Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/cKLdHjbMHa9DWXygLYK3fJRjYqw.roa
File: cKLdHjbMHa9DWXygLYK3fJRjYqw.roa (raw, json)
Hash identifier: aXunewdhx0tio/kXThZoUaubUGfQctWD4RTkIiazOVE=
Subject key identifier: 70:A2:DD:1E:36:CC:1D:AF:43:59:7C:A0:2D:82:B7:7C:94:63:62:AC
Certificate issuer: /CN=e3f70706f6c0cfbd9c73a7f3d83023240a42f50d
Certificate serial: 019423D722D7EE5588838DD0BC6E5E4CFE55
Authority key identifier: E3:F7:07:06:F6:C0:CF:BD:9C:73:A7:F3:D8:30:23:24:0A:42:F5:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4_cHBvbAz72cc6fz2DAjJApC9Q0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/cKLdHjbMHa9DWXygLYK3fJRjYqw.roa
Signing time: Wed 01 Jan 2025 21:48:09 +0000
ROA not before: Wed 01 Jan 2025 21:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20546
IP address blocks: 82.116.96.0/19 maxlen: 24
95.174.128.0/19 maxlen: 24
212.9.32.0/19 maxlen: 24
217.10.64.0/20 maxlen: 24
217.116.112.0/20 maxlen: 24
2001:ab0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/4_cHBvbAz72cc6fz2DAjJApC9Q0.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/4_cHBvbAz72cc6fz2DAjJApC9Q0.mft
rsync://rpki.ripe.net/repository/DEFAULT/4_cHBvbAz72cc6fz2DAjJApC9Q0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:22:d7:ee:55:88:83:8d:d0:bc:6e:5e:4c:fe:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e3f70706f6c0cfbd9c73a7f3d83023240a42f50d
Validity
Not Before: Jan 1 21:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=70a2dd1e36cc1daf43597ca02d82b77c946362ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:94:0f:9f:1f:b5:76:9d:4b:3e:63:9f:fc:e4:
02:26:53:23:b3:7a:e9:e5:8a:d0:a8:6e:47:f5:db:
bf:de:24:16:f4:0b:4e:1b:8a:a0:60:ff:1b:c5:49:
ed:6a:3b:6d:72:12:5e:61:9f:ef:c9:d4:ac:c9:90:
c4:2d:c5:14:9b:35:1a:6e:e9:ba:0f:0c:23:11:65:
99:bc:2b:0f:e4:17:b6:ae:32:eb:36:62:3d:55:d1:
ea:38:e6:a8:7f:3a:fd:4e:a0:00:1a:2c:30:0f:5a:
a6:e9:11:b2:5b:5a:f2:98:0e:61:8a:34:ca:86:5e:
fd:32:ef:90:5e:19:26:36:a5:70:89:e3:cc:69:dd:
f8:87:f9:c0:0e:9a:88:28:df:81:77:91:24:e9:e5:
d0:dc:47:44:ae:7e:a9:7c:7d:77:c2:5a:4b:84:79:
34:df:fc:27:b6:6e:aa:fa:1e:ee:5e:7f:ea:10:60:
da:bc:bf:72:7b:a4:99:12:87:95:f7:d8:5c:b0:6c:
60:66:40:69:9a:66:27:8f:99:d8:d4:8e:cd:e4:23:
f1:83:7c:65:67:99:ab:3a:72:be:d5:8b:ca:47:8c:
da:09:16:c7:e8:6c:a2:3e:fb:1f:9f:f3:4b:1c:9a:
4f:d9:35:fe:65:4c:17:ea:e4:8b:ff:d7:c0:f1:ea:
f8:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:A2:DD:1E:36:CC:1D:AF:43:59:7C:A0:2D:82:B7:7C:94:63:62:AC
X509v3 Authority Key Identifier:
keyid:E3:F7:07:06:F6:C0:CF:BD:9C:73:A7:F3:D8:30:23:24:0A:42:F5:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4_cHBvbAz72cc6fz2DAjJApC9Q0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/cKLdHjbMHa9DWXygLYK3fJRjYqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/286d47-6434-41bd-9aa2-09ff79308bbe/1/4_cHBvbAz72cc6fz2DAjJApC9Q0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.116.96.0/19
95.174.128.0/19
212.9.32.0/19
217.10.64.0/20
217.116.112.0/20
IPv6:
2001:ab0::/29
Signature Algorithm: sha256WithRSAEncryption
24:ee:0e:ca:25:b8:9d:f3:e1:72:1d:0b:de:3d:35:5d:63:ff:
83:65:4f:3a:7f:72:c6:ca:e8:b9:15:63:6a:b2:23:f7:ed:67:
1c:40:25:c4:40:38:f0:79:18:9b:3a:92:b1:14:03:fd:b6:24:
07:c3:78:50:ba:07:db:84:94:44:4b:4d:38:cf:2c:99:30:1f:
1a:d2:f5:96:29:1f:d9:14:b8:32:77:8d:8e:cd:67:bc:8b:09:
95:37:ac:68:cd:4a:a8:50:62:c5:f4:87:05:42:51:17:9a:14:
0f:32:1c:d5:8e:6f:00:ed:db:72:ed:18:ff:7f:e9:ff:93:80:
34:36:df:25:07:38:3c:bb:5f:91:1a:b5:44:40:1b:1a:62:50:
07:a2:25:dd:9a:c1:a2:c1:c2:a4:2b:71:01:87:d6:da:2e:7e:
37:ea:ac:7e:e3:34:45:2d:3d:17:1d:88:b1:2a:90:4a:0b:3d:
78:17:b7:1e:48:a1:ac:a3:28:82:46:30:0a:f5:1e:1e:ee:a8:
7e:b3:3a:88:fc:4b:6e:bc:87:66:b7:75:2c:b0:1c:92:d7:b2:
35:3b:53:76:02:76:8a:5e:00:15:81:ac:ca:cb:58:3b:c7:c6:
ee:53:8f:86:37:40:b3:4d:b5:fd:b0:53:e3:84:f3:d8:3a:55:
2a:b7:c4:54
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQj1yLX7lWIg43QvG5eTP5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZjcwNzA2ZjZjMGNmYmQ5YzczYTdmM2Q4MzAyMzI0MGE0
MmY1MGQwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGEyZGQxZTM2Y2MxZGFmNDM1OTdjYTAyZDgyYjc3Yzk0NjM2MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpQPnx+1dp1LPmOf/OQCJlMjs3rp
5YrQqG5H9du/3iQW9AtOG4qgYP8bxUntajttchJeYZ/vydSsyZDELcUUmzUabum6
DwwjEWWZvCsP5Be2rjLrNmI9VdHqOOaofzr9TqAAGiwwD1qm6RGyW1rymA5hijTK
hl79Mu+QXhkmNqVwiePMad34h/nADpqIKN+Bd5Ek6eXQ3EdErn6pfH13wlpLhHk0
3/wntm6q+h7uXn/qEGDavL9ye6SZEoeV99hcsGxgZkBpmmYnj5nY1I7N5CPxg3xl
Z5mrOnK+1YvKR4zaCRbH6GyiPvsfn/NLHJpP2TX+ZUwX6uSL/9fA8er40wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFHCi3R42zB2vQ1l8oC2Ct3yUY2KsMB8GA1UdIwQY
MBaAFOP3Bwb2wM+9nHOn89gwIyQKQvUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNF9jSEJ2YkF6NzJjYzZmejJEQWpKQXBDOVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8yODZkNDctNjQzNC00MWJkLTlhYTIt
MDlmZjc5MzA4YmJlLzEvY0tMZEhqYk1IYTlEV1h5Z0xZSzNmSlJqWXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8yODZkNDctNjQzNC00MWJkLTlhYTItMDlmZjc5MzA4YmJl
LzEvNF9jSEJ2YkF6NzJjYzZmejJEQWpKQXBDOVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFUnRgAwQF
X66AAwQF1AkgAwQE2QpAAwQE2XRwMA0EAgACMAcDBQMgAQqwMA0GCSqGSIb3DQEB
CwUAA4IBAQAk7g7KJbid8+FyHQvePTVdY/+DZU86f3LGyui5FWNqsiP37WccQCXE
QDjweRibOpKxFAP9tiQHw3hQugfbhJRES004zyyZMB8a0vWWKR/ZFLgyd42OzWe8
iwmVN6xozUqoUGLF9IcFQlEXmhQPMhzVjm8A7dty7Rj/f+n/k4A0Nt8lBzg8u1+R
GrVEQBsaYlAHoiXdmsGiwcKkK3EBh9baLn436qx+4zRFLT0XHYixKpBKCz14F7ce
SKGsoyiCRjAK9R4e7qh+szqI/EtuvIdmt3UssByS17I1O1N2AnaKXgAVgazKy1g7
x8buU4+GN0CzTbX9sFPjhPPYOlUqt8RU
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:00:22 2025 by rpki-client