Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/KYw5Kj_weN6Qm3KwiIVIrurQ0bc.roa
File: KYw5Kj_weN6Qm3KwiIVIrurQ0bc.roa (raw, json)
Hash identifier: EGFVxLdkIPiRC9X72BBMFwRMiHt1kYN13kO+xHp1ecQ=
Subject key identifier: 29:8C:39:2A:3F:F0:78:DE:90:9B:72:B0:88:85:48:AE:EA:D0:D1:B7
Certificate issuer: /CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Certificate serial: 019421B23977144B29B0F98F64A9CCACCC50
Authority key identifier: F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/KYw5Kj_weN6Qm3KwiIVIrurQ0bc.roa
Signing time: Wed 01 Jan 2025 11:48:35 +0000
ROA not before: Wed 01 Jan 2025 11:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56696
IP address blocks: 77.246.48.0/21 maxlen: 24
217.15.117.0/24 maxlen: 24
217.15.118.0/23 maxlen: 24
217.15.120.0/22 maxlen: 24
217.74.235.0/24 maxlen: 24
217.74.237.0/24 maxlen: 24
217.74.238.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl
rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.mft
rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:39:77:14:4b:29:b0:f9:8f:64:a9:cc:ac:cc:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Validity
Not Before: Jan 1 11:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=298c392a3ff078de909b72b0888548aeead0d1b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:19:1e:44:fc:09:b8:76:7d:41:86:e0:56:84:
83:40:be:65:e2:da:65:af:9e:23:38:ca:52:1a:e1:
c6:df:88:3e:65:3e:48:14:de:a1:d8:0a:79:73:ae:
f9:3f:29:af:3e:b5:80:08:23:e9:c6:53:74:5d:86:
8e:26:b8:10:1d:72:26:0f:ae:5a:f0:04:d6:54:61:
2e:f1:b6:00:1f:73:6c:21:5b:9f:1f:4e:5c:6e:e0:
af:e7:38:6a:d0:af:0c:5f:19:58:22:d8:de:43:d3:
a0:6d:f4:8d:f9:88:6a:e5:93:ec:e0:a4:e7:aa:33:
4d:ab:3f:1f:8b:51:f3:b1:8e:b9:22:cb:da:3e:fa:
72:39:c0:a1:a9:2f:c9:28:cc:ac:ad:0e:96:85:84:
66:5f:e0:89:42:65:11:28:86:b6:57:a6:e9:a6:a7:
44:8a:26:c2:6b:01:84:4a:6f:ef:f9:ed:35:96:38:
38:16:19:69:b0:2c:c8:5c:5d:4c:ae:38:58:57:18:
60:5d:a8:bf:e5:1b:3b:23:73:91:ea:dd:e5:d4:f5:
fb:5e:55:4b:77:af:3e:a1:a4:91:64:53:35:94:fd:
aa:86:b9:46:11:22:ce:1b:0e:8d:94:d8:57:21:13:
93:60:04:54:a6:96:a9:bb:a6:29:25:a9:36:0e:51:
64:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:8C:39:2A:3F:F0:78:DE:90:9B:72:B0:88:85:48:AE:EA:D0:D1:B7
X509v3 Authority Key Identifier:
keyid:F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/KYw5Kj_weN6Qm3KwiIVIrurQ0bc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.246.48.0/21
217.15.117.0-217.15.123.255
217.74.235.0/24
217.74.237.0-217.74.239.255
Signature Algorithm: sha256WithRSAEncryption
0a:a4:ec:21:39:09:ea:9a:4c:79:7b:0b:d2:01:14:6a:b6:9f:
a9:e8:56:20:14:5e:10:82:19:fa:fd:0b:0e:e3:88:c4:4d:92:
0c:6a:e9:41:28:71:42:ea:59:69:e3:6d:77:97:6e:cc:c8:36:
e6:f9:b2:6c:06:cc:b4:6b:4a:8f:34:60:39:a8:77:8b:96:4e:
ac:90:25:52:26:f4:ca:8b:0c:dc:97:e6:15:39:da:a8:ba:ae:
ff:e6:90:91:62:85:ab:21:2a:58:2e:5a:97:ea:fe:31:9d:1a:
95:f3:6a:71:c7:6a:59:60:af:c6:96:8c:c2:98:a4:f7:86:bb:
93:d6:3a:9c:c1:5b:56:2b:f7:fb:52:a7:5b:44:c0:49:bd:7f:
3a:23:7e:24:78:e4:81:39:e2:2e:0b:78:5e:03:b3:56:a1:64:
8b:61:d9:0e:29:98:0a:20:b9:1a:b5:3d:ae:89:90:fb:ce:5d:
7a:35:91:c6:e2:0b:a0:0c:39:2a:2d:f6:27:e9:56:bf:b0:04:
3c:f1:37:82:c3:f1:49:2c:d2:57:12:0a:66:eb:ed:fc:79:3f:
bf:21:32:1d:1a:9b:a9:b0:06:d8:9b:2d:27:40:01:dd:5b:b6:
3a:f1:12:11:aa:28:fe:b8:a1:16:1e:d5:9c:d7:ac:87:25:91:
f2:5c:b0:13
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQhsjl3FEspsPmPZKnMrMxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTc2NzNjNzhlZmFlNWY2YmQ4MGEyNWFjZTNkM2MzNzE5
M2U3ODkwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOThjMzkyYTNmZjA3OGRlOTA5YjcyYjA4ODg1NDhhZWVhZDBkMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxkeRPwJuHZ9QYbgVoSDQL5l4tpl
r54jOMpSGuHG34g+ZT5IFN6h2Ap5c675PymvPrWACCPpxlN0XYaOJrgQHXImD65a
8ATWVGEu8bYAH3NsIVufH05cbuCv5zhq0K8MXxlYItjeQ9OgbfSN+Yhq5ZPs4KTn
qjNNqz8fi1HzsY65IsvaPvpyOcChqS/JKMysrQ6WhYRmX+CJQmURKIa2V6bppqdE
iibCawGESm/v+e01ljg4FhlpsCzIXF1MrjhYVxhgXai/5Rs7I3OR6t3l1PX7XlVL
d68+oaSRZFM1lP2qhrlGESLOGw6NlNhXIROTYARUppapu6YpJak2DlFkGwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCmMOSo/8HjekJtysIiFSK7q0NG3MB8GA1UdIwQY
MBaAFPSXZzx4765fa9gKJazj08Nxk+eJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYt
NmUwNjk2ZmVlOGU2LzEvS1l3NUtqX3dlTjZRbTNLd2lJVklydXJRMGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYtNmUwNjk2ZmVlOGU2
LzEvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQDTfYwMAwD
BADZD3UDBALZD3gDBADZSuswDAMEANlK7QMEBNlK4DANBgkqhkiG9w0BAQsFAAOC
AQEACqTsITkJ6ppMeXsL0gEUarafqehWIBReEIIZ+v0LDuOIxE2SDGrpQShxQupZ
aeNtd5duzMg25vmybAbMtGtKjzRgOah3i5ZOrJAlUib0yosM3JfmFTnaqLqu/+aQ
kWKFqyEqWC5al+r+MZ0alfNqccdqWWCvxpaMwpik94a7k9Y6nMFbViv3+1KnW0TA
Sb1/OiN+JHjkgTniLgt4XgOzVqFki2HZDimYCiC5GrU9romQ+85dejWRxuILoAw5
Ki32J+lWv7AEPPE3gsPxSSzSVxIKZuvt/Hk/vyEyHRqbqbAG2JstJ0AB3Vu2OvES
Eaoo/rihFh7VnNeshyWR8lywEw==
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:27:02 2025 by rpki-client