Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/oqk5KJmujXiysaX8VXypTA2T7SQ.roa
File: oqk5KJmujXiysaX8VXypTA2T7SQ.roa (raw, json)
Hash identifier: 4j1HmrhOCzuuehX5YxvRwuekL1PdjN0/UeE0+HMMfsk=
Subject key identifier: A2:A9:39:28:99:AE:8D:78:B2:B1:A5:FC:55:7C:A9:4C:0D:93:ED:24
Certificate issuer: /CN=dafef97ca010bad4ff59ef7d2b6bc9077860aab2
Certificate serial: 019547DF6D5E9A588FF8B98F7D8F8C69F584
Authority key identifier: DA:FE:F9:7C:A0:10:BA:D4:FF:59:EF:7D:2B:6B:C9:07:78:60:AA:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2v75fKAQutT_We99K2vJB3hgqrI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/oqk5KJmujXiysaX8VXypTA2T7SQ.roa
Signing time: Thu 27 Feb 2025 14:46:19 +0000
ROA not before: Thu 27 Feb 2025 14:46:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201078
IP address blocks: 82.163.160.0/22 maxlen: 22
85.194.233.0/24 maxlen: 24
185.85.4.0/22 maxlen: 22
185.158.60.0/22 maxlen: 22
185.201.104.0/22 maxlen: 22
2a05:a900::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/2v75fKAQutT_We99K2vJB3hgqrI.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/2v75fKAQutT_We99K2vJB3hgqrI.mft
rsync://rpki.ripe.net/repository/DEFAULT/2v75fKAQutT_We99K2vJB3hgqrI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Apr 2025 17:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:47:df:6d:5e:9a:58:8f:f8:b9:8f:7d:8f:8c:69:f5:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dafef97ca010bad4ff59ef7d2b6bc9077860aab2
Validity
Not Before: Feb 27 14:46:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a2a9392899ae8d78b2b1a5fc557ca94c0d93ed24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:80:0b:4f:de:b2:5a:fb:72:df:51:ce:41:e8:
ed:af:db:5a:bd:91:4f:14:af:e5:32:3a:33:12:03:
70:bd:8a:bf:96:17:5c:c8:05:51:de:ea:43:dc:98:
1b:59:e3:45:81:57:30:63:1e:91:f4:02:b7:f5:85:
54:26:b8:b5:f2:d7:76:0c:ad:29:c6:e3:0f:ea:23:
2e:ad:e6:1a:d1:7b:65:10:10:41:78:6a:53:0e:fd:
a6:3a:88:e6:a8:93:de:d2:d3:55:19:b3:61:10:03:
62:e7:3d:60:89:8e:c7:69:04:d9:ad:ab:88:d1:5b:
4e:23:1f:81:2f:46:d0:31:de:3f:9d:6c:3f:d0:15:
1c:6d:49:94:78:0a:bb:38:bb:c0:8a:b9:99:42:f9:
cf:52:75:be:1f:d2:59:43:1f:95:99:32:ee:8f:ba:
5e:44:c4:94:6b:fc:0e:dd:dc:5b:91:36:1b:e7:42:
54:d6:8d:a0:0c:b5:c6:c5:29:e3:17:09:9e:13:fa:
b1:1f:b0:91:a4:59:c4:d7:4e:c3:cc:0e:69:eb:2a:
7a:21:4c:f6:d3:97:81:55:bd:e1:4f:0a:32:21:b3:
02:16:d9:08:25:30:4c:45:35:fe:9e:aa:3b:82:51:
00:99:23:44:a2:04:bd:9b:18:d2:fa:9a:f4:42:8f:
62:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:A9:39:28:99:AE:8D:78:B2:B1:A5:FC:55:7C:A9:4C:0D:93:ED:24
X509v3 Authority Key Identifier:
keyid:DA:FE:F9:7C:A0:10:BA:D4:FF:59:EF:7D:2B:6B:C9:07:78:60:AA:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2v75fKAQutT_We99K2vJB3hgqrI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/oqk5KJmujXiysaX8VXypTA2T7SQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/2v75fKAQutT_We99K2vJB3hgqrI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.163.160.0/22
85.194.233.0/24
185.85.4.0/22
185.158.60.0/22
185.201.104.0/22
IPv6:
2a05:a900::/29
Signature Algorithm: sha256WithRSAEncryption
b3:46:9f:56:0b:a7:66:b8:27:b6:74:ed:b2:8f:51:a5:04:23:
8c:99:b6:e5:e2:e3:62:ab:2c:0e:d7:38:60:d0:2a:09:96:c1:
ed:3e:a6:d7:40:03:de:a7:78:9e:fa:b1:6d:59:7e:7d:96:af:
e4:0d:d4:0c:ef:3e:fe:fa:a7:1b:d7:4a:a6:81:00:3a:95:b0:
38:39:22:f8:60:a9:0e:33:7b:c8:e1:77:7e:32:d1:0d:1d:9f:
3c:8b:8a:e7:b3:48:ee:18:4f:6b:46:72:bf:d9:3b:ed:9d:03:
95:4f:cf:d1:e1:08:12:15:8e:d2:14:35:62:c5:43:6d:ae:a2:
06:42:fd:d3:30:39:73:90:2a:58:31:f6:b0:3a:ab:29:31:41:
ca:c9:a3:a3:ad:ca:95:00:aa:da:bc:d4:05:8d:af:0f:2a:9f:
eb:59:d6:cf:cd:cf:e4:28:33:b0:9f:25:7a:b7:76:a7:03:d3:
8a:f3:bf:52:09:79:c0:34:ae:bf:a7:02:00:b7:2b:73:fd:06:
68:2c:9f:5e:11:46:0e:e1:b5:fd:3a:20:8a:de:b9:c2:26:c2:
46:ee:cd:d0:77:b4:bc:1c:7b:a4:93:44:73:7e:a6:33:2d:c9:
14:2d:1c:64:85:26:5a:bf:d7:36:5a:73:21:30:22:09:5d:e5:
93:ca:8a:49
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZVH321emliP+LmPfY+MafWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmVmOTdjYTAxMGJhZDRmZjU5ZWY3ZDJiNmJjOTA3Nzg2
MGFhYjIwHhcNMjUwMjI3MTQ0NjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmE5MzkyODk5YWU4ZDc4YjJiMWE1ZmM1NTdjYTk0YzBkOTNlZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74ALT96yWvty31HOQejtr9tavZFP
FK/lMjozEgNwvYq/lhdcyAVR3upD3JgbWeNFgVcwYx6R9AK39YVUJri18td2DK0p
xuMP6iMureYa0XtlEBBBeGpTDv2mOojmqJPe0tNVGbNhEANi5z1giY7HaQTZrauI
0VtOIx+BL0bQMd4/nWw/0BUcbUmUeAq7OLvAirmZQvnPUnW+H9JZQx+VmTLuj7pe
RMSUa/wO3dxbkTYb50JU1o2gDLXGxSnjFwmeE/qxH7CRpFnE107DzA5p6yp6IUz2
05eBVb3hTwoyIbMCFtkIJTBMRTX+nqo7glEAmSNEogS9mxjS+pr0Qo9i/QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKKpOSiZro14srGl/FV8qUwNk+0kMB8GA1UdIwQY
MBaAFNr++XygELrU/1nvfStryQd4YKqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnY3NWZLQVF1dFRfV2U5OUsydkpCM2hncXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yOTIxZTYtODFjNi00NDQ3LTlkNzgt
YmZhOTRlYjFhYTAyLzEvb3FrNUtKbXVqWGl5c2FYOFZYeXBUQTJUN1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yOTIxZTYtODFjNi00NDQ3LTlkNzgtYmZhOTRlYjFhYTAy
LzEvMnY3NWZLQVF1dFRfV2U5OUsydkpCM2hncXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCUqOgAwQA
VcLpAwQCuVUEAwQCuZ48AwQCucloMA0EAgACMAcDBQMqBakAMA0GCSqGSIb3DQEB
CwUAA4IBAQCzRp9WC6dmuCe2dO2yj1GlBCOMmbbl4uNiqywO1zhg0CoJlsHtPqbX
QAPep3ie+rFtWX59lq/kDdQM7z7++qcb10qmgQA6lbA4OSL4YKkOM3vI4Xd+MtEN
HZ88i4rns0juGE9rRnK/2TvtnQOVT8/R4QgSFY7SFDVixUNtrqIGQv3TMDlzkCpY
MfawOqspMUHKyaOjrcqVAKravNQFja8PKp/rWdbPzc/kKDOwnyV6t3anA9OK879S
CXnANK6/pwIAtytz/QZoLJ9eEUYO4bX9OiCK3rnCJsJG7s3Qd7S8HHukk0RzfqYz
LckULRxkhSZav9c2WnMhMCIJXeWTyopJ
-----END CERTIFICATE-----
Generated at Mon Apr 21 03:11:26 2025 by rpki-client