Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/KHZmHt9pFsgrD6WPEFFj2qgn5zQ.roa
File: KHZmHt9pFsgrD6WPEFFj2qgn5zQ.roa (raw, json)
Hash identifier: rC4I37HzV0wU30aE8blPc0Y74V6nE9qGnyPWEJMZlsg=
Subject key identifier: 28:76:66:1E:DF:69:16:C8:2B:0F:A5:8F:10:51:63:DA:A8:27:E7:34
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 019424B2FA6139D7C72B2DB384982B8A9143
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/KHZmHt9pFsgrD6WPEFFj2qgn5zQ.roa
Signing time: Thu 02 Jan 2025 01:48:16 +0000
ROA not before: Thu 02 Jan 2025 01:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202221
IP address blocks: 85.254.31.0/24 maxlen: 24
85.254.146.0/24 maxlen: 24
159.148.104.0/23 maxlen: 23
159.148.173.0/24 maxlen: 24
159.148.174.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:fa:61:39:d7:c7:2b:2d:b3:84:98:2b:8a:91:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Jan 2 01:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2876661edf6916c82b0fa58f105163daa827e734
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:57:b3:47:53:0b:f1:5e:c4:02:1a:7d:22:16:
ad:4f:14:4f:8e:33:6d:ff:0d:ed:22:de:d6:0b:a9:
31:18:5e:09:a1:1a:e8:57:e9:76:fa:c2:e7:de:0b:
8c:09:eb:44:1a:68:1f:40:a2:9f:f6:1e:b3:39:21:
67:94:e7:80:d7:4b:af:33:1b:35:71:41:f4:5d:3c:
b0:c3:34:9c:08:d7:14:80:a6:8b:52:c9:83:98:80:
2c:a5:31:c3:0c:79:b6:6a:fa:75:8a:a0:71:45:ea:
23:66:4a:af:91:7e:5e:ea:35:a3:f5:af:8e:06:3b:
d5:75:9f:dd:db:bb:ef:a3:15:a8:47:91:c1:e9:12:
0f:57:f9:d6:23:bd:84:f2:29:47:fe:93:a7:ed:8d:
ea:18:2d:d4:d3:eb:d8:e9:5f:b1:3b:40:8d:fd:4e:
25:09:90:25:6e:11:f6:71:09:4a:a2:f5:e4:f7:aa:
02:0c:43:57:9b:53:70:c4:f7:67:53:b2:b9:19:f0:
06:0b:d9:18:3e:b1:41:2e:44:b2:de:cf:88:40:7f:
4b:9a:ec:c9:12:29:45:d3:14:cc:28:c9:72:11:89:
c1:98:0f:ae:4f:77:cb:89:f2:16:d0:91:8b:0b:ec:
49:5a:54:cb:22:6f:70:17:c2:bc:3e:8e:53:06:7f:
72:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:76:66:1E:DF:69:16:C8:2B:0F:A5:8F:10:51:63:DA:A8:27:E7:34
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/KHZmHt9pFsgrD6WPEFFj2qgn5zQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.254.31.0/24
85.254.146.0/24
159.148.104.0/23
159.148.173.0-159.148.174.255
Signature Algorithm: sha256WithRSAEncryption
8a:cd:ca:bf:5a:9f:f4:4f:e5:7f:a0:0a:06:5f:ac:0e:e4:9b:
ee:ed:49:da:3a:0f:91:03:81:0a:ba:83:3f:36:4f:3f:30:49:
68:2e:79:6f:98:86:0f:2c:89:e0:4e:96:2b:7a:83:c2:63:b3:
19:96:c0:1a:c0:3f:19:1c:5d:2a:b4:87:1c:a6:ed:c4:e6:39:
dc:e2:0a:c6:fb:c8:c8:7b:9c:c3:88:28:08:85:9e:ab:99:db:
16:54:5e:b3:7c:03:85:b7:c8:e7:91:96:83:04:ce:cd:62:61:
2d:2a:9d:52:97:f7:ac:14:f3:d9:da:4b:8e:1e:f2:b9:2c:c2:
ce:1d:62:69:03:59:3c:b0:9f:03:10:ad:76:32:90:23:0a:51:
c2:f6:f0:d0:86:ad:3d:79:d9:8d:03:66:6a:ef:ad:f1:e3:92:
ed:69:eb:57:60:d4:69:72:2b:91:97:54:9e:2d:a9:5f:85:96:
4a:1d:34:b6:b6:bd:92:cc:4f:28:d5:1b:ef:76:ec:e5:2a:27:
6b:9a:cf:d3:db:6b:5a:f0:ca:87:c5:63:a5:b2:b7:c2:cb:92:
91:ef:93:7a:b9:05:2d:3f:43:25:1d:05:cd:b9:3c:9e:b2:53:
95:11:f6:9a:a5:d0:15:47:00:37:a4:3f:4c:42:1c:be:a4:c1:
be:71:ff:b4
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQksvphOdfHKy2zhJgripFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc2NjYxZWRmNjkxNmM4MmIwZmE1OGYxMDUxNjNkYWE4MjdlNzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FezR1ML8V7EAhp9IhatTxRPjjNt
/w3tIt7WC6kxGF4JoRroV+l2+sLn3guMCetEGmgfQKKf9h6zOSFnlOeA10uvMxs1
cUH0XTywwzScCNcUgKaLUsmDmIAspTHDDHm2avp1iqBxReojZkqvkX5e6jWj9a+O
BjvVdZ/d27vvoxWoR5HB6RIPV/nWI72E8ilH/pOn7Y3qGC3U0+vY6V+xO0CN/U4l
CZAlbhH2cQlKovXk96oCDENXm1NwxPdnU7K5GfAGC9kYPrFBLkSy3s+IQH9LmuzJ
EilF0xTMKMlyEYnBmA+uT3fLifIW0JGLC+xJWlTLIm9wF8K8Po5TBn9yAwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCh2Zh7faRbIKw+ljxBRY9qoJ+c0MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvS0habUh0OXBGc2dyRDZXUEVGRmoycWduNXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAVf4fAwQA
Vf6SAwQBn5RoMAwDBACflK0DBACflK4wDQYJKoZIhvcNAQELBQADggEBAIrNyr9a
n/RP5X+gCgZfrA7km+7tSdo6D5EDgQq6gz82Tz8wSWgueW+Yhg8sieBOlit6g8Jj
sxmWwBrAPxkcXSq0hxym7cTmOdziCsb7yMh7nMOIKAiFnquZ2xZUXrN8A4W3yOeR
loMEzs1iYS0qnVKX96wU89naS44e8rksws4dYmkDWTywnwMQrXYykCMKUcL28NCG
rT152Y0DZmrvrfHjku1p61dg1GlyK5GXVJ4tqV+FlkodNLa2vZLMTyjVG+927OUq
J2uaz9Pba1rwyofFY6Wyt8LLkpHvk3q5BS0/QyUdBc25PJ6yU5UR9pql0BVHADek
P0xCHL6kwb5x/7Q=
-----END CERTIFICATE-----
Generated at Thu Apr 17 08:44:51 2025 by rpki-client