Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/1KxZYvxri1sxva3r2G7KLnG5z_Y.roa
File: 1KxZYvxri1sxva3r2G7KLnG5z_Y.roa (raw, json)
Hash identifier: 9JXmyyV6BbeWSwFTBJAUkp5UHelZgOhj8wsWM2RqVyk=
Subject key identifier: D4:AC:59:62:FC:6B:8B:5B:31:BD:AD:EB:D8:6E:CA:2E:71:B9:CF:F6
Certificate issuer: /CN=4e4f665d46d6a2abf0521e5cb1f7c451ca337a87
Certificate serial: 0194AB8F5B94AC468CA38D8EBBD0157EA242
Authority key identifier: 4E:4F:66:5D:46:D6:A2:AB:F0:52:1E:5C:B1:F7:C4:51:CA:33:7A:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tk9mXUbWoqvwUh5csffEUcozeoc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/1KxZYvxri1sxva3r2G7KLnG5z_Y.roa
Signing time: Tue 28 Jan 2025 06:18:06 +0000
ROA not before: Tue 28 Jan 2025 06:18:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202047
IP address blocks: 85.208.140.0/24 maxlen: 24
85.208.141.0/24 maxlen: 24
85.208.142.0/24 maxlen: 24
85.208.143.0/24 maxlen: 24
194.169.184.0/24 maxlen: 24
194.169.185.0/24 maxlen: 24
194.169.186.0/24 maxlen: 24
194.169.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/Tk9mXUbWoqvwUh5csffEUcozeoc.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/Tk9mXUbWoqvwUh5csffEUcozeoc.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tk9mXUbWoqvwUh5csffEUcozeoc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ab:8f:5b:94:ac:46:8c:a3:8d:8e:bb:d0:15:7e:a2:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e4f665d46d6a2abf0521e5cb1f7c451ca337a87
Validity
Not Before: Jan 28 06:18:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4ac5962fc6b8b5b31bdadebd86eca2e71b9cff6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:26:f1:46:da:f9:3a:3c:cd:b6:7d:d6:ec:bc:
64:cc:96:9e:8a:de:2c:6d:07:c9:cd:da:1f:53:8b:
a4:f0:af:7d:65:1c:ba:d0:4e:b6:26:16:a8:1e:10:
9e:6f:b7:ac:f0:5b:96:d3:c3:0e:fb:0b:87:29:69:
ec:44:d7:ac:94:f6:67:4f:43:88:d5:93:23:4e:08:
0a:9e:3a:de:ef:48:14:ae:58:41:91:56:94:f3:1e:
80:cd:db:90:81:1e:6a:97:02:66:98:d2:ca:5a:e0:
07:c2:df:6a:fc:ec:5f:40:8d:a4:2c:5d:e0:cb:17:
96:4f:85:d9:ce:c0:9b:b1:fc:67:ca:58:af:c5:56:
35:e3:3a:2c:22:3b:67:3c:f7:2e:2a:f0:08:52:31:
88:88:46:57:c7:c7:68:06:21:d2:31:34:09:b4:f0:
2d:c0:56:c5:bc:c8:cf:0d:93:a5:5e:f6:a7:1d:97:
7a:0c:9f:fb:06:01:f9:d8:c5:89:47:8a:54:1a:97:
53:d3:62:34:86:0c:55:90:34:07:61:7e:4b:24:ee:
b5:2b:b5:79:47:9c:39:f0:ff:0b:79:5d:cf:89:1c:
82:2a:73:19:ed:76:c5:d4:91:c3:fd:dc:cc:76:7f:
4e:07:3b:80:f6:41:88:42:55:0b:a7:da:a0:cc:c0:
00:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:AC:59:62:FC:6B:8B:5B:31:BD:AD:EB:D8:6E:CA:2E:71:B9:CF:F6
X509v3 Authority Key Identifier:
keyid:4E:4F:66:5D:46:D6:A2:AB:F0:52:1E:5C:B1:F7:C4:51:CA:33:7A:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tk9mXUbWoqvwUh5csffEUcozeoc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/1KxZYvxri1sxva3r2G7KLnG5z_Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/270b89-7c47-4263-86a0-0073c2b7a7ee/1/Tk9mXUbWoqvwUh5csffEUcozeoc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.140.0/22
194.169.184.0/22
Signature Algorithm: sha256WithRSAEncryption
af:b9:e6:a9:40:dd:c0:36:c3:e1:cd:c9:d0:7f:cb:d5:09:da:
c6:f3:fd:93:df:7c:5f:2f:cb:4a:e3:39:a8:e5:f2:d5:93:dd:
94:49:a1:22:af:5b:cd:70:eb:b4:d0:18:19:ce:2d:41:73:21:
eb:7f:9c:04:e0:45:08:b6:29:44:48:01:e0:2d:e7:e2:10:4b:
2b:b1:37:b9:74:ac:2a:0f:f4:ef:96:b7:77:c0:4a:e3:ac:dc:
0f:61:cf:17:56:20:68:11:10:d0:2a:d4:9a:4e:58:f1:91:41:
eb:65:d0:a6:33:2d:7c:4a:a4:78:db:e9:c7:30:d6:bb:68:7b:
c1:65:a1:e4:b5:ed:fc:57:ac:72:c9:fb:72:89:0b:2c:fb:36:
35:f9:17:08:75:c7:2f:1b:11:a6:81:05:8d:25:d2:61:7b:91:
93:0e:22:dd:81:06:64:0b:9a:bc:ef:53:9b:b8:8f:a2:8e:d0:
d3:dc:9d:1d:f4:79:db:ae:7c:ad:19:51:88:6c:e4:23:7a:54:
03:fd:c2:3c:c1:6f:5c:24:e1:48:76:d6:69:5b:f6:f3:42:72:
a7:3a:45:c5:68:7a:fc:13:2a:29:f4:17:9a:98:a2:f3:2c:b7:
41:f4:99:6d:5a:37:93:f5:66:00:cd:15:b5:78:2f:8d:f3:c5:
51:78:05:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSrj1uUrEaMo42Ou9AVfqJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNGY2NjVkNDZkNmEyYWJmMDUyMWU1Y2IxZjdjNDUxY2Ez
MzdhODcwHhcNMjUwMTI4MDYxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGFjNTk2MmZjNmI4YjViMzFiZGFkZWJkODZlY2EyZTcxYjljZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ybxRtr5OjzNtn3W7LxkzJaeit4s
bQfJzdofU4uk8K99ZRy60E62JhaoHhCeb7es8FuW08MO+wuHKWnsRNeslPZnT0OI
1ZMjTggKnjre70gUrlhBkVaU8x6AzduQgR5qlwJmmNLKWuAHwt9q/OxfQI2kLF3g
yxeWT4XZzsCbsfxnylivxVY14zosIjtnPPcuKvAIUjGIiEZXx8doBiHSMTQJtPAt
wFbFvMjPDZOlXvanHZd6DJ/7BgH52MWJR4pUGpdT02I0hgxVkDQHYX5LJO61K7V5
R5w58P8LeV3PiRyCKnMZ7XbF1JHD/dzMdn9OBzuA9kGIQlULp9qgzMAAiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNSsWWL8a4tbMb2t69huyi5xuc/2MB8GA1UdIwQY
MBaAFE5PZl1G1qKr8FIeXLH3xFHKM3qHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGs5bVhVYldvcXZ3VWg1Y3NmZkVVY296ZW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yNzBiODktN2M0Ny00MjYzLTg2YTAt
MDA3M2MyYjdhN2VlLzEvMUt4Wll2eHJpMXN4dmEzcjJHN0tMbkc1el9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yNzBiODktN2M0Ny00MjYzLTg2YTAtMDA3M2MyYjdhN2Vl
LzEvVGs5bVhVYldvcXZ3VWg1Y3NmZkVVY296ZW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVdCMAwQC
wqm4MA0GCSqGSIb3DQEBCwUAA4IBAQCvueapQN3ANsPhzcnQf8vVCdrG8/2T33xf
L8tK4zmo5fLVk92USaEir1vNcOu00BgZzi1BcyHrf5wE4EUItilESAHgLefiEEsr
sTe5dKwqD/Tvlrd3wErjrNwPYc8XViBoERDQKtSaTljxkUHrZdCmMy18SqR42+nH
MNa7aHvBZaHkte38V6xyyftyiQss+zY1+RcIdccvGxGmgQWNJdJhe5GTDiLdgQZk
C5q871ObuI+ijtDT3J0d9HnbrnytGVGIbOQjelQD/cI8wW9cJOFIdtZpW/bzQnKn
OkXFaHr8Eyop9BeamKLzLLdB9JltWjeT9WYAzRW1eC+N88VReAXa
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:55:22 2025 by rpki-client