Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/1-YKY-kDb-ok-O2t52erxOSFI9tY.roa
File: 1-YKY-kDb-ok-O2t52erxOSFI9tY.roa (raw, json)
Hash identifier: Puf+xKue+984oQxVfH82nttD3pZrp9rN15gRLEzYPtg=
Subject key identifier: F9:82:98:FA:40:DB:FA:89:3E:3B:6B:79:D9:EA:F1:39:21:48:F6:D6
Certificate issuer: /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial: 01942143F11B8DCEE4066614982BCB4C3CE9
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/1-YKY-kDb-ok-O2t52erxOSFI9tY.roa
Signing time: Wed 01 Jan 2025 09:48:08 +0000
ROA not before: Wed 01 Jan 2025 09:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138968
IP address blocks: 103.76.85.0/24 maxlen: 24
103.76.87.0/24 maxlen: 24
116.206.92.0/22 maxlen: 24
203.189.232.0/23 maxlen: 24
2a0f:6700::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 12:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:f1:1b:8d:ce:e4:06:66:14:98:2b:cb:4c:3c:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Validity
Not Before: Jan 1 09:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f98298fa40dbfa893e3b6b79d9eaf1392148f6d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:60:e7:84:0a:b7:3a:fa:60:1a:6a:be:a2:cf:
cb:d1:59:93:48:c3:3f:6d:06:8b:67:68:90:a9:fb:
f5:23:00:fc:56:85:c2:5a:27:16:c4:2a:99:98:3f:
d0:b8:dc:ed:55:4a:9e:07:5d:42:01:a9:69:77:9d:
a0:74:1b:c2:cf:ad:46:46:7f:5d:68:a1:44:41:06:
76:4d:46:7f:db:e7:e2:1e:09:1e:f0:eb:18:21:95:
27:b0:59:59:a1:f5:24:31:c7:95:9c:5a:08:e0:17:
2e:1d:1d:6c:58:34:a0:9f:0d:3a:49:d6:74:95:46:
20:14:26:d3:a5:7c:1a:a8:cb:d5:4b:ce:ab:10:20:
a7:03:8b:37:8a:8a:ea:de:59:4f:08:ef:aa:25:09:
33:f5:38:a8:28:26:04:0f:45:1a:f5:7e:f8:8f:ee:
ef:86:35:47:39:6b:1c:01:17:2f:a2:10:fb:86:70:
7c:db:8f:35:96:f7:70:6b:d4:97:f4:1b:37:47:30:
22:84:b5:37:ea:9d:c4:2c:8d:e6:e7:4b:81:27:43:
8a:7c:a1:b4:3e:52:f9:63:1f:ea:5b:b4:7b:9e:2c:
2f:b7:fe:5b:95:b0:80:03:99:37:5d:6c:93:1b:23:
04:67:ff:c4:8e:93:8f:d7:da:5a:97:7d:89:02:1f:
61:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:82:98:FA:40:DB:FA:89:3E:3B:6B:79:D9:EA:F1:39:21:48:F6:D6
X509v3 Authority Key Identifier:
keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/1-YKY-kDb-ok-O2t52erxOSFI9tY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.76.85.0/24
103.76.87.0/24
116.206.92.0/22
203.189.232.0/23
IPv6:
2a0f:6700::/29
Signature Algorithm: sha256WithRSAEncryption
79:e5:bb:4d:c9:eb:fc:e7:04:d9:2c:f3:5a:8c:de:a2:6c:95:
b7:62:0e:bb:f1:c1:42:c8:d9:b4:d8:3c:1e:ec:ff:bd:cf:8b:
c7:d7:9c:a5:50:cf:c0:48:70:93:60:d1:da:39:10:4c:31:67:
b0:6f:70:f1:93:57:2e:89:cc:ed:50:49:14:84:02:7d:75:91:
d8:38:2d:83:94:ec:66:ff:c6:88:df:a3:e0:7b:24:2e:14:7a:
f7:b5:0e:5a:f0:01:37:55:61:d2:00:20:d2:8f:ef:8a:fe:e5:
54:d5:35:bb:b4:10:dd:41:c7:c9:e3:af:8b:74:13:b1:e1:ef:
49:e1:2d:7a:b3:93:e9:34:d3:63:40:1f:82:fc:23:a5:4c:4e:
72:8a:bc:10:4d:2a:01:a3:58:79:56:d5:35:ec:84:2e:d9:4d:
82:25:6a:eb:3e:f3:6b:2b:04:5c:11:39:46:92:8e:1b:1a:20:
eb:30:23:f7:21:fe:86:7a:37:f3:39:f4:4c:9c:5e:15:ff:3b:
52:eb:a1:f0:e3:b6:a5:33:d0:73:3c:23:dd:c9:d4:17:15:99:
b2:bf:99:ae:19:ac:2d:79:64:90:a8:2e:4e:9d:84:a4:ce:78:
34:38:a8:a1:e6:68:38:f5:2f:7f:ae:67:0f:7a:dc:80:eb:20:
30:01:8a:09
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQhQ/Ebjc7kBmYUmCvLTDzpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjUwMTAxMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTgyOThmYTQwZGJmYTg5M2UzYjZiNzlkOWVhZjEzOTIxNDhmNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WDnhAq3OvpgGmq+os/L0VmTSMM/
bQaLZ2iQqfv1IwD8VoXCWicWxCqZmD/QuNztVUqeB11CAalpd52gdBvCz61GRn9d
aKFEQQZ2TUZ/2+fiHgke8OsYIZUnsFlZofUkMceVnFoI4BcuHR1sWDSgnw06SdZ0
lUYgFCbTpXwaqMvVS86rECCnA4s3iorq3llPCO+qJQkz9TioKCYED0Ua9X74j+7v
hjVHOWscARcvohD7hnB82481lvdwa9SX9Bs3RzAihLU36p3ELI3m50uBJ0OKfKG0
PlL5Yx/qW7R7niwvt/5blbCAA5k3XWyTGyMEZ//EjpOP19pal32JAh9hSQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFPmCmPpA2/qJPjtrednq8TkhSPbWMB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvMS1ZS1kta0RiLW9rLU8ydDUyZXJ4T1NGSTl0WS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvZGQ1YTI4LWRmOWQtNDYyNy04MDlkLWJkNWQzZjAwZmJi
Mi8xL256RXVrcGU4SFNmcjYwZHQ2ZzdoWGRkV1ZDMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBABggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAGdMVQME
AGdMVwMEAnTOXAMEAcu96DANBAIAAjAHAwUDKg9nADANBgkqhkiG9w0BAQsFAAOC
AQEAeeW7Tcnr/OcE2SzzWozeomyVt2IOu/HBQsjZtNg8Huz/vc+Lx9ecpVDPwEhw
k2DR2jkQTDFnsG9w8ZNXLonM7VBJFIQCfXWR2Dgtg5TsZv/GiN+j4HskLhR697UO
WvABN1Vh0gAg0o/viv7lVNU1u7QQ3UHHyeOvi3QTseHvSeEterOT6TTTY0Afgvwj
pUxOcoq8EE0qAaNYeVbVNeyELtlNgiVq6z7zaysEXBE5RpKOGxog6zAj9yH+hno3
8zn0TJxeFf87Uuuh8OO2pTPQczwj3cnUFxWZsr+ZrhmsLXlkkKguTp2EpM54NDio
oeZoOPUvf65nD3rcgOsgMAGKCQ==
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:18:49 2025 by rpki-client