Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/okLiPnx_37wLDBmkCPiMjbS6_g8.roa
File: okLiPnx_37wLDBmkCPiMjbS6_g8.roa (raw, json)
Hash identifier: ASj3E5a6QDi3UoVchGVURUpzI7Z729JGPp26Uv4mP4w=
Subject key identifier: A2:42:E2:3E:7C:7F:DF:BC:0B:0C:19:A4:08:F8:8C:8D:B4:BA:FE:0F
Certificate issuer: /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial: 019420680C302B7616025B8042157201FFF5
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/okLiPnx_37wLDBmkCPiMjbS6_g8.roa
Signing time: Wed 01 Jan 2025 05:47:57 +0000
ROA not before: Wed 01 Jan 2025 05:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208621
IP address blocks: 45.157.34.0/24 maxlen: 24
80.64.216.0/23 maxlen: 24
80.64.218.0/23 maxlen: 24
185.232.86.0/23 maxlen: 24
194.146.44.0/24 maxlen: 24
194.146.49.0/24 maxlen: 24
194.156.177.0/24 maxlen: 24
195.22.156.0/24 maxlen: 24
195.22.157.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:0c:30:2b:76:16:02:5b:80:42:15:72:01:ff:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Validity
Not Before: Jan 1 05:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a242e23e7c7fdfbc0b0c19a408f88c8db4bafe0f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:22:4a:0e:0d:6e:f5:17:05:b7:d5:44:6a:f9:
af:9b:92:15:a1:25:ad:76:37:02:d5:47:0d:b4:1b:
b7:e8:d7:6c:4f:61:58:c9:0f:01:2e:f2:1b:21:c8:
fa:57:3a:6e:6f:d5:e8:d4:47:87:d0:59:ba:5a:6d:
e9:c3:73:4a:9e:c4:02:3d:f8:01:e0:d2:23:00:2a:
ec:6f:17:7c:3a:ab:24:37:30:aa:01:ab:93:29:3c:
08:90:c5:58:fe:5b:68:b4:65:ab:f5:01:c8:9e:63:
82:9c:34:1d:f7:72:90:3b:82:8a:46:2a:aa:15:97:
61:88:b6:c8:3d:99:1d:f4:22:67:34:87:56:09:63:
6a:c0:22:a4:36:41:59:4b:73:c7:f9:8d:2e:bd:29:
33:4b:5d:c4:31:6b:be:90:f7:e8:bf:9a:74:b8:c1:
99:ea:93:f8:8e:f3:4e:a4:25:fa:f2:ac:ff:02:70:
d0:de:73:97:1e:eb:b5:c7:91:77:bc:00:05:e7:39:
c4:75:13:a2:10:e5:c1:6e:7d:57:23:0a:11:6b:cd:
e8:df:25:f4:fe:d3:74:62:83:2a:c9:7a:25:39:01:
6e:9d:7f:7b:dd:ba:8f:3f:48:54:f7:3d:80:ef:0e:
48:15:5a:12:c0:63:2d:12:38:56:61:e3:47:1f:f7:
47:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:42:E2:3E:7C:7F:DF:BC:0B:0C:19:A4:08:F8:8C:8D:B4:BA:FE:0F
X509v3 Authority Key Identifier:
keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/okLiPnx_37wLDBmkCPiMjbS6_g8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.34.0/24
80.64.216.0/22
185.232.86.0/23
194.146.44.0/24
194.146.49.0/24
194.156.177.0/24
195.22.156.0/23
Signature Algorithm: sha256WithRSAEncryption
05:84:f4:bf:b5:0c:8f:5e:6d:e0:90:bf:c2:35:b8:cc:b5:1a:
0d:9f:e6:30:da:fb:d1:b5:2c:00:03:82:6f:e3:52:cd:aa:69:
e8:f9:44:ce:6a:4d:6a:34:d7:76:5e:3e:ed:92:b0:30:fd:11:
56:36:17:bc:d2:0a:2c:b3:e9:c5:56:e6:33:91:51:03:14:a4:
10:29:6d:48:79:78:c6:d5:42:3f:e1:b6:ab:56:07:cb:de:d8:
1c:a3:66:0e:7a:72:54:c0:b1:00:c9:36:8c:68:b1:64:c0:9d:
f4:8d:89:25:ed:26:b8:0e:92:bd:80:ed:7f:7d:b8:c1:1f:04:
49:df:27:3c:84:7f:8f:b1:a6:9b:9a:6d:d7:21:04:90:9f:72:
9a:85:12:23:07:ab:cf:89:ff:5e:d6:0d:ca:e9:14:b8:e1:7a:
87:7b:f3:a3:50:3f:d8:dd:52:e8:7c:1d:29:ef:aa:ce:f4:a3:
62:9b:17:27:77:ee:dd:03:21:ce:b3:fd:b9:9f:ff:f6:e2:02:
3f:01:d8:5f:49:fd:a9:de:d5:c3:e1:56:7b:6a:56:b2:42:43:
03:21:7d:30:4c:e6:4e:1b:e0:c5:51:33:99:48:f6:ec:a2:b0:
6c:27:04:e2:4e:dc:bf:73:36:3f:0f:52:06:d1:b0:58:52:ca:
64:0a:0e:d7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQgaAwwK3YWAluAQhVyAf/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQyZTIzZTdjN2ZkZmJjMGIwYzE5YTQwOGY4OGM4ZGI0YmFmZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiJKDg1u9RcFt9VEavmvm5IVoSWt
djcC1UcNtBu36NdsT2FYyQ8BLvIbIcj6Vzpub9Xo1EeH0Fm6Wm3pw3NKnsQCPfgB
4NIjACrsbxd8OqskNzCqAauTKTwIkMVY/ltotGWr9QHInmOCnDQd93KQO4KKRiqq
FZdhiLbIPZkd9CJnNIdWCWNqwCKkNkFZS3PH+Y0uvSkzS13EMWu+kPfov5p0uMGZ
6pP4jvNOpCX68qz/AnDQ3nOXHuu1x5F3vAAF5znEdROiEOXBbn1XIwoRa83o3yX0
/tN0YoMqyXolOQFunX973bqPP0hU9z2A7w5IFVoSwGMtEjhWYeNHH/dH2QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKJC4j58f9+8CwwZpAj4jI20uv4PMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvb2tMaVBueF8zN3dMREJta0NQaU1qYlM2X2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZ0iAwQC
UEDYAwQBuehWAwQAwpIsAwQAwpIxAwQAwpyxAwQBwxacMA0GCSqGSIb3DQEBCwUA
A4IBAQAFhPS/tQyPXm3gkL/CNbjMtRoNn+Yw2vvRtSwAA4Jv41LNqmno+UTOak1q
NNd2Xj7tkrAw/RFWNhe80goss+nFVuYzkVEDFKQQKW1IeXjG1UI/4barVgfL3tgc
o2YOenJUwLEAyTaMaLFkwJ30jYkl7Sa4DpK9gO1/fbjBHwRJ3yc8hH+Psaabmm3X
IQSQn3KahRIjB6vPif9e1g3K6RS44XqHe/OjUD/Y3VLofB0p76rO9KNimxcnd+7d
AyHOs/25n//24gI/AdhfSf2p3tXD4VZ7alayQkMDIX0wTOZOG+DFUTOZSPbsorBs
JwTiTty/czY/D1IG0bBYUspkCg7X
-----END CERTIFICATE-----
Generated at Sat Apr 5 21:22:28 2025 by rpki-client