/k=
Subject key identifier: 6C:AA:FC:51:65:B7:F9:11:7F:0F:40:7B:4B:84:E9:17:7B:2C:BE:D7
Certificate issuer: /CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
Certificate serial: 019423697CFE2D5D4BC9572FCC4289094AD6
Authority key identifier: 0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/bKr8UWW3-RF_D0B7S4TpF3ssvtc.roa
Signing time: Wed 01 Jan 2025 19:48:23 +0000
ROA not before: Wed 01 Jan 2025 19:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 55002
IP address blocks: 87.237.108.0/24 maxlen: 24
87.237.109.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.mft
rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 22:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:7c:fe:2d:5d:4b:c9:57:2f:cc:42:89:09:4a:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
Validity
Not Before: Jan 1 19:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6caafc5165b7f9117f0f407b4b84e9177b2cbed7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:ac:5b:54:4a:6e:0c:e1:b1:b9:19:9a:aa:0d:
3a:2b:66:ea:1a:cf:20:c8:0a:90:28:21:73:ad:dd:
dc:75:fc:b9:e3:d8:bf:40:3a:82:9c:58:b0:e5:fa:
e6:cd:8c:85:5a:78:fb:34:52:3d:c3:4a:a3:c3:87:
b9:12:30:9b:55:cc:54:93:8f:20:ee:76:eb:c9:7f:
a2:93:5f:0b:cc:a0:ab:0e:ff:b5:e4:b2:6e:07:b2:
57:16:74:ee:b3:a9:c4:56:b0:2f:5e:ae:4f:16:c5:
72:48:40:e8:f4:cd:72:0d:d5:65:5f:b7:52:7b:36:
b7:7d:ab:d9:78:00:b2:9c:34:98:ec:55:c4:08:32:
89:05:b9:9e:39:8f:4f:0a:65:12:54:a5:ff:e3:f3:
5c:85:32:07:40:88:44:bd:6d:b8:56:04:e4:f6:63:
2e:aa:f5:02:15:24:02:d0:00:a5:06:92:0d:17:ba:
99:74:1a:d9:15:ce:74:b8:1b:f3:98:41:0f:13:72:
96:c7:a7:07:3f:6a:14:b4:3f:e9:92:e0:74:eb:fd:
d5:91:6f:c6:c8:f5:a2:dd:0b:40:ce:94:85:92:03:
52:7f:2a:c7:66:f1:3d:6d:6a:f5:7a:e0:d2:1f:8f:
48:4d:b4:df:3c:ee:c3:29:9b:36:62:e5:b1:0a:62:
13:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:AA:FC:51:65:B7:F9:11:7F:0F:40:7B:4B:84:E9:17:7B:2C:BE:D7
X509v3 Authority Key Identifier:
keyid:0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/bKr8UWW3-RF_D0B7S4TpF3ssvtc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.237.108.0/23
Signature Algorithm: sha256WithRSAEncryption
b1:32:42:b6:d1:e4:13:e6:fd:d8:c9:84:3d:d6:34:33:48:d9:
f8:27:6b:63:f3:12:1e:dd:53:e3:b9:b2:29:10:a1:32:c4:85:
e6:fd:58:5b:ae:42:05:a8:4c:6f:46:17:bc:4f:9f:9d:c7:3e:
66:92:09:74:c2:6c:6d:b3:be:13:38:27:cd:3c:ba:96:ff:88:
24:3b:1c:67:f3:22:60:4d:a3:f7:41:87:ef:7d:b2:d3:70:c2:
5a:27:62:33:4f:db:40:61:da:a1:9c:84:dd:10:63:ee:0f:83:
21:1a:0b:30:77:ae:e7:4d:fc:a1:30:23:01:96:7a:81:ca:eb:
4a:fa:ba:d0:a6:e7:e4:e1:a5:8b:bd:a4:5c:7c:04:60:4d:7a:
e7:fd:6a:05:00:04:29:ca:4f:4d:1c:2e:2d:2f:16:fd:33:b5:
67:30:13:b3:b5:ce:c9:e1:86:1c:7b:ef:1d:a1:7f:ad:1b:42:
b5:40:d0:de:06:ed:5c:e9:33:c0:62:3e:96:5c:58:51:31:1d:
70:d6:e7:8d:80:ee:8f:ab:e8:1f:63:6a:84:d2:07:9b:e3:5a:
d3:f9:6b:22:61:33:a8:dc:25:65:71:48:03:dc:db:d6:a9:49:
08:01:2e:83:16:99:00:a1:f0:6c:be:43:33:11:92:1c:38:04:
b8:30:5c:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaXz+LV1LyVcvzEKJCUrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZjYxNzk4ZGQxODk2NWMwMjdhZmE3ZjkzYWUwMzBmZjVl
MWQ3NmUwHhcNMjUwMTAxMTk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2FhZmM1MTY1YjdmOTExN2YwZjQwN2I0Yjg0ZTkxNzdiMmNiZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaxbVEpuDOGxuRmaqg06K2bqGs8g
yAqQKCFzrd3cdfy549i/QDqCnFiw5frmzYyFWnj7NFI9w0qjw4e5EjCbVcxUk48g
7nbryX+ik18LzKCrDv+15LJuB7JXFnTus6nEVrAvXq5PFsVySEDo9M1yDdVlX7dS
eza3favZeACynDSY7FXECDKJBbmeOY9PCmUSVKX/4/NchTIHQIhEvW24VgTk9mMu
qvUCFSQC0AClBpINF7qZdBrZFc50uBvzmEEPE3KWx6cHP2oUtD/pkuB06/3VkW/G
yPWi3QtAzpSFkgNSfyrHZvE9bWr1euDSH49ITbTfPO7DKZs2YuWxCmITvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyq/FFlt/kRfw9Ae0uE6Rd7LL7XMB8GA1UdIwQY
MBaAFAr2F5jdGJZcAnr6f5OuAw/14dduMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEt
ZDZlMWUzNDdmOWM3LzEvYktyOFVXVzMtUkZfRDBCN1M0VHBGM3NzdnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEtZDZlMWUzNDdmOWM3
LzEvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV+1sMA0G
CSqGSIb3DQEBCwUAA4IBAQCxMkK20eQT5v3YyYQ91jQzSNn4J2tj8xIe3VPjubIp
EKEyxIXm/VhbrkIFqExvRhe8T5+dxz5mkgl0wmxts74TOCfNPLqW/4gkOxxn8yJg
TaP3QYfvfbLTcMJaJ2IzT9tAYdqhnITdEGPuD4MhGgswd67nTfyhMCMBlnqByutK
+rrQpufk4aWLvaRcfARgTXrn/WoFAAQpyk9NHC4tLxb9M7VnMBOztc7J4YYce+8d
oX+tG0K1QNDeBu1c6TPAYj6WXFhRMR1w1ueNgO6Pq+gfY2qE0geb41rT+WsiYTOo
3CVlcUgD3NvWqUkIAS6DFpkAofBsvkMzEZIcOAS4MFx+
-----END CERTIFICATE-----
Generated at Sun Apr 6 02:23:24 2025 by rpki-client